1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. kmip
  5. SecretRole
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

vault.kmip.SecretRole

Explore with Pulumi AI

vault logo
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

    Manages KMIP Secret roles in a Vault server. This feature requires Vault Enterprise. See the Vault documentation for more information.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Vault.Kmip.SecretBackend("default", new()
        {
            Path = "kmip",
            Description = "Vault KMIP backend",
        });
    
        var dev = new Vault.Kmip.SecretScope("dev", new()
        {
            Path = @default.Path,
            Scope = "dev",
            Force = true,
        });
    
        var admin = new Vault.Kmip.SecretRole("admin", new()
        {
            Path = dev.Path,
            Scope = dev.Scope,
            Role = "admin",
            TlsClientKeyType = "ec",
            TlsClientKeyBits = 256,
            OperationActivate = true,
            OperationGet = true,
            OperationGetAttributes = true,
            OperationCreate = true,
            OperationDestroy = true,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/kmip"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := kmip.NewSecretBackend(ctx, "default", &kmip.SecretBackendArgs{
    			Path:        pulumi.String("kmip"),
    			Description: pulumi.String("Vault KMIP backend"),
    		})
    		if err != nil {
    			return err
    		}
    		dev, err := kmip.NewSecretScope(ctx, "dev", &kmip.SecretScopeArgs{
    			Path:  _default.Path,
    			Scope: pulumi.String("dev"),
    			Force: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = kmip.NewSecretRole(ctx, "admin", &kmip.SecretRoleArgs{
    			Path:                   dev.Path,
    			Scope:                  dev.Scope,
    			Role:                   pulumi.String("admin"),
    			TlsClientKeyType:       pulumi.String("ec"),
    			TlsClientKeyBits:       pulumi.Int(256),
    			OperationActivate:      pulumi.Bool(true),
    			OperationGet:           pulumi.Bool(true),
    			OperationGetAttributes: pulumi.Bool(true),
    			OperationCreate:        pulumi.Bool(true),
    			OperationDestroy:       pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.kmip.SecretBackend;
    import com.pulumi.vault.kmip.SecretBackendArgs;
    import com.pulumi.vault.kmip.SecretScope;
    import com.pulumi.vault.kmip.SecretScopeArgs;
    import com.pulumi.vault.kmip.SecretRole;
    import com.pulumi.vault.kmip.SecretRoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new SecretBackend("default", SecretBackendArgs.builder()        
                .path("kmip")
                .description("Vault KMIP backend")
                .build());
    
            var dev = new SecretScope("dev", SecretScopeArgs.builder()        
                .path(default_.path())
                .scope("dev")
                .force(true)
                .build());
    
            var admin = new SecretRole("admin", SecretRoleArgs.builder()        
                .path(dev.path())
                .scope(dev.scope())
                .role("admin")
                .tlsClientKeyType("ec")
                .tlsClientKeyBits(256)
                .operationActivate(true)
                .operationGet(true)
                .operationGetAttributes(true)
                .operationCreate(true)
                .operationDestroy(true)
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_vault as vault
    
    default = vault.kmip.SecretBackend("default",
        path="kmip",
        description="Vault KMIP backend")
    dev = vault.kmip.SecretScope("dev",
        path=default.path,
        scope="dev",
        force=True)
    admin = vault.kmip.SecretRole("admin",
        path=dev.path,
        scope=dev.scope,
        role="admin",
        tls_client_key_type="ec",
        tls_client_key_bits=256,
        operation_activate=True,
        operation_get=True,
        operation_get_attributes=True,
        operation_create=True,
        operation_destroy=True)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const _default = new vault.kmip.SecretBackend("default", {
        path: "kmip",
        description: "Vault KMIP backend",
    });
    const dev = new vault.kmip.SecretScope("dev", {
        path: _default.path,
        scope: "dev",
        force: true,
    });
    const admin = new vault.kmip.SecretRole("admin", {
        path: dev.path,
        scope: dev.scope,
        role: "admin",
        tlsClientKeyType: "ec",
        tlsClientKeyBits: 256,
        operationActivate: true,
        operationGet: true,
        operationGetAttributes: true,
        operationCreate: true,
        operationDestroy: true,
    });
    
    resources:
      default:
        type: vault:kmip:SecretBackend
        properties:
          path: kmip
          description: Vault KMIP backend
      dev:
        type: vault:kmip:SecretScope
        properties:
          path: ${default.path}
          scope: dev
          force: true
      admin:
        type: vault:kmip:SecretRole
        properties:
          path: ${dev.path}
          scope: ${dev.scope}
          role: admin
          tlsClientKeyType: ec
          tlsClientKeyBits: 256
          operationActivate: true
          operationGet: true
          operationGetAttributes: true
          operationCreate: true
          operationDestroy: true
    

