HashiCorp Vault v5.17.0, Nov 9 23

HashiCorp Vault v5.17.0 published on Thursday, Nov 9, 2023 by Pulumi

vault.Provider

Explore with Pulumi AI

HashiCorp Vault v5.17.0 published on Thursday, Nov 9, 2023 by Pulumi

The provider type for the vault package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

Create Provider Resource

new Provider(name: string, args: ProviderArgs, opts?: CustomResourceOptions);

@overload
def Provider(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             add_address_to_env: Optional[str] = None,
             address: Optional[str] = None,
             auth_login: Optional[ProviderAuthLoginArgs] = None,
             auth_login_aws: Optional[ProviderAuthLoginAwsArgs] = None,
             auth_login_azure: Optional[ProviderAuthLoginAzureArgs] = None,
             auth_login_cert: Optional[ProviderAuthLoginCertArgs] = None,
             auth_login_gcp: Optional[ProviderAuthLoginGcpArgs] = None,
             auth_login_jwt: Optional[ProviderAuthLoginJwtArgs] = None,
             auth_login_kerberos: Optional[ProviderAuthLoginKerberosArgs] = None,
             auth_login_oci: Optional[ProviderAuthLoginOciArgs] = None,
             auth_login_oidc: Optional[ProviderAuthLoginOidcArgs] = None,
             auth_login_radius: Optional[ProviderAuthLoginRadiusArgs] = None,
             auth_login_token_file: Optional[ProviderAuthLoginTokenFileArgs] = None,
             auth_login_userpass: Optional[ProviderAuthLoginUserpassArgs] = None,
             ca_cert_dir: Optional[str] = None,
             ca_cert_file: Optional[str] = None,
             client_auth: Optional[ProviderClientAuthArgs] = None,
             headers: Optional[Sequence[ProviderHeaderArgs]] = None,
             max_lease_ttl_seconds: Optional[int] = None,
             max_retries: Optional[int] = None,
             max_retries_ccc: Optional[int] = None,
             namespace: Optional[str] = None,
             set_namespace_from_token: Optional[bool] = None,
             skip_child_token: Optional[bool] = None,
             skip_get_vault_version: Optional[bool] = None,
             skip_tls_verify: Optional[bool] = None,
             tls_server_name: Optional[str] = None,
             token: Optional[str] = None,
             token_name: Optional[str] = None,
             vault_version_override: Optional[str] = None)
@overload
def Provider(resource_name: str,
             args: ProviderArgs,
             opts: Optional[ResourceOptions] = None)

func NewProvider(ctx *Context, name string, args ProviderArgs, opts ...ResourceOption) (*Provider, error)

public Provider(string name, ProviderArgs args, CustomResourceOptions? opts = null)

public Provider(String name, ProviderArgs args)
public Provider(String name, ProviderArgs args, CustomResourceOptions options)

type: pulumi:providers:vault
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Provider Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Provider resource accepts the following input properties:

Address string

URL of the root of the target Vault server.

Token string

Token to use to authenticate to Vault.

AddAddressToEnv string

If true, adds the value of the address argument to the Terraform process environment.

AuthLogin ProviderAuthLogin

AuthLoginAws ProviderAuthLoginAws

AuthLoginAzure ProviderAuthLoginAzure

AuthLoginCert ProviderAuthLoginCert

AuthLoginGcp ProviderAuthLoginGcp

AuthLoginJwt ProviderAuthLoginJwt

AuthLoginKerberos ProviderAuthLoginKerberos

AuthLoginOci ProviderAuthLoginOci

AuthLoginOidc ProviderAuthLoginOidc

AuthLoginRadius ProviderAuthLoginRadius

AuthLoginTokenFile ProviderAuthLoginTokenFile

AuthLoginUserpass ProviderAuthLoginUserpass

CaCertDir string

Path to directory containing CA certificate files to validate the server's certificate.

CaCertFile string

Path to a CA certificate file to validate the server's certificate.

ClientAuth ProviderClientAuth

Client authentication credentials.

Deprecated:

Use auth_login_cert instead

Headers List<ProviderHeader>

The headers to send with each Vault request.

MaxLeaseTtlSeconds int

Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL

MaxRetries int

Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES

MaxRetriesCcc int

Maximum number of retries for Client Controlled Consistency related operations

Namespace string

The namespace to use. Available only for Vault Enterprise.

SetNamespaceFromToken bool

In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.

SkipChildToken bool

Set this to true to prevent the creation of ephemeral child token used by this provider.

SkipGetVaultVersion bool

Skip the dynamic fetching of the Vault server version.

SkipTlsVerify bool

Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY

TlsServerName string

Name to use as the SNI host when connecting via TLS.

TokenName string

Token name to use for creating the Vault child token.

VaultVersionOverride string

Override the Vault server version, which is normally determined dynamically from the target Vault server

Address string

URL of the root of the target Vault server.

Token string

Token to use to authenticate to Vault.

AddAddressToEnv string

If true, adds the value of the address argument to the Terraform process environment.

AuthLogin ProviderAuthLoginArgs

AuthLoginAws ProviderAuthLoginAwsArgs

AuthLoginAzure ProviderAuthLoginAzureArgs

AuthLoginCert ProviderAuthLoginCertArgs

AuthLoginGcp ProviderAuthLoginGcpArgs

AuthLoginJwt ProviderAuthLoginJwtArgs

AuthLoginKerberos ProviderAuthLoginKerberosArgs

AuthLoginOci ProviderAuthLoginOciArgs

AuthLoginOidc ProviderAuthLoginOidcArgs

AuthLoginRadius ProviderAuthLoginRadiusArgs

AuthLoginTokenFile ProviderAuthLoginTokenFileArgs

AuthLoginUserpass ProviderAuthLoginUserpassArgs

CaCertDir string

Path to directory containing CA certificate files to validate the server's certificate.

CaCertFile string

Path to a CA certificate file to validate the server's certificate.

ClientAuth ProviderClientAuthArgs

Client authentication credentials.

Deprecated:

Use auth_login_cert instead

Headers []ProviderHeaderArgs

The headers to send with each Vault request.

MaxLeaseTtlSeconds int

Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL

MaxRetries int

Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES

MaxRetriesCcc int

Maximum number of retries for Client Controlled Consistency related operations

Namespace string

The namespace to use. Available only for Vault Enterprise.

SetNamespaceFromToken bool

In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.

SkipChildToken bool

Set this to true to prevent the creation of ephemeral child token used by this provider.

SkipGetVaultVersion bool

Skip the dynamic fetching of the Vault server version.

SkipTlsVerify bool

Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY

TlsServerName string

Name to use as the SNI host when connecting via TLS.

TokenName string

Token name to use for creating the Vault child token.

VaultVersionOverride string

Override the Vault server version, which is normally determined dynamically from the target Vault server

address String

URL of the root of the target Vault server.

token String

Token to use to authenticate to Vault.

addAddressToEnv String

If true, adds the value of the address argument to the Terraform process environment.

authLogin ProviderAuthLogin

authLoginAws ProviderAuthLoginAws

authLoginAzure ProviderAuthLoginAzure

authLoginCert ProviderAuthLoginCert

authLoginGcp ProviderAuthLoginGcp

authLoginJwt ProviderAuthLoginJwt

authLoginKerberos ProviderAuthLoginKerberos

authLoginOci ProviderAuthLoginOci

authLoginOidc ProviderAuthLoginOidc

authLoginRadius ProviderAuthLoginRadius

authLoginTokenFile ProviderAuthLoginTokenFile

authLoginUserpass ProviderAuthLoginUserpass

caCertDir String

Path to directory containing CA certificate files to validate the server's certificate.

caCertFile String

Path to a CA certificate file to validate the server's certificate.

clientAuth ProviderClientAuth

Client authentication credentials.

Deprecated:

Use auth_login_cert instead

headers List<ProviderHeader>

The headers to send with each Vault request.

maxLeaseTtlSeconds Integer

Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL

maxRetries Integer

Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES

maxRetriesCcc Integer

Maximum number of retries for Client Controlled Consistency related operations

namespace String

The namespace to use. Available only for Vault Enterprise.

setNamespaceFromToken Boolean

In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.

skipChildToken Boolean

Set this to true to prevent the creation of ephemeral child token used by this provider.

skipGetVaultVersion Boolean

Skip the dynamic fetching of the Vault server version.

skipTlsVerify Boolean

Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY

tlsServerName String

Name to use as the SNI host when connecting via TLS.

tokenName String

Token name to use for creating the Vault child token.

vaultVersionOverride String

Override the Vault server version, which is normally determined dynamically from the target Vault server

address string

URL of the root of the target Vault server.

token string

Token to use to authenticate to Vault.

addAddressToEnv string

If true, adds the value of the address argument to the Terraform process environment.

authLogin ProviderAuthLogin

authLoginAws ProviderAuthLoginAws

authLoginAzure ProviderAuthLoginAzure

authLoginCert ProviderAuthLoginCert

authLoginGcp ProviderAuthLoginGcp

authLoginJwt ProviderAuthLoginJwt

authLoginKerberos ProviderAuthLoginKerberos

authLoginOci ProviderAuthLoginOci

authLoginOidc ProviderAuthLoginOidc

authLoginRadius ProviderAuthLoginRadius

authLoginTokenFile ProviderAuthLoginTokenFile

authLoginUserpass ProviderAuthLoginUserpass

caCertDir string

Path to directory containing CA certificate files to validate the server's certificate.

caCertFile string

Path to a CA certificate file to validate the server's certificate.

clientAuth ProviderClientAuth

Client authentication credentials.

Deprecated:

Use auth_login_cert instead

headers ProviderHeader[]

The headers to send with each Vault request.

maxLeaseTtlSeconds number

Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL

maxRetries number

Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES

maxRetriesCcc number

Maximum number of retries for Client Controlled Consistency related operations

namespace string

The namespace to use. Available only for Vault Enterprise.

setNamespaceFromToken boolean

In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.

skipChildToken boolean

Set this to true to prevent the creation of ephemeral child token used by this provider.

skipGetVaultVersion boolean

Skip the dynamic fetching of the Vault server version.

skipTlsVerify boolean

Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY

tlsServerName string

Name to use as the SNI host when connecting via TLS.

tokenName string

Token name to use for creating the Vault child token.

vaultVersionOverride string

Override the Vault server version, which is normally determined dynamically from the target Vault server

address str

URL of the root of the target Vault server.

token str

Token to use to authenticate to Vault.

add_address_to_env str

If true, adds the value of the address argument to the Terraform process environment.

auth_login ProviderAuthLoginArgs

auth_login_aws ProviderAuthLoginAwsArgs

auth_login_azure ProviderAuthLoginAzureArgs

auth_login_cert ProviderAuthLoginCertArgs

auth_login_gcp ProviderAuthLoginGcpArgs

auth_login_jwt ProviderAuthLoginJwtArgs

auth_login_kerberos ProviderAuthLoginKerberosArgs

auth_login_oci ProviderAuthLoginOciArgs

auth_login_oidc ProviderAuthLoginOidcArgs

auth_login_radius ProviderAuthLoginRadiusArgs

auth_login_token_file ProviderAuthLoginTokenFileArgs

auth_login_userpass ProviderAuthLoginUserpassArgs

ca_cert_dir str

Path to directory containing CA certificate files to validate the server's certificate.

ca_cert_file str

Path to a CA certificate file to validate the server's certificate.

client_auth ProviderClientAuthArgs

Client authentication credentials.

Deprecated:

Use auth_login_cert instead

headers Sequence[ProviderHeaderArgs]

The headers to send with each Vault request.

max_lease_ttl_seconds int

Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL

max_retries int

Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES

max_retries_ccc int

Maximum number of retries for Client Controlled Consistency related operations

namespace str

The namespace to use. Available only for Vault Enterprise.

set_namespace_from_token bool

In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.

skip_child_token bool

Set this to true to prevent the creation of ephemeral child token used by this provider.

skip_get_vault_version bool

Skip the dynamic fetching of the Vault server version.

skip_tls_verify bool

Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY

tls_server_name str

Name to use as the SNI host when connecting via TLS.

token_name str

Token name to use for creating the Vault child token.

vault_version_override str

Override the Vault server version, which is normally determined dynamically from the target Vault server

address String

URL of the root of the target Vault server.

token String

Token to use to authenticate to Vault.

addAddressToEnv String

If true, adds the value of the address argument to the Terraform process environment.

authLogin Property Map

authLoginAws Property Map

authLoginAzure Property Map

authLoginCert Property Map

authLoginGcp Property Map

authLoginJwt Property Map

authLoginKerberos Property Map

authLoginOci Property Map

authLoginOidc Property Map

authLoginRadius Property Map

authLoginTokenFile Property Map

authLoginUserpass Property Map

caCertDir String

Path to directory containing CA certificate files to validate the server's certificate.

caCertFile String

Path to a CA certificate file to validate the server's certificate.

clientAuth Property Map

Client authentication credentials.

Deprecated:

Use auth_login_cert instead

headers List<Property Map>

The headers to send with each Vault request.

maxLeaseTtlSeconds Number

Maximum TTL for secret leases requested by this provider. It can also be sourced from the following environment variable: TERRAFORM_VAULT_MAX_TTL

maxRetries Number

Maximum number of retries when a 5xx error code is encountered. It can also be sourced from the following environment variable: VAULT_MAX_RETRIES

maxRetriesCcc Number

Maximum number of retries for Client Controlled Consistency related operations

namespace String

The namespace to use. Available only for Vault Enterprise.

setNamespaceFromToken Boolean

In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.

skipChildToken Boolean

Set this to true to prevent the creation of ephemeral child token used by this provider.

skipGetVaultVersion Boolean

Skip the dynamic fetching of the Vault server version.

skipTlsVerify Boolean

Set this to true only if the target Vault server is an insecure development instance. It can also be sourced from the following environment variable: VAULT_SKIP_VERIFY

tlsServerName String