1. Packages
  2. HashiCorp Vault Provider
  3. API Docs
  4. Provider
HashiCorp Vault v7.3.1 published on Tuesday, Oct 21, 2025 by Pulumi

vault.Provider

Get Started
vault logo
HashiCorp Vault v7.3.1 published on Tuesday, Oct 21, 2025 by Pulumi

    The provider type for the vault package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

    Create Provider Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Provider(name: string, args?: ProviderArgs, opts?: CustomResourceOptions);
    @overload
    def Provider(resource_name: str,
                 args: Optional[ProviderArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Provider(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 add_address_to_env: Optional[str] = None,
                 address: Optional[str] = None,
                 auth_login: Optional[ProviderAuthLoginArgs] = None,
                 auth_login_aws: Optional[ProviderAuthLoginAwsArgs] = None,
                 auth_login_azure: Optional[ProviderAuthLoginAzureArgs] = None,
                 auth_login_cert: Optional[ProviderAuthLoginCertArgs] = None,
                 auth_login_gcp: Optional[ProviderAuthLoginGcpArgs] = None,
                 auth_login_jwt: Optional[ProviderAuthLoginJwtArgs] = None,
                 auth_login_kerberos: Optional[ProviderAuthLoginKerberosArgs] = None,
                 auth_login_oci: Optional[ProviderAuthLoginOciArgs] = None,
                 auth_login_oidc: Optional[ProviderAuthLoginOidcArgs] = None,
                 auth_login_radius: Optional[ProviderAuthLoginRadiusArgs] = None,
                 auth_login_token_file: Optional[ProviderAuthLoginTokenFileArgs] = None,
                 auth_login_userpass: Optional[ProviderAuthLoginUserpassArgs] = None,
                 ca_cert_dir: Optional[str] = None,
                 ca_cert_file: Optional[str] = None,
                 client_auth: Optional[ProviderClientAuthArgs] = None,
                 headers: Optional[Sequence[ProviderHeaderArgs]] = None,
                 max_lease_ttl_seconds: Optional[int] = None,
                 max_retries: Optional[int] = None,
                 max_retries_ccc: Optional[int] = None,
                 namespace: Optional[str] = None,
                 set_namespace_from_token: Optional[bool] = None,
                 skip_child_token: Optional[bool] = None,
                 skip_get_vault_version: Optional[bool] = None,
                 skip_tls_verify: Optional[bool] = None,
                 tls_server_name: Optional[str] = None,
                 token: Optional[str] = None,
                 token_name: Optional[str] = None,
                 vault_version_override: Optional[str] = None)
    func NewProvider(ctx *Context, name string, args *ProviderArgs, opts ...ResourceOption) (*Provider, error)
    public Provider(string name, ProviderArgs? args = null, CustomResourceOptions? opts = null)
    public Provider(String name, ProviderArgs args)
    public Provider(String name, ProviderArgs args, CustomResourceOptions options)
    
    type: pulumi:providers:vault
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ProviderArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ProviderArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ProviderArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ProviderArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ProviderArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Provider Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Provider resource accepts the following input properties:

    AddAddressToEnv string
    Address string
    URL of the root of the target Vault server.
    AuthLogin ProviderAuthLogin
    Login to vault with an existing auth method using auth//login
    AuthLoginAws ProviderAuthLoginAws
    Login to vault using the AWS method
    AuthLoginAzure ProviderAuthLoginAzure
    Login to vault using the azure method
    AuthLoginCert ProviderAuthLoginCert
    Login to vault using the cert method
    AuthLoginGcp ProviderAuthLoginGcp
    Login to vault using the gcp method
    AuthLoginJwt ProviderAuthLoginJwt
    Login to vault using the jwt method
    AuthLoginKerberos ProviderAuthLoginKerberos
    Login to vault using the kerberos method
    AuthLoginOci ProviderAuthLoginOci
    Login to vault using the OCI method
    AuthLoginOidc ProviderAuthLoginOidc
    Login to vault using the oidc method
    AuthLoginRadius ProviderAuthLoginRadius
    Login to vault using the radius method
    AuthLoginTokenFile ProviderAuthLoginTokenFile
    Login to vault using
    AuthLoginUserpass ProviderAuthLoginUserpass
    Login to vault using the userpass method
    CaCertDir string
    Path to directory containing CA certificate files to validate the server's certificate.
    CaCertFile string
    Path to a CA certificate file to validate the server's certificate.
    ClientAuth ProviderClientAuth
    Client authentication credentials.
    Headers List<ProviderHeader>
    The headers to send with each Vault request.
    MaxLeaseTtlSeconds int
    Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL
    MaxRetries int
    Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES
    MaxRetriesCcc int
    Maximum number of retries for Client Controlled Consistency related operations
    Namespace string
    The namespace to use. Available only for Vault Enterprise.
    SetNamespaceFromToken bool
    In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.
    SkipChildToken bool
    Set this to true to prevent the creation of ephemeral child token used by this provider.
    SkipGetVaultVersion bool
    Skip the dynamic fetching of the Vault server version.
    SkipTlsVerify bool
    Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY
    TlsServerName string
    Name to use as the SNI host when connecting via TLS.
    Token string
    Token to use to authenticate to Vault.
    TokenName string
    Token name to use for creating the Vault child token.
    VaultVersionOverride string
    Override the Vault server version, which is normally determined dynamically from the target Vault server
    AddAddressToEnv string
    Address string
    URL of the root of the target Vault server.
    AuthLogin ProviderAuthLoginArgs
    Login to vault with an existing auth method using auth//login
    AuthLoginAws ProviderAuthLoginAwsArgs
    Login to vault using the AWS method
    AuthLoginAzure ProviderAuthLoginAzureArgs
    Login to vault using the azure method
    AuthLoginCert ProviderAuthLoginCertArgs
    Login to vault using the cert method
    AuthLoginGcp ProviderAuthLoginGcpArgs
    Login to vault using the gcp method
    AuthLoginJwt ProviderAuthLoginJwtArgs
    Login to vault using the jwt method
    AuthLoginKerberos ProviderAuthLoginKerberosArgs
    Login to vault using the kerberos method
    AuthLoginOci ProviderAuthLoginOciArgs
    Login to vault using the OCI method
    AuthLoginOidc ProviderAuthLoginOidcArgs
    Login to vault using the oidc method
    AuthLoginRadius ProviderAuthLoginRadiusArgs
    Login to vault using the radius method
    AuthLoginTokenFile ProviderAuthLoginTokenFileArgs
    Login to vault using
    AuthLoginUserpass ProviderAuthLoginUserpassArgs
    Login to vault using the userpass method
    CaCertDir string
    Path to directory containing CA certificate files to validate the server's certificate.
    CaCertFile string
    Path to a CA certificate file to validate the server's certificate.
    ClientAuth ProviderClientAuthArgs
    Client authentication credentials.
    Headers []ProviderHeaderArgs
    The headers to send with each Vault request.
    MaxLeaseTtlSeconds int
    Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL
    MaxRetries int
    Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES
    MaxRetriesCcc int
    Maximum number of retries for Client Controlled Consistency related operations
    Namespace string
    The namespace to use. Available only for Vault Enterprise.
    SetNamespaceFromToken bool
    In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.
    SkipChildToken bool
    Set this to true to prevent the creation of ephemeral child token used by this provider.
    SkipGetVaultVersion bool
    Skip the dynamic fetching of the Vault server version.
    SkipTlsVerify bool
    Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY
    TlsServerName string
    Name to use as the SNI host when connecting via TLS.
    Token string
    Token to use to authenticate to Vault.
    TokenName string
    Token name to use for creating the Vault child token.
    VaultVersionOverride string
    Override the Vault server version, which is normally determined dynamically from the target Vault server
    addAddressToEnv String
    address String
    URL of the root of the target Vault server.
    authLogin ProviderAuthLogin
    Login to vault with an existing auth method using auth//login
    authLoginAws ProviderAuthLoginAws
    Login to vault using the AWS method
    authLoginAzure ProviderAuthLoginAzure
    Login to vault using the azure method
    authLoginCert ProviderAuthLoginCert
    Login to vault using the cert method
    authLoginGcp ProviderAuthLoginGcp
    Login to vault using the gcp method
    authLoginJwt ProviderAuthLoginJwt
    Login to vault using the jwt method
    authLoginKerberos ProviderAuthLoginKerberos
    Login to vault using the kerberos method
    authLoginOci ProviderAuthLoginOci
    Login to vault using the OCI method
    authLoginOidc ProviderAuthLoginOidc
    Login to vault using the oidc method
    authLoginRadius ProviderAuthLoginRadius
    Login to vault using the radius method
    authLoginTokenFile ProviderAuthLoginTokenFile
    Login to vault using
    authLoginUserpass ProviderAuthLoginUserpass
    Login to vault using the userpass method
    caCertDir String
    Path to directory containing CA certificate files to validate the server's certificate.
    caCertFile String
    Path to a CA certificate file to validate the server's certificate.
    clientAuth ProviderClientAuth
    Client authentication credentials.
    headers List<ProviderHeader>
    The headers to send with each Vault request.
    maxLeaseTtlSeconds Integer
    Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL
    maxRetries Integer
    Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES
    maxRetriesCcc Integer
    Maximum number of retries for Client Controlled Consistency related operations
    namespace String
    The namespace to use. Available only for Vault Enterprise.
    setNamespaceFromToken Boolean
    In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.
    skipChildToken Boolean
    Set this to true to prevent the creation of ephemeral child token used by this provider.
    skipGetVaultVersion Boolean
    Skip the dynamic fetching of the Vault server version.
    skipTlsVerify Boolean
    Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY
    tlsServerName String
    Name to use as the SNI host when connecting via TLS.
    token String
    Token to use to authenticate to Vault.
    tokenName String
    Token name to use for creating the Vault child token.
    vaultVersionOverride String
    Override the Vault server version, which is normally determined dynamically from the target Vault server
    addAddressToEnv string
    address string
    URL of the root of the target Vault server.
    authLogin ProviderAuthLogin
    Login to vault with an existing auth method using auth//login
    authLoginAws ProviderAuthLoginAws
    Login to vault using the AWS method
    authLoginAzure ProviderAuthLoginAzure
    Login to vault using the azure method
    authLoginCert ProviderAuthLoginCert
    Login to vault using the cert method
    authLoginGcp ProviderAuthLoginGcp
    Login to vault using the gcp method
    authLoginJwt ProviderAuthLoginJwt
    Login to vault using the jwt method
    authLoginKerberos ProviderAuthLoginKerberos
    Login to vault using the kerberos method
    authLoginOci ProviderAuthLoginOci
    Login to vault using the OCI method
    authLoginOidc ProviderAuthLoginOidc
    Login to vault using the oidc method
    authLoginRadius ProviderAuthLoginRadius
    Login to vault using the radius method
    authLoginTokenFile ProviderAuthLoginTokenFile
    Login to vault using
    authLoginUserpass ProviderAuthLoginUserpass
    Login to vault using the userpass method
    caCertDir string
    Path to directory containing CA certificate files to validate the server's certificate.
    caCertFile string
    Path to a CA certificate file to validate the server's certificate.
    clientAuth ProviderClientAuth
    Client authentication credentials.
    headers ProviderHeader[]
    The headers to send with each Vault request.
    maxLeaseTtlSeconds number
    Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL
    maxRetries number
    Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES
    maxRetriesCcc number
    Maximum number of retries for Client Controlled Consistency related operations
    namespace string
    The namespace to use. Available only for Vault Enterprise.
    setNamespaceFromToken boolean
    In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.
    skipChildToken boolean
    Set this to true to prevent the creation of ephemeral child token used by this provider.
    skipGetVaultVersion boolean
    Skip the dynamic fetching of the Vault server version.
    skipTlsVerify boolean
    Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY
    tlsServerName string
    Name to use as the SNI host when connecting via TLS.
    token string
    Token to use to authenticate to Vault.
    tokenName string
    Token name to use for creating the Vault child token.
    vaultVersionOverride string
    Override the Vault server version, which is normally determined dynamically from the target Vault server
    add_address_to_env str
    address str
    URL of the root of the target Vault server.
    auth_login ProviderAuthLoginArgs
    Login to vault with an existing auth method using auth//login
    auth_login_aws ProviderAuthLoginAwsArgs
    Login to vault using the AWS method
    auth_login_azure ProviderAuthLoginAzureArgs
    Login to vault using the azure method
    auth_login_cert ProviderAuthLoginCertArgs
    Login to vault using the cert method
    auth_login_gcp ProviderAuthLoginGcpArgs
    Login to vault using the gcp method
    auth_login_jwt ProviderAuthLoginJwtArgs
    Login to vault using the jwt method
    auth_login_kerberos ProviderAuthLoginKerberosArgs
    Login to vault using the kerberos method
    auth_login_oci ProviderAuthLoginOciArgs
    Login to vault using the OCI method
    auth_login_oidc ProviderAuthLoginOidcArgs
    Login to vault using the oidc method
    auth_login_radius ProviderAuthLoginRadiusArgs
    Login to vault using the radius method
    auth_login_token_file ProviderAuthLoginTokenFileArgs
    Login to vault using
    auth_login_userpass ProviderAuthLoginUserpassArgs
    Login to vault using the userpass method
    ca_cert_dir str
    Path to directory containing CA certificate files to validate the server's certificate.
    ca_cert_file str
    Path to a CA certificate file to validate the server's certificate.
    client_auth ProviderClientAuthArgs
    Client authentication credentials.
    headers Sequence[ProviderHeaderArgs]
    The headers to send with each Vault request.
    max_lease_ttl_seconds int
    Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL
    max_retries int
    Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES
    max_retries_ccc int
    Maximum number of retries for Client Controlled Consistency related operations
    namespace str
    The namespace to use. Available only for Vault Enterprise.
    set_namespace_from_token bool
    In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.
    skip_child_token bool
    Set this to true to prevent the creation of ephemeral child token used by this provider.
    skip_get_vault_version bool
    Skip the dynamic fetching of the Vault server version.
    skip_tls_verify bool
    Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY
    tls_server_name str
    Name to use as the SNI host when connecting via TLS.
    token str
    Token to use to authenticate to Vault.
    token_name str
    Token name to use for creating the Vault child token.
    vault_version_override str
    Override the Vault server version, which is normally determined dynamically from the target Vault server
    addAddressToEnv String
    address String
    URL of the root of the target Vault server.
    authLogin Property Map
    Login to vault with an existing auth method using auth//login
    authLoginAws Property Map
    Login to vault using the AWS method
    authLoginAzure Property Map
    Login to vault using the azure method
    authLoginCert Property Map
    Login to vault using the cert method
    authLoginGcp Property Map
    Login to vault using the gcp method
    authLoginJwt Property Map
    Login to vault using the jwt method
    authLoginKerberos Property Map
    Login to vault using the kerberos method
    authLoginOci Property Map
    Login to vault using the OCI method
    authLoginOidc Property Map
    Login to vault using the oidc method
    authLoginRadius Property Map
    Login to vault using the radius method
    authLoginTokenFile Property Map
    Login to vault using
    authLoginUserpass Property Map
    Login to vault using the userpass method
    caCertDir String
    Path to directory containing CA certificate files to validate the server's certificate.
    caCertFile String
    Path to a CA certificate file to validate the server's certificate.
    clientAuth Property Map
    Client authentication credentials.
    headers List<Property Map>
    The headers to send with each Vault request.
    maxLeaseTtlSeconds Number
    Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL
    maxRetries Number
    Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES
    maxRetriesCcc Number
    Maximum number of retries for Client Controlled Consistency related operations
    namespace String
    The namespace to use. Available only for Vault Enterprise.
    setNamespaceFromToken Boolean
    In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.
    skipChildToken Boolean
    Set this to true to prevent the creation of ephemeral child token used by this provider.
    skipGetVaultVersion Boolean
    Skip the dynamic fetching of the Vault server version.
    skipTlsVerify Boolean
    Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY
    tlsServerName String
    Name to use as the SNI host when connecting via TLS.
    token String
    Token to use to authenticate to Vault.
    tokenName String
    Token name to use for creating the Vault child token.
    vaultVersionOverride String
    Override the Vault server version, which is normally determined dynamically from the target Vault server

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Provider resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Provider Resource Methods

    TerraformConfig Method

    This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.

    Using TerraformConfig

    terraformConfig(): Output<Provider.TerraformConfigResult>
    def terraform_config() -> Output[Provider.Terraform_configResult]
    func (r *Provider) TerraformConfig() (ProviderTerraformConfigResultOutput, error)
    public Output<Provider.TerraformConfigResult> TerraformConfig()

    TerraformConfig Result

    Result Dictionary<string, object>
    Result map[string]interface{}
    result Map<String,Object>
    result {[key: string]: any}
    result Mapping[str, Any]
    result Map<Any>

    Supporting Types

    ProviderAuthLogin, ProviderAuthLoginArgs

    Path string
    Method string
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    Parameters Dictionary<string, string>
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Path string
    Method string
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    Parameters map[string]string
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    path String
    method String
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    parameters Map<String,String>
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    path string
    method string
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    parameters {[key: string]: string}
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    path str
    method str
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    parameters Mapping[str, str]
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    path String
    method String
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    parameters Map<String>
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace

    ProviderAuthLoginAws, ProviderAuthLoginAwsArgs

    Role string
    The Vault role to use when logging into Vault.
    AwsAccessKeyId string
    The AWS access key ID.
    AwsIamEndpoint string
    The IAM endpoint URL.
    AwsProfile string
    The name of the AWS profile.
    AwsRegion string
    The AWS region.
    AwsRoleArn string
    The ARN of the AWS Role to assume.Used during STS AssumeRole
    AwsRoleSessionName string
    Specifies the name to attach to the AWS role session. Used during STS AssumeRole
    AwsSecretAccessKey string
    The AWS secret access key.
    AwsSessionToken string
    The AWS session token.
    AwsSharedCredentialsFile string
    Path to the AWS shared credentials file.
    AwsStsEndpoint string
    The STS endpoint URL.
    AwsWebIdentityTokenFile string
    Path to the file containing an OAuth 2.0 access token or OpenID Connect ID token.
    HeaderValue string
    The Vault header value to include in the STS signing request.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Role string
    The Vault role to use when logging into Vault.
    AwsAccessKeyId string
    The AWS access key ID.
    AwsIamEndpoint string
    The IAM endpoint URL.
    AwsProfile string
    The name of the AWS profile.
    AwsRegion string
    The AWS region.
    AwsRoleArn string
    The ARN of the AWS Role to assume.Used during STS AssumeRole
    AwsRoleSessionName string
    Specifies the name to attach to the AWS role session. Used during STS AssumeRole
    AwsSecretAccessKey string
    The AWS secret access key.
    AwsSessionToken string
    The AWS session token.
    AwsSharedCredentialsFile string
    Path to the AWS shared credentials file.
    AwsStsEndpoint string
    The STS endpoint URL.
    AwsWebIdentityTokenFile string
    Path to the file containing an OAuth 2.0 access token or OpenID Connect ID token.
    HeaderValue string
    The Vault header value to include in the STS signing request.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    role String
    The Vault role to use when logging into Vault.
    awsAccessKeyId String
    The AWS access key ID.
    awsIamEndpoint String
    The IAM endpoint URL.
    awsProfile String
    The name of the AWS profile.
    awsRegion String
    The AWS region.
    awsRoleArn String
    The ARN of the AWS Role to assume.Used during STS AssumeRole
    awsRoleSessionName String
    Specifies the name to attach to the AWS role session. Used during STS AssumeRole
    awsSecretAccessKey String
    The AWS secret access key.
    awsSessionToken String
    The AWS session token.
    awsSharedCredentialsFile String
    Path to the AWS shared credentials file.
    awsStsEndpoint String
    The STS endpoint URL.
    awsWebIdentityTokenFile String
    Path to the file containing an OAuth 2.0 access token or OpenID Connect ID token.
    headerValue String
    The Vault header value to include in the STS signing request.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    role string
    The Vault role to use when logging into Vault.
    awsAccessKeyId string
    The AWS access key ID.
    awsIamEndpoint string
    The IAM endpoint URL.
    awsProfile string
    The name of the AWS profile.
    awsRegion string
    The AWS region.
    awsRoleArn string
    The ARN of the AWS Role to assume.Used during STS AssumeRole
    awsRoleSessionName string
    Specifies the name to attach to the AWS role session. Used during STS AssumeRole
    awsSecretAccessKey string
    The AWS secret access key.
    awsSessionToken string
    The AWS session token.
    awsSharedCredentialsFile string
    Path to the AWS shared credentials file.
    awsStsEndpoint string
    The STS endpoint URL.
    awsWebIdentityTokenFile string
    Path to the file containing an OAuth 2.0 access token or OpenID Connect ID token.
    headerValue string
    The Vault header value to include in the STS signing request.
    mount string
    The path where the authentication engine is mounted.
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    role str
    The Vault role to use when logging into Vault.
    aws_access_key_id str
    The AWS access key ID.
    aws_iam_endpoint str
    The IAM endpoint URL.
    aws_profile str
    The name of the AWS profile.
    aws_region str
    The AWS region.
    aws_role_arn str
    The ARN of the AWS Role to assume.Used during STS AssumeRole
    aws_role_session_name str
    Specifies the name to attach to the AWS role session. Used during STS AssumeRole
    aws_secret_access_key str
    The AWS secret access key.
    aws_session_token str
    The AWS session token.
    aws_shared_credentials_file str
    Path to the AWS shared credentials file.
    aws_sts_endpoint str
    The STS endpoint URL.
    aws_web_identity_token_file str
    Path to the file containing an OAuth 2.0 access token or OpenID Connect ID token.
    header_value str
    The Vault header value to include in the STS signing request.
    mount str
    The path where the authentication engine is mounted.
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    role String
    The Vault role to use when logging into Vault.
    awsAccessKeyId String
    The AWS access key ID.
    awsIamEndpoint String
    The IAM endpoint URL.
    awsProfile String
    The name of the AWS profile.
    awsRegion String
    The AWS region.
    awsRoleArn String
    The ARN of the AWS Role to assume.Used during STS AssumeRole
    awsRoleSessionName String
    Specifies the name to attach to the AWS role session. Used during STS AssumeRole
    awsSecretAccessKey String
    The AWS secret access key.
    awsSessionToken String
    The AWS session token.
    awsSharedCredentialsFile String
    Path to the AWS shared credentials file.
    awsStsEndpoint String
    The STS endpoint URL.
    awsWebIdentityTokenFile String
    Path to the file containing an OAuth 2.0 access token or OpenID Connect ID token.
    headerValue String
    The Vault header value to include in the STS signing request.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace

    ProviderAuthLoginAzure, ProviderAuthLoginAzureArgs

    ResourceGroupName string
    The resource group for the machine that generated the MSI token. This information can be obtained through instance metadata.
    Role string
    Name of the login role.
    SubscriptionId string
    The subscription ID for the machine that generated the MSI token. This information can be obtained through instance metadata.
    ClientId string
    The identity's client ID.
    Jwt string
    A signed JSON Web Token. If not specified on will be created automatically
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    Scope string
    The scopes to include in the token request.
    TenantId string
    Provides the tenant ID to use in a multi-tenant authentication scenario.
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    VmName string
    The virtual machine name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    VmssName string
    The virtual machine scale set name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    ResourceGroupName string
    The resource group for the machine that generated the MSI token. This information can be obtained through instance metadata.
    Role string
    Name of the login role.
    SubscriptionId string
    The subscription ID for the machine that generated the MSI token. This information can be obtained through instance metadata.
    ClientId string
    The identity's client ID.
    Jwt string
    A signed JSON Web Token. If not specified on will be created automatically
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    Scope string
    The scopes to include in the token request.
    TenantId string
    Provides the tenant ID to use in a multi-tenant authentication scenario.
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    VmName string
    The virtual machine name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    VmssName string
    The virtual machine scale set name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    resourceGroupName String
    The resource group for the machine that generated the MSI token. This information can be obtained through instance metadata.
    role String
    Name of the login role.
    subscriptionId String
    The subscription ID for the machine that generated the MSI token. This information can be obtained through instance metadata.
    clientId String
    The identity's client ID.
    jwt String
    A signed JSON Web Token. If not specified on will be created automatically
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    scope String
    The scopes to include in the token request.
    tenantId String
    Provides the tenant ID to use in a multi-tenant authentication scenario.
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    vmName String
    The virtual machine name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    vmssName String
    The virtual machine scale set name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    resourceGroupName string
    The resource group for the machine that generated the MSI token. This information can be obtained through instance metadata.
    role string
    Name of the login role.
    subscriptionId string
    The subscription ID for the machine that generated the MSI token. This information can be obtained through instance metadata.
    clientId string
    The identity's client ID.
    jwt string
    A signed JSON Web Token. If not specified on will be created automatically
    mount string
    The path where the authentication engine is mounted.
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    scope string
    The scopes to include in the token request.
    tenantId string
    Provides the tenant ID to use in a multi-tenant authentication scenario.
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    vmName string
    The virtual machine name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    vmssName string
    The virtual machine scale set name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    resource_group_name str
    The resource group for the machine that generated the MSI token. This information can be obtained through instance metadata.
    role str
    Name of the login role.
    subscription_id str
    The subscription ID for the machine that generated the MSI token. This information can be obtained through instance metadata.
    client_id str
    The identity's client ID.
    jwt str
    A signed JSON Web Token. If not specified on will be created automatically
    mount str
    The path where the authentication engine is mounted.
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    scope str
    The scopes to include in the token request.
    tenant_id str
    Provides the tenant ID to use in a multi-tenant authentication scenario.
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    vm_name str
    The virtual machine name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    vmss_name str
    The virtual machine scale set name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    resourceGroupName String
    The resource group for the machine that generated the MSI token. This information can be obtained through instance metadata.
    role String
    Name of the login role.
    subscriptionId String
    The subscription ID for the machine that generated the MSI token. This information can be obtained through instance metadata.
    clientId String
    The identity's client ID.
    jwt String
    A signed JSON Web Token. If not specified on will be created automatically
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    scope String
    The scopes to include in the token request.
    tenantId String
    Provides the tenant ID to use in a multi-tenant authentication scenario.
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    vmName String
    The virtual machine name for the machine that generated the MSI token. This information can be obtained through instance metadata.
    vmssName String
    The virtual machine scale set name for the machine that generated the MSI token. This information can be obtained through instance metadata.

    ProviderAuthLoginCert, ProviderAuthLoginCertArgs

    CertFile string
    Path to a file containing the client certificate.
    KeyFile string
    Path to a file containing the private key that the certificate was issued for.
    Mount string
    The path where the authentication engine is mounted.
    Name string
    Name of the certificate's role
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    CertFile string
    Path to a file containing the client certificate.
    KeyFile string
    Path to a file containing the private key that the certificate was issued for.
    Mount string
    The path where the authentication engine is mounted.
    Name string
    Name of the certificate's role
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    certFile String
    Path to a file containing the client certificate.
    keyFile String
    Path to a file containing the private key that the certificate was issued for.
    mount String
    The path where the authentication engine is mounted.
    name String
    Name of the certificate's role
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    certFile string
    Path to a file containing the client certificate.
    keyFile string
    Path to a file containing the private key that the certificate was issued for.
    mount string
    The path where the authentication engine is mounted.
    name string
    Name of the certificate's role
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    cert_file str
    Path to a file containing the client certificate.
    key_file str
    Path to a file containing the private key that the certificate was issued for.
    mount str
    The path where the authentication engine is mounted.
    name str
    Name of the certificate's role
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    certFile String
    Path to a file containing the client certificate.
    keyFile String
    Path to a file containing the private key that the certificate was issued for.
    mount String
    The path where the authentication engine is mounted.
    name String
    Name of the certificate's role
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace

    ProviderAuthLoginGcp, ProviderAuthLoginGcpArgs

    Role string
    Name of the login role.
    Credentials string
    Path to the Google Cloud credentials file.
    Jwt string
    A signed JSON Web Token.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    ServiceAccount string
    IAM service account.
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Role string
    Name of the login role.
    Credentials string
    Path to the Google Cloud credentials file.
    Jwt string
    A signed JSON Web Token.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    ServiceAccount string
    IAM service account.
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    role String
    Name of the login role.
    credentials String
    Path to the Google Cloud credentials file.
    jwt String
    A signed JSON Web Token.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    serviceAccount String
    IAM service account.
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    role string
    Name of the login role.
    credentials string
    Path to the Google Cloud credentials file.
    jwt string
    A signed JSON Web Token.
    mount string
    The path where the authentication engine is mounted.
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    serviceAccount string
    IAM service account.
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    role str
    Name of the login role.
    credentials str
    Path to the Google Cloud credentials file.
    jwt str
    A signed JSON Web Token.
    mount str
    The path where the authentication engine is mounted.
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    service_account str
    IAM service account.
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    role String
    Name of the login role.
    credentials String
    Path to the Google Cloud credentials file.
    jwt String
    A signed JSON Web Token.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    serviceAccount String
    IAM service account.
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace

    ProviderAuthLoginJwt, ProviderAuthLoginJwtArgs

    Role string
    Name of the login role.
    Jwt string
    A signed JSON Web Token.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Role string
    Name of the login role.
    Jwt string
    A signed JSON Web Token.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    role String
    Name of the login role.
    jwt String
    A signed JSON Web Token.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    role string
    Name of the login role.
    jwt string
    A signed JSON Web Token.
    mount string
    The path where the authentication engine is mounted.
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    role str
    Name of the login role.
    jwt str
    A signed JSON Web Token.
    mount str
    The path where the authentication engine is mounted.
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    role String
    Name of the login role.
    jwt String
    A signed JSON Web Token.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace

    ProviderAuthLoginKerberos, ProviderAuthLoginKerberosArgs

    DisableFastNegotiation bool
    Disable the Kerberos FAST negotiation.
    KeytabPath string
    The Kerberos keytab file containing the entry of the login entity.
    Krb5confPath string
    A valid Kerberos configuration file e.g. /etc/krb5.conf.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    Realm string
    The Kerberos server's authoritative authentication domain
    RemoveInstanceName bool
    Strip the host from the username found in the keytab.
    Service string
    The service principle name.
    Token string
    Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) token
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Username string
    The username to login into Kerberos with.
    DisableFastNegotiation bool
    Disable the Kerberos FAST negotiation.
    KeytabPath string
    The Kerberos keytab file containing the entry of the login entity.
    Krb5confPath string
    A valid Kerberos configuration file e.g. /etc/krb5.conf.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    Realm string
    The Kerberos server's authoritative authentication domain
    RemoveInstanceName bool
    Strip the host from the username found in the keytab.
    Service string
    The service principle name.
    Token string
    Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) token
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Username string
    The username to login into Kerberos with.
    disableFastNegotiation Boolean
    Disable the Kerberos FAST negotiation.
    keytabPath String
    The Kerberos keytab file containing the entry of the login entity.
    krb5confPath String
    A valid Kerberos configuration file e.g. /etc/krb5.conf.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    realm String
    The Kerberos server's authoritative authentication domain
    removeInstanceName Boolean
    Strip the host from the username found in the keytab.
    service String
    The service principle name.
    token String
    Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) token
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    username String
    The username to login into Kerberos with.
    disableFastNegotiation boolean
    Disable the Kerberos FAST negotiation.
    keytabPath string
    The Kerberos keytab file containing the entry of the login entity.
    krb5confPath string
    A valid Kerberos configuration file e.g. /etc/krb5.conf.
    mount string
    The path where the authentication engine is mounted.
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    realm string
    The Kerberos server's authoritative authentication domain
    removeInstanceName boolean
    Strip the host from the username found in the keytab.
    service string
    The service principle name.
    token string
    Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) token
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    username string
    The username to login into Kerberos with.
    disable_fast_negotiation bool
    Disable the Kerberos FAST negotiation.
    keytab_path str
    The Kerberos keytab file containing the entry of the login entity.
    krb5conf_path str
    A valid Kerberos configuration file e.g. /etc/krb5.conf.
    mount str
    The path where the authentication engine is mounted.
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    realm str
    The Kerberos server's authoritative authentication domain
    remove_instance_name bool
    Strip the host from the username found in the keytab.
    service str
    The service principle name.
    token str
    Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) token
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    username str
    The username to login into Kerberos with.
    disableFastNegotiation Boolean
    Disable the Kerberos FAST negotiation.
    keytabPath String
    The Kerberos keytab file containing the entry of the login entity.
    krb5confPath String
    A valid Kerberos configuration file e.g. /etc/krb5.conf.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    realm String
    The Kerberos server's authoritative authentication domain
    removeInstanceName Boolean
    Strip the host from the username found in the keytab.
    service String
    The service principle name.
    token String
    Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) token
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    username String
    The username to login into Kerberos with.

    ProviderAuthLoginOci, ProviderAuthLoginOciArgs

    AuthType string
    Authentication type to use when getting OCI credentials.
    Role string
    Name of the login role.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    AuthType string
    Authentication type to use when getting OCI credentials.
    Role string
    Name of the login role.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    authType String
    Authentication type to use when getting OCI credentials.
    role String
    Name of the login role.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    authType string
    Authentication type to use when getting OCI credentials.
    role string
    Name of the login role.
    mount string
    The path where the authentication engine is mounted.
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    auth_type str
    Authentication type to use when getting OCI credentials.
    role str
    Name of the login role.
    mount str
    The path where the authentication engine is mounted.
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    authType String
    Authentication type to use when getting OCI credentials.
    role String
    Name of the login role.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace

    ProviderAuthLoginOidc, ProviderAuthLoginOidcArgs

    Role string
    Name of the login role.
    CallbackAddress string
    The callback address. Must be a valid URI without the path.
    CallbackListenerAddress string
    The callback listener's address. Must be a valid URI without the path.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Role string
    Name of the login role.
    CallbackAddress string
    The callback address. Must be a valid URI without the path.
    CallbackListenerAddress string
    The callback listener's address. Must be a valid URI without the path.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    role String
    Name of the login role.
    callbackAddress String
    The callback address. Must be a valid URI without the path.
    callbackListenerAddress String
    The callback listener's address. Must be a valid URI without the path.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    role string
    Name of the login role.
    callbackAddress string
    The callback address. Must be a valid URI without the path.
    callbackListenerAddress string
    The callback listener's address. Must be a valid URI without the path.
    mount string
    The path where the authentication engine is mounted.
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    role str
    Name of the login role.
    callback_address str
    The callback address. Must be a valid URI without the path.
    callback_listener_address str
    The callback listener's address. Must be a valid URI without the path.
    mount str
    The path where the authentication engine is mounted.
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    role String
    Name of the login role.
    callbackAddress String
    The callback address. Must be a valid URI without the path.
    callbackListenerAddress String
    The callback listener's address. Must be a valid URI without the path.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace

    ProviderAuthLoginRadius, ProviderAuthLoginRadiusArgs

    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    Password string
    The Radius password for username.
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Username string
    The Radius username.
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    Password string
    The Radius password for username.
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Username string
    The Radius username.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    password String
    The Radius password for username.
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    username String
    The Radius username.
    mount string
    The path where the authentication engine is mounted.
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    password string
    The Radius password for username.
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    username string
    The Radius username.
    mount str
    The path where the authentication engine is mounted.
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    password str
    The Radius password for username.
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    username str
    The Radius username.
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    password String
    The Radius password for username.
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    username String
    The Radius username.

    ProviderAuthLoginTokenFile, ProviderAuthLoginTokenFileArgs

    Filename string
    The name of a file containing a single line that is a valid Vault token
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Filename string
    The name of a file containing a single line that is a valid Vault token
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    filename String
    The name of a file containing a single line that is a valid Vault token
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    filename string
    The name of a file containing a single line that is a valid Vault token
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    filename str
    The name of a file containing a single line that is a valid Vault token
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    filename String
    The name of a file containing a single line that is a valid Vault token
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace

    ProviderAuthLoginUserpass, ProviderAuthLoginUserpassArgs

    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    Password string
    Login with password
    PasswordFile string
    Login with password from a file
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Username string
    Login with username
    Mount string
    The path where the authentication engine is mounted.
    Namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    Password string
    Login with password
    PasswordFile string
    Login with password from a file
    UseRootNamespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    Username string
    Login with username
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    password String
    Login with password
    passwordFile String
    Login with password from a file
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    username String
    Login with username
    mount string
    The path where the authentication engine is mounted.
    namespace string
    The authentication engine's namespace. Conflicts with use_root_namespace
    password string
    Login with password
    passwordFile string
    Login with password from a file
    useRootNamespace boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    username string
    Login with username
    mount str
    The path where the authentication engine is mounted.
    namespace str
    The authentication engine's namespace. Conflicts with use_root_namespace
    password str
    Login with password
    password_file str
    Login with password from a file
    use_root_namespace bool
    Authenticate to the root Vault namespace. Conflicts with namespace
    username str
    Login with username
    mount String
    The path where the authentication engine is mounted.
    namespace String
    The authentication engine's namespace. Conflicts with use_root_namespace
    password String
    Login with password
    passwordFile String
    Login with password from a file
    useRootNamespace Boolean
    Authenticate to the root Vault namespace. Conflicts with namespace
    username String
    Login with username

    ProviderClientAuth, ProviderClientAuthArgs

    CertFile string
    Path to a file containing the client certificate.
    KeyFile string
    Path to a file containing the private key that the certificate was issued for.
    CertFile string
    Path to a file containing the client certificate.
    KeyFile string
    Path to a file containing the private key that the certificate was issued for.
    certFile String
    Path to a file containing the client certificate.
    keyFile String
    Path to a file containing the private key that the certificate was issued for.
    certFile string
    Path to a file containing the client certificate.
    keyFile string
    Path to a file containing the private key that the certificate was issued for.
    cert_file str
    Path to a file containing the client certificate.
    key_file str
    Path to a file containing the private key that the certificate was issued for.
    certFile String
    Path to a file containing the client certificate.
    keyFile String
    Path to a file containing the private key that the certificate was issued for.

    ProviderHeader, ProviderHeaderArgs

    Name string
    The header name
    Value string
    The header value
    Name string
    The header name
    Value string
    The header value
    name String
    The header name
    value String
    The header value
    name string
    The header name
    value string
    The header value
    name str
    The header name
    value str
    The header value
    name String
    The header name
    value String
    The header value

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v7.3.1 published on Tuesday, Oct 21, 2025 by Pulumi
      Meet Neo: Your AI Platform Teammate