1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. kmip
  5. SecretBackend
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

vault.kmip.SecretBackend

Explore with Pulumi AI

vault logo
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

    Manages KMIP Secret backends in a Vault server. This feature requires Vault Enterprise. See the Vault documentation for more information.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Vault.Kmip.SecretBackend("default", new()
        {
            DefaultTlsClientKeyBits = 4096,
            DefaultTlsClientKeyType = "rsa",
            DefaultTlsClientTtl = 86400,
            Description = "Vault KMIP backend",
            ListenAddrs = new[]
            {
                "127.0.0.1:5696",
                "127.0.0.1:8080",
            },
            Path = "kmip",
            TlsCaKeyBits = 4096,
            TlsCaKeyType = "rsa",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/kmip"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := kmip.NewSecretBackend(ctx, "default", &kmip.SecretBackendArgs{
    			DefaultTlsClientKeyBits: pulumi.Int(4096),
    			DefaultTlsClientKeyType: pulumi.String("rsa"),
    			DefaultTlsClientTtl:     pulumi.Int(86400),
    			Description:             pulumi.String("Vault KMIP backend"),
    			ListenAddrs: pulumi.StringArray{
    				pulumi.String("127.0.0.1:5696"),
    				pulumi.String("127.0.0.1:8080"),
    			},
    			Path:         pulumi.String("kmip"),
    			TlsCaKeyBits: pulumi.Int(4096),
    			TlsCaKeyType: pulumi.String("rsa"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.kmip.SecretBackend;
    import com.pulumi.vault.kmip.SecretBackendArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new SecretBackend("default", SecretBackendArgs.builder()        
                .defaultTlsClientKeyBits(4096)
                .defaultTlsClientKeyType("rsa")
                .defaultTlsClientTtl(86400)
                .description("Vault KMIP backend")
                .listenAddrs(            
                    "127.0.0.1:5696",
                    "127.0.0.1:8080")
                .path("kmip")
                .tlsCaKeyBits(4096)
                .tlsCaKeyType("rsa")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_vault as vault
    
    default = vault.kmip.SecretBackend("default",
        default_tls_client_key_bits=4096,
        default_tls_client_key_type="rsa",
        default_tls_client_ttl=86400,
        description="Vault KMIP backend",
        listen_addrs=[
            "127.0.0.1:5696",
            "127.0.0.1:8080",
        ],
        path="kmip",
        tls_ca_key_bits=4096,
        tls_ca_key_type="rsa")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const _default = new vault.kmip.SecretBackend("default", {
        defaultTlsClientKeyBits: 4096,
        defaultTlsClientKeyType: "rsa",
        defaultTlsClientTtl: 86400,
        description: "Vault KMIP backend",
        listenAddrs: [
            "127.0.0.1:5696",
            "127.0.0.1:8080",
        ],
        path: "kmip",
        tlsCaKeyBits: 4096,
        tlsCaKeyType: "rsa",
    });
    
    resources:
      default:
        type: vault:kmip:SecretBackend
        properties:
          defaultTlsClientKeyBits: 4096
          defaultTlsClientKeyType: rsa
          defaultTlsClientTtl: 86400
          description: Vault KMIP backend
          listenAddrs:
            - 127.0.0.1:5696
            - 127.0.0.1:8080
          path: kmip
          tlsCaKeyBits: 4096
          tlsCaKeyType: rsa
    

    Create SecretBackend Resource

    new SecretBackend(name: string, args: SecretBackendArgs, opts?: CustomResourceOptions);
    @overload
    def SecretBackend(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      default_tls_client_key_bits: Optional[int] = None,
                      default_tls_client_key_type: Optional[str] = None,
                      default_tls_client_ttl: Optional[int] = None,
                      description: Optional[str] = None,
                      disable_remount: Optional[bool] = None,
                      listen_addrs: Optional[Sequence[str]] = None,
                      namespace: Optional[str] = None,
                      path: Optional[str] = None,
                      server_hostnames: Optional[Sequence[str]] = None,
                      server_ips: Optional[Sequence[str]] = None,
                      tls_ca_key_bits: Optional[int] = None,
                      tls_ca_key_type: Optional[str] = None,
                      tls_min_version: Optional[str] = None)
    @overload
    def SecretBackend(resource_name: str,
                      args: SecretBackendArgs,
                      opts: Optional[ResourceOptions] = None)
    func NewSecretBackend(ctx *Context, name string, args SecretBackendArgs, opts ...ResourceOption) (*SecretBackend, error)
    public SecretBackend(string name, SecretBackendArgs args, CustomResourceOptions? opts = null)
    public SecretBackend(String name, SecretBackendArgs args)
    public SecretBackend(String name, SecretBackendArgs args, CustomResourceOptions options)
    
    type: vault:kmip:SecretBackend
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SecretBackendArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecretBackendArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecretBackendArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecretBackendArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecretBackendArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SecretBackend Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SecretBackend resource accepts the following input properties:

