Documentation ¶
Index ¶
- type GetDecryptArgs
- type GetDecryptOutputArgs
- type GetDecryptResult
- type GetDecryptResultOutput
- func (o GetDecryptResultOutput) Backend() pulumi.StringOutput
- func (o GetDecryptResultOutput) Ciphertext() pulumi.StringOutput
- func (o GetDecryptResultOutput) Context() pulumi.StringPtrOutput
- func (GetDecryptResultOutput) ElementType() reflect.Type
- func (o GetDecryptResultOutput) Id() pulumi.StringOutput
- func (o GetDecryptResultOutput) Key() pulumi.StringOutput
- func (o GetDecryptResultOutput) Plaintext() pulumi.StringOutput
- func (o GetDecryptResultOutput) ToGetDecryptResultOutput() GetDecryptResultOutput
- func (o GetDecryptResultOutput) ToGetDecryptResultOutputWithContext(ctx context.Context) GetDecryptResultOutput
- type GetEncryptArgs
- type GetEncryptOutputArgs
- type GetEncryptResult
- type GetEncryptResultOutput
- func (o GetEncryptResultOutput) Backend() pulumi.StringOutput
- func (o GetEncryptResultOutput) Ciphertext() pulumi.StringOutput
- func (o GetEncryptResultOutput) Context() pulumi.StringPtrOutput
- func (GetEncryptResultOutput) ElementType() reflect.Type
- func (o GetEncryptResultOutput) Id() pulumi.StringOutput
- func (o GetEncryptResultOutput) Key() pulumi.StringOutput
- func (o GetEncryptResultOutput) KeyVersion() pulumi.IntPtrOutput
- func (o GetEncryptResultOutput) Plaintext() pulumi.StringOutput
- func (o GetEncryptResultOutput) ToGetEncryptResultOutput() GetEncryptResultOutput
- func (o GetEncryptResultOutput) ToGetEncryptResultOutputWithContext(ctx context.Context) GetEncryptResultOutput
- type SecretBackendKey
- func (*SecretBackendKey) ElementType() reflect.Type
- func (i *SecretBackendKey) ToSecretBackendKeyOutput() SecretBackendKeyOutput
- func (i *SecretBackendKey) ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput
- func (i *SecretBackendKey) ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput
- func (i *SecretBackendKey) ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput
- type SecretBackendKeyArgs
- type SecretBackendKeyArray
- type SecretBackendKeyArrayInput
- type SecretBackendKeyArrayOutput
- func (SecretBackendKeyArrayOutput) ElementType() reflect.Type
- func (o SecretBackendKeyArrayOutput) Index(i pulumi.IntInput) SecretBackendKeyOutput
- func (o SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutput() SecretBackendKeyArrayOutput
- func (o SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutputWithContext(ctx context.Context) SecretBackendKeyArrayOutput
- type SecretBackendKeyInput
- type SecretBackendKeyMap
- type SecretBackendKeyMapInput
- type SecretBackendKeyMapOutput
- func (SecretBackendKeyMapOutput) ElementType() reflect.Type
- func (o SecretBackendKeyMapOutput) MapIndex(k pulumi.StringInput) SecretBackendKeyOutput
- func (o SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutput() SecretBackendKeyMapOutput
- func (o SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutputWithContext(ctx context.Context) SecretBackendKeyMapOutput
- type SecretBackendKeyOutput
- func (SecretBackendKeyOutput) ElementType() reflect.Type
- func (o SecretBackendKeyOutput) ToSecretBackendKeyOutput() SecretBackendKeyOutput
- func (o SecretBackendKeyOutput) ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput
- func (o SecretBackendKeyOutput) ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput
- func (o SecretBackendKeyOutput) ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput
- type SecretBackendKeyPtrInput
- type SecretBackendKeyPtrOutput
- func (o SecretBackendKeyPtrOutput) Elem() SecretBackendKeyOutput
- func (SecretBackendKeyPtrOutput) ElementType() reflect.Type
- func (o SecretBackendKeyPtrOutput) ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput
- func (o SecretBackendKeyPtrOutput) ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput
- type SecretBackendKeyState
- type SecretCacheConfig
- func (*SecretCacheConfig) ElementType() reflect.Type
- func (i *SecretCacheConfig) ToSecretCacheConfigOutput() SecretCacheConfigOutput
- func (i *SecretCacheConfig) ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput
- func (i *SecretCacheConfig) ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput
- func (i *SecretCacheConfig) ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput
- type SecretCacheConfigArgs
- type SecretCacheConfigArray
- type SecretCacheConfigArrayInput
- type SecretCacheConfigArrayOutput
- func (SecretCacheConfigArrayOutput) ElementType() reflect.Type
- func (o SecretCacheConfigArrayOutput) Index(i pulumi.IntInput) SecretCacheConfigOutput
- func (o SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutput() SecretCacheConfigArrayOutput
- func (o SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutputWithContext(ctx context.Context) SecretCacheConfigArrayOutput
- type SecretCacheConfigInput
- type SecretCacheConfigMap
- type SecretCacheConfigMapInput
- type SecretCacheConfigMapOutput
- func (SecretCacheConfigMapOutput) ElementType() reflect.Type
- func (o SecretCacheConfigMapOutput) MapIndex(k pulumi.StringInput) SecretCacheConfigOutput
- func (o SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutput() SecretCacheConfigMapOutput
- func (o SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutputWithContext(ctx context.Context) SecretCacheConfigMapOutput
- type SecretCacheConfigOutput
- func (SecretCacheConfigOutput) ElementType() reflect.Type
- func (o SecretCacheConfigOutput) ToSecretCacheConfigOutput() SecretCacheConfigOutput
- func (o SecretCacheConfigOutput) ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput
- func (o SecretCacheConfigOutput) ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput
- func (o SecretCacheConfigOutput) ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput
- type SecretCacheConfigPtrInput
- type SecretCacheConfigPtrOutput
- func (o SecretCacheConfigPtrOutput) Elem() SecretCacheConfigOutput
- func (SecretCacheConfigPtrOutput) ElementType() reflect.Type
- func (o SecretCacheConfigPtrOutput) ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput
- func (o SecretCacheConfigPtrOutput) ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput
- type SecretCacheConfigState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GetDecryptArgs ¶
type GetDecryptArgs struct { // The path the transit secret backend is mounted at, with no leading or trailing `/`. Backend string `pulumi:"backend"` // Ciphertext to be decoded. Ciphertext string `pulumi:"ciphertext"` // Context for key derivation. This is required if key derivation is enabled for this key. Context *string `pulumi:"context"` // Specifies the name of the transit key to decrypt against. Key string `pulumi:"key"` }
A collection of arguments for invoking getDecrypt.
type GetDecryptOutputArgs ¶ added in v4.6.0
type GetDecryptOutputArgs struct { // The path the transit secret backend is mounted at, with no leading or trailing `/`. Backend pulumi.StringInput `pulumi:"backend"` // Ciphertext to be decoded. Ciphertext pulumi.StringInput `pulumi:"ciphertext"` // Context for key derivation. This is required if key derivation is enabled for this key. Context pulumi.StringPtrInput `pulumi:"context"` // Specifies the name of the transit key to decrypt against. Key pulumi.StringInput `pulumi:"key"` }
A collection of arguments for invoking getDecrypt.
func (GetDecryptOutputArgs) ElementType ¶ added in v4.6.0
func (GetDecryptOutputArgs) ElementType() reflect.Type
type GetDecryptResult ¶
type GetDecryptResult struct { Backend string `pulumi:"backend"` Ciphertext string `pulumi:"ciphertext"` Context *string `pulumi:"context"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Key string `pulumi:"key"` // Decrypted plaintext returned from Vault Plaintext string `pulumi:"plaintext"` }
A collection of values returned by getDecrypt.
func GetDecrypt ¶
func GetDecrypt(ctx *pulumi.Context, args *GetDecryptArgs, opts ...pulumi.InvokeOption) (*GetDecryptResult, error)
This is a data source which can be used to decrypt ciphertext using a Vault Transit key.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/transit" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := transit.GetDecrypt(ctx, &transit.GetDecryptArgs{ Backend: "transit", Ciphertext: "vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==", Key: "test", }, nil) if err != nil { return err } return nil }) }
```
type GetDecryptResultOutput ¶ added in v4.6.0
type GetDecryptResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getDecrypt.