    Create SecretRole Resource

    new SecretRole(name: string, args: SecretRoleArgs, opts?: CustomResourceOptions);
    @overload
    def SecretRole(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   namespace: Optional[str] = None,
                   operation_activate: Optional[bool] = None,
                   operation_add_attribute: Optional[bool] = None,
                   operation_all: Optional[bool] = None,
                   operation_create: Optional[bool] = None,
                   operation_destroy: Optional[bool] = None,
                   operation_discover_versions: Optional[bool] = None,
                   operation_get: Optional[bool] = None,
                   operation_get_attribute_list: Optional[bool] = None,
                   operation_get_attributes: Optional[bool] = None,
                   operation_locate: Optional[bool] = None,
                   operation_none: Optional[bool] = None,
                   operation_register: Optional[bool] = None,
                   operation_rekey: Optional[bool] = None,
                   operation_revoke: Optional[bool] = None,
                   path: Optional[str] = None,
                   role: Optional[str] = None,
                   scope: Optional[str] = None,
                   tls_client_key_bits: Optional[int] = None,
                   tls_client_key_type: Optional[str] = None,
                   tls_client_ttl: Optional[int] = None)
    @overload
    def SecretRole(resource_name: str,
                   args: SecretRoleArgs,
                   opts: Optional[ResourceOptions] = None)
    func NewSecretRole(ctx *Context, name string, args SecretRoleArgs, opts ...ResourceOption) (*SecretRole, error)
    public SecretRole(string name, SecretRoleArgs args, CustomResourceOptions? opts = null)
    public SecretRole(String name, SecretRoleArgs args)
    public SecretRole(String name, SecretRoleArgs args, CustomResourceOptions options)
    
    type: vault:kmip:SecretRole
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SecretRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecretRoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecretRoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecretRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecretRoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SecretRole Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SecretRole resource accepts the following input properties:

