1. Packages
  2. HashiCorp Vault Provider
  3. API Docs
  4. pkiSecret
  5. BackendConfigAcme
HashiCorp Vault v6.5.0 published on Thursday, Jan 16, 2025 by Pulumi

vault.pkiSecret.BackendConfigAcme

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.5.0 published on Thursday, Jan 16, 2025 by Pulumi

    Allows setting the ACME server configuration used by specified mount.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const pki = new vault.Mount("pki", {
        path: "pki",
        type: "pki",
        defaultLeaseTtlSeconds: 3600,
        maxLeaseTtlSeconds: 86400,
    });
    const pkiConfigCluster = new vault.pkisecret.BackendConfigCluster("pki_config_cluster", {
        backend: pki.path,
        path: "http://127.0.0.1:8200/v1/pki",
        aiaPath: "http://127.0.0.1:8200/v1/pki",
    });
    const example = new vault.pkisecret.BackendConfigAcme("example", {
        backend: pki.path,
        enabled: true,
        allowedIssuers: ["*"],
        allowedRoles: ["*"],
        allowRoleExtKeyUsage: false,
        defaultDirectoryPolicy: "sign-verbatim",
        dnsResolver: "",
        eabPolicy: "not-required",
    });
    
    import pulumi
    import pulumi_vault as vault
    
    pki = vault.Mount("pki",
        path="pki",
        type="pki",
        default_lease_ttl_seconds=3600,
        max_lease_ttl_seconds=86400)
    pki_config_cluster = vault.pki_secret.BackendConfigCluster("pki_config_cluster",
        backend=pki.path,
        path="http://127.0.0.1:8200/v1/pki",
        aia_path="http://127.0.0.1:8200/v1/pki")
    example = vault.pki_secret.BackendConfigAcme("example",
        backend=pki.path,
        enabled=True,
        allowed_issuers=["*"],
        allowed_roles=["*"],
        allow_role_ext_key_usage=False,
        default_directory_policy="sign-verbatim",
        dns_resolver="",
        eab_policy="not-required")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
    			Path:                   pulumi.String("pki"),
    			Type:                   pulumi.String("pki"),
    			DefaultLeaseTtlSeconds: pulumi.Int(3600),
    			MaxLeaseTtlSeconds:     pulumi.Int(86400),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = pkisecret.NewBackendConfigCluster(ctx, "pki_config_cluster", &pkisecret.BackendConfigClusterArgs{
    			Backend: pki.Path,
    			Path:    pulumi.String("http://127.0.0.1:8200/v1/pki"),
    			AiaPath: pulumi.String("http://127.0.0.1:8200/v1/pki"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = pkisecret.NewBackendConfigAcme(ctx, "example", &pkisecret.BackendConfigAcmeArgs{
    			Backend: pki.Path,
    			Enabled: pulumi.Bool(true),
    			AllowedIssuers: pulumi.StringArray{
    				pulumi.String("*"),
    			},
    			AllowedRoles: pulumi.StringArray{
    				pulumi.String("*"),
    			},
    			AllowRoleExtKeyUsage:   pulumi.Bool(false),
    			DefaultDirectoryPolicy: pulumi.String("sign-verbatim"),
    			DnsResolver:            pulumi.String(""),
    			EabPolicy:              pulumi.String("not-required"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var pki = new Vault.Mount("pki", new()
        {
            Path = "pki",
            Type = "pki",
            DefaultLeaseTtlSeconds = 3600,
            MaxLeaseTtlSeconds = 86400,
        });
    
        var pkiConfigCluster = new Vault.PkiSecret.BackendConfigCluster("pki_config_cluster", new()
        {
            Backend = pki.Path,
            Path = "http://127.0.0.1:8200/v1/pki",
            AiaPath = "http://127.0.0.1:8200/v1/pki",
        });
    
        var example = new Vault.PkiSecret.BackendConfigAcme("example", new()
        {
            Backend = pki.Path,
            Enabled = true,
            AllowedIssuers = new[]
            {
                "*",
            },
            AllowedRoles = new[]
            {
                "*",
            },
            AllowRoleExtKeyUsage = false,
            DefaultDirectoryPolicy = "sign-verbatim",
            DnsResolver = "",
            EabPolicy = "not-required",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.Mount;
    import com.pulumi.vault.MountArgs;
    import com.pulumi.vault.pkiSecret.BackendConfigCluster;
    import com.pulumi.vault.pkiSecret.BackendConfigClusterArgs;
    import com.pulumi.vault.pkiSecret.BackendConfigAcme;
    import com.pulumi.vault.pkiSecret.BackendConfigAcmeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var pki = new Mount("pki", MountArgs.builder()
                .path("pki")
                .type("pki")
                .defaultLeaseTtlSeconds(3600)
                .maxLeaseTtlSeconds(86400)
                .build());
    
            var pkiConfigCluster = new BackendConfigCluster("pkiConfigCluster", BackendConfigClusterArgs.builder()
                .backend(pki.path())
                .path("http://127.0.0.1:8200/v1/pki")
                .aiaPath("http://127.0.0.1:8200/v1/pki")
                .build());
    
            var example = new BackendConfigAcme("example", BackendConfigAcmeArgs.builder()
                .backend(pki.path())
                .enabled(true)
                .allowedIssuers("*")
                .allowedRoles("*")
                .allowRoleExtKeyUsage(false)
                .defaultDirectoryPolicy("sign-verbatim")
                .dnsResolver("")
                .eabPolicy("not-required")
                .build());
    
        }
    }
    
    resources:
      pki:
        type: vault:Mount
        properties:
          path: pki
          type: pki
          defaultLeaseTtlSeconds: 3600
          maxLeaseTtlSeconds: 86400
      pkiConfigCluster:
        type: vault:pkiSecret:BackendConfigCluster
        name: pki_config_cluster
        properties:
          backend: ${pki.path}
          path: http://127.0.0.1:8200/v1/pki
          aiaPath: http://127.0.0.1:8200/v1/pki
      example:
        type: vault:pkiSecret:BackendConfigAcme
        properties:
          backend: ${pki.path}
          enabled: true
          allowedIssuers:
            - '*'
          allowedRoles:
            - '*'
          allowRoleExtKeyUsage: false
          defaultDirectoryPolicy: sign-verbatim
          dnsResolver: ""
          eabPolicy: not-required
    

    Create BackendConfigAcme Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new BackendConfigAcme(name: string, args: BackendConfigAcmeArgs, opts?: CustomResourceOptions);
    @overload
    def BackendConfigAcme(resource_name: str,
                          args: BackendConfigAcmeArgs,
                          opts: Optional[ResourceOptions] = None)
    
    @overload
    def BackendConfigAcme(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          backend: Optional[str] = None,
                          enabled: Optional[bool] = None,
                          allow_role_ext_key_usage: Optional[bool] = None,
                          allowed_issuers: Optional[Sequence[str]] = None,
                          allowed_roles: Optional[Sequence[str]] = None,
                          default_directory_policy: Optional[str] = None,
                          dns_resolver: Optional[str] = None,
                          eab_policy: Optional[str] = None,
                          namespace: Optional[str] = None)
    func NewBackendConfigAcme(ctx *Context, name string, args BackendConfigAcmeArgs, opts ...ResourceOption) (*BackendConfigAcme, error)
    public BackendConfigAcme(string name, BackendConfigAcmeArgs args, CustomResourceOptions? opts = null)
    public BackendConfigAcme(String name, BackendConfigAcmeArgs args)
    public BackendConfigAcme(String name, BackendConfigAcmeArgs args, CustomResourceOptions options)
    
    type: vault:pkiSecret:BackendConfigAcme
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args BackendConfigAcmeArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args BackendConfigAcmeArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args BackendConfigAcmeArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args BackendConfigAcmeArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args BackendConfigAcmeArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var backendConfigAcmeResource = new Vault.PkiSecret.BackendConfigAcme("backendConfigAcmeResource", new()
    {
        Backend = "string",
        Enabled = false,
        AllowRoleExtKeyUsage = false,
        AllowedIssuers = new[]
        {
            "string",
        },
        AllowedRoles = new[]
        {
            "string",
        },
        DefaultDirectoryPolicy = "string",
        DnsResolver = "string",
        EabPolicy = "string",
        Namespace = "string",
    });
    
    example, err := pkiSecret.NewBackendConfigAcme(ctx, "backendConfigAcmeResource", &pkiSecret.BackendConfigAcmeArgs{
    	Backend:              pulumi.String("string"),
    	Enabled:              pulumi.Bool(false),
    	AllowRoleExtKeyUsage: pulumi.Bool(false),
    	AllowedIssuers: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AllowedRoles: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DefaultDirectoryPolicy: pulumi.String("string"),
    	DnsResolver:            pulumi.String("string"),
    	EabPolicy:              pulumi.String("string"),
    	Namespace:              pulumi.String("string"),
    })
    
    var backendConfigAcmeResource = new BackendConfigAcme("backendConfigAcmeResource", BackendConfigAcmeArgs.builder()
        .backend("string")
        .enabled(false)
        .allowRoleExtKeyUsage(false)
        .allowedIssuers("string")
        .allowedRoles("string")
        .defaultDirectoryPolicy("string")
        .dnsResolver("string")
        .eabPolicy("string")
        .namespace("string")
        .build());
    
    backend_config_acme_resource = vault.pki_secret.BackendConfigAcme("backendConfigAcmeResource",
        backend="string",
        enabled=False,
        allow_role_ext_key_usage=False,
        allowed_issuers=["string"],
        allowed_roles=["string"],
        default_directory_policy="string",
        dns_resolver="string",
        eab_policy="string",
        namespace="string")
    
    const backendConfigAcmeResource = new vault.pkisecret.BackendConfigAcme("backendConfigAcmeResource", {
        backend: "string",
        enabled: false,
        allowRoleExtKeyUsage: false,
        allowedIssuers: ["string"],
        allowedRoles: ["string"],
        defaultDirectoryPolicy: "string",
        dnsResolver: "string",
        eabPolicy: "string",
        namespace: "string",
    });
    
    type: vault:pkiSecret:BackendConfigAcme
    properties:
        allowRoleExtKeyUsage: false
        allowedIssuers:
            - string
        allowedRoles:
            - string
        backend: string
        defaultDirectoryPolicy: string
        dnsResolver: string
        eabPolicy: string
        enabled: false
        namespace: string
    

    BackendConfigAcme Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The BackendConfigAcme resource accepts the following input properties:

    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    Enabled bool
    Specifies whether ACME is enabled.
    AllowRoleExtKeyUsage bool
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    AllowedIssuers List<string>
    Specifies which issuers are allowed for use with ACME.
    AllowedRoles List<string>
    Specifies which roles are allowed for use with ACME.
    DefaultDirectoryPolicy string
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    DnsResolver string
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    EabPolicy string
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    Enabled bool
    Specifies whether ACME is enabled.
    AllowRoleExtKeyUsage bool
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    AllowedIssuers []string
    Specifies which issuers are allowed for use with ACME.
    AllowedRoles []string
    Specifies which roles are allowed for use with ACME.
    DefaultDirectoryPolicy string
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    DnsResolver string
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    EabPolicy string
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    enabled Boolean
    Specifies whether ACME is enabled.
    allowRoleExtKeyUsage Boolean
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    allowedIssuers List<String>
    Specifies which issuers are allowed for use with ACME.
    allowedRoles List<String>
    Specifies which roles are allowed for use with ACME.
    defaultDirectoryPolicy String
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    dnsResolver String
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    eabPolicy String
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    enabled boolean
    Specifies whether ACME is enabled.
    allowRoleExtKeyUsage boolean
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    allowedIssuers string[]
    Specifies which issuers are allowed for use with ACME.
    allowedRoles string[]
    Specifies which roles are allowed for use with ACME.
    defaultDirectoryPolicy string
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    dnsResolver string
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    eabPolicy string
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend str
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    enabled bool
    Specifies whether ACME is enabled.
    allow_role_ext_key_usage bool
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    allowed_issuers Sequence[str]
    Specifies which issuers are allowed for use with ACME.
    allowed_roles Sequence[str]
    Specifies which roles are allowed for use with ACME.
    default_directory_policy str
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    dns_resolver str
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    eab_policy str
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    enabled Boolean
    Specifies whether ACME is enabled.
    allowRoleExtKeyUsage Boolean
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    allowedIssuers List<String>
    Specifies which issuers are allowed for use with ACME.
    allowedRoles List<String>
    Specifies which roles are allowed for use with ACME.
    defaultDirectoryPolicy String
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    dnsResolver String
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    eabPolicy String
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the BackendConfigAcme resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing BackendConfigAcme Resource

    Get an existing BackendConfigAcme resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: BackendConfigAcmeState, opts?: CustomResourceOptions): BackendConfigAcme
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allow_role_ext_key_usage: Optional[bool] = None,
            allowed_issuers: Optional[Sequence[str]] = None,
            allowed_roles: Optional[Sequence[str]] = None,
            backend: Optional[str] = None,
            default_directory_policy: Optional[str] = None,
            dns_resolver: Optional[str] = None,
            eab_policy: Optional[str] = None,
            enabled: Optional[bool] = None,
            namespace: Optional[str] = None) -> BackendConfigAcme
    func GetBackendConfigAcme(ctx *Context, name string, id IDInput, state *BackendConfigAcmeState, opts ...ResourceOption) (*BackendConfigAcme, error)
    public static BackendConfigAcme Get(string name, Input<string> id, BackendConfigAcmeState? state, CustomResourceOptions? opts = null)
    public static BackendConfigAcme get(String name, Output<String> id, BackendConfigAcmeState state, CustomResourceOptions options)
    resources:  _:    type: vault:pkiSecret:BackendConfigAcme    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowRoleExtKeyUsage bool
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    AllowedIssuers List<string>
    Specifies which issuers are allowed for use with ACME.
    AllowedRoles List<string>
    Specifies which roles are allowed for use with ACME.
    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    DefaultDirectoryPolicy string
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    DnsResolver string
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    EabPolicy string
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    Enabled bool
    Specifies whether ACME is enabled.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    AllowRoleExtKeyUsage bool
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    AllowedIssuers []string
    Specifies which issuers are allowed for use with ACME.
    AllowedRoles []string
    Specifies which roles are allowed for use with ACME.
    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    DefaultDirectoryPolicy string
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    DnsResolver string
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    EabPolicy string
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    Enabled bool
    Specifies whether ACME is enabled.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    allowRoleExtKeyUsage Boolean
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    allowedIssuers List<String>
    Specifies which issuers are allowed for use with ACME.
    allowedRoles List<String>
    Specifies which roles are allowed for use with ACME.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    defaultDirectoryPolicy String
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    dnsResolver String
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    eabPolicy String
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    enabled Boolean
    Specifies whether ACME is enabled.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    allowRoleExtKeyUsage boolean
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    allowedIssuers string[]
    Specifies which issuers are allowed for use with ACME.
    allowedRoles string[]
    Specifies which roles are allowed for use with ACME.
    backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    defaultDirectoryPolicy string
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    dnsResolver string
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    eabPolicy string
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    enabled boolean
    Specifies whether ACME is enabled.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    allow_role_ext_key_usage bool
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    allowed_issuers Sequence[str]
    Specifies which issuers are allowed for use with ACME.
    allowed_roles Sequence[str]
    Specifies which roles are allowed for use with ACME.
    backend str
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    default_directory_policy str
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    dns_resolver str
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    eab_policy str
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    enabled bool
    Specifies whether ACME is enabled.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    allowRoleExtKeyUsage Boolean
    Specifies whether the ExtKeyUsage field from a role is used. Vault 1.14.1+
    allowedIssuers List<String>
    Specifies which issuers are allowed for use with ACME.
    allowedRoles List<String>
    Specifies which roles are allowed for use with ACME.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    defaultDirectoryPolicy String
    Specifies the policy to be used for non-role-qualified ACME requests. Allowed values are forbid, sign-verbatim, role:<role_name>, external-policy or external-policy:<policy>.
    dnsResolver String
    DNS resolver to use for domain resolution on this mount. Must be in the format <host>:<port>, with both parts mandatory.
    eabPolicy String
    Specifies the policy to use for external account binding behaviour. Allowed values are not-required, new-account-required or always-required.
    enabled Boolean
    Specifies whether ACME is enabled.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    Import

    The ACME configuration can be imported using the resource’s id. In the case of the example above the id would be pki/config/acme, where the pki component is the resource’s backend, e.g.

    $ pulumi import vault:pkiSecret/backendConfigAcme:BackendConfigAcme example pki/config/acme
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.5.0 published on Thursday, Jan 16, 2025 by Pulumi