Docs Home
HashiCorp Vault v7.0.0 published on Saturday, Jun 21, 2025 by Pulumi
vault.getNomadAccessToken
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const config = new vault.NomadSecretBackend("config", {
backend: "nomad",
description: "test description",
defaultLeaseTtlSeconds: 3600,
maxLeaseTtlSeconds: 7200,
address: "https://127.0.0.1:4646",
token: "ae20ceaa-...",
});
const test = new vault.NomadSecretRole("test", {
backend: config.backend,
role: "test",
type: "client",
policies: ["readonly"],
});
const token = pulumi.all([config.backend, test.role]).apply(([backend, role]) => vault.getNomadAccessTokenOutput({
backend: backend,
role: role,
}));
import pulumi
import pulumi_vault as vault
config = vault.NomadSecretBackend("config",
backend="nomad",
description="test description",
default_lease_ttl_seconds=3600,
max_lease_ttl_seconds=7200,
address="https://127.0.0.1:4646",
token="ae20ceaa-...")
test = vault.NomadSecretRole("test",
backend=config.backend,
role="test",
type="client",
policies=["readonly"])
token = pulumi.Output.all(
backend=config.backend,
role=test.role
).apply(lambda resolved_outputs: vault.get_nomad_access_token_output(backend=resolved_outputs['backend'],
role=resolved_outputs['role']))
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v7/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
config, err := vault.NewNomadSecretBackend(ctx, "config", &vault.NomadSecretBackendArgs{
Backend: pulumi.String("nomad"),
Description: pulumi.String("test description"),
DefaultLeaseTtlSeconds: pulumi.Int(3600),
MaxLeaseTtlSeconds: pulumi.Int(7200),
Address: pulumi.String("https://127.0.0.1:4646"),
Token: pulumi.String("ae20ceaa-..."),
})
if err != nil {
return err
}
test, err := vault.NewNomadSecretRole(ctx, "test", &vault.NomadSecretRoleArgs{
Backend: config.Backend,
Role: pulumi.String("test"),
Type: pulumi.String("client"),
Policies: pulumi.StringArray{
pulumi.String("readonly"),
},
})
if err != nil {
return err
}
_ = pulumi.All(config.Backend, test.Role).ApplyT(func(_args []interface{}) (vault.GetNomadAccessTokenResult, error) {
backend := _args[0].(*string)
role := _args[1].(string)
return vault.GetNomadAccessTokenResult(interface{}(vault.GetNomadAccessTokenOutput(ctx, vault.GetNomadAccessTokenOutputArgs{
Backend: backend,
Role: role,
}, nil))), nil
}).(vault.GetNomadAccessTokenResultOutput)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var config = new Vault.NomadSecretBackend("config", new()
{
Backend = "nomad",
Description = "test description",
DefaultLeaseTtlSeconds = 3600,
MaxLeaseTtlSeconds = 7200,
Address = "https://127.0.0.1:4646",
Token = "ae20ceaa-...",
});
var test = new Vault.NomadSecretRole("test", new()
{
Backend = config.Backend,
Role = "test",
Type = "client",
Policies = new[]
{
"readonly",
},
});
var token = Vault.GetNomadAccessToken.Invoke(new()
{
Backend = config.Backend,
Role = test.Role,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.NomadSecretBackend;
import com.pulumi.vault.NomadSecretBackendArgs;
import com.pulumi.vault.NomadSecretRole;
import com.pulumi.vault.NomadSecretRoleArgs;
import com.pulumi.vault.VaultFunctions;
import com.pulumi.vault.inputs.GetNomadAccessTokenArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var config = new NomadSecretBackend("config", NomadSecretBackendArgs.builder()
.backend("nomad")
.description("test description")
.defaultLeaseTtlSeconds(3600)
.maxLeaseTtlSeconds(7200)
.address("https://127.0.0.1:4646")
.token("ae20ceaa-...")
.build());
var test = new NomadSecretRole("test", NomadSecretRoleArgs.builder()
.backend(config.backend())
.role("test")
.type("client")
.policies("readonly")
.build());
final var token = Output.tuple(config.backend(), test.role()).applyValue(values -> {
var backend = values.t1;
var role = values.t2;
return VaultFunctions.getNomadAccessToken(GetNomadAccessTokenArgs.builder()
.backend(backend)
.role(role)
.build());
});
}
}
resources:
config:
type: vault:NomadSecretBackend
properties:
backend: nomad
description: test description
defaultLeaseTtlSeconds: '3600'
maxLeaseTtlSeconds: '7200'
address: https://127.0.0.1:4646
token: ae20ceaa-...
