Docs
PackagesHashiCorp Vault v6.1.0 published on Thursday, Apr 4, 2024 by Pulumi
vault.ssh.SecretBackendRole
Explore with Pulumi AI
Provides a resource to manage roles in an SSH secret backend SSH secret backend within Vault.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const example = new vault.Mount("example", {type: "ssh"});
const foo = new vault.ssh.SecretBackendRole("foo", {
backend: example.path,
keyType: "ca",
allowUserCertificates: true,
});
const bar = new vault.ssh.SecretBackendRole("bar", {
backend: example.path,
keyType: "otp",
defaultUser: "default",
allowedUsers: "default,baz",
cidrList: "0.0.0.0/0",
});
import pulumi
import pulumi_vault as vault
example = vault.Mount("example", type="ssh")
foo = vault.ssh.SecretBackendRole("foo",
backend=example.path,
key_type="ca",
allow_user_certificates=True)
bar = vault.ssh.SecretBackendRole("bar",
backend=example.path,
key_type="otp",
default_user="default",
allowed_users="default,baz",
cidr_list="0.0.0.0/0")
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ssh"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := vault.NewMount(ctx, "example", &vault.MountArgs{
Type: pulumi.String("ssh"),
})
if err != nil {
return err
}
_, err = ssh.NewSecretBackendRole(ctx, "foo", &ssh.SecretBackendRoleArgs{
Backend: example.Path,
KeyType: pulumi.String("ca"),
AllowUserCertificates: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = ssh.NewSecretBackendRole(ctx, "bar", &ssh.SecretBackendRoleArgs{
Backend: example.Path,
KeyType: pulumi.String("otp"),
DefaultUser: pulumi.String("default"),
AllowedUsers: pulumi.String("default,baz"),
CidrList: pulumi.String("0.0.0.0/0"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var example = new Vault.Mount("example", new()
{
Type = "ssh",
});
var foo = new Vault.Ssh.SecretBackendRole("foo", new()
{
Backend = example.Path,
KeyType = "ca",
AllowUserCertificates = true,
});
var bar = new Vault.Ssh.SecretBackendRole("bar", new()
{
Backend = example.Path,
KeyType = "otp",
DefaultUser = "default",
AllowedUsers = "default,baz",
CidrList = "0.0.0.0/0",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.ssh.SecretBackendRole;
import com.pulumi.vault.ssh.SecretBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Mount("example", MountArgs.builder()
.type("ssh")
.build());
var foo = new SecretBackendRole("foo", SecretBackendRoleArgs.builder()
.backend(example.path())
.keyType("ca")
.allowUserCertificates(true)
.build());
var bar = new SecretBackendRole("bar", SecretBackendRoleArgs.builder()
.backend(example.path())
.keyType("otp")
.defaultUser("default")
.allowedUsers("default,baz")
.cidrList("0.0.0.0/0")
.build());
}
}
resources:
example:
type: vault:Mount
properties:
type: ssh
foo:
type: vault:ssh:SecretBackendRole
properties:
backend: ${example.path}
keyType: ca
allowUserCertificates: true
bar:
type: vault:ssh:SecretBackendRole
properties:
backend: ${example.path}
keyType: otp
defaultUser: default
allowedUsers: default,baz
cidrList: 0.0.0.0/0
Create SecretBackendRole Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecretBackendRole(name: string, args: SecretBackendRoleArgs, opts?: CustomResourceOptions);@overload
def SecretBackendRole(resource_name: str,
args: SecretBackendRoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecretBackendRole(resource_name: str,
opts: Optional[ResourceOptions] = None,
backend: Optional[str] = None,
key_type: Optional[str] = None,
allowed_users_template: Optional[bool] = None,
namespace: Optional[str] = None,
allow_user_certificates: Optional[bool] = None,
allow_user_key_ids: Optional[bool] = None,
allowed_critical_options: Optional[str] = None,
allowed_domains: Optional[str] = None,
allowed_domains_template: Optional[bool] = None,
allowed_extensions: Optional[str] = None,
allowed_user_key_configs: Optional[Sequence[SecretBackendRoleAllowedUserKeyConfigArgs]] = None,
allowed_users: Optional[str] = None,
ttl: Optional[str] = None,
allow_subdomains: Optional[bool] = None,
default_extensions: Optional[Mapping[str, Any]] = None,
default_critical_options: Optional[Mapping[str, Any]] = None,
cidr_list: Optional[str] = None,
default_user: Optional[str] = None,
default_user_template: Optional[bool] = None,
key_id_format: Optional[str] = None,
allow_bare_domains: Optional[bool] = None,
max_ttl: Optional[str] = None,
name: Optional[str] = None,
allow_host_certificates: Optional[bool] = None,
not_before_duration: Optional[str] = None,
algorithm_signer: Optional[str] = None)func NewSecretBackendRole(ctx *Context, name string, args SecretBackendRoleArgs, opts ...ResourceOption) (*SecretBackendRole, error)public SecretBackendRole(string name, SecretBackendRoleArgs args, CustomResourceOptions? opts = null)
public SecretBackendRole(String name, SecretBackendRoleArgs args)
public SecretBackendRole(String name, SecretBackendRoleArgs args, CustomResourceOptions options)
type: vault:ssh:SecretBackendRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretBackendRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretBackendRoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretBackendRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretBackendRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretBackendRoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var examplesecretBackendRoleResourceResourceFromSshsecretBackendRole = new Vault.Ssh.SecretBackendRole("examplesecretBackendRoleResourceResourceFromSshsecretBackendRole", new()
{
Backend = "string",
KeyType = "string",
AllowedUsersTemplate = false,
Namespace = "string",
AllowUserCertificates = false,
AllowUserKeyIds = false,
AllowedCriticalOptions = "string",
AllowedDomains = "string",
AllowedDomainsTemplate = false,
AllowedExtensions = "string",
AllowedUserKeyConfigs = new[]
{
new Vault.Ssh.Inputs.SecretBackendRoleAllowedUserKeyConfigArgs
{
Lengths = new[]
{
0,
},
Type = "string",
},
},
AllowedUsers = "string",
Ttl = "string",
AllowSubdomains = false,
DefaultExtensions =
{
{ "string", "any" },
},
DefaultCriticalOptions =
{
{ "string", "any" },
},
CidrList = "string",
DefaultUser = "string",
DefaultUserTemplate = false,
KeyIdFormat = "string",
AllowBareDomains = false,
MaxTtl = "string",
Name = "string",
AllowHostCertificates = false,
NotBeforeDuration = "string",
AlgorithmSigner = "string",
});
example, err := ssh.NewSecretBackendRole(ctx, "examplesecretBackendRoleResourceResourceFromSshsecretBackendRole", &ssh.SecretBackendRoleArgs{
Backend: pulumi.String("string"),
KeyType: pulumi.String("string"),
AllowedUsersTemplate: pulumi.Bool(false),
Namespace: pulumi.String("string"),
AllowUserCertificates: pulumi.Bool(false),
AllowUserKeyIds: pulumi.Bool(false),
AllowedCriticalOptions: pulumi.String("string"),
AllowedDomains: pulumi.String("string"),
AllowedDomainsTemplate: pulumi.Bool(false),
AllowedExtensions: pulumi.String("string"),
AllowedUserKeyConfigs: ssh.SecretBackendRoleAllowedUserKeyConfigArray{
&ssh.SecretBackendRoleAllowedUserKeyConfigArgs{
Lengths: pulumi.IntArray{
pulumi.Int(0),
},
Type: pulumi.String("string"),
},
},
AllowedUsers: pulumi.String("string"),
Ttl: pulumi.String("string"),
AllowSubdomains: pulumi.Bool(false),
DefaultExtensions: pulumi.Map{
"string": pulumi.Any("any"),
},
DefaultCriticalOptions: pulumi.Map{
"string": pulumi.Any("any"),
},
CidrList: pulumi.String("string"),
DefaultUser: pulumi.String("string"),
DefaultUserTemplate: pulumi.Bool(false),
KeyIdFormat: pulumi.String("string"),
AllowBareDomains: pulumi.Bool(false),
MaxTtl: pulumi.String("string"),
Name: pulumi.String("string"),
AllowHostCertificates: pulumi.Bool(false),
NotBeforeDuration: pulumi.String("string"),
AlgorithmSigner: pulumi.String("string"),
})
var examplesecretBackendRoleResourceResourceFromSshsecretBackendRole = new SecretBackendRole("examplesecretBackendRoleResourceResourceFromSshsecretBackendRole", SecretBackendRoleArgs.builder()
.backend("string")
.keyType("string")
.allowedUsersTemplate(false)
.namespace("string")
.allowUserCertificates(false)
.allowUserKeyIds(false)
.allowedCriticalOptions("string")
.allowedDomains("string")
.allowedDomainsTemplate(false)
.allowedExtensions("string")
.allowedUserKeyConfigs(SecretBackendRoleAllowedUserKeyConfigArgs.builder()
.lengths(0)
.type("string")
.build())
.allowedUsers("string")
.ttl("string")
.allowSubdomains(false)
.defaultExtensions(Map.of("string", "any"))
.defaultCriticalOptions(Map.of("string", "any"))
.cidrList("string")
.defaultUser("string")
.defaultUserTemplate(false)
.keyIdFormat("string")
.allowBareDomains(false)
.maxTtl("string")
.name("string")
.allowHostCertificates(false)
.notBeforeDuration("string")
.algorithmSigner("string")
.build());
examplesecret_backend_role_resource_resource_from_sshsecret_backend_role = vault.ssh.SecretBackendRole("examplesecretBackendRoleResourceResourceFromSshsecretBackendRole",
backend="string",
key_type="string",
allowed_users_template=False,
namespace="string",
allow_user_certificates=False,
allow_user_key_ids=False,
allowed_critical_options="string",
allowed_domains="string",
allowed_domains_template=False,
allowed_extensions="string",
allowed_user_key_configs=[vault.ssh.SecretBackendRoleAllowedUserKeyConfigArgs(
lengths=[0],
type="string",
)],
allowed_users="string",
ttl="string",
allow_subdomains=False,
default_extensions={
"string": "any",
},
default_critical_options={
"string": "any",
},
cidr_list="string",
default_user="string",
default_user_template=False,
key_id_format="string",
allow_bare_domains=False,
max_ttl="string",
name="string",
allow_host_certificates=False,
not_before_duration="string",
algorithm_signer="string")
const examplesecretBackendRoleResourceResourceFromSshsecretBackendRole = new vault.ssh.SecretBackendRole("examplesecretBackendRoleResourceResourceFromSshsecretBackendRole", {
backend: "string",
keyType: "string",
allowedUsersTemplate: false,
namespace: "string",
allowUserCertificates: false,
allowUserKeyIds: false,
allowedCriticalOptions: "string",
allowedDomains: "string",
allowedDomainsTemplate: false,
allowedExtensions: "string",
allowedUserKeyConfigs: [{
lengths: [0],
type: "string",
}],
allowedUsers: "string",
ttl: "string",
allowSubdomains: false,
defaultExtensions: {
string: "any",
},
defaultCriticalOptions: {
string: "any",
},
cidrList: "string",
defaultUser: "string",
defaultUserTemplate: false,
keyIdFormat: "string",
allowBareDomains: false,
maxTtl: "string",
name: "string",
allowHostCertificates: false,
notBeforeDuration: "string",
algorithmSigner: "string",
});
type: vault:ssh:SecretBackendRole
properties:
algorithmSigner: string
allowBareDomains: false
allowHostCertificates: false
allowSubdomains: false
allowUserCertificates: false
allowUserKeyIds: false
allowedCriticalOptions: string
allowedDomains: string
allowedDomainsTemplate: false
allowedExtensions: string
allowedUserKeyConfigs:
- lengths:
- 0
type: string
allowedUsers: string
allowedUsersTemplate: false
backend: string
cidrList: string
defaultCriticalOptions:
string: any
defaultExtensions:
string: any
defaultUser: string
defaultUserTemplate: false
keyIdFormat: string
keyType: string
maxTtl: string
name: string
namespace: string
notBeforeDuration: string
ttl: string
SecretBackendRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The SecretBackendRole resource accepts the following input properties:
- Backend string
- The path where the SSH secret backend is mounted.
- Key
Type string - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - Algorithm
Signer string - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- Allow
Bare boolDomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - Allow
Host boolCertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- Allow
Subdomains bool - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - Allow
User boolCertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- Allow
User boolKey Ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - Allowed
Critical stringOptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- Allowed
Domains string - The list of domains for which a client can request a host certificate.
- Allowed
Domains boolTemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - Allowed
Extensions string - Specifies a comma-separated list of extensions that certificates can have when signed.
- Allowed
User List<SecretKey Configs Backend Role Allowed User Key Config> - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - Allowed
Users string - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- Allowed
Users boolTemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - Cidr
List string - The comma-separated string of CIDR blocks for which this role is applicable.
- Default
Critical Dictionary<string, object>Options - Specifies a map of critical options that certificates have when signed.
- Default
Extensions Dictionary<string, object> - Specifies a map of extensions that certificates have when signed.
- Default
User string - Specifies the default username for which a credential will be generated.
- Default
User boolTemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - Key
Id stringFormat - Specifies a custom format for the key id of a signed certificate.
- Max
Ttl string - Specifies the maximum Time To Live value.
- Name string
- Specifies the name of the role to create.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Not
Before stringDuration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- Ttl string
- Specifies the Time To Live value.
- Backend string
- The path where the SSH secret backend is mounted.
- Key
Type string - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - Algorithm
Signer string - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- Allow
Bare boolDomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - Allow
Host boolCertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- Allow
Subdomains bool - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - Allow
User boolCertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- Allow
User boolKey Ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - Allowed
Critical stringOptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- Allowed
Domains string - The list of domains for which a client can request a host certificate.
- Allowed
Domains boolTemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - Allowed
Extensions string - Specifies a comma-separated list of extensions that certificates can have when signed.
- Allowed
User []SecretKey Configs Backend Role Allowed User Key Config Args - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - Allowed
Users string - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- Allowed
Users boolTemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - Cidr
List string - The comma-separated string of CIDR blocks for which this role is applicable.
- Default
Critical map[string]interface{}Options - Specifies a map of critical options that certificates have when signed.
- Default
Extensions map[string]interface{} - Specifies a map of extensions that certificates have when signed.
- Default
User string - Specifies the default username for which a credential will be generated.
- Default
User boolTemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - Key
Id stringFormat - Specifies a custom format for the key id of a signed certificate.
- Max
Ttl string - Specifies the maximum Time To Live value.
- Name string
- Specifies the name of the role to create.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Not
Before stringDuration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- Ttl string
- Specifies the Time To Live value.
- backend String
- The path where the SSH secret backend is mounted.
- key
Type String - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - algorithm
Signer String - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- allow
Bare BooleanDomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - allow
Host BooleanCertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- allow
Subdomains Boolean - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - allow
User BooleanCertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- allow
User BooleanKey Ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - allowed
Critical StringOptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- allowed
Domains String - The list of domains for which a client can request a host certificate.
- allowed
Domains BooleanTemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - allowed
Extensions String - Specifies a comma-separated list of extensions that certificates can have when signed.
- allowed
User List<SecretKey Configs Backend Role Allowed User Key Config> - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - allowed
Users String - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- allowed
Users BooleanTemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - cidr
List String - The comma-separated string of CIDR blocks for which this role is applicable.
- default
Critical Map<String,Object>Options - Specifies a map of critical options that certificates have when signed.
- default
Extensions Map<String,Object> - Specifies a map of extensions that certificates have when signed.
- default
User String - Specifies the default username for which a credential will be generated.
- default
User BooleanTemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - key
Id StringFormat - Specifies a custom format for the key id of a signed certificate.
- max
Ttl String - Specifies the maximum Time To Live value.
- name String
- Specifies the name of the role to create.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
Before StringDuration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- ttl String
- Specifies the Time To Live value.
- backend string
- The path where the SSH secret backend is mounted.
- key
Type string - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - algorithm
Signer string - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- allow
Bare booleanDomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - allow
Host booleanCertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- allow
Subdomains boolean - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - allow
User booleanCertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- allow
User booleanKey Ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - allowed
Critical stringOptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- allowed
Domains string - The list of domains for which a client can request a host certificate.
- allowed
Domains booleanTemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - allowed
Extensions string - Specifies a comma-separated list of extensions that certificates can have when signed.
- allowed
User SecretKey Configs Backend Role Allowed User Key Config[] - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - allowed
Users string - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- allowed
Users booleanTemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - cidr
List string - The comma-separated string of CIDR blocks for which this role is applicable.
- default
Critical {[key: string]: any}Options - Specifies a map of critical options that certificates have when signed.
- default
Extensions {[key: string]: any} - Specifies a map of extensions that certificates have when signed.
- default
User string - Specifies the default username for which a credential will be generated.
- default
User booleanTemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - key
Id stringFormat - Specifies a custom format for the key id of a signed certificate.
- max
Ttl string - Specifies the maximum Time To Live value.
- name string
- Specifies the name of the role to create.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
Before stringDuration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- ttl string
- Specifies the Time To Live value.
- backend str
- The path where the SSH secret backend is mounted.
- key_
type str - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - algorithm_
signer str - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- allow_
bare_ booldomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - allow_
host_ boolcertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- allow_
subdomains bool - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - allow_
user_ boolcertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- allow_
user_ boolkey_ ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - allowed_
critical_ stroptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- allowed_
domains str - The list of domains for which a client can request a host certificate.
- allowed_
domains_ booltemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - allowed_
extensions str - Specifies a comma-separated list of extensions that certificates can have when signed.
- allowed_
user_ Sequence[Secretkey_ configs Backend Role Allowed User Key Config Args] - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - allowed_
users str - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- allowed_
users_ booltemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - cidr_
list str - The comma-separated string of CIDR blocks for which this role is applicable.
- default_
critical_ Mapping[str, Any]options - Specifies a map of critical options that certificates have when signed.
- default_
extensions Mapping[str, Any] - Specifies a map of extensions that certificates have when signed.
- default_
user str - Specifies the default username for which a credential will be generated.
- default_
user_ booltemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - key_
id_ strformat - Specifies a custom format for the key id of a signed certificate.
- max_
ttl str - Specifies the maximum Time To Live value.
- name str
- Specifies the name of the role to create.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not_
before_ strduration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- ttl str
- Specifies the Time To Live value.
- backend String
- The path where the SSH secret backend is mounted.
- key
Type String - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - algorithm
Signer String - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- allow
Bare BooleanDomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - allow
Host BooleanCertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- allow
Subdomains Boolean - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - allow
User BooleanCertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- allow
User BooleanKey Ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - allowed
Critical StringOptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- allowed
Domains String - The list of domains for which a client can request a host certificate.
- allowed
Domains BooleanTemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - allowed
Extensions String - Specifies a comma-separated list of extensions that certificates can have when signed.
- allowed
User List<Property Map>Key Configs - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - allowed
Users String - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- allowed
Users BooleanTemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - cidr
List String - The comma-separated string of CIDR blocks for which this role is applicable.
- default
Critical Map<Any>Options - Specifies a map of critical options that certificates have when signed.
- default
Extensions Map<Any> - Specifies a map of extensions that certificates have when signed.
- default
User String - Specifies the default username for which a credential will be generated.
- default
User BooleanTemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - key
Id StringFormat - Specifies a custom format for the key id of a signed certificate.
- max
Ttl String - Specifies the maximum Time To Live value.
- name String
- Specifies the name of the role to create.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
Before StringDuration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- ttl String
- Specifies the Time To Live value.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecretBackendRole resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecretBackendRole Resource
Get an existing SecretBackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretBackendRoleState, opts?: CustomResourceOptions): SecretBackendRole@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
algorithm_signer: Optional[str] = None,
allow_bare_domains: Optional[bool] = None,
allow_host_certificates: Optional[bool] = None,
allow_subdomains: Optional[bool] = None,
allow_user_certificates: Optional[bool] = None,
allow_user_key_ids: Optional[bool] = None,
allowed_critical_options: Optional[str] = None,
allowed_domains: Optional[str] = None,
allowed_domains_template: Optional[bool] = None,
allowed_extensions: Optional[str] = None,
allowed_user_key_configs: Optional[Sequence[SecretBackendRoleAllowedUserKeyConfigArgs]] = None,
allowed_users: Optional[str] = None,
allowed_users_template: Optional[bool] = None,
backend: Optional[str] = None,
cidr_list: Optional[str] = None,
default_critical_options: Optional[Mapping[str, Any]] = None,
default_extensions: Optional[Mapping[str, Any]] = None,
default_user: Optional[str] = None,
default_user_template: Optional[bool] = None,
key_id_format: Optional[str] = None,
key_type: Optional[str] = None,
max_ttl: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
not_before_duration: Optional[str] = None,
ttl: Optional[str] = None) -> SecretBackendRolefunc GetSecretBackendRole(ctx *Context, name string, id IDInput, state *SecretBackendRoleState, opts ...ResourceOption) (*SecretBackendRole, error)public static SecretBackendRole Get(string name, Input<string> id, SecretBackendRoleState? state, CustomResourceOptions? opts = null)public static SecretBackendRole get(String name, Output<String> id, SecretBackendRoleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Algorithm
Signer string - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- Allow
Bare boolDomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - Allow
Host boolCertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- Allow
Subdomains bool - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - Allow
User boolCertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- Allow
User boolKey Ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - Allowed
Critical stringOptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- Allowed
Domains string - The list of domains for which a client can request a host certificate.
- Allowed
Domains boolTemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - Allowed
Extensions string - Specifies a comma-separated list of extensions that certificates can have when signed.
- Allowed
User List<SecretKey Configs Backend Role Allowed User Key Config> - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - Allowed
Users string - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- Allowed
Users boolTemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - Backend string
- The path where the SSH secret backend is mounted.
- Cidr
List string - The comma-separated string of CIDR blocks for which this role is applicable.
- Default
Critical Dictionary<string, object>Options - Specifies a map of critical options that certificates have when signed.
- Default
Extensions Dictionary<string, object> - Specifies a map of extensions that certificates have when signed.
- Default
User string - Specifies the default username for which a credential will be generated.
- Default
User boolTemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - Key
Id stringFormat - Specifies a custom format for the key id of a signed certificate.
- Key
Type string - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - Max
Ttl string - Specifies the maximum Time To Live value.
- Name string
- Specifies the name of the role to create.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Not
Before stringDuration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- Ttl string
- Specifies the Time To Live value.
- Algorithm
Signer string - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- Allow
Bare boolDomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - Allow
Host boolCertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- Allow
Subdomains bool - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - Allow
User boolCertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- Allow
User boolKey Ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - Allowed
Critical stringOptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- Allowed
Domains string - The list of domains for which a client can request a host certificate.
- Allowed
Domains boolTemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - Allowed
Extensions string - Specifies a comma-separated list of extensions that certificates can have when signed.
- Allowed
User []SecretKey Configs Backend Role Allowed User Key Config Args - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - Allowed
Users string - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- Allowed
Users boolTemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - Backend string
- The path where the SSH secret backend is mounted.
- Cidr
List string - The comma-separated string of CIDR blocks for which this role is applicable.
- Default
Critical map[string]interface{}Options - Specifies a map of critical options that certificates have when signed.
- Default
Extensions map[string]interface{} - Specifies a map of extensions that certificates have when signed.
- Default
User string - Specifies the default username for which a credential will be generated.
- Default
User boolTemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - Key
Id stringFormat - Specifies a custom format for the key id of a signed certificate.
- Key
Type string - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - Max
Ttl string - Specifies the maximum Time To Live value.
- Name string
- Specifies the name of the role to create.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Not
Before stringDuration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- Ttl string
- Specifies the Time To Live value.
- algorithm
Signer String - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- allow
Bare BooleanDomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - allow
Host BooleanCertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- allow
Subdomains Boolean - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - allow
User BooleanCertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- allow
User BooleanKey Ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - allowed
Critical StringOptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- allowed
Domains String - The list of domains for which a client can request a host certificate.
- allowed
Domains BooleanTemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - allowed
Extensions String - Specifies a comma-separated list of extensions that certificates can have when signed.
- allowed
User List<SecretKey Configs Backend Role Allowed User Key Config> - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - allowed
Users String - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- allowed
Users BooleanTemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - backend String
- The path where the SSH secret backend is mounted.
- cidr
List String - The comma-separated string of CIDR blocks for which this role is applicable.
- default
Critical Map<String,Object>Options - Specifies a map of critical options that certificates have when signed.
- default
Extensions Map<String,Object> - Specifies a map of extensions that certificates have when signed.
- default
User String - Specifies the default username for which a credential will be generated.
- default
User BooleanTemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - key
Id StringFormat - Specifies a custom format for the key id of a signed certificate.
- key
Type String - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - max
Ttl String - Specifies the maximum Time To Live value.
- name String
- Specifies the name of the role to create.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
Before StringDuration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- ttl String
- Specifies the Time To Live value.
- algorithm
Signer string - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- allow
Bare booleanDomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - allow
Host booleanCertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- allow
Subdomains boolean - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - allow
User booleanCertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- allow
User booleanKey Ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - allowed
Critical stringOptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- allowed
Domains string - The list of domains for which a client can request a host certificate.
- allowed
Domains booleanTemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - allowed
Extensions string - Specifies a comma-separated list of extensions that certificates can have when signed.
- allowed
User SecretKey Configs Backend Role Allowed User Key Config[] - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - allowed
Users string - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- allowed
Users booleanTemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - backend string
- The path where the SSH secret backend is mounted.
- cidr
List string - The comma-separated string of CIDR blocks for which this role is applicable.
- default
Critical {[key: string]: any}Options - Specifies a map of critical options that certificates have when signed.
- default
Extensions {[key: string]: any} - Specifies a map of extensions that certificates have when signed.
- default
User string - Specifies the default username for which a credential will be generated.
- default
User booleanTemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - key
Id stringFormat - Specifies a custom format for the key id of a signed certificate.
- key
Type string - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - max
Ttl string - Specifies the maximum Time To Live value.
- name string
- Specifies the name of the role to create.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
Before stringDuration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- ttl string
- Specifies the Time To Live value.
- algorithm_
signer str - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- allow_
bare_ booldomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - allow_
host_ boolcertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- allow_
subdomains bool - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - allow_
user_ boolcertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- allow_
user_ boolkey_ ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - allowed_
critical_ stroptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- allowed_
domains str - The list of domains for which a client can request a host certificate.
- allowed_
domains_ booltemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - allowed_
extensions str - Specifies a comma-separated list of extensions that certificates can have when signed.
- allowed_
user_ Sequence[Secretkey_ configs Backend Role Allowed User Key Config Args] - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - allowed_
users str - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- allowed_
users_ booltemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - backend str
- The path where the SSH secret backend is mounted.
- cidr_
list str - The comma-separated string of CIDR blocks for which this role is applicable.
- default_
critical_ Mapping[str, Any]options - Specifies a map of critical options that certificates have when signed.
- default_
extensions Mapping[str, Any] - Specifies a map of extensions that certificates have when signed.
- default_
user str - Specifies the default username for which a credential will be generated.
- default_
user_ booltemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - key_
id_ strformat - Specifies a custom format for the key id of a signed certificate.
- key_
type str - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - max_
ttl str - Specifies the maximum Time To Live value.
- name str
- Specifies the name of the role to create.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not_
before_ strduration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- ttl str
- Specifies the Time To Live value.
- algorithm
Signer String - When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
- allow
Bare BooleanDomains - Specifies if host certificates that are requested are allowed to use the base domains listed in
allowed_domains. - allow
Host BooleanCertificates - Specifies if certificates are allowed to be signed for use as a 'host'.
- allow
Subdomains Boolean - Specifies if host certificates that are requested are allowed to be subdomains of those listed in
allowed_domains. - allow
User BooleanCertificates - Specifies if certificates are allowed to be signed for use as a 'user'.
- allow
User BooleanKey Ids - Specifies if users can override the key ID for a signed certificate with the
key_idfield. - allowed
Critical StringOptions - Specifies a comma-separated list of critical options that certificates can have when signed.
- allowed
Domains String - The list of domains for which a client can request a host certificate.
- allowed
Domains BooleanTemplate - Specifies if
allowed_domainscan be declared using identity template policies. Non-templated domains are also permitted. - allowed
Extensions String - Specifies a comma-separated list of extensions that certificates can have when signed.
- allowed
User List<Property Map>Key Configs - Set of configuration blocks to define allowed
user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info - allowed
Users String - Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
- allowed
Users BooleanTemplate - Specifies if
allowed_userscan be declared using identity template policies. Non-templated users are also permitted. - backend String
- The path where the SSH secret backend is mounted.
- cidr
List String - The comma-separated string of CIDR blocks for which this role is applicable.
- default
Critical Map<Any>Options - Specifies a map of critical options that certificates have when signed.
- default
Extensions Map<Any> - Specifies a map of extensions that certificates have when signed.
- default
User String - Specifies the default username for which a credential will be generated.
- default
User BooleanTemplate - If set,
default_userscan be specified using identity template values. A non-templated user is also permitted. - key
Id StringFormat - Specifies a custom format for the key id of a signed certificate.
- key
Type String - Specifies the type of credentials generated by this role. This can be either
otp,dynamicorca. - max
Ttl String - Specifies the maximum Time To Live value.
- name String
- Specifies the name of the role to create.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
Before StringDuration - Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
- ttl String
- Specifies the Time To Live value.
Supporting Types
SecretBackendRoleAllowedUserKeyConfig, SecretBackendRoleAllowedUserKeyConfigArgs
- Lengths List<int>
A list of allowed key lengths as integers. For key types that do not support setting the length a value of
[0]should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releaseslengthmust be set to a single element list.Example configuration blocks that might be included in the
vault.ssh.SecretBackendRoleimport * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- Type string
- The SSH public key type.
Supported key types are:rsa,ecdsa,ec,dsa,ed25519,ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
- Lengths []int
A list of allowed key lengths as integers. For key types that do not support setting the length a value of
[0]should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releaseslengthmust be set to a single element list.Example configuration blocks that might be included in the
vault.ssh.SecretBackendRoleimport * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- Type string
- The SSH public key type.
Supported key types are:rsa,ecdsa,ec,dsa,ed25519,ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
- lengths List<Integer>
A list of allowed key lengths as integers. For key types that do not support setting the length a value of
[0]should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releaseslengthmust be set to a single element list.Example configuration blocks that might be included in the
vault.ssh.SecretBackendRoleimport * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- type String
- The SSH public key type.
Supported key types are:rsa,ecdsa,ec,dsa,ed25519,ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
- lengths number[]
A list of allowed key lengths as integers. For key types that do not support setting the length a value of
[0]should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releaseslengthmust be set to a single element list.Example configuration blocks that might be included in the
vault.ssh.SecretBackendRoleimport * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- type string
- The SSH public key type.
Supported key types are:rsa,ecdsa,ec,dsa,ed25519,ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
- lengths Sequence[int]
A list of allowed key lengths as integers. For key types that do not support setting the length a value of
[0]should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releaseslengthmust be set to a single element list.Example configuration blocks that might be included in the
vault.ssh.SecretBackendRoleimport * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- type str
- The SSH public key type.
Supported key types are:rsa,ecdsa,ec,dsa,ed25519,ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
- lengths List<Number>
A list of allowed key lengths as integers. For key types that do not support setting the length a value of
[0]should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releaseslengthmust be set to a single element list.Example configuration blocks that might be included in the
vault.ssh.SecretBackendRoleimport * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- type String
- The SSH public key type.
Supported key types are:rsa,ecdsa,ec,dsa,ed25519,ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
Import
SSH secret backend roles can be imported using the path, e.g.
$ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.