    Path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    Role string
    Name of the role.
    Scope string
    Name of the scope.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OperationActivate bool
    Grant permission to use the KMIP Activate operation.
    OperationAddAttribute bool
    Grant permission to use the KMIP Add Attribute operation.
    OperationAll bool
    Grant all permissions to this role. May not be specified with any other operation_* params.
    OperationCreate bool
    Grant permission to use the KMIP Create operation.
    OperationDestroy bool
    Grant permission to use the KMIP Destroy operation.
    OperationDiscoverVersions bool
    Grant permission to use the KMIP Discover Version operation.
    OperationGet bool
    Grant permission to use the KMIP Get operation.
    OperationGetAttributeList bool
    Grant permission to use the KMIP Get Atrribute List operation.
    OperationGetAttributes bool
    Grant permission to use the KMIP Get Atrributes operation.
    OperationLocate bool
    Grant permission to use the KMIP Get Locate operation.
    OperationNone bool
    Remove all permissions from this role. May not be specified with any other operation_* params.
    OperationRegister bool
    Grant permission to use the KMIP Register operation.
    OperationRekey bool
    Grant permission to use the KMIP Rekey operation.
    OperationRevoke bool
    Grant permission to use the KMIP Revoke operation.
    TlsClientKeyBits int
    Client certificate key bits, valid values depend on key type.
    TlsClientKeyType string
    Client certificate key type, rsa or ec.
    TlsClientTtl int
    Client certificate TTL in seconds.
    Path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    Role string
    Name of the role.
    Scope string
    Name of the scope.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OperationActivate bool
    Grant permission to use the KMIP Activate operation.
    OperationAddAttribute bool
    Grant permission to use the KMIP Add Attribute operation.
    OperationAll bool
    Grant all permissions to this role. May not be specified with any other operation_* params.
    OperationCreate bool
    Grant permission to use the KMIP Create operation.
    OperationDestroy bool
    Grant permission to use the KMIP Destroy operation.
    OperationDiscoverVersions bool
    Grant permission to use the KMIP Discover Version operation.
    OperationGet bool
    Grant permission to use the KMIP Get operation.
    OperationGetAttributeList bool
    Grant permission to use the KMIP Get Atrribute List operation.
    OperationGetAttributes bool
    Grant permission to use the KMIP Get Atrributes operation.
    OperationLocate bool
    Grant permission to use the KMIP Get Locate operation.
    OperationNone bool
    Remove all permissions from this role. May not be specified with any other operation_* params.
    OperationRegister bool
    Grant permission to use the KMIP Register operation.
    OperationRekey bool
    Grant permission to use the KMIP Rekey operation.
    OperationRevoke bool
    Grant permission to use the KMIP Revoke operation.
    TlsClientKeyBits int
    Client certificate key bits, valid values depend on key type.
    TlsClientKeyType string
    Client certificate key type, rsa or ec.
    TlsClientTtl int
    Client certificate TTL in seconds.
    path String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    role String
    Name of the role.
    scope String
    Name of the scope.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    operationActivate Boolean
    Grant permission to use the KMIP Activate operation.
    operationAddAttribute Boolean
    Grant permission to use the KMIP Add Attribute operation.
    operationAll Boolean
    Grant all permissions to this role. May not be specified with any other operation_* params.
    operationCreate Boolean
    Grant permission to use the KMIP Create operation.
    operationDestroy Boolean
    Grant permission to use the KMIP Destroy operation.
    operationDiscoverVersions Boolean
    Grant permission to use the KMIP Discover Version operation.
    operationGet Boolean
    Grant permission to use the KMIP Get operation.
    operationGetAttributeList Boolean
    Grant permission to use the KMIP Get Atrribute List operation.
    operationGetAttributes Boolean
    Grant permission to use the KMIP Get Atrributes operation.
    operationLocate Boolean
    Grant permission to use the KMIP Get Locate operation.
    operationNone Boolean
    Remove all permissions from this role. May not be specified with any other operation_* params.
    operationRegister Boolean
    Grant permission to use the KMIP Register operation.
    operationRekey Boolean
    Grant permission to use the KMIP Rekey operation.
    operationRevoke Boolean
    Grant permission to use the KMIP Revoke operation.
    tlsClientKeyBits Integer
    Client certificate key bits, valid values depend on key type.
    tlsClientKeyType String
    Client certificate key type, rsa or ec.
    tlsClientTtl Integer
    Client certificate TTL in seconds.
    path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    role string
    Name of the role.
    scope string