test:
type: vault:NomadSecretRole
properties:
backend: ${config.backend}
role: test
type: client
policies:
- readonly
variables:
token:
fn::invoke:
function: vault:getNomadAccessToken
arguments:
backend: ${config.backend}
role: ${test.role}
Using getNomadAccessToken
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getNomadAccessToken(args: GetNomadAccessTokenArgs, opts?: InvokeOptions): Promise<GetNomadAccessTokenResult>
function getNomadAccessTokenOutput(args: GetNomadAccessTokenOutputArgs, opts?: InvokeOptions): Output<GetNomadAccessTokenResult>def get_nomad_access_token(backend: Optional[str] = None,
namespace: Optional[str] = None,
role: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetNomadAccessTokenResult
def get_nomad_access_token_output(backend: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
role: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetNomadAccessTokenResult]func GetNomadAccessToken(ctx *Context, args *GetNomadAccessTokenArgs, opts ...InvokeOption) (*GetNomadAccessTokenResult, error)
func GetNomadAccessTokenOutput(ctx *Context, args *GetNomadAccessTokenOutputArgs, opts ...InvokeOption) GetNomadAccessTokenResultOutput> Note: This function is named GetNomadAccessToken in the Go SDK.
public static class GetNomadAccessToken
{
public static Task<GetNomadAccessTokenResult> InvokeAsync(GetNomadAccessTokenArgs args, InvokeOptions? opts = null)
public static Output<GetNomadAccessTokenResult> Invoke(GetNomadAccessTokenInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetNomadAccessTokenResult> getNomadAccessToken(GetNomadAccessTokenArgs args, InvokeOptions options)
public static Output<GetNomadAccessTokenResult> getNomadAccessToken(GetNomadAccessTokenArgs args, InvokeOptions options)
fn::invoke:
function: vault:index/getNomadAccessToken:getNomadAccessToken
arguments:
# arguments dictionaryThe following arguments are supported:
- Backend string
- The path to the Nomad secret backend to
read credentials from, with no leading or trailing
/s. - Role string
- The name of the Nomad secret backend role to generate
a token for, with no leading or trailing
/s. - Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- Backend string
- The path to the Nomad secret backend to
read credentials from, with no leading or trailing
/s. - Role string
- The name of the Nomad secret backend role to generate
a token for, with no leading or trailing
/s. - Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend String
- The path to the Nomad secret backend to
read credentials from, with no leading or trailing
/s. - role String
- The name of the Nomad secret backend role to generate
a token for, with no leading or trailing
/s. - namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend string
- The path to the Nomad secret backend to
read credentials from, with no leading or trailing
/s. - role string
- The name of the Nomad secret backend role to generate
a token for, with no leading or trailing
/s. - namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend str
- The path to the Nomad secret backend to
read credentials from, with no leading or trailing
/s. - role str
- The name of the Nomad secret backend role to generate
a token for, with no leading or trailing
/s. - namespace str
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend String
- The path to the Nomad secret backend to
read credentials from, with no leading or trailing
/s. - role String
- The name of the Nomad secret backend role to generate
a token for, with no leading or trailing
/s. - namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
getNomadAccessToken Result
The following output properties are available:
- Accessor
Id string - The public identifier for a specific token. It can be used to look up information about a token or to revoke a token.
- Backend string
- Id string
- The provider-assigned unique ID for this managed resource.
- Role string
- Secret
Id string - The token to be used when making requests to Nomad and should be kept private.
- Namespace string
- Accessor
Id string - The public identifier for a specific token. It can be used to look up information about a token or to revoke a token.
- Backend string
- Id string
- The provider-assigned unique ID for this managed resource.
- Role string
- Secret
Id string - The token to be used when making requests to Nomad and should be kept private.
- Namespace string
- accessor
Id String - The public identifier for a specific token. It can be used to look up information about a token or to revoke a token.
- backend String
- id String
- The provider-assigned unique ID for this managed resource.
- role String
- secret
Id String - The token to be used when making requests to Nomad and should be kept private.
- namespace String
- accessor
Id string - The public identifier for a specific token. It can be used to look up information about a token or to revoke a token.
- backend string
- id string
- The provider-assigned unique ID for this managed resource.
- role string
- secret
Id string - The token to be used when making requests to Nomad and should be kept private.
- namespace string
- accessor_
id str - The public identifier for a specific token. It can be used to look up information about a token or to revoke a token.
- backend str
- id str
- The provider-assigned unique ID for this managed resource.
- role str
- secret_
id str - The token to be used when making requests to Nomad and should be kept private.
- namespace str
- accessor
Id String - The public identifier for a specific token. It can be used to look up information about a token or to revoke a token.
- backend String
- id String
- The provider-assigned unique ID for this managed resource.
- role String
- secret
Id String - The token to be used when making requests to Nomad and should be kept private.
- namespace String
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.