Viewing docs for HashiCorp Vault v7.7.0
published on Friday, Feb 6, 2026 by Pulumi
published on Friday, Feb 6, 2026 by Pulumi
Viewing docs for HashiCorp Vault v7.7.0
published on Friday, Feb 6, 2026 by Pulumi
published on Friday, Feb 6, 2026 by Pulumi
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const key = new vault.identity.OidcKey("key", {
name: "key",
allowedClientIds: ["*"],
rotationPeriod: 3600,
verificationTtl: 3600,
});
const app = new vault.identity.OidcClient("app", {
name: "application",
key: key.name,
redirectUris: [
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
],
idTokenTtl: 2400,
accessTokenTtl: 7200,
});
const provider = new vault.identity.OidcProvider("provider", {
name: "provider",
allowedClientIds: [test.clientId],
});
const publicKeys = vault.identity.getOidcPublicKeysOutput({
name: provider.name,
});
import pulumi
import pulumi_vault as vault
key = vault.identity.OidcKey("key",
name="key",
allowed_client_ids=["*"],
rotation_period=3600,
verification_ttl=3600)
app = vault.identity.OidcClient("app",
name="application",
key=key.name,
redirect_uris=[
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
],
id_token_ttl=2400,
access_token_ttl=7200)
provider = vault.identity.OidcProvider("provider",
name="provider",
allowed_client_ids=[test["clientId"]])
public_keys = vault.identity.get_oidc_public_keys_output(name=provider.name)
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v7/go/vault/identity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
Name: pulumi.String("key"),
AllowedClientIds: pulumi.StringArray{
pulumi.String("*"),
},
RotationPeriod: pulumi.Int(3600),
VerificationTtl: pulumi.Int(3600),
})
if err != nil {
return err
}
_, err = identity.NewOidcClient(ctx, "app", &identity.OidcClientArgs{
Name: pulumi.String("application"),
Key: key.Name,
RedirectUris: pulumi.StringArray{
pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
pulumi.String("http://127.0.0.1:8251/callback"),
pulumi.String("http://127.0.0.1:8080/callback"),
},
IdTokenTtl: pulumi.Int(2400),
AccessTokenTtl: pulumi.Int(7200),
})
if err != nil {
return err
}
provider, err := identity.NewOidcProvider(ctx, "provider", &identity.OidcProviderArgs{
Name: pulumi.String("provider"),
AllowedClientIds: pulumi.StringArray{
test.ClientId,
},
})
if err != nil {
return err
}
_ = identity.GetOidcPublicKeysOutput(ctx, identity.GetOidcPublicKeysOutputArgs{
Name: provider.Name,
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var key = new Vault.Identity.OidcKey("key", new()
{
Name = "key",
AllowedClientIds = new[]
{
"*",
},
RotationPeriod = 3600,
VerificationTtl = 3600,
});
var app = new Vault.Identity.OidcClient("app", new()
{
Name = "application",
Key = key.Name,
RedirectUris = new[]
{
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
},
IdTokenTtl = 2400,
AccessTokenTtl = 7200,
});
var provider = new Vault.Identity.OidcProvider("provider", new()
{
Name = "provider",
AllowedClientIds = new[]
{
test.ClientId,
},
});
var publicKeys = Vault.Identity.GetOidcPublicKeys.Invoke(new()
{
Name = provider.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.identity.OidcKey;
import com.pulumi.vault.identity.OidcKeyArgs;
import com.pulumi.vault.identity.OidcClient;
import com.pulumi.vault.identity.OidcClientArgs;
import com.pulumi.vault.identity.OidcProvider;
import com.pulumi.vault.identity.OidcProviderArgs;
import com.pulumi.vault.identity.IdentityFunctions;
import com.pulumi.vault.identity.inputs.GetOidcPublicKeysArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var key = new OidcKey("key", OidcKeyArgs.builder()
.name("key")
.allowedClientIds("*")
.rotationPeriod(3600)
.verificationTtl(3600)
.build());
var app = new OidcClient("app", OidcClientArgs.builder()
.name("application")
.key(key.name())
.redirectUris(
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback")
.idTokenTtl(2400)
.accessTokenTtl(7200)
.build());
var provider = new OidcProvider("provider", OidcProviderArgs.builder()
.name("provider")
.allowedClientIds(test.clientId())
.build());
final var publicKeys = IdentityFunctions.getOidcPublicKeys(GetOidcPublicKeysArgs.builder()
.name(provider.name())
.build());
}
}
resources:
key:
type: vault:identity:OidcKey
properties:
name: key
allowedClientIds:
- '*'
rotationPeriod: 3600
verificationTtl: 3600
app:
type: vault:identity:OidcClient
properties:
name: application
key: ${key.name}
redirectUris:
- http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
- http://127.0.0.1:8251/callback
- http://127.0.0.1:8080/callback
idTokenTtl: 2400
accessTokenTtl: 7200
provider:
type: vault:identity:OidcProvider
properties:
name: provider
allowedClientIds:
- ${test.clientId}
variables:
publicKeys:
fn::invoke:
function: vault:identity:getOidcPublicKeys
arguments:
name: ${provider.name}
Using getOidcPublicKeys
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getOidcPublicKeys(args: GetOidcPublicKeysArgs, opts?: InvokeOptions): Promise<GetOidcPublicKeysResult>
function getOidcPublicKeysOutput(args: GetOidcPublicKeysOutputArgs, opts?: InvokeOptions): Output<GetOidcPublicKeysResult>def get_oidc_public_keys(name: Optional[str] = None,
namespace: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetOidcPublicKeysResult
def get_oidc_public_keys_output(name: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetOidcPublicKeysResult]func GetOidcPublicKeys(ctx *Context, args *GetOidcPublicKeysArgs, opts ...InvokeOption) (*GetOidcPublicKeysResult, error)
func GetOidcPublicKeysOutput(ctx *Context, args *GetOidcPublicKeysOutputArgs, opts ...InvokeOption) GetOidcPublicKeysResultOutput> Note: This function is named GetOidcPublicKeys in the Go SDK.
public static class GetOidcPublicKeys
{
public static Task<GetOidcPublicKeysResult> InvokeAsync(GetOidcPublicKeysArgs args, InvokeOptions? opts = null)
public static Output<GetOidcPublicKeysResult> Invoke(GetOidcPublicKeysInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetOidcPublicKeysResult> getOidcPublicKeys(GetOidcPublicKeysArgs args, InvokeOptions options)
public static Output<GetOidcPublicKeysResult> getOidcPublicKeys(GetOidcPublicKeysArgs args, InvokeOptions options)
fn::invoke:
function: vault:identity/getOidcPublicKeys:getOidcPublicKeys
arguments:
# arguments dictionaryThe following arguments are supported:
getOidcPublicKeys Result
The following output properties are available:
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.
Viewing docs for HashiCorp Vault v7.7.0
published on Friday, Feb 6, 2026 by Pulumi
published on Friday, Feb 6, 2026 by Pulumi
