Docs
Packagesvault.Mount
Explore with Pulumi AI
Import
Mounts can be imported using the path, e.g.
$ pulumi import vault:index/mount:Mount example dummy
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var example = new Vault.Mount("example", new()
{
Description = "This is an example mount",
Path = "dummy",
Type = "generic",
});
});
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "example", &vault.MountArgs{
Description: pulumi.String("This is an example mount"),
Path: pulumi.String("dummy"),
Type: pulumi.String("generic"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Mount("example", MountArgs.builder()
.description("This is an example mount")
.path("dummy")
.type("generic")
.build());
}
}
import pulumi
import pulumi_vault as vault
example = vault.Mount("example",
description="This is an example mount",
path="dummy",
type="generic")
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const example = new vault.Mount("example", {
description: "This is an example mount",
path: "dummy",
type: "generic",
});
resources:
example:
type: vault:Mount
properties:
description: This is an example mount
path: dummy
type: generic
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var kvv2_example = new Vault.Mount("kvv2-example", new()
{
Description = "This is an example KV Version 2 secret engine mount",
Options =
{
{ "type", "kv-v2" },
{ "version", "2" },
},
Path = "version2-example",
Type = "kv-v2",
});
});
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "kvv2-example", &vault.MountArgs{
Description: pulumi.String("This is an example KV Version 2 secret engine mount"),
Options: pulumi.Map{
"type": pulumi.Any("kv-v2"),
"version": pulumi.Any("2"),
},
Path: pulumi.String("version2-example"),
Type: pulumi.String("kv-v2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kvv2_example = new Mount("kvv2-example", MountArgs.builder()
.description("This is an example KV Version 2 secret engine mount")
.options(Map.ofEntries(
Map.entry("type", "kv-v2"),
Map.entry("version", "2")
))
.path("version2-example")
.type("kv-v2")
.build());
}
}
import pulumi
import pulumi_vault as vault
kvv2_example = vault.Mount("kvv2-example",
description="This is an example KV Version 2 secret engine mount",
options={
"type": "kv-v2",
"version": "2",
},
path="version2-example",
type="kv-v2")
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const kvv2_example = new vault.Mount("kvv2-example", {
description: "This is an example KV Version 2 secret engine mount",
options: {
type: "kv-v2",
version: "2",
},
path: "version2-example",
type: "kv-v2",
});
resources:
kvv2-example:
type: vault:Mount
properties:
description: This is an example KV Version 2 secret engine mount
options:
type: kv-v2
version: '2'
path: version2-example
type: kv-v2
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var transit_example = new Vault.Mount("transit-example", new()
{
Description = "This is an example transit secret engine mount",
Options =
{
{ "convergent_encryption", false },
},
Path = "transit-example",
Type = "transit",
});
});
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "transit-example", &vault.MountArgs{
Description: pulumi.String("This is an example transit secret engine mount"),
Options: pulumi.Map{
"convergent_encryption": pulumi.Any(false),
},
Path: pulumi.String("transit-example"),
Type: pulumi.String("transit"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var transit_example = new Mount("transit-example", MountArgs.builder()
.description("This is an example transit secret engine mount")
.options(Map.of("convergent_encryption", false))
.path("transit-example")
.type("transit")
.build());
}
}
import pulumi
import pulumi_vault as vault
transit_example = vault.Mount("transit-example",
description="This is an example transit secret engine mount",
options={
"convergent_encryption": False,
},
path="transit-example",
type="transit")
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const transit_example = new vault.Mount("transit-example", {
description: "This is an example transit secret engine mount",
options: {
convergent_encryption: false,
},
path: "transit-example",
type: "transit",
});
resources:
transit-example:
type: vault:Mount
properties:
description: This is an example transit secret engine mount
options:
convergent_encryption: false
path: transit-example
type: transit
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var pki_example = new Vault.Mount("pki-example", new()
{
DefaultLeaseTtlSeconds = 3600,
Description = "This is an example PKI mount",
MaxLeaseTtlSeconds = 86400,
Path = "pki-example",
Type = "pki",
});
});
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vault.NewMount(ctx, "pki-example", &vault.MountArgs{
DefaultLeaseTtlSeconds: pulumi.Int(3600),
Description: pulumi.String("This is an example PKI mount"),
MaxLeaseTtlSeconds: pulumi.Int(86400),
Path: pulumi.String("pki-example"),
Type: pulumi.String("pki"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pki_example = new Mount("pki-example", MountArgs.builder()
.defaultLeaseTtlSeconds(3600)
.description("This is an example PKI mount")
.maxLeaseTtlSeconds(86400)
.path("pki-example")
.type("pki")
.build());
}
}
import pulumi
import pulumi_vault as vault
pki_example = vault.Mount("pki-example",
default_lease_ttl_seconds=3600,
description="This is an example PKI mount",
max_lease_ttl_seconds=86400,
path="pki-example",
type="pki")
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki_example = new vault.Mount("pki-example", {
defaultLeaseTtlSeconds: 3600,
description: "This is an example PKI mount",
maxLeaseTtlSeconds: 86400,
path: "pki-example",
type: "pki",
});
resources:
pki-example:
type: vault:Mount
properties:
defaultLeaseTtlSeconds: 3600
description: This is an example PKI mount
maxLeaseTtlSeconds: 86400
path: pki-example
type: pki
Create Mount Resource
new Mount(name: string, args: MountArgs, opts?: CustomResourceOptions);@overload
def Mount(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_managed_keys: Optional[Sequence[str]] = None,
audit_non_hmac_request_keys: Optional[Sequence[str]] = None,
audit_non_hmac_response_keys: Optional[Sequence[str]] = None,
default_lease_ttl_seconds: Optional[int] = None,
description: Optional[str] = None,
external_entropy_access: Optional[bool] = None,
local: Optional[bool] = None,
max_lease_ttl_seconds: Optional[int] = None,
namespace: Optional[str] = None,
options: Optional[Mapping[str, Any]] = None,
path: Optional[str] = None,
seal_wrap: Optional[bool] = None,
type: Optional[str] = None)
@overload
def Mount(resource_name: str,
args: MountArgs,
opts: Optional[ResourceOptions] = None)func NewMount(ctx *Context, name string, args MountArgs, opts ...ResourceOption) (*Mount, error)public Mount(string name, MountArgs args, CustomResourceOptions? opts = null)type: vault:Mount
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args MountArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args MountArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args MountArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Mount Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Mount resource accepts the following input properties:
- Path string
Where the secret backend will be mounted
- Type string
Type of the backend, such as "aws"
- Allowed
Managed List<string>Keys Set of managed key registry entry names that the mount in question is allowed to access
- Audit
Non List<string>Hmac Request Keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non List<string>Hmac Response Keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Default
Lease intTtl Seconds Default lease duration for tokens and secrets in seconds
- Description string
Human-friendly description of the mount
- External
Entropy boolAccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Local bool
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds Maximum possible lease duration for tokens and secrets in seconds
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- Options Dictionary<string, object>
Specifies mount type specific options that are passed to the backend
- Seal
Wrap bool Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- Path string
Where the secret backend will be mounted
- Type string
Type of the backend, such as "aws"
- Allowed
Managed []stringKeys Set of managed key registry entry names that the mount in question is allowed to access
- Audit
Non []stringHmac Request Keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non []stringHmac Response Keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Default
Lease intTtl Seconds Default lease duration for tokens and secrets in seconds
- Description string
Human-friendly description of the mount
- External
Entropy boolAccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Local bool
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds Maximum possible lease duration for tokens and secrets in seconds
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- Options map[string]interface{}
Specifies mount type specific options that are passed to the backend
- Seal
Wrap bool Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- path String
Where the secret backend will be mounted
- type String
Type of the backend, such as "aws"
- allowed
Managed List<String>Keys Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non List<String>Hmac Request Keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease IntegerTtl Seconds Default lease duration for tokens and secrets in seconds
- description String
Human-friendly description of the mount
- external
Entropy BooleanAccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local Boolean
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease IntegerTtl Seconds Maximum possible lease duration for tokens and secrets in seconds
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- options Map<String,Object>
Specifies mount type specific options that are passed to the backend
- seal
Wrap Boolean Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- path string
Where the secret backend will be mounted
- type string
Type of the backend, such as "aws"
- allowed
Managed string[]Keys Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non string[]Hmac Request Keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non string[]Hmac Response Keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease numberTtl Seconds Default lease duration for tokens and secrets in seconds
- description string
Human-friendly description of the mount
- external
Entropy booleanAccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local boolean
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease numberTtl Seconds Maximum possible lease duration for tokens and secrets in seconds
- namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- options {[key: string]: any}
Specifies mount type specific options that are passed to the backend
- seal
Wrap boolean Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- path str
Where the secret backend will be mounted
- type str
Type of the backend, such as "aws"
- allowed_
managed_ Sequence[str]keys Set of managed key registry entry names that the mount in question is allowed to access
- audit_
non_ Sequence[str]hmac_ request_ keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit_
non_ Sequence[str]hmac_ response_ keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default_
lease_ intttl_ seconds Default lease duration for tokens and secrets in seconds
- description str
Human-friendly description of the mount
- external_
entropy_ boolaccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local bool
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max_
lease_ intttl_ seconds Maximum possible lease duration for tokens and secrets in seconds
- namespace str
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- options Mapping[str, Any]
Specifies mount type specific options that are passed to the backend
- seal_
wrap bool Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- path String
Where the secret backend will be mounted
- type String
Type of the backend, such as "aws"
- allowed
Managed List<String>Keys Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non List<String>Hmac Request Keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease NumberTtl Seconds Default lease duration for tokens and secrets in seconds
- description String
Human-friendly description of the mount
- external
Entropy BooleanAccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local Boolean
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease NumberTtl Seconds Maximum possible lease duration for tokens and secrets in seconds
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- options Map<Any>
Specifies mount type specific options that are passed to the backend
- seal
Wrap Boolean Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
Outputs
All input properties are implicitly available as output properties. Additionally, the Mount resource produces the following output properties:
Look up Existing Mount Resource
Get an existing Mount resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: MountState, opts?: CustomResourceOptions): Mount@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
accessor: Optional[str] = None,
allowed_managed_keys: Optional[Sequence[str]] = None,
audit_non_hmac_request_keys: Optional[Sequence[str]] = None,
audit_non_hmac_response_keys: Optional[Sequence[str]] = None,
default_lease_ttl_seconds: Optional[int] = None,
description: Optional[str] = None,
external_entropy_access: Optional[bool] = None,
local: Optional[bool] = None,
max_lease_ttl_seconds: Optional[int] = None,
namespace: Optional[str] = None,
options: Optional[Mapping[str, Any]] = None,
path: Optional[str] = None,
seal_wrap: Optional[bool] = None,
type: Optional[str] = None) -> Mountfunc GetMount(ctx *Context, name string, id IDInput, state *MountState, opts ...ResourceOption) (*Mount, error)public static Mount Get(string name, Input<string> id, MountState? state, CustomResourceOptions? opts = null)public static Mount get(String name, Output<String> id, MountState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Accessor string
The accessor for this mount.
- Allowed
Managed List<string>Keys Set of managed key registry entry names that the mount in question is allowed to access
- Audit
Non List<string>Hmac Request Keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non List<string>Hmac Response Keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Default
Lease intTtl Seconds Default lease duration for tokens and secrets in seconds
- Description string
Human-friendly description of the mount
- External
Entropy boolAccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Local bool
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds Maximum possible lease duration for tokens and secrets in seconds
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- Options Dictionary<string, object>
Specifies mount type specific options that are passed to the backend
- Path string
Where the secret backend will be mounted
- Seal
Wrap bool Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- Type string
Type of the backend, such as "aws"
- Accessor string
The accessor for this mount.
- Allowed
Managed []stringKeys Set of managed key registry entry names that the mount in question is allowed to access
- Audit
Non []stringHmac Request Keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non []stringHmac Response Keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Default
Lease intTtl Seconds Default lease duration for tokens and secrets in seconds
- Description string
Human-friendly description of the mount
- External
Entropy boolAccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Local bool
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds Maximum possible lease duration for tokens and secrets in seconds
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- Options map[string]interface{}
Specifies mount type specific options that are passed to the backend
- Path string
Where the secret backend will be mounted
- Seal
Wrap bool Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- Type string
Type of the backend, such as "aws"
- accessor String
The accessor for this mount.
- allowed
Managed List<String>Keys Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non List<String>Hmac Request Keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease IntegerTtl Seconds Default lease duration for tokens and secrets in seconds
- description String
Human-friendly description of the mount
- external
Entropy BooleanAccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local Boolean
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease IntegerTtl Seconds Maximum possible lease duration for tokens and secrets in seconds
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- options Map<String,Object>
Specifies mount type specific options that are passed to the backend
- path String
Where the secret backend will be mounted
- seal
Wrap Boolean Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- type String
Type of the backend, such as "aws"
- accessor string
The accessor for this mount.
- allowed
Managed string[]Keys Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non string[]Hmac Request Keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non string[]Hmac Response Keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease numberTtl Seconds Default lease duration for tokens and secrets in seconds
- description string
Human-friendly description of the mount
- external
Entropy booleanAccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local boolean
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease numberTtl Seconds Maximum possible lease duration for tokens and secrets in seconds
- namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- options {[key: string]: any}
Specifies mount type specific options that are passed to the backend
- path string
Where the secret backend will be mounted
- seal
Wrap boolean Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- type string
Type of the backend, such as "aws"
- accessor str
The accessor for this mount.
- allowed_
managed_ Sequence[str]keys Set of managed key registry entry names that the mount in question is allowed to access
- audit_
non_ Sequence[str]hmac_ request_ keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit_
non_ Sequence[str]hmac_ response_ keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default_
lease_ intttl_ seconds Default lease duration for tokens and secrets in seconds
- description str
Human-friendly description of the mount
- external_
entropy_ boolaccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local bool
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max_
lease_ intttl_ seconds Maximum possible lease duration for tokens and secrets in seconds
- namespace str
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- options Mapping[str, Any]
Specifies mount type specific options that are passed to the backend
- path str
Where the secret backend will be mounted
- seal_
wrap bool Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- type str
Type of the backend, such as "aws"
- accessor String
The accessor for this mount.
- allowed
Managed List<String>Keys Set of managed key registry entry names that the mount in question is allowed to access
- audit
Non List<String>Hmac Request Keys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease NumberTtl Seconds Default lease duration for tokens and secrets in seconds
- description String
Human-friendly description of the mount
- external
Entropy BooleanAccess Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- local Boolean
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease NumberTtl Seconds Maximum possible lease duration for tokens and secrets in seconds
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- options Map<Any>
Specifies mount type specific options that are passed to the backend
- path String
Where the secret backend will be mounted
- seal
Wrap Boolean Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- type String
Type of the backend, such as "aws"
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
vaultTerraform Provider.