func GetDecryptOutput ¶ added in v4.6.0
func GetDecryptOutput(ctx *pulumi.Context, args GetDecryptOutputArgs, opts ...pulumi.InvokeOption) GetDecryptResultOutput
func (GetDecryptResultOutput) Backend ¶ added in v4.6.0
func (o GetDecryptResultOutput) Backend() pulumi.StringOutput
func (GetDecryptResultOutput) Ciphertext ¶ added in v4.6.0
func (o GetDecryptResultOutput) Ciphertext() pulumi.StringOutput
func (GetDecryptResultOutput) Context ¶ added in v4.6.0
func (o GetDecryptResultOutput) Context() pulumi.StringPtrOutput
func (GetDecryptResultOutput) ElementType ¶ added in v4.6.0
func (GetDecryptResultOutput) ElementType() reflect.Type
func (GetDecryptResultOutput) Id ¶ added in v4.6.0
func (o GetDecryptResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetDecryptResultOutput) Key ¶ added in v4.6.0
func (o GetDecryptResultOutput) Key() pulumi.StringOutput
func (GetDecryptResultOutput) Plaintext ¶ added in v4.6.0
func (o GetDecryptResultOutput) Plaintext() pulumi.StringOutput
Decrypted plaintext returned from Vault
func (GetDecryptResultOutput) ToGetDecryptResultOutput ¶ added in v4.6.0
func (o GetDecryptResultOutput) ToGetDecryptResultOutput() GetDecryptResultOutput
func (GetDecryptResultOutput) ToGetDecryptResultOutputWithContext ¶ added in v4.6.0
func (o GetDecryptResultOutput) ToGetDecryptResultOutputWithContext(ctx context.Context) GetDecryptResultOutput
type GetEncryptArgs ¶
type GetEncryptArgs struct { // The path the transit secret backend is mounted at, with no leading or trailing `/`. Backend string `pulumi:"backend"` // Context for key derivation. This is required if key derivation is enabled for this key. Context *string `pulumi:"context"` // Specifies the name of the transit key to encrypt against. Key string `pulumi:"key"` // The version of the key to use for encryption. If not set, uses the latest version. Must be greater than or equal to the key's `minEncryptionVersion`, if set. KeyVersion *int `pulumi:"keyVersion"` // Plaintext to be encoded. Plaintext string `pulumi:"plaintext"` }
A collection of arguments for invoking getEncrypt.
type GetEncryptOutputArgs ¶ added in v4.6.0
type GetEncryptOutputArgs struct { // The path the transit secret backend is mounted at, with no leading or trailing `/`. Backend pulumi.StringInput `pulumi:"backend"` // Context for key derivation. This is required if key derivation is enabled for this key. Context pulumi.StringPtrInput `pulumi:"context"` // Specifies the name of the transit key to encrypt against. Key pulumi.StringInput `pulumi:"key"` // The version of the key to use for encryption. If not set, uses the latest version. Must be greater than or equal to the key's `minEncryptionVersion`, if set. KeyVersion pulumi.IntPtrInput `pulumi:"keyVersion"` // Plaintext to be encoded. Plaintext pulumi.StringInput `pulumi:"plaintext"` }
A collection of arguments for invoking getEncrypt.
func (GetEncryptOutputArgs) ElementType ¶ added in v4.6.0
func (GetEncryptOutputArgs) ElementType() reflect.Type
type GetEncryptResult ¶
type GetEncryptResult struct { Backend string `pulumi:"backend"` // Encrypted ciphertext returned from Vault Ciphertext string `pulumi:"ciphertext"` Context *string `pulumi:"context"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Key string `pulumi:"key"` KeyVersion *int `pulumi:"keyVersion"` Plaintext string `pulumi:"plaintext"` }
A collection of values returned by getEncrypt.
func GetEncrypt ¶
func GetEncrypt(ctx *pulumi.Context, args *GetEncryptArgs, opts ...pulumi.InvokeOption) (*GetEncryptResult, error)
This is a data source which can be used to encrypt plaintext using a Vault Transit key.
type GetEncryptResultOutput ¶ added in v4.6.0
type GetEncryptResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getEncrypt.
func GetEncryptOutput ¶ added in v4.6.0
func GetEncryptOutput(ctx *pulumi.Context, args GetEncryptOutputArgs, opts ...pulumi.InvokeOption) GetEncryptResultOutput
func (GetEncryptResultOutput) Backend ¶ added in v4.6.0
func (o GetEncryptResultOutput) Backend() pulumi.StringOutput
func (GetEncryptResultOutput) Ciphertext ¶ added in v4.6.0
func (o GetEncryptResultOutput) Ciphertext() pulumi.StringOutput
Encrypted ciphertext returned from Vault
func (GetEncryptResultOutput) Context ¶ added in v4.6.0
func (o GetEncryptResultOutput) Context() pulumi.StringPtrOutput
func (GetEncryptResultOutput) ElementType ¶ added in v4.6.0
func (GetEncryptResultOutput) ElementType() reflect.Type
func (GetEncryptResultOutput) Id ¶ added in v4.6.0
func (o GetEncryptResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetEncryptResultOutput) Key ¶ added in v4.6.0
func (o GetEncryptResultOutput) Key() pulumi.StringOutput
func (GetEncryptResultOutput) KeyVersion ¶ added in v4.6.0
func (o GetEncryptResultOutput) KeyVersion() pulumi.IntPtrOutput
func (GetEncryptResultOutput) Plaintext ¶ added in v4.6.0
func (o GetEncryptResultOutput) Plaintext() pulumi.StringOutput
func (GetEncryptResultOutput) ToGetEncryptResultOutput ¶ added in v4.6.0
func (o GetEncryptResultOutput) ToGetEncryptResultOutput() GetEncryptResultOutput
func (GetEncryptResultOutput) ToGetEncryptResultOutputWithContext ¶ added in v4.6.0
func (o GetEncryptResultOutput) ToGetEncryptResultOutputWithContext(ctx context.Context) GetEncryptResultOutput
type SecretBackendKey ¶
type SecretBackendKey struct { pulumi.CustomResourceState // Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled. // * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key) AllowPlaintextBackup pulumi.BoolPtrOutput `pulumi:"allowPlaintextBackup"` // The path the transit secret backend is mounted at, with no leading or trailing `/`s. Backend pulumi.StringOutput `pulumi:"backend"` // Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`. ConvergentEncryption pulumi.BoolPtrOutput `pulumi:"convergentEncryption"` // Specifies if the key is allowed to be deleted. DeletionAllowed pulumi.BoolPtrOutput `pulumi:"deletionAllowed"` // Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation. Derived pulumi.BoolPtrOutput `pulumi:"derived"` // Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled. Exportable pulumi.BoolPtrOutput `pulumi:"exportable"` // List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key. // * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata. // * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following: Keys pulumi.MapArrayOutput `pulumi:"keys"` // Latest key version available. This value is 1-indexed, so if `latestVersion` is `1`, then the key's information can be referenced from `keys` by selecting element `0` LatestVersion pulumi.IntOutput `pulumi:"latestVersion"` // Minimum key version available for use. If keys have been archived by increasing `minDecryptionVersion`, this attribute will reflect that change. MinAvailableVersion pulumi.IntOutput `pulumi:"minAvailableVersion"` // Minimum key version to use for decryption. MinDecryptionVersion pulumi.IntPtrOutput `pulumi:"minDecryptionVersion"` // Minimum key version to use for encryption MinEncryptionVersion pulumi.IntPtrOutput `pulumi:"minEncryptionVersion"` // The name to identify this key within the backend. Must be unique within the backend. Name pulumi.StringOutput `pulumi:"name"` // Whether or not the key supports decryption, based on key type. SupportsDecryption pulumi.BoolOutput `pulumi:"supportsDecryption"` // Whether or not the key supports derivation, based on key type. SupportsDerivation pulumi.BoolOutput `pulumi:"supportsDerivation"` // Whether or not the key supports encryption, based on key type. SupportsEncryption pulumi.BoolOutput `pulumi:"supportsEncryption"` // Whether or not the key supports signing, based on key type. SupportsSigning pulumi.BoolOutput `pulumi:"supportsSigning"` // Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`. // * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types) Type pulumi.StringPtrOutput `pulumi:"type"` }
Creates an Encryption Keyring on a Transit Secret Backend for Vault.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v4/go/vault" "github.com/pulumi/pulumi-vault/sdk/v4/go/vault/transit" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { transit, err := vault.NewMount(ctx, "transit", &vault.MountArgs{ Path: pulumi.String("transit"), Type: pulumi.String("transit"), Description: pulumi.String("Example description"), DefaultLeaseTtlSeconds: pulumi.Int(3600), MaxLeaseTtlSeconds: pulumi.Int(86400), }) if err != nil { return err } _, err = transit.NewSecretBackendKey(ctx, "key", &transit.SecretBackendKeyArgs{ Backend: transit.Path, }) if err != nil { return err } return nil }) }
```
## Import
Transit secret backend keys can be imported using the `path`, e.g.
```sh
$ pulumi import vault:transit/secretBackendKey:SecretBackendKey key transit/keys/my_key
```
func GetSecretBackendKey ¶
func GetSecretBackendKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendKeyState, opts ...pulumi.ResourceOption) (*SecretBackendKey, error)
GetSecretBackendKey gets an existing SecretBackendKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackendKey ¶
func NewSecretBackendKey(ctx *pulumi.Context, name string, args *SecretBackendKeyArgs, opts ...pulumi.ResourceOption) (*SecretBackendKey, error)
NewSecretBackendKey registers a new resource with the given unique name, arguments, and options.
func (*SecretBackendKey) ElementType ¶
func (*SecretBackendKey) ElementType() reflect.Type
func (*SecretBackendKey) ToSecretBackendKeyOutput ¶
func (i *SecretBackendKey) ToSecretBackendKeyOutput() SecretBackendKeyOutput
func (*SecretBackendKey) ToSecretBackendKeyOutputWithContext ¶
func (i *SecretBackendKey) ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput
func (*SecretBackendKey) ToSecretBackendKeyPtrOutput ¶
func (i *SecretBackendKey) ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput
func (*SecretBackendKey) ToSecretBackendKeyPtrOutputWithContext ¶
func (i *SecretBackendKey) ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput
type SecretBackendKeyArgs ¶
type SecretBackendKeyArgs struct { // Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled. // * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key) AllowPlaintextBackup pulumi.BoolPtrInput // The path the transit secret backend is mounted at, with no leading or trailing `/`s. Backend pulumi.StringInput // Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`. ConvergentEncryption pulumi.BoolPtrInput // Specifies if the key is allowed to be deleted. DeletionAllowed pulumi.BoolPtrInput // Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation. Derived pulumi.BoolPtrInput // Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled. Exportable pulumi.BoolPtrInput // Minimum key version to use for decryption. MinDecryptionVersion pulumi.IntPtrInput // Minimum key version to use for encryption MinEncryptionVersion pulumi.IntPtrInput // The name to identify this key within the backend. Must be unique within the backend. Name pulumi.StringPtrInput // Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`. // * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types) Type pulumi.StringPtrInput }
The set of arguments for constructing a SecretBackendKey resource.
func (SecretBackendKeyArgs) ElementType ¶
func (SecretBackendKeyArgs) ElementType() reflect.Type
type SecretBackendKeyArray ¶
type SecretBackendKeyArray []SecretBackendKeyInput
func (SecretBackendKeyArray) ElementType ¶
func (SecretBackendKeyArray) ElementType() reflect.Type
func (SecretBackendKeyArray) ToSecretBackendKeyArrayOutput ¶
func (i SecretBackendKeyArray) ToSecretBackendKeyArrayOutput() SecretBackendKeyArrayOutput
func (SecretBackendKeyArray) ToSecretBackendKeyArrayOutputWithContext ¶
func (i SecretBackendKeyArray) ToSecretBackendKeyArrayOutputWithContext(ctx context.Context) SecretBackendKeyArrayOutput
type SecretBackendKeyArrayInput ¶
type SecretBackendKeyArrayInput interface { pulumi.Input ToSecretBackendKeyArrayOutput() SecretBackendKeyArrayOutput ToSecretBackendKeyArrayOutputWithContext(context.Context) SecretBackendKeyArrayOutput }
SecretBackendKeyArrayInput is an input type that accepts SecretBackendKeyArray and SecretBackendKeyArrayOutput values. You can construct a concrete instance of `SecretBackendKeyArrayInput` via:
SecretBackendKeyArray{ SecretBackendKeyArgs{...} }
type SecretBackendKeyArrayOutput ¶
type SecretBackendKeyArrayOutput struct{ *pulumi.OutputState }
func (SecretBackendKeyArrayOutput) ElementType ¶
func (SecretBackendKeyArrayOutput) ElementType() reflect.Type
func (SecretBackendKeyArrayOutput) Index ¶
func (o SecretBackendKeyArrayOutput) Index(i pulumi.IntInput) SecretBackendKeyOutput
func (SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutput ¶
func (o SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutput() SecretBackendKeyArrayOutput
func (SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutputWithContext ¶
func (o SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutputWithContext(ctx context.Context) SecretBackendKeyArrayOutput
type SecretBackendKeyInput ¶
type SecretBackendKeyInput interface { pulumi.Input ToSecretBackendKeyOutput() SecretBackendKeyOutput ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput }
type SecretBackendKeyMap ¶
type SecretBackendKeyMap map[string]SecretBackendKeyInput
func (SecretBackendKeyMap) ElementType ¶
func (SecretBackendKeyMap) ElementType() reflect.Type
func (SecretBackendKeyMap) ToSecretBackendKeyMapOutput ¶
func (i SecretBackendKeyMap) ToSecretBackendKeyMapOutput() SecretBackendKeyMapOutput
func (SecretBackendKeyMap) ToSecretBackendKeyMapOutputWithContext ¶
func (i SecretBackendKeyMap) ToSecretBackendKeyMapOutputWithContext(ctx context.Context) SecretBackendKeyMapOutput
type SecretBackendKeyMapInput ¶
type SecretBackendKeyMapInput interface { pulumi.Input ToSecretBackendKeyMapOutput() SecretBackendKeyMapOutput ToSecretBackendKeyMapOutputWithContext(context.Context) SecretBackendKeyMapOutput }
SecretBackendKeyMapInput is an input type that accepts SecretBackendKeyMap and SecretBackendKeyMapOutput values. You can construct a concrete instance of `SecretBackendKeyMapInput` via:
SecretBackendKeyMap{ "key": SecretBackendKeyArgs{...} }
type SecretBackendKeyMapOutput ¶
type SecretBackendKeyMapOutput struct{ *pulumi.OutputState }
func (SecretBackendKeyMapOutput) ElementType ¶
func (SecretBackendKeyMapOutput) ElementType() reflect.Type
func (SecretBackendKeyMapOutput) MapIndex ¶
func (o SecretBackendKeyMapOutput) MapIndex(k pulumi.StringInput) SecretBackendKeyOutput
func (SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutput ¶
func (o SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutput() SecretBackendKeyMapOutput
func (SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutputWithContext ¶
func (o SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutputWithContext(ctx context.Context) SecretBackendKeyMapOutput
type SecretBackendKeyOutput ¶
type SecretBackendKeyOutput struct{ *pulumi.OutputState }
func (SecretBackendKeyOutput) ElementType ¶
func (SecretBackendKeyOutput) ElementType() reflect.Type
func (SecretBackendKeyOutput) ToSecretBackendKeyOutput ¶
func (o SecretBackendKeyOutput) ToSecretBackendKeyOutput() SecretBackendKeyOutput
func (SecretBackendKeyOutput) ToSecretBackendKeyOutputWithContext ¶
func (o SecretBackendKeyOutput) ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput
func (SecretBackendKeyOutput) ToSecretBackendKeyPtrOutput ¶
func (o SecretBackendKeyOutput) ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput
func (SecretBackendKeyOutput) ToSecretBackendKeyPtrOutputWithContext ¶
func (o SecretBackendKeyOutput) ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput
type SecretBackendKeyPtrInput ¶
type SecretBackendKeyPtrInput interface { pulumi.Input ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput }
type SecretBackendKeyPtrOutput ¶
type SecretBackendKeyPtrOutput struct{ *pulumi.OutputState }
func (SecretBackendKeyPtrOutput) Elem ¶ added in v4.6.0
func (o SecretBackendKeyPtrOutput) Elem() SecretBackendKeyOutput
func (SecretBackendKeyPtrOutput) ElementType ¶
func (SecretBackendKeyPtrOutput) ElementType() reflect.Type
func (SecretBackendKeyPtrOutput) ToSecretBackendKeyPtrOutput ¶
func (o SecretBackendKeyPtrOutput) ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput
func (SecretBackendKeyPtrOutput) ToSecretBackendKeyPtrOutputWithContext ¶
func (o SecretBackendKeyPtrOutput) ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput
type SecretBackendKeyState ¶
type SecretBackendKeyState struct { // Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled. // * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key) AllowPlaintextBackup pulumi.BoolPtrInput // The path the transit secret backend is mounted at, with no leading or trailing `/`s. Backend pulumi.StringPtrInput // Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`. ConvergentEncryption pulumi.BoolPtrInput // Specifies if the key is allowed to be deleted. DeletionAllowed pulumi.BoolPtrInput // Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation. Derived pulumi.BoolPtrInput // Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled. Exportable pulumi.BoolPtrInput // List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key. // * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata. // * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following: Keys pulumi.MapArrayInput // Latest key version available. This value is 1-indexed, so if `latestVersion` is `1`, then the key's information can be referenced from `keys` by selecting element `0` LatestVersion pulumi.IntPtrInput // Minimum key version available for use. If keys have been archived by increasing `minDecryptionVersion`, this attribute will reflect that change. MinAvailableVersion pulumi.IntPtrInput // Minimum key version to use for decryption. MinDecryptionVersion pulumi.IntPtrInput // Minimum key version to use for encryption MinEncryptionVersion pulumi.IntPtrInput // The name to identify this key within the backend. Must be unique within the backend. Name pulumi.StringPtrInput // Whether or not the key supports decryption, based on key type. SupportsDecryption pulumi.BoolPtrInput // Whether or not the key supports derivation, based on key type. SupportsDerivation pulumi.BoolPtrInput // Whether or not the key supports encryption, based on key type. SupportsEncryption pulumi.BoolPtrInput // Whether or not the key supports signing, based on key type. SupportsSigning pulumi.BoolPtrInput // Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`. // * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types) Type pulumi.StringPtrInput }
func (SecretBackendKeyState) ElementType ¶
func (SecretBackendKeyState) ElementType() reflect.Type
type SecretCacheConfig ¶
type SecretCacheConfig struct { pulumi.CustomResourceState // The path the transit secret backend is mounted at, with no leading or trailing `/`s. Backend pulumi.StringOutput `pulumi:"backend"` // The number of cache entries. 0 means unlimited. Size pulumi.IntOutput `pulumi:"size"` }
Configure the cache for the Transit Secret Backend in Vault.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v4/go/vault" "github.com/pulumi/pulumi-vault/sdk/v4/go/vault/transit" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { transit, err := vault.NewMount(ctx, "transit", &vault.MountArgs{ Path: pulumi.String("transit"), Type: pulumi.String("transit"), Description: pulumi.String("Example description"), DefaultLeaseTtlSeconds: pulumi.Int(3600), MaxLeaseTtlSeconds: pulumi.Int(86400), }) if err != nil { return err } _, err = transit.NewSecretCacheConfig(ctx, "cfg", &transit.SecretCacheConfigArgs{ Backend: transit.Path, Size: pulumi.Int(500), }) if err != nil { return err } return nil }) }
```
func GetSecretCacheConfig ¶
func GetSecretCacheConfig(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretCacheConfigState, opts ...pulumi.ResourceOption) (*SecretCacheConfig, error)
GetSecretCacheConfig gets an existing SecretCacheConfig resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretCacheConfig ¶
func NewSecretCacheConfig(ctx *pulumi.Context, name string, args *SecretCacheConfigArgs, opts ...pulumi.ResourceOption) (*SecretCacheConfig, error)
NewSecretCacheConfig registers a new resource with the given unique name, arguments, and options.
func (*SecretCacheConfig) ElementType ¶
func (*SecretCacheConfig) ElementType() reflect.Type
func (*SecretCacheConfig) ToSecretCacheConfigOutput ¶
func (i *SecretCacheConfig) ToSecretCacheConfigOutput() SecretCacheConfigOutput
func (*SecretCacheConfig) ToSecretCacheConfigOutputWithContext ¶
func (i *SecretCacheConfig) ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput
func (*SecretCacheConfig) ToSecretCacheConfigPtrOutput ¶
func (i *SecretCacheConfig) ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput
func (*SecretCacheConfig) ToSecretCacheConfigPtrOutputWithContext ¶
func (i *SecretCacheConfig) ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput
type SecretCacheConfigArgs ¶
type SecretCacheConfigArgs struct { // The path the transit secret backend is mounted at, with no leading or trailing `/`s. Backend pulumi.StringInput // The number of cache entries. 0 means unlimited. Size pulumi.IntInput }
The set of arguments for constructing a SecretCacheConfig resource.
func (SecretCacheConfigArgs) ElementType ¶
func (SecretCacheConfigArgs) ElementType() reflect.Type
type SecretCacheConfigArray ¶
type SecretCacheConfigArray []SecretCacheConfigInput
func (SecretCacheConfigArray) ElementType ¶
func (SecretCacheConfigArray) ElementType() reflect.Type
func (SecretCacheConfigArray) ToSecretCacheConfigArrayOutput ¶
func (i SecretCacheConfigArray) ToSecretCacheConfigArrayOutput() SecretCacheConfigArrayOutput
func (SecretCacheConfigArray) ToSecretCacheConfigArrayOutputWithContext ¶
func (i SecretCacheConfigArray) ToSecretCacheConfigArrayOutputWithContext(ctx context.Context) SecretCacheConfigArrayOutput
type SecretCacheConfigArrayInput ¶
type SecretCacheConfigArrayInput interface { pulumi.Input ToSecretCacheConfigArrayOutput() SecretCacheConfigArrayOutput ToSecretCacheConfigArrayOutputWithContext(context.Context) SecretCacheConfigArrayOutput }
SecretCacheConfigArrayInput is an input type that accepts SecretCacheConfigArray and SecretCacheConfigArrayOutput values. You can construct a concrete instance of `SecretCacheConfigArrayInput` via:
SecretCacheConfigArray{ SecretCacheConfigArgs{...} }
type SecretCacheConfigArrayOutput ¶
type SecretCacheConfigArrayOutput struct{ *pulumi.OutputState }
func (SecretCacheConfigArrayOutput) ElementType ¶
func (SecretCacheConfigArrayOutput) ElementType() reflect.Type
func (SecretCacheConfigArrayOutput) Index ¶
func (o SecretCacheConfigArrayOutput) Index(i pulumi.IntInput) SecretCacheConfigOutput
func (SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutput ¶
func (o SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutput() SecretCacheConfigArrayOutput
func (SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutputWithContext ¶
func (o SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutputWithContext(ctx context.Context) SecretCacheConfigArrayOutput
type SecretCacheConfigInput ¶
type SecretCacheConfigInput interface { pulumi.Input ToSecretCacheConfigOutput() SecretCacheConfigOutput ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput }
type SecretCacheConfigMap ¶
type SecretCacheConfigMap map[string]SecretCacheConfigInput
func (SecretCacheConfigMap) ElementType ¶
func (SecretCacheConfigMap) ElementType() reflect.Type
func (SecretCacheConfigMap) ToSecretCacheConfigMapOutput ¶
func (i SecretCacheConfigMap) ToSecretCacheConfigMapOutput() SecretCacheConfigMapOutput
func (SecretCacheConfigMap) ToSecretCacheConfigMapOutputWithContext ¶
func (i SecretCacheConfigMap) ToSecretCacheConfigMapOutputWithContext(ctx context.Context) SecretCacheConfigMapOutput
type SecretCacheConfigMapInput ¶
type SecretCacheConfigMapInput interface { pulumi.Input ToSecretCacheConfigMapOutput() SecretCacheConfigMapOutput ToSecretCacheConfigMapOutputWithContext(context.Context) SecretCacheConfigMapOutput }
SecretCacheConfigMapInput is an input type that accepts SecretCacheConfigMap and SecretCacheConfigMapOutput values. You can construct a concrete instance of `SecretCacheConfigMapInput` via:
SecretCacheConfigMap{ "key": SecretCacheConfigArgs{...} }
type SecretCacheConfigMapOutput ¶
type SecretCacheConfigMapOutput struct{ *pulumi.OutputState }
func (SecretCacheConfigMapOutput) ElementType ¶
func (SecretCacheConfigMapOutput) ElementType() reflect.Type
func (SecretCacheConfigMapOutput) MapIndex ¶
func (o SecretCacheConfigMapOutput) MapIndex(k pulumi.StringInput) SecretCacheConfigOutput
func (SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutput ¶
func (o SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutput() SecretCacheConfigMapOutput
func (SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutputWithContext ¶
func (o SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutputWithContext(ctx context.Context) SecretCacheConfigMapOutput
type SecretCacheConfigOutput ¶
type SecretCacheConfigOutput struct{ *pulumi.OutputState }
func (SecretCacheConfigOutput) ElementType ¶
func (SecretCacheConfigOutput) ElementType() reflect.Type
func (SecretCacheConfigOutput) ToSecretCacheConfigOutput ¶
func (o SecretCacheConfigOutput) ToSecretCacheConfigOutput() SecretCacheConfigOutput
func (SecretCacheConfigOutput) ToSecretCacheConfigOutputWithContext ¶
func (o SecretCacheConfigOutput) ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput
func (SecretCacheConfigOutput) ToSecretCacheConfigPtrOutput ¶
func (o SecretCacheConfigOutput) ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput
func (SecretCacheConfigOutput) ToSecretCacheConfigPtrOutputWithContext ¶
func (o SecretCacheConfigOutput) ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput
type SecretCacheConfigPtrInput ¶
type SecretCacheConfigPtrInput interface { pulumi.Input ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput }
type SecretCacheConfigPtrOutput ¶
type SecretCacheConfigPtrOutput struct{ *pulumi.OutputState }
func (SecretCacheConfigPtrOutput) Elem ¶ added in v4.6.0
func (o SecretCacheConfigPtrOutput) Elem() SecretCacheConfigOutput
func (SecretCacheConfigPtrOutput) ElementType ¶
func (SecretCacheConfigPtrOutput) ElementType() reflect.Type
func (SecretCacheConfigPtrOutput) ToSecretCacheConfigPtrOutput ¶
func (o SecretCacheConfigPtrOutput) ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput
func (SecretCacheConfigPtrOutput) ToSecretCacheConfigPtrOutputWithContext ¶
func (o SecretCacheConfigPtrOutput) ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput
type SecretCacheConfigState ¶
type SecretCacheConfigState struct { // The path the transit secret backend is mounted at, with no leading or trailing `/`s. Backend pulumi.StringPtrInput // The number of cache entries. 0 means unlimited. Size pulumi.IntPtrInput }
func (SecretCacheConfigState) ElementType ¶
func (SecretCacheConfigState) ElementType() reflect.Type