    Name of the scope.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    operationActivate boolean
    Grant permission to use the KMIP Activate operation.
    operationAddAttribute boolean
    Grant permission to use the KMIP Add Attribute operation.
    operationAll boolean
    Grant all permissions to this role. May not be specified with any other operation_* params.
    operationCreate boolean
    Grant permission to use the KMIP Create operation.
    operationDestroy boolean
    Grant permission to use the KMIP Destroy operation.
    operationDiscoverVersions boolean
    Grant permission to use the KMIP Discover Version operation.
    operationGet boolean
    Grant permission to use the KMIP Get operation.
    operationGetAttributeList boolean
    Grant permission to use the KMIP Get Atrribute List operation.
    operationGetAttributes boolean
    Grant permission to use the KMIP Get Atrributes operation.
    operationLocate boolean
    Grant permission to use the KMIP Get Locate operation.
    operationNone boolean
    Remove all permissions from this role. May not be specified with any other operation_* params.
    operationRegister boolean
    Grant permission to use the KMIP Register operation.
    operationRekey boolean
    Grant permission to use the KMIP Rekey operation.
    operationRevoke boolean
    Grant permission to use the KMIP Revoke operation.
    tlsClientKeyBits number
    Client certificate key bits, valid values depend on key type.
    tlsClientKeyType string
    Client certificate key type, rsa or ec.
    tlsClientTtl number
    Client certificate TTL in seconds.
    path str
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    role str
    Name of the role.
    scope str
    Name of the scope.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    operation_activate bool
    Grant permission to use the KMIP Activate operation.
    operation_add_attribute bool
    Grant permission to use the KMIP Add Attribute operation.
    operation_all bool
    Grant all permissions to this role. May not be specified with any other operation_* params.
    operation_create bool
    Grant permission to use the KMIP Create operation.
    operation_destroy bool
    Grant permission to use the KMIP Destroy operation.
    operation_discover_versions bool
    Grant permission to use the KMIP Discover Version operation.
    operation_get bool
    Grant permission to use the KMIP Get operation.
    operation_get_attribute_list bool
    Grant permission to use the KMIP Get Atrribute List operation.
    operation_get_attributes bool
    Grant permission to use the KMIP Get Atrributes operation.
    operation_locate bool
    Grant permission to use the KMIP Get Locate operation.
    operation_none bool
    Remove all permissions from this role. May not be specified with any other operation_* params.
    operation_register bool
    Grant permission to use the KMIP Register operation.
    operation_rekey bool
    Grant permission to use the KMIP Rekey operation.
    operation_revoke bool
    Grant permission to use the KMIP Revoke operation.
    tls_client_key_bits int
    Client certificate key bits, valid values depend on key type.
    tls_client_key_type str
    Client certificate key type, rsa or ec.
    tls_client_ttl int
    Client certificate TTL in seconds.
    path String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    role String
    Name of the role.
    scope String
    Name of the scope.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    operationActivate Boolean
    Grant permission to use the KMIP Activate operation.
    operationAddAttribute Boolean
    Grant permission to use the KMIP Add Attribute operation.
    operationAll Boolean
    Grant all permissions to this role. May not be specified with any other operation_* params.
    operationCreate Boolean
    Grant permission to use the KMIP Create operation.
    operationDestroy Boolean
    Grant permission to use the KMIP Destroy operation.
    operationDiscoverVersions Boolean
    Grant permission to use the KMIP Discover Version operation.
    operationGet Boolean
    Grant permission to use the KMIP Get operation.
    operationGetAttributeList Boolean
    Grant permission to use the KMIP Get Atrribute List operation.
    operationGetAttributes Boolean
    Grant permission to use the KMIP Get Atrributes operation.
    operationLocate Boolean
    Grant permission to use the KMIP Get Locate operation.
    operationNone Boolean
    Remove all permissions from this role. May not be specified with any other operation_* params.
    operationRegister Boolean
    Grant permission to use the KMIP Register operation.
    operationRekey Boolean
    Grant permission to use the KMIP Rekey operation.
    operationRevoke Boolean
    Grant permission to use the KMIP Revoke operation.
    tlsClientKeyBits Number
    Client certificate key bits, valid values depend on key type.
    tlsClientKeyType String
    Client certificate key type, rsa or ec.
    tlsClientTtl Number
    Client certificate TTL in seconds.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecretRole resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing SecretRole Resource

    Get an existing SecretRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecretRoleState, opts?: CustomResourceOptions): SecretRole
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            namespace: Optional[str] = None,
            operation_activate: Optional[bool] = None,
            operation_add_attribute: Optional[bool] = None,
            operation_all: Optional[bool] = None,
            operation_create: Optional[bool] = None,
            operation_destroy: Optional[bool] = None,
            operation_discover_versions: Optional[bool] = None,
            operation_get: Optional[bool] = None,
            operation_get_attribute_list: Optional[bool] = None,
            operation_get_attributes: Optional[bool] = None,
            operation_locate: Optional[bool] = None,
            operation_none: Optional[bool] = None,
            operation_register: Optional[bool] = None,
            operation_rekey: Optional[bool] = None,
            operation_revoke: Optional[bool] = None,
            path: Optional[str] = None,
            role: Optional[str] = None,
            scope: Optional[str] = None,
            tls_client_key_bits: Optional[int] = None,
            tls_client_key_type: Optional[str] = None,
            tls_client_ttl: Optional[int] = None) -> SecretRole
    func GetSecretRole(ctx *Context, name string, id IDInput, state *SecretRoleState, opts ...ResourceOption) (*SecretRole, error)
    public static SecretRole Get(string name, Input<string> id, SecretRoleState? state, CustomResourceOptions? opts = null)
    public static SecretRole get(String name, Output<String> id, SecretRoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OperationActivate bool
    Grant permission to use the KMIP Activate operation.
    OperationAddAttribute bool
    Grant permission to use the KMIP Add Attribute operation.
    OperationAll bool
    Grant all permissions to this role. May not be specified with any other operation_* params.
    OperationCreate bool
    Grant permission to use the KMIP Create operation.
    OperationDestroy bool
    Grant permission to use the KMIP Destroy operation.
    OperationDiscoverVersions bool
    Grant permission to use the KMIP Discover Version operation.
    OperationGet bool
    Grant permission to use the KMIP Get operation.
    OperationGetAttributeList bool
    Grant permission to use the KMIP Get Atrribute List operation.
    OperationGetAttributes bool
    Grant permission to use the KMIP Get Atrributes operation.
    OperationLocate bool
    Grant permission to use the KMIP Get Locate operation.
    OperationNone bool
    Remove all permissions from this role. May not be specified with any other operation_* params.
    OperationRegister bool
    Grant permission to use the KMIP Register operation.
    OperationRekey bool
    Grant permission to use the KMIP Rekey operation.
    OperationRevoke bool
    Grant permission to use the KMIP Revoke operation.
    Path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    Role string
    Name of the role.
    Scope string
    Name of the scope.
    TlsClientKeyBits int
    Client certificate key bits, valid values depend on key type.
    TlsClientKeyType string
    Client certificate key type, rsa or ec.
    TlsClientTtl int
    Client certificate TTL in seconds.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OperationActivate bool
    Grant permission to use the KMIP Activate operation.
    OperationAddAttribute bool
    Grant permission to use the KMIP Add Attribute operation.
    OperationAll bool
    Grant all permissions to this role. May not be specified with any other operation_* params.
    OperationCreate bool
    Grant permission to use the KMIP Create operation.
    OperationDestroy bool
    Grant permission to use the KMIP Destroy operation.
    OperationDiscoverVersions bool
    Grant permission to use the KMIP Discover Version operation.
    OperationGet bool
    Grant permission to use the KMIP Get operation.
    OperationGetAttributeList bool
    Grant permission to use the KMIP Get Atrribute List operation.
    OperationGetAttributes bool
    Grant permission to use the KMIP Get Atrributes operation.
    OperationLocate bool
    Grant permission to use the KMIP Get Locate operation.
    OperationNone bool
    Remove all permissions from this role. May not be specified with any other operation_* params.
    OperationRegister bool
    Grant permission to use the KMIP Register operation.
    OperationRekey bool
    Grant permission to use the KMIP Rekey operation.
    OperationRevoke bool
    Grant permission to use the KMIP Revoke operation.
    Path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    Role string
    Name of the role.
    Scope string
    Name of the scope.
    TlsClientKeyBits int
    Client certificate key bits, valid values depend on key type.
    TlsClientKeyType string
    Client certificate key type, rsa or ec.
    TlsClientTtl int
    Client certificate TTL in seconds.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    operationActivate Boolean
    Grant permission to use the KMIP Activate operation.
    operationAddAttribute Boolean
    Grant permission to use the KMIP Add Attribute operation.
    operationAll Boolean
    Grant all permissions to this role. May not be specified with any other operation_* params.
    operationCreate Boolean
    Grant permission to use the KMIP Create operation.
    operationDestroy Boolean
    Grant permission to use the KMIP Destroy operation.
    operationDiscoverVersions Boolean
    Grant permission to use the KMIP Discover Version operation.
    operationGet Boolean
    Grant permission to use the KMIP Get operation.
    operationGetAttributeList Boolean
    Grant permission to use the KMIP Get Atrribute List operation.
    operationGetAttributes Boolean
    Grant permission to use the KMIP Get Atrributes operation.
    operationLocate Boolean
    Grant permission to use the KMIP Get Locate operation.
    operationNone Boolean
    Remove all permissions from this role. May not be specified with any other operation_* params.
    operationRegister Boolean
    Grant permission to use the KMIP Register operation.
    operationRekey Boolean
    Grant permission to use the KMIP Rekey operation.
    operationRevoke Boolean
    Grant permission to use the KMIP Revoke operation.
    path String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    role String
    Name of the role.
    scope String
    Name of the scope.
    tlsClientKeyBits Integer
    Client certificate key bits, valid values depend on key type.
    tlsClientKeyType String
    Client certificate key type, rsa or ec.
    tlsClientTtl Integer
    Client certificate TTL in seconds.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    operationActivate boolean
    Grant permission to use the KMIP Activate operation.
    operationAddAttribute boolean
    Grant permission to use the KMIP Add Attribute operation.
    operationAll boolean
    Grant all permissions to this role. May not be specified with any other operation_* params.
    operationCreate boolean
    Grant permission to use the KMIP Create operation.
    operationDestroy boolean
    Grant permission to use the KMIP Destroy operation.
    operationDiscoverVersions boolean
    Grant permission to use the KMIP Discover Version operation.
    operationGet boolean
    Grant permission to use the KMIP Get operation.
    operationGetAttributeList boolean
    Grant permission to use the KMIP Get Atrribute List operation.
    operationGetAttributes boolean
    Grant permission to use the KMIP Get Atrributes operation.
    operationLocate boolean
    Grant permission to use the KMIP Get Locate operation.
    operationNone boolean
    Remove all permissions from this role. May not be specified with any other operation_* params.
    operationRegister boolean
    Grant permission to use the KMIP Register operation.
    operationRekey boolean
    Grant permission to use the KMIP Rekey operation.
    operationRevoke boolean
    Grant permission to use the KMIP Revoke operation.
    path string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    role string
    Name of the role.
    scope string
    Name of the scope.
    tlsClientKeyBits number
    Client certificate key bits, valid values depend on key type.
    tlsClientKeyType string
    Client certificate key type, rsa or ec.
    tlsClientTtl number
    Client certificate TTL in seconds.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    operation_activate bool
    Grant permission to use the KMIP Activate operation.
    operation_add_attribute bool
    Grant permission to use the KMIP Add Attribute operation.
    operation_all bool
    Grant all permissions to this role. May not be specified with any other operation_* params.
    operation_create bool
    Grant permission to use the KMIP Create operation.
    operation_destroy bool
    Grant permission to use the KMIP Destroy operation.
    operation_discover_versions bool
    Grant permission to use the KMIP Discover Version operation.
    operation_get bool
    Grant permission to use the KMIP Get operation.
    operation_get_attribute_list bool
    Grant permission to use the KMIP Get Atrribute List operation.
    operation_get_attributes bool
    Grant permission to use the KMIP Get Atrributes operation.
    operation_locate bool
    Grant permission to use the KMIP Get Locate operation.
    operation_none bool
    Remove all permissions from this role. May not be specified with any other operation_* params.
    operation_register bool
    Grant permission to use the KMIP Register operation.
    operation_rekey bool
    Grant permission to use the KMIP Rekey operation.
    operation_revoke bool
    Grant permission to use the KMIP Revoke operation.
    path str
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    role str
    Name of the role.
    scope str
    Name of the scope.
    tls_client_key_bits int
    Client certificate key bits, valid values depend on key type.
    tls_client_key_type str
    Client certificate key type, rsa or ec.
    tls_client_ttl int
    Client certificate TTL in seconds.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    operationActivate Boolean
    Grant permission to use the KMIP Activate operation.
    operationAddAttribute Boolean
    Grant permission to use the KMIP Add Attribute operation.
    operationAll Boolean
    Grant all permissions to this role. May not be specified with any other operation_* params.
    operationCreate Boolean
    Grant permission to use the KMIP Create operation.
    operationDestroy Boolean
    Grant permission to use the KMIP Destroy operation.
    operationDiscoverVersions Boolean
    Grant permission to use the KMIP Discover Version operation.
    operationGet Boolean
    Grant permission to use the KMIP Get operation.
    operationGetAttributeList Boolean
    Grant permission to use the KMIP Get Atrribute List operation.
    operationGetAttributes Boolean
    Grant permission to use the KMIP Get Atrributes operation.
    operationLocate Boolean
    Grant permission to use the KMIP Get Locate operation.
    operationNone Boolean
    Remove all permissions from this role. May not be specified with any other operation_* params.
    operationRegister Boolean
    Grant permission to use the KMIP Register operation.
    operationRekey Boolean
    Grant permission to use the KMIP Rekey operation.
    operationRevoke Boolean
    Grant permission to use the KMIP Revoke operation.
    path String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
    role String
    Name of the role.
    scope String
    Name of the scope.
    tlsClientKeyBits Number
    Client certificate key bits, valid values depend on key type.
    tlsClientKeyType String
    Client certificate key type, rsa or ec.
    tlsClientTtl Number
    Client certificate TTL in seconds.

    Import

    KMIP Secret role can be imported using the path, e.g.

     $ pulumi import vault:kmip/secretRole:SecretRole admin kmip
    

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi