transit

package
v4.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetDecryptArgs 

type GetDecryptArgs struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`.
	Backend string `pulumi:"backend"`
	// Ciphertext to be decoded.
	Ciphertext string `pulumi:"ciphertext"`
	// Context for key derivation. This is required if key derivation is enabled for this key.
	Context *string `pulumi:"context"`
	// Specifies the name of the transit key to decrypt against.
	Key string `pulumi:"key"`
}

A collection of arguments for invoking getDecrypt.

type GetDecryptOutputArgs added in v4.6.0 

type GetDecryptOutputArgs struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`.
	Backend pulumi.StringInput `pulumi:"backend"`
	// Ciphertext to be decoded.
	Ciphertext pulumi.StringInput `pulumi:"ciphertext"`
	// Context for key derivation. This is required if key derivation is enabled for this key.
	Context pulumi.StringPtrInput `pulumi:"context"`
	// Specifies the name of the transit key to decrypt against.
	Key pulumi.StringInput `pulumi:"key"`
}

A collection of arguments for invoking getDecrypt.

func (GetDecryptOutputArgs) ElementType added in v4.6.0 

func (GetDecryptOutputArgs) ElementType() reflect.Type

type GetDecryptResult 

type GetDecryptResult struct {
	Backend    string  `pulumi:"backend"`
	Ciphertext string  `pulumi:"ciphertext"`
	Context    *string `pulumi:"context"`
	// The provider-assigned unique ID for this managed resource.
	Id  string `pulumi:"id"`
	Key string `pulumi:"key"`
	// Decrypted plaintext returned from Vault
	Plaintext string `pulumi:"plaintext"`
}

A collection of values returned by getDecrypt.

func GetDecrypt 

func GetDecrypt(ctx *pulumi.Context, args *GetDecryptArgs, opts ...pulumi.InvokeOption) (*GetDecryptResult, error)

This is a data source which can be used to decrypt ciphertext using a Vault Transit key.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/transit"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transit.GetDecrypt(ctx, &transit.GetDecryptArgs{
			Backend:    "transit",
			Ciphertext: "vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==",
			Key:        "test",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetDecryptResultOutput added in v4.6.0 

type GetDecryptResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getDecrypt.

func GetDecryptOutput added in v4.6.0 

func GetDecryptOutput(ctx *pulumi.Context, args GetDecryptOutputArgs, opts ...pulumi.InvokeOption) GetDecryptResultOutput

func (GetDecryptResultOutput) Backend added in v4.6.0 

func (o GetDecryptResultOutput) Backend() pulumi.StringOutput

func (GetDecryptResultOutput) Ciphertext added in v4.6.0 

func (o GetDecryptResultOutput) Ciphertext() pulumi.StringOutput

func (GetDecryptResultOutput) Context added in v4.6.0 

func (o GetDecryptResultOutput) Context() pulumi.StringPtrOutput

func (GetDecryptResultOutput) ElementType added in v4.6.0 

func (GetDecryptResultOutput) ElementType() reflect.Type

func (GetDecryptResultOutput) Id added in v4.6.0 

func (o GetDecryptResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetDecryptResultOutput) Key added in v4.6.0 

func (o GetDecryptResultOutput) Key() pulumi.StringOutput

func (GetDecryptResultOutput) Plaintext added in v4.6.0 

func (o GetDecryptResultOutput) Plaintext() pulumi.StringOutput

Decrypted plaintext returned from Vault

func (GetDecryptResultOutput) ToGetDecryptResultOutput added in v4.6.0 

func (o GetDecryptResultOutput) ToGetDecryptResultOutput() GetDecryptResultOutput

func (GetDecryptResultOutput) ToGetDecryptResultOutputWithContext added in v4.6.0 

func (o GetDecryptResultOutput) ToGetDecryptResultOutputWithContext(ctx context.Context) GetDecryptResultOutput

type GetEncryptArgs 

type GetEncryptArgs struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`.
	Backend string `pulumi:"backend"`
	// Context for key derivation. This is required if key derivation is enabled for this key.
	Context *string `pulumi:"context"`
	// Specifies the name of the transit key to encrypt against.
	Key string `pulumi:"key"`
	// The version of the key to use for encryption. If not set, uses the latest version. Must be greater than or equal to the key's `minEncryptionVersion`, if set.
	KeyVersion *int `pulumi:"keyVersion"`
	// Plaintext to be encoded.
	Plaintext string `pulumi:"plaintext"`
}

A collection of arguments for invoking getEncrypt.

type GetEncryptOutputArgs added in v4.6.0 

type GetEncryptOutputArgs struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`.
	Backend pulumi.StringInput `pulumi:"backend"`
	// Context for key derivation. This is required if key derivation is enabled for this key.
	Context pulumi.StringPtrInput `pulumi:"context"`
	// Specifies the name of the transit key to encrypt against.
	Key pulumi.StringInput `pulumi:"key"`
	// The version of the key to use for encryption. If not set, uses the latest version. Must be greater than or equal to the key's `minEncryptionVersion`, if set.
	KeyVersion pulumi.IntPtrInput `pulumi:"keyVersion"`
	// Plaintext to be encoded.
	Plaintext pulumi.StringInput `pulumi:"plaintext"`
}

A collection of arguments for invoking getEncrypt.

func (GetEncryptOutputArgs) ElementType added in v4.6.0 

func (GetEncryptOutputArgs) ElementType() reflect.Type

type GetEncryptResult 

type GetEncryptResult struct {
	Backend string `pulumi:"backend"`
	// Encrypted ciphertext returned from Vault
	Ciphertext string  `pulumi:"ciphertext"`
	Context    *string `pulumi:"context"`
	// The provider-assigned unique ID for this managed resource.
	Id         string `pulumi:"id"`
	Key        string `pulumi:"key"`
	KeyVersion *int   `pulumi:"keyVersion"`
	Plaintext  string `pulumi:"plaintext"`
}

A collection of values returned by getEncrypt.

func GetEncrypt 

func GetEncrypt(ctx *pulumi.Context, args *GetEncryptArgs, opts ...pulumi.InvokeOption) (*GetEncryptResult, error)

This is a data source which can be used to encrypt plaintext using a Vault Transit key.

type GetEncryptResultOutput added in v4.6.0 

type GetEncryptResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getEncrypt.

func GetEncryptOutput added in v4.6.0 

func GetEncryptOutput(ctx *pulumi.Context, args GetEncryptOutputArgs, opts ...pulumi.InvokeOption) GetEncryptResultOutput

func (GetEncryptResultOutput) Backend added in v4.6.0 

func (o GetEncryptResultOutput) Backend() pulumi.StringOutput

func (GetEncryptResultOutput) Ciphertext added in v4.6.0 

func (o GetEncryptResultOutput) Ciphertext() pulumi.StringOutput

Encrypted ciphertext returned from Vault

func (GetEncryptResultOutput) Context added in v4.6.0 

func (o GetEncryptResultOutput) Context() pulumi.StringPtrOutput

func (GetEncryptResultOutput) ElementType added in v4.6.0 

func (GetEncryptResultOutput) ElementType() reflect.Type

func (GetEncryptResultOutput) Id added in v4.6.0 

func (o GetEncryptResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetEncryptResultOutput) Key added in v4.6.0 

func (o GetEncryptResultOutput) Key() pulumi.StringOutput

func (GetEncryptResultOutput) KeyVersion added in v4.6.0 

func (o GetEncryptResultOutput) KeyVersion() pulumi.IntPtrOutput

func (GetEncryptResultOutput) Plaintext added in v4.6.0 

func (o GetEncryptResultOutput) Plaintext() pulumi.StringOutput

func (GetEncryptResultOutput) ToGetEncryptResultOutput added in v4.6.0 

func (o GetEncryptResultOutput) ToGetEncryptResultOutput() GetEncryptResultOutput

func (GetEncryptResultOutput) ToGetEncryptResultOutputWithContext added in v4.6.0 

func (o GetEncryptResultOutput) ToGetEncryptResultOutputWithContext(ctx context.Context) GetEncryptResultOutput

type SecretBackendKey 

type SecretBackendKey struct {
	pulumi.CustomResourceState

	// Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
	// * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
	AllowPlaintextBackup pulumi.BoolPtrOutput `pulumi:"allowPlaintextBackup"`
	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
	ConvergentEncryption pulumi.BoolPtrOutput `pulumi:"convergentEncryption"`
	// Specifies if the key is allowed to be deleted.
	DeletionAllowed pulumi.BoolPtrOutput `pulumi:"deletionAllowed"`
	// Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
	Derived pulumi.BoolPtrOutput `pulumi:"derived"`
	// Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
	Exportable pulumi.BoolPtrOutput `pulumi:"exportable"`
	// List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
	// * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
	// * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
	Keys pulumi.MapArrayOutput `pulumi:"keys"`
	// Latest key version available. This value is 1-indexed, so if `latestVersion` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
	LatestVersion pulumi.IntOutput `pulumi:"latestVersion"`
	// Minimum key version available for use. If keys have been archived by increasing `minDecryptionVersion`, this attribute will reflect that change.
	MinAvailableVersion pulumi.IntOutput `pulumi:"minAvailableVersion"`
	// Minimum key version to use for decryption.
	MinDecryptionVersion pulumi.IntPtrOutput `pulumi:"minDecryptionVersion"`
	// Minimum key version to use for encryption
	MinEncryptionVersion pulumi.IntPtrOutput `pulumi:"minEncryptionVersion"`
	// The name to identify this key within the backend. Must be unique within the backend.
	Name pulumi.StringOutput `pulumi:"name"`
	// Whether or not the key supports decryption, based on key type.
	SupportsDecryption pulumi.BoolOutput `pulumi:"supportsDecryption"`
	// Whether or not the key supports derivation, based on key type.
	SupportsDerivation pulumi.BoolOutput `pulumi:"supportsDerivation"`
	// Whether or not the key supports encryption, based on key type.
	SupportsEncryption pulumi.BoolOutput `pulumi:"supportsEncryption"`
	// Whether or not the key supports signing, based on key type.
	SupportsSigning pulumi.BoolOutput `pulumi:"supportsSigning"`
	// Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
	// * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
	Type pulumi.StringPtrOutput `pulumi:"type"`
}