    Path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    DefaultTlsClientKeyBits int
    Client certificate key bits, valid values depend on key type.
    DefaultTlsClientKeyType string
    Client certificate key type, rsa or ec.
    DefaultTlsClientTtl int
    Client certificate TTL in seconds
    Description string
    A human-friendly description for this backend.
    DisableRemount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    ListenAddrs List<string>
    Addresses the KMIP server should listen on (host:port).
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ServerHostnames List<string>
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    ServerIps List<string>
    IPs to include in the server's TLS certificate as SAN IP addresses.
    TlsCaKeyBits int
    CA key bits, valid values depend on key type.
    TlsCaKeyType string
    CA key type, rsa or ec.
    TlsMinVersion string
    Minimum TLS version to accept.
    Path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    DefaultTlsClientKeyBits int
    Client certificate key bits, valid values depend on key type.
    DefaultTlsClientKeyType string
    Client certificate key type, rsa or ec.
    DefaultTlsClientTtl int
    Client certificate TTL in seconds
    Description string
    A human-friendly description for this backend.
    DisableRemount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    ListenAddrs []string
    Addresses the KMIP server should listen on (host:port).
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ServerHostnames []string
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    ServerIps []string
    IPs to include in the server's TLS certificate as SAN IP addresses.
    TlsCaKeyBits int
    CA key bits, valid values depend on key type.
    TlsCaKeyType string
    CA key type, rsa or ec.
    TlsMinVersion string
    Minimum TLS version to accept.
    path String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    defaultTlsClientKeyBits Integer
    Client certificate key bits, valid values depend on key type.
    defaultTlsClientKeyType String
    Client certificate key type, rsa or ec.
    defaultTlsClientTtl Integer
    Client certificate TTL in seconds
    description String
    A human-friendly description for this backend.
    disableRemount Boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    listenAddrs List<String>
    Addresses the KMIP server should listen on (host:port).
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    serverHostnames List<String>
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    serverIps List<String>
    IPs to include in the server's TLS certificate as SAN IP addresses.
    tlsCaKeyBits Integer
    CA key bits, valid values depend on key type.
    tlsCaKeyType String
    CA key type, rsa or ec.
    tlsMinVersion String
    Minimum TLS version to accept.
    path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    defaultTlsClientKeyBits number
    Client certificate key bits, valid values depend on key type.
    defaultTlsClientKeyType string
    Client certificate key type, rsa or ec.
    defaultTlsClientTtl number
    Client certificate TTL in seconds
    description string
    A human-friendly description for this backend.
    disableRemount boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    listenAddrs string[]
    Addresses the KMIP server should listen on (host:port).
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    serverHostnames string[]
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    serverIps string[]
    IPs to include in the server's TLS certificate as SAN IP addresses.
    tlsCaKeyBits number
    CA key bits, valid values depend on key type.
    tlsCaKeyType string
    CA key type, rsa or ec.
    tlsMinVersion string
    Minimum TLS version to accept.
    path str
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    default_tls_client_key_bits int
    Client certificate key bits, valid values depend on key type.
    default_tls_client_key_type str
    Client certificate key type, rsa or ec.
    default_tls_client_ttl int
    Client certificate TTL in seconds
    description str
    A human-friendly description for this backend.
    disable_remount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    listen_addrs Sequence[str]
    Addresses the KMIP server should listen on (host:port).
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    server_hostnames Sequence[str]
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    server_ips Sequence[str]
    IPs to include in the server's TLS certificate as SAN IP addresses.
    tls_ca_key_bits int
    CA key bits, valid values depend on key type.
    tls_ca_key_type str
    CA key type, rsa or ec.
    tls_min_version str
    Minimum TLS version to accept.
    path String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    defaultTlsClientKeyBits Number
    Client certificate key bits, valid values depend on key type.
    defaultTlsClientKeyType String
    Client certificate key type, rsa or ec.
    defaultTlsClientTtl Number
    Client certificate TTL in seconds
    description String
    A human-friendly description for this backend.
    disableRemount Boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    listenAddrs List<String>
    Addresses the KMIP server should listen on (host:port).
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    serverHostnames List<String>
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    serverIps List<String>
    IPs to include in the server's TLS certificate as SAN IP addresses.
    tlsCaKeyBits Number
    CA key bits, valid values depend on key type.
    tlsCaKeyType String
    CA key type, rsa or ec.
    tlsMinVersion String
    Minimum TLS version to accept.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecretBackend resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing SecretBackend Resource

    Get an existing SecretBackend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecretBackendState, opts?: CustomResourceOptions): SecretBackend
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            default_tls_client_key_bits: Optional[int] = None,
            default_tls_client_key_type: Optional[str] = None,
            default_tls_client_ttl: Optional[int] = None,
            description: Optional[str] = None,
            disable_remount: Optional[bool] = None,
            listen_addrs: Optional[Sequence[str]] = None,
            namespace: Optional[str] = None,
            path: Optional[str] = None,
            server_hostnames: Optional[Sequence[str]] = None,
            server_ips: Optional[Sequence[str]] = None,
            tls_ca_key_bits: Optional[int] = None,
            tls_ca_key_type: Optional[str] = None,
            tls_min_version: Optional[str] = None) -> SecretBackend
    func GetSecretBackend(ctx *Context, name string, id IDInput, state *SecretBackendState, opts ...ResourceOption) (*SecretBackend, error)
    public static SecretBackend Get(string name, Input<string> id, SecretBackendState? state, CustomResourceOptions? opts = null)
    public static SecretBackend get(String name, Output<String> id, SecretBackendState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DefaultTlsClientKeyBits int
    Client certificate key bits, valid values depend on key type.
    DefaultTlsClientKeyType string
    Client certificate key type, rsa or ec.
    DefaultTlsClientTtl int
    Client certificate TTL in seconds
    Description string
    A human-friendly description for this backend.
    DisableRemount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    ListenAddrs List<string>
    Addresses the KMIP server should listen on (host:port).
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    ServerHostnames List<string>
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    ServerIps List<string>
    IPs to include in the server's TLS certificate as SAN IP addresses.
    TlsCaKeyBits int
    CA key bits, valid values depend on key type.
    TlsCaKeyType string
    CA key type, rsa or ec.
    TlsMinVersion string
    Minimum TLS version to accept.
    DefaultTlsClientKeyBits int
    Client certificate key bits, valid values depend on key type.
    DefaultTlsClientKeyType string
    Client certificate key type, rsa or ec.
    DefaultTlsClientTtl int
    Client certificate TTL in seconds
    Description string
    A human-friendly description for this backend.
    DisableRemount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    ListenAddrs []string
    Addresses the KMIP server should listen on (host:port).
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    ServerHostnames []string
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    ServerIps []string
    IPs to include in the server's TLS certificate as SAN IP addresses.
    TlsCaKeyBits int
    CA key bits, valid values depend on key type.
    TlsCaKeyType string
    CA key type, rsa or ec.
    TlsMinVersion string
    Minimum TLS version to accept.
    defaultTlsClientKeyBits Integer
    Client certificate key bits, valid values depend on key type.
    defaultTlsClientKeyType String
    Client certificate key type, rsa or ec.
    defaultTlsClientTtl Integer
    Client certificate TTL in seconds
    description String
    A human-friendly description for this backend.
    disableRemount Boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    listenAddrs List<String>
    Addresses the KMIP server should listen on (host:port).
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    serverHostnames List<String>
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    serverIps List<String>
    IPs to include in the server's TLS certificate as SAN IP addresses.
    tlsCaKeyBits Integer
    CA key bits, valid values depend on key type.
    tlsCaKeyType String
    CA key type, rsa or ec.
    tlsMinVersion String
    Minimum TLS version to accept.
    defaultTlsClientKeyBits number
    Client certificate key bits, valid values depend on key type.
    defaultTlsClientKeyType string
    Client certificate key type, rsa or ec.
    defaultTlsClientTtl number
    Client certificate TTL in seconds
    description string
    A human-friendly description for this backend.
    disableRemount boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    listenAddrs string[]
    Addresses the KMIP server should listen on (host:port).
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    serverHostnames string[]
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    serverIps string[]
    IPs to include in the server's TLS certificate as SAN IP addresses.
    tlsCaKeyBits number
    CA key bits, valid values depend on key type.
    tlsCaKeyType string
    CA key type, rsa or ec.
    tlsMinVersion string
    Minimum TLS version to accept.
    default_tls_client_key_bits int
    Client certificate key bits, valid values depend on key type.
    default_tls_client_key_type str
    Client certificate key type, rsa or ec.
    default_tls_client_ttl int
    Client certificate TTL in seconds
    description str
    A human-friendly description for this backend.
    disable_remount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    listen_addrs Sequence[str]
    Addresses the KMIP server should listen on (host:port).
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path str
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    server_hostnames Sequence[str]
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    server_ips Sequence[str]
    IPs to include in the server's TLS certificate as SAN IP addresses.
    tls_ca_key_bits int
    CA key bits, valid values depend on key type.
    tls_ca_key_type str
    CA key type, rsa or ec.
    tls_min_version str
    Minimum TLS version to accept.
    defaultTlsClientKeyBits Number
    Client certificate key bits, valid values depend on key type.
    defaultTlsClientKeyType String
    Client certificate key type, rsa or ec.
    defaultTlsClientTtl Number
    Client certificate TTL in seconds
    description String
    A human-friendly description for this backend.
    disableRemount Boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    listenAddrs List<String>
    Addresses the KMIP server should listen on (host:port).
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    serverHostnames List<String>
    Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
    serverIps List<String>
    IPs to include in the server's TLS certificate as SAN IP addresses.
    tlsCaKeyBits Number
    CA key bits, valid values depend on key type.
    tlsCaKeyType String
    CA key type, rsa or ec.
    tlsMinVersion String
    Minimum TLS version to accept.

    Import

    KMIP Secret backend can be imported using the path, e.g.

     $ pulumi import vault:kmip/secretBackend:SecretBackend default kmip
    

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi