Docs Home
HashiCorp Vault v7.1.0 published on Thursday, Jul 10, 2025 by Pulumi
vault.pkiSecret.getBackendConfigScep
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.Mount("pki", {
path: "pki",
type: "pki",
description: "PKI secret engine mount",
});
const scepConfig = vault.pkiSecret.getBackendConfigScepOutput({
backend: pki.path,
});
import pulumi
import pulumi_vault as vault
pki = vault.Mount("pki",
path="pki",
type="pki",
description="PKI secret engine mount")
scep_config = vault.pkiSecret.get_backend_config_scep_output(backend=pki.path)
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v7/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v7/go/vault/pkisecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
Path: pulumi.String("pki"),
Type: pulumi.String("pki"),
Description: pulumi.String("PKI secret engine mount"),
})
if err != nil {
return err
}
_ = pkisecret.GetBackendConfigScepOutput(ctx, pkisecret.GetBackendConfigScepOutputArgs{
Backend: pki.Path,
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var pki = new Vault.Mount("pki", new()
{
Path = "pki",
Type = "pki",
Description = "PKI secret engine mount",
});
var scepConfig = Vault.PkiSecret.GetBackendConfigScep.Invoke(new()
{
Backend = pki.Path,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.pkiSecret.PkiSecretFunctions;
import com.pulumi.vault.pkiSecret.inputs.GetBackendConfigScepArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pki = new Mount("pki", MountArgs.builder()
.path("pki")
.type("pki")
.description("PKI secret engine mount")
.build());
final var scepConfig = PkiSecretFunctions.getBackendConfigScep(GetBackendConfigScepArgs.builder()
.backend(pki.path())
.build());
}
}
resources:
pki:
type: vault:Mount
properties:
path: pki
type: pki
description: PKI secret engine mount
variables:
scepConfig:
fn::invoke:
function: vault:pkiSecret:getBackendConfigScep
arguments:
backend: ${pki.path}
Using getBackendConfigScep
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getBackendConfigScep(args: GetBackendConfigScepArgs, opts?: InvokeOptions): Promise<GetBackendConfigScepResult>
function getBackendConfigScepOutput(args: GetBackendConfigScepOutputArgs, opts?: InvokeOptions): Output<GetBackendConfigScepResult>def get_backend_config_scep(backend: Optional[str] = None,
namespace: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetBackendConfigScepResult
def get_backend_config_scep_output(backend: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetBackendConfigScepResult]func LookupBackendConfigScep(ctx *Context, args *LookupBackendConfigScepArgs, opts ...InvokeOption) (*LookupBackendConfigScepResult, error)
func LookupBackendConfigScepOutput(ctx *Context, args *LookupBackendConfigScepOutputArgs, opts ...InvokeOption) LookupBackendConfigScepResultOutput> Note: This function is named LookupBackendConfigScep in the Go SDK.
public static class GetBackendConfigScep
{
public static Task<GetBackendConfigScepResult> InvokeAsync(GetBackendConfigScepArgs args, InvokeOptions? opts = null)
public static Output<GetBackendConfigScepResult> Invoke(GetBackendConfigScepInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetBackendConfigScepResult> getBackendConfigScep(GetBackendConfigScepArgs args, InvokeOptions options)
public static Output<GetBackendConfigScepResult> getBackendConfigScep(GetBackendConfigScepArgs args, InvokeOptions options)
fn::invoke:
function: vault:pkiSecret/getBackendConfigScep:getBackendConfigScep
arguments:
# arguments dictionaryThe following arguments are supported:
- Backend string
- The path to the PKI secret backend to
read the SCEP configuration from, with no leading or trailing
/s. - Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- Backend string
- The path to the PKI secret backend to
read the SCEP configuration from, with no leading or trailing
/s. - Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend String
- The path to the PKI secret backend to
read the SCEP configuration from, with no leading or trailing
/s. - namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend string
- The path to the PKI secret backend to
read the SCEP configuration from, with no leading or trailing
/s. - namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend str
- The path to the PKI secret backend to
read the SCEP configuration from, with no leading or trailing
/s. - namespace str
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend String
- The path to the PKI secret backend to
read the SCEP configuration from, with no leading or trailing
/s. - namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
getBackendConfigScep Result
The following output properties are available:
- Allowed
Digest List<string>Algorithms - List of allowed digest algorithms for SCEP requests.
- Allowed
Encryption List<string>Algorithms - List of allowed encryption algorithms for SCEP requests.
- Authenticators
List<Get
Backend Config Scep Authenticator> - Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
- Backend string
- Default
Path stringPolicy - Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
- Enabled bool
- Specifies whether SCEP is enabled.
- External
Validations List<GetBackend Config Scep External Validation> - Lists the 3rd party validation of SCEP requests (see below for nested schema).
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- Restrict
Ca boolChain To Issuer - If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
- Namespace string
- Allowed
Digest []stringAlgorithms - List of allowed digest algorithms for SCEP requests.
- Allowed
Encryption []stringAlgorithms - List of allowed encryption algorithms for SCEP requests.
- Authenticators
[]Get
Backend Config Scep Authenticator - Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
- Backend string
- Default
Path stringPolicy - Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
- Enabled bool
- Specifies whether SCEP is enabled.
- External
Validations []GetBackend Config Scep External Validation - Lists the 3rd party validation of SCEP requests (see below for nested schema).
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- Restrict
Ca boolChain To Issuer - If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
- Namespace string
- allowed
Digest List<String>Algorithms - List of allowed digest algorithms for SCEP requests.
- allowed
Encryption List<String>Algorithms - List of allowed encryption algorithms for SCEP requests.
- authenticators
List<Get
Backend Config Scep Authenticator> - Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
- backend String
- default
Path StringPolicy - Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
- enabled Boolean
- Specifies whether SCEP is enabled.
- external
Validations List<GetBackend Config Scep External Validation> - Lists the 3rd party validation of SCEP requests (see below for nested schema).
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated String - A read-only timestamp representing the last time the configuration was updated.
- restrict
Ca BooleanChain To Issuer - If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
- namespace String
- allowed
Digest string[]Algorithms - List of allowed digest algorithms for SCEP requests.
- allowed
Encryption string[]Algorithms - List of allowed encryption algorithms for SCEP requests.
- authenticators
Get
Backend Config Scep Authenticator[] - Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
- backend string
- default
Path stringPolicy - Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
- enabled boolean
- Specifies whether SCEP is enabled.
- external
Validations GetBackend Config Scep External Validation[] - Lists the 3rd party validation of SCEP requests (see below for nested schema).
- id string
- The provider-assigned unique ID for this managed resource.
- last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- restrict
Ca booleanChain To Issuer - If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
- namespace string
- allowed_
digest_ Sequence[str]algorithms - List of allowed digest algorithms for SCEP requests.
- allowed_
encryption_ Sequence[str]algorithms - List of allowed encryption algorithms for SCEP requests.
- authenticators
Sequence[Get
Backend Config Scep Authenticator] - Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
- backend str
- default_
path_ strpolicy - Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
- enabled bool
- Specifies whether SCEP is enabled.
- external_
validations Sequence[GetBackend Config Scep External Validation] - Lists the 3rd party validation of SCEP requests (see below for nested schema).
- id str
- The provider-assigned unique ID for this managed resource.
- last_
updated str - A read-only timestamp representing the last time the configuration was updated.
- restrict_
ca_ boolchain_ to_ issuer - If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
- namespace str
- allowed
Digest List<String>Algorithms - List of allowed digest algorithms for SCEP requests.
- allowed
Encryption List<String>Algorithms - List of allowed encryption algorithms for SCEP requests.
- authenticators List<Property Map>
- Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
- backend String
- default
Path StringPolicy - Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
- enabled Boolean
- Specifies whether SCEP is enabled.
- external
Validations List<Property Map> - Lists the 3rd party validation of SCEP requests (see below for nested schema).
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated String - A read-only timestamp representing the last time the configuration was updated.
- restrict
Ca BooleanChain To Issuer - If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
- namespace String
Supporting Types
GetBackendConfigScepAuthenticator
GetBackendConfigScepExternalValidation
- Intune Dictionary<string, string>
- The tenant_id, client_id, client_secret and environment properties for Microsoft Intune validation of SCEP requests.
- Intune map[string]string
- The tenant_id, client_id, client_secret and environment properties for Microsoft Intune validation of SCEP requests.
- intune Map<String,String>
- The tenant_id, client_id, client_secret and environment properties for Microsoft Intune validation of SCEP requests.
- intune {[key: string]: string}
- The tenant_id, client_id, client_secret and environment properties for Microsoft Intune validation of SCEP requests.
- intune Mapping[str, str]
- The tenant_id, client_id, client_secret and environment properties for Microsoft Intune validation of SCEP requests.
- intune Map<String>
- The tenant_id, client_id, client_secret and environment properties for Microsoft Intune validation of SCEP requests.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.