Creates an Encryption Keyring on a Transit Secret Backend for Vault.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/transit"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		transit, err := vault.NewMount(ctx, "transit", &vault.MountArgs{
			Path:                   pulumi.String("transit"),
			Type:                   pulumi.String("transit"),
			Description:            pulumi.String("Example description"),
			DefaultLeaseTtlSeconds: pulumi.Int(3600),
			MaxLeaseTtlSeconds:     pulumi.Int(86400),
		})
		if err != nil {
			return err
		}
		_, err = transit.NewSecretBackendKey(ctx, "key", &transit.SecretBackendKeyArgs{
			Backend: transit.Path,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Transit secret backend keys can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:transit/secretBackendKey:SecretBackendKey key transit/keys/my_key

```

func GetSecretBackendKey 

func GetSecretBackendKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendKeyState, opts ...pulumi.ResourceOption) (*SecretBackendKey, error)

GetSecretBackendKey gets an existing SecretBackendKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendKey 

func NewSecretBackendKey(ctx *pulumi.Context,
	name string, args *SecretBackendKeyArgs, opts ...pulumi.ResourceOption) (*SecretBackendKey, error)

NewSecretBackendKey registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendKey) ElementType 

func (*SecretBackendKey) ElementType() reflect.Type

func (*SecretBackendKey) ToSecretBackendKeyOutput 

func (i *SecretBackendKey) ToSecretBackendKeyOutput() SecretBackendKeyOutput

func (*SecretBackendKey) ToSecretBackendKeyOutputWithContext 

func (i *SecretBackendKey) ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput

func (*SecretBackendKey) ToSecretBackendKeyPtrOutput 

func (i *SecretBackendKey) ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput

func (*SecretBackendKey) ToSecretBackendKeyPtrOutputWithContext 

func (i *SecretBackendKey) ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput

type SecretBackendKeyArgs 

type SecretBackendKeyArgs struct {
	// Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
	// * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
	AllowPlaintextBackup pulumi.BoolPtrInput
	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringInput
	// Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
	ConvergentEncryption pulumi.BoolPtrInput
	// Specifies if the key is allowed to be deleted.
	DeletionAllowed pulumi.BoolPtrInput
	// Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
	Derived pulumi.BoolPtrInput
	// Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
	Exportable pulumi.BoolPtrInput
	// Minimum key version to use for decryption.
	MinDecryptionVersion pulumi.IntPtrInput
	// Minimum key version to use for encryption
	MinEncryptionVersion pulumi.IntPtrInput
	// The name to identify this key within the backend. Must be unique within the backend.
	Name pulumi.StringPtrInput
	// Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
	// * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
	Type pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackendKey resource.

func (SecretBackendKeyArgs) ElementType 

func (SecretBackendKeyArgs) ElementType() reflect.Type

type SecretBackendKeyArray 

type SecretBackendKeyArray []SecretBackendKeyInput

func (SecretBackendKeyArray) ElementType 

func (SecretBackendKeyArray) ElementType() reflect.Type

func (SecretBackendKeyArray) ToSecretBackendKeyArrayOutput 

func (i SecretBackendKeyArray) ToSecretBackendKeyArrayOutput() SecretBackendKeyArrayOutput

func (SecretBackendKeyArray) ToSecretBackendKeyArrayOutputWithContext 

func (i SecretBackendKeyArray) ToSecretBackendKeyArrayOutputWithContext(ctx context.Context) SecretBackendKeyArrayOutput

type SecretBackendKeyArrayInput 

type SecretBackendKeyArrayInput interface {
	pulumi.Input

	ToSecretBackendKeyArrayOutput() SecretBackendKeyArrayOutput
	ToSecretBackendKeyArrayOutputWithContext(context.Context) SecretBackendKeyArrