1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. ssh
  5. SecretBackendRole
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

vault.ssh.SecretBackendRole

Explore with Pulumi AI

vault logo
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

    Provides a resource to manage roles in an SSH secret backend SSH secret backend within Vault.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Vault.Mount("example", new()
        {
            Type = "ssh",
        });
    
        var foo = new Vault.Ssh.SecretBackendRole("foo", new()
        {
            Backend = example.Path,
            KeyType = "ca",
            AllowUserCertificates = true,
        });
    
        var bar = new Vault.Ssh.SecretBackendRole("bar", new()
        {
            Backend = example.Path,
            KeyType = "otp",
            DefaultUser = "default",
            AllowedUsers = "default,baz",
            CidrList = "0.0.0.0/0",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ssh"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := vault.NewMount(ctx, "example", &vault.MountArgs{
    			Type: pulumi.String("ssh"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ssh.NewSecretBackendRole(ctx, "foo", &ssh.SecretBackendRoleArgs{
    			Backend:               example.Path,
    			KeyType:               pulumi.String("ca"),
    			AllowUserCertificates: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ssh.NewSecretBackendRole(ctx, "bar", &ssh.SecretBackendRoleArgs{
    			Backend:      example.Path,
    			KeyType:      pulumi.String("otp"),
    			DefaultUser:  pulumi.String("default"),
    			AllowedUsers: pulumi.String("default,baz"),
    			CidrList:     pulumi.String("0.0.0.0/0"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.Mount;
    import com.pulumi.vault.MountArgs;
    import com.pulumi.vault.ssh.SecretBackendRole;
    import com.pulumi.vault.ssh.SecretBackendRoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Mount("example", MountArgs.builder()        
                .type("ssh")
                .build());
    
            var foo = new SecretBackendRole("foo", SecretBackendRoleArgs.builder()        
                .backend(example.path())
                .keyType("ca")
                .allowUserCertificates(true)
                .build());
    
            var bar = new SecretBackendRole("bar", SecretBackendRoleArgs.builder()        
                .backend(example.path())
                .keyType("otp")
                .defaultUser("default")
                .allowedUsers("default,baz")
                .cidrList("0.0.0.0/0")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_vault as vault
    
    example = vault.Mount("example", type="ssh")
    foo = vault.ssh.SecretBackendRole("foo",
        backend=example.path,
        key_type="ca",
        allow_user_certificates=True)
    bar = vault.ssh.SecretBackendRole("bar",
        backend=example.path,
        key_type="otp",
        default_user="default",
        allowed_users="default,baz",
        cidr_list="0.0.0.0/0")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const example = new vault.Mount("example", {type: "ssh"});
    const foo = new vault.ssh.SecretBackendRole("foo", {
        backend: example.path,
        keyType: "ca",
        allowUserCertificates: true,
    });
    const bar = new vault.ssh.SecretBackendRole("bar", {
        backend: example.path,
        keyType: "otp",
        defaultUser: "default",
        allowedUsers: "default,baz",
        cidrList: "0.0.0.0/0",
    });
    
    resources:
      example:
        type: vault:Mount
        properties:
          type: ssh
      foo:
        type: vault:ssh:SecretBackendRole
        properties:
          backend: ${example.path}
          keyType: ca
          allowUserCertificates: true
      bar:
        type: vault:ssh:SecretBackendRole
        properties:
          backend: ${example.path}
          keyType: otp
          defaultUser: default
          allowedUsers: default,baz
          cidrList: 0.0.0.0/0
    

    Create SecretBackendRole Resource

    new SecretBackendRole(name: string, args: SecretBackendRoleArgs, opts?: CustomResourceOptions);
    @overload
    def SecretBackendRole(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          algorithm_signer: Optional[str] = None,
                          allow_bare_domains: Optional[bool] = None,
                          allow_host_certificates: Optional[bool] = None,
                          allow_subdomains: Optional[bool] = None,
                          allow_user_certificates: Optional[bool] = None,
                          allow_user_key_ids: Optional[bool] = None,
                          allowed_critical_options: Optional[str] = None,
                          allowed_domains: Optional[str] = None,
                          allowed_domains_template: Optional[bool] = None,
                          allowed_extensions: Optional[str] = None,
                          allowed_user_key_configs: Optional[Sequence[SecretBackendRoleAllowedUserKeyConfigArgs]] = None,
                          allowed_user_key_lengths: Optional[Mapping[str, int]] = None,
                          allowed_users: Optional[str] = None,
                          allowed_users_template: Optional[bool] = None,
                          backend: Optional[str] = None,
                          cidr_list: Optional[str] = None,
                          default_critical_options: Optional[Mapping[str, Any]] = None,
                          default_extensions: Optional[Mapping[str, Any]] = None,
                          default_user: Optional[str] = None,
                          default_user_template: Optional[bool] = None,
                          key_id_format: Optional[str] = None,
                          key_type: Optional[str] = None,
                          max_ttl: Optional[str] = None,
                          name: Optional[str] = None,
                          namespace: Optional[str] = None,
                          not_before_duration: Optional[str] = None,
                          ttl: Optional[str] = None)
    @overload
    def SecretBackendRole(resource_name: str,
                          args: SecretBackendRoleArgs,
                          opts: Optional[ResourceOptions] = None)
    func NewSecretBackendRole(ctx *Context, name string, args SecretBackendRoleArgs, opts ...ResourceOption) (*SecretBackendRole, error)
    public SecretBackendRole(string name, SecretBackendRoleArgs args, CustomResourceOptions? opts = null)
    public SecretBackendRole(String name, SecretBackendRoleArgs args)
    public SecretBackendRole(String name, SecretBackendRoleArgs args, CustomResourceOptions options)
    
    type: vault:ssh:SecretBackendRole
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SecretBackendRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecretBackendRoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecretBackendRoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecretBackendRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecretBackendRoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SecretBackendRole Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SecretBackendRole resource accepts the following input properties:

    Backend string
    The path where the SSH secret backend is mounted.
    KeyType string
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    AlgorithmSigner string
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    AllowBareDomains bool
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    AllowHostCertificates bool
    Specifies if certificates are allowed to be signed for use as a 'host'.
    AllowSubdomains bool
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    AllowUserCertificates bool
    Specifies if certificates are allowed to be signed for use as a 'user'.
    AllowUserKeyIds bool
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    AllowedCriticalOptions string
    Specifies a comma-separated list of critical options that certificates can have when signed.
    AllowedDomains string
    The list of domains for which a client can request a host certificate.
    AllowedDomainsTemplate bool
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    AllowedExtensions string
    Specifies a comma-separated list of extensions that certificates can have when signed.
    AllowedUserKeyConfigs List<SecretBackendRoleAllowedUserKeyConfig>
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    AllowedUserKeyLengths Dictionary<string, int>
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    AllowedUsers string
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    AllowedUsersTemplate bool
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    CidrList string
    The comma-separated string of CIDR blocks for which this role is applicable.
    DefaultCriticalOptions Dictionary<string, object>
    Specifies a map of critical options that certificates have when signed.
    DefaultExtensions Dictionary<string, object>
    Specifies a map of extensions that certificates have when signed.
    DefaultUser string
    Specifies the default username for which a credential will be generated.
    DefaultUserTemplate bool
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    KeyIdFormat string
    Specifies a custom format for the key id of a signed certificate.
    MaxTtl string
    Specifies the maximum Time To Live value.
    Name string
    Specifies the name of the role to create.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    NotBeforeDuration string
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    Ttl string
    Specifies the Time To Live value.
    Backend string
    The path where the SSH secret backend is mounted.
    KeyType string
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    AlgorithmSigner string
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    AllowBareDomains bool
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    AllowHostCertificates bool
    Specifies if certificates are allowed to be signed for use as a 'host'.
    AllowSubdomains bool
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    AllowUserCertificates bool
    Specifies if certificates are allowed to be signed for use as a 'user'.
    AllowUserKeyIds bool
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    AllowedCriticalOptions string
    Specifies a comma-separated list of critical options that certificates can have when signed.
    AllowedDomains string
    The list of domains for which a client can request a host certificate.
    AllowedDomainsTemplate bool
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    AllowedExtensions string
    Specifies a comma-separated list of extensions that certificates can have when signed.
    AllowedUserKeyConfigs []SecretBackendRoleAllowedUserKeyConfigArgs
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    AllowedUserKeyLengths map[string]int
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    AllowedUsers string
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    AllowedUsersTemplate bool
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    CidrList string
    The comma-separated string of CIDR blocks for which this role is applicable.
    DefaultCriticalOptions map[string]interface{}
    Specifies a map of critical options that certificates have when signed.
    DefaultExtensions map[string]interface{}
    Specifies a map of extensions that certificates have when signed.
    DefaultUser string
    Specifies the default username for which a credential will be generated.
    DefaultUserTemplate bool
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    KeyIdFormat string
    Specifies a custom format for the key id of a signed certificate.
    MaxTtl string
    Specifies the maximum Time To Live value.
    Name string
    Specifies the name of the role to create.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    NotBeforeDuration string
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    Ttl string
    Specifies the Time To Live value.
    backend String
    The path where the SSH secret backend is mounted.
    keyType String
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    algorithmSigner String
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    allowBareDomains Boolean
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    allowHostCertificates Boolean
    Specifies if certificates are allowed to be signed for use as a 'host'.
    allowSubdomains Boolean
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    allowUserCertificates Boolean
    Specifies if certificates are allowed to be signed for use as a 'user'.
    allowUserKeyIds Boolean
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    allowedCriticalOptions String
    Specifies a comma-separated list of critical options that certificates can have when signed.
    allowedDomains String
    The list of domains for which a client can request a host certificate.
    allowedDomainsTemplate Boolean
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    allowedExtensions String
    Specifies a comma-separated list of extensions that certificates can have when signed.
    allowedUserKeyConfigs List<SecretBackendRoleAllowedUserKeyConfig>
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    allowedUserKeyLengths Map<String,Integer>
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    allowedUsers String
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    allowedUsersTemplate Boolean
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    cidrList String
    The comma-separated string of CIDR blocks for which this role is applicable.
    defaultCriticalOptions Map<String,Object>
    Specifies a map of critical options that certificates have when signed.
    defaultExtensions Map<String,Object>
    Specifies a map of extensions that certificates have when signed.
    defaultUser String
    Specifies the default username for which a credential will be generated.
    defaultUserTemplate Boolean
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    keyIdFormat String
    Specifies a custom format for the key id of a signed certificate.
    maxTtl String
    Specifies the maximum Time To Live value.
    name String
    Specifies the name of the role to create.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    notBeforeDuration String
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    ttl String
    Specifies the Time To Live value.
    backend string
    The path where the SSH secret backend is mounted.
    keyType string
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    algorithmSigner string
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    allowBareDomains boolean
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    allowHostCertificates boolean
    Specifies if certificates are allowed to be signed for use as a 'host'.
    allowSubdomains boolean
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    allowUserCertificates boolean
    Specifies if certificates are allowed to be signed for use as a 'user'.
    allowUserKeyIds boolean
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    allowedCriticalOptions string
    Specifies a comma-separated list of critical options that certificates can have when signed.
    allowedDomains string
    The list of domains for which a client can request a host certificate.
    allowedDomainsTemplate boolean
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    allowedExtensions string
    Specifies a comma-separated list of extensions that certificates can have when signed.
    allowedUserKeyConfigs SecretBackendRoleAllowedUserKeyConfig[]
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    allowedUserKeyLengths {[key: string]: number}
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    allowedUsers string
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    allowedUsersTemplate boolean
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    cidrList string
    The comma-separated string of CIDR blocks for which this role is applicable.
    defaultCriticalOptions {[key: string]: any}
    Specifies a map of critical options that certificates have when signed.
    defaultExtensions {[key: string]: any}
    Specifies a map of extensions that certificates have when signed.
    defaultUser string
    Specifies the default username for which a credential will be generated.
    defaultUserTemplate boolean
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    keyIdFormat string
    Specifies a custom format for the key id of a signed certificate.
    maxTtl string
    Specifies the maximum Time To Live value.
    name string
    Specifies the name of the role to create.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    notBeforeDuration string
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    ttl string
    Specifies the Time To Live value.
    backend str
    The path where the SSH secret backend is mounted.
    key_type str
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    algorithm_signer str
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    allow_bare_domains bool
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    allow_host_certificates bool
    Specifies if certificates are allowed to be signed for use as a 'host'.
    allow_subdomains bool
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    allow_user_certificates bool
    Specifies if certificates are allowed to be signed for use as a 'user'.
    allow_user_key_ids bool
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    allowed_critical_options str
    Specifies a comma-separated list of critical options that certificates can have when signed.
    allowed_domains str
    The list of domains for which a client can request a host certificate.
    allowed_domains_template bool
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    allowed_extensions str
    Specifies a comma-separated list of extensions that certificates can have when signed.
    allowed_user_key_configs Sequence[SecretBackendRoleAllowedUserKeyConfigArgs]
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    allowed_user_key_lengths Mapping[str, int]
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    allowed_users str
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    allowed_users_template bool
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    cidr_list str
    The comma-separated string of CIDR blocks for which this role is applicable.
    default_critical_options Mapping[str, Any]
    Specifies a map of critical options that certificates have when signed.
    default_extensions Mapping[str, Any]
    Specifies a map of extensions that certificates have when signed.
    default_user str
    Specifies the default username for which a credential will be generated.
    default_user_template bool
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    key_id_format str
    Specifies a custom format for the key id of a signed certificate.
    max_ttl str
    Specifies the maximum Time To Live value.
    name str
    Specifies the name of the role to create.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    not_before_duration str
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    ttl str
    Specifies the Time To Live value.
    backend String
    The path where the SSH secret backend is mounted.
    keyType String
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    algorithmSigner String
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    allowBareDomains Boolean
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    allowHostCertificates Boolean
    Specifies if certificates are allowed to be signed for use as a 'host'.
    allowSubdomains Boolean
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    allowUserCertificates Boolean
    Specifies if certificates are allowed to be signed for use as a 'user'.
    allowUserKeyIds Boolean
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    allowedCriticalOptions String
    Specifies a comma-separated list of critical options that certificates can have when signed.
    allowedDomains String
    The list of domains for which a client can request a host certificate.
    allowedDomainsTemplate Boolean
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    allowedExtensions String
    Specifies a comma-separated list of extensions that certificates can have when signed.
    allowedUserKeyConfigs List<Property Map>
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    allowedUserKeyLengths Map<Number>
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    allowedUsers String
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    allowedUsersTemplate Boolean
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    cidrList String
    The comma-separated string of CIDR blocks for which this role is applicable.
    defaultCriticalOptions Map<Any>
    Specifies a map of critical options that certificates have when signed.
    defaultExtensions Map<Any>
    Specifies a map of extensions that certificates have when signed.
    defaultUser String
    Specifies the default username for which a credential will be generated.
    defaultUserTemplate Boolean
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    keyIdFormat String
    Specifies a custom format for the key id of a signed certificate.
    maxTtl String
    Specifies the maximum Time To Live value.
    name String
    Specifies the name of the role to create.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    notBeforeDuration String
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    ttl String
    Specifies the Time To Live value.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecretBackendRole resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing SecretBackendRole Resource

    Get an existing SecretBackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecretBackendRoleState, opts?: CustomResourceOptions): SecretBackendRole
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            algorithm_signer: Optional[str] = None,
            allow_bare_domains: Optional[bool] = None,
            allow_host_certificates: Optional[bool] = None,
            allow_subdomains: Optional[bool] = None,
            allow_user_certificates: Optional[bool] = None,
            allow_user_key_ids: Optional[bool] = None,
            allowed_critical_options: Optional[str] = None,
            allowed_domains: Optional[str] = None,
            allowed_domains_template: Optional[bool] = None,
            allowed_extensions: Optional[str] = None,
            allowed_user_key_configs: Optional[Sequence[SecretBackendRoleAllowedUserKeyConfigArgs]] = None,
            allowed_user_key_lengths: Optional[Mapping[str, int]] = None,
            allowed_users: Optional[str] = None,
            allowed_users_template: Optional[bool] = None,
            backend: Optional[str] = None,
            cidr_list: Optional[str] = None,
            default_critical_options: Optional[Mapping[str, Any]] = None,
            default_extensions: Optional[Mapping[str, Any]] = None,
            default_user: Optional[str] = None,
            default_user_template: Optional[bool] = None,
            key_id_format: Optional[str] = None,
            key_type: Optional[str] = None,
            max_ttl: Optional[str] = None,
            name: Optional[str] = None,
            namespace: Optional[str] = None,
            not_before_duration: Optional[str] = None,
            ttl: Optional[str] = None) -> SecretBackendRole
    func GetSecretBackendRole(ctx *Context, name string, id IDInput, state *SecretBackendRoleState, opts ...ResourceOption) (*SecretBackendRole, error)
    public static SecretBackendRole Get(string name, Input<string> id, SecretBackendRoleState? state, CustomResourceOptions? opts = null)
    public static SecretBackendRole get(String name, Output<String> id, SecretBackendRoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AlgorithmSigner string
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    AllowBareDomains bool
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    AllowHostCertificates bool
    Specifies if certificates are allowed to be signed for use as a 'host'.
    AllowSubdomains bool
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    AllowUserCertificates bool
    Specifies if certificates are allowed to be signed for use as a 'user'.
    AllowUserKeyIds bool
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    AllowedCriticalOptions string
    Specifies a comma-separated list of critical options that certificates can have when signed.
    AllowedDomains string
    The list of domains for which a client can request a host certificate.
    AllowedDomainsTemplate bool
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    AllowedExtensions string
    Specifies a comma-separated list of extensions that certificates can have when signed.
    AllowedUserKeyConfigs List<SecretBackendRoleAllowedUserKeyConfig>
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    AllowedUserKeyLengths Dictionary<string, int>
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    AllowedUsers string
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    AllowedUsersTemplate bool
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    Backend string
    The path where the SSH secret backend is mounted.
    CidrList string
    The comma-separated string of CIDR blocks for which this role is applicable.
    DefaultCriticalOptions Dictionary<string, object>
    Specifies a map of critical options that certificates have when signed.
    DefaultExtensions Dictionary<string, object>
    Specifies a map of extensions that certificates have when signed.
    DefaultUser string
    Specifies the default username for which a credential will be generated.
    DefaultUserTemplate bool
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    KeyIdFormat string
    Specifies a custom format for the key id of a signed certificate.
    KeyType string
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    MaxTtl string
    Specifies the maximum Time To Live value.
    Name string
    Specifies the name of the role to create.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    NotBeforeDuration string
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    Ttl string
    Specifies the Time To Live value.
    AlgorithmSigner string
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    AllowBareDomains bool
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    AllowHostCertificates bool
    Specifies if certificates are allowed to be signed for use as a 'host'.
    AllowSubdomains bool
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    AllowUserCertificates bool
    Specifies if certificates are allowed to be signed for use as a 'user'.
    AllowUserKeyIds bool
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    AllowedCriticalOptions string
    Specifies a comma-separated list of critical options that certificates can have when signed.
    AllowedDomains string
    The list of domains for which a client can request a host certificate.
    AllowedDomainsTemplate bool
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    AllowedExtensions string
    Specifies a comma-separated list of extensions that certificates can have when signed.
    AllowedUserKeyConfigs []SecretBackendRoleAllowedUserKeyConfigArgs
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    AllowedUserKeyLengths map[string]int
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    AllowedUsers string
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    AllowedUsersTemplate bool
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    Backend string
    The path where the SSH secret backend is mounted.
    CidrList string
    The comma-separated string of CIDR blocks for which this role is applicable.
    DefaultCriticalOptions map[string]interface{}
    Specifies a map of critical options that certificates have when signed.
    DefaultExtensions map[string]interface{}
    Specifies a map of extensions that certificates have when signed.
    DefaultUser string
    Specifies the default username for which a credential will be generated.
    DefaultUserTemplate bool
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    KeyIdFormat string
    Specifies a custom format for the key id of a signed certificate.
    KeyType string
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    MaxTtl string
    Specifies the maximum Time To Live value.
    Name string
    Specifies the name of the role to create.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    NotBeforeDuration string
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    Ttl string
    Specifies the Time To Live value.
    algorithmSigner String
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    allowBareDomains Boolean
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    allowHostCertificates Boolean
    Specifies if certificates are allowed to be signed for use as a 'host'.
    allowSubdomains Boolean
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    allowUserCertificates Boolean
    Specifies if certificates are allowed to be signed for use as a 'user'.
    allowUserKeyIds Boolean
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    allowedCriticalOptions String
    Specifies a comma-separated list of critical options that certificates can have when signed.
    allowedDomains String
    The list of domains for which a client can request a host certificate.
    allowedDomainsTemplate Boolean
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    allowedExtensions String
    Specifies a comma-separated list of extensions that certificates can have when signed.
    allowedUserKeyConfigs List<SecretBackendRoleAllowedUserKeyConfig>
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    allowedUserKeyLengths Map<String,Integer>
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    allowedUsers String
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    allowedUsersTemplate Boolean
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    backend String
    The path where the SSH secret backend is mounted.
    cidrList String
    The comma-separated string of CIDR blocks for which this role is applicable.
    defaultCriticalOptions Map<String,Object>
    Specifies a map of critical options that certificates have when signed.
    defaultExtensions Map<String,Object>
    Specifies a map of extensions that certificates have when signed.
    defaultUser String
    Specifies the default username for which a credential will be generated.
    defaultUserTemplate Boolean
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    keyIdFormat String
    Specifies a custom format for the key id of a signed certificate.
    keyType String
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    maxTtl String
    Specifies the maximum Time To Live value.
    name String
    Specifies the name of the role to create.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    notBeforeDuration String
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    ttl String
    Specifies the Time To Live value.
    algorithmSigner string
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    allowBareDomains boolean
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    allowHostCertificates boolean
    Specifies if certificates are allowed to be signed for use as a 'host'.
    allowSubdomains boolean
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    allowUserCertificates boolean
    Specifies if certificates are allowed to be signed for use as a 'user'.
    allowUserKeyIds boolean
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    allowedCriticalOptions string
    Specifies a comma-separated list of critical options that certificates can have when signed.
    allowedDomains string
    The list of domains for which a client can request a host certificate.
    allowedDomainsTemplate boolean
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    allowedExtensions string
    Specifies a comma-separated list of extensions that certificates can have when signed.
    allowedUserKeyConfigs SecretBackendRoleAllowedUserKeyConfig[]
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    allowedUserKeyLengths {[key: string]: number}
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    allowedUsers string
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    allowedUsersTemplate boolean
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    backend string
    The path where the SSH secret backend is mounted.
    cidrList string
    The comma-separated string of CIDR blocks for which this role is applicable.
    defaultCriticalOptions {[key: string]: any}
    Specifies a map of critical options that certificates have when signed.
    defaultExtensions {[key: string]: any}
    Specifies a map of extensions that certificates have when signed.
    defaultUser string
    Specifies the default username for which a credential will be generated.
    defaultUserTemplate boolean
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    keyIdFormat string
    Specifies a custom format for the key id of a signed certificate.
    keyType string
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    maxTtl string
    Specifies the maximum Time To Live value.
    name string
    Specifies the name of the role to create.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    notBeforeDuration string
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    ttl string
    Specifies the Time To Live value.
    algorithm_signer str
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    allow_bare_domains bool
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    allow_host_certificates bool
    Specifies if certificates are allowed to be signed for use as a 'host'.
    allow_subdomains bool
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    allow_user_certificates bool
    Specifies if certificates are allowed to be signed for use as a 'user'.
    allow_user_key_ids bool
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    allowed_critical_options str
    Specifies a comma-separated list of critical options that certificates can have when signed.
    allowed_domains str
    The list of domains for which a client can request a host certificate.
    allowed_domains_template bool
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    allowed_extensions str
    Specifies a comma-separated list of extensions that certificates can have when signed.
    allowed_user_key_configs Sequence[SecretBackendRoleAllowedUserKeyConfigArgs]
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    allowed_user_key_lengths Mapping[str, int]
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    allowed_users str
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    allowed_users_template bool
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    backend str
    The path where the SSH secret backend is mounted.
    cidr_list str
    The comma-separated string of CIDR blocks for which this role is applicable.
    default_critical_options Mapping[str, Any]
    Specifies a map of critical options that certificates have when signed.
    default_extensions Mapping[str, Any]
    Specifies a map of extensions that certificates have when signed.
    default_user str
    Specifies the default username for which a credential will be generated.
    default_user_template bool
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    key_id_format str
    Specifies a custom format for the key id of a signed certificate.
    key_type str
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    max_ttl str
    Specifies the maximum Time To Live value.
    name str
    Specifies the name of the role to create.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    not_before_duration str
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    ttl str
    Specifies the Time To Live value.
    algorithmSigner String
    When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
    allowBareDomains Boolean
    Specifies if host certificates that are requested are allowed to use the base domains listed in allowed_domains.
    allowHostCertificates Boolean
    Specifies if certificates are allowed to be signed for use as a 'host'.
    allowSubdomains Boolean
    Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains.
    allowUserCertificates Boolean
    Specifies if certificates are allowed to be signed for use as a 'user'.
    allowUserKeyIds Boolean
    Specifies if users can override the key ID for a signed certificate with the key_id field.
    allowedCriticalOptions String
    Specifies a comma-separated list of critical options that certificates can have when signed.
    allowedDomains String
    The list of domains for which a client can request a host certificate.
    allowedDomainsTemplate Boolean
    Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted.
    allowedExtensions String
    Specifies a comma-separated list of extensions that certificates can have when signed.
    allowedUserKeyConfigs List<Property Map>
    Set of configuration blocks to define allowed
    user key configuration, like key type and their lengths. Can be specified multiple times. See Configuration-Options for more info
    allowedUserKeyLengths Map<Number>
    Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type. Deprecated: use allowed_user_key_config instead

    Deprecated:Set in allowed_user_key_config

    allowedUsers String
    Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
    allowedUsersTemplate Boolean
    Specifies if allowed_users can be declared using identity template policies. Non-templated users are also permitted.
    backend String
    The path where the SSH secret backend is mounted.
    cidrList String
    The comma-separated string of CIDR blocks for which this role is applicable.
    defaultCriticalOptions Map<Any>
    Specifies a map of critical options that certificates have when signed.
    defaultExtensions Map<Any>
    Specifies a map of extensions that certificates have when signed.
    defaultUser String
    Specifies the default username for which a credential will be generated.
    defaultUserTemplate Boolean
    If set, default_users can be specified using identity template values. A non-templated user is also permitted.
    keyIdFormat String
    Specifies a custom format for the key id of a signed certificate.
    keyType String
    Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca.
    maxTtl String
    Specifies the maximum Time To Live value.
    name String
    Specifies the name of the role to create.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    notBeforeDuration String
    Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
    ttl String
    Specifies the Time To Live value.

    Supporting Types

    SecretBackendRoleAllowedUserKeyConfig, SecretBackendRoleAllowedUserKeyConfigArgs

    Lengths List<int>

    A list of allowed key lengths as integers. For key types that do not support setting the length a value of [0] should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releases length must be set to a single element list.

    Example configuration blocks that might be included in the vault.ssh.SecretBackendRole

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    Type string
    The SSH public key type.
    Supported key types are: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
    Lengths []int

    A list of allowed key lengths as integers. For key types that do not support setting the length a value of [0] should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releases length must be set to a single element list.

    Example configuration blocks that might be included in the vault.ssh.SecretBackendRole

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    Type string
    The SSH public key type.
    Supported key types are: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
    lengths List<Integer>

    A list of allowed key lengths as integers. For key types that do not support setting the length a value of [0] should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releases length must be set to a single element list.

    Example configuration blocks that might be included in the vault.ssh.SecretBackendRole

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    type String
    The SSH public key type.
    Supported key types are: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
    lengths number[]

    A list of allowed key lengths as integers. For key types that do not support setting the length a value of [0] should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releases length must be set to a single element list.

    Example configuration blocks that might be included in the vault.ssh.SecretBackendRole

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    type string
    The SSH public key type.
    Supported key types are: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
    lengths Sequence[int]

    A list of allowed key lengths as integers. For key types that do not support setting the length a value of [0] should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releases length must be set to a single element list.

    Example configuration blocks that might be included in the vault.ssh.SecretBackendRole

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    type str
    The SSH public key type.
    Supported key types are: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
    lengths List<Number>

    A list of allowed key lengths as integers. For key types that do not support setting the length a value of [0] should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releases length must be set to a single element list.

    Example configuration blocks that might be included in the vault.ssh.SecretBackendRole

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    type String
    The SSH public key type.
    Supported key types are: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521

    Import

    SSH secret backend roles can be imported using the path, e.g.

     $ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role
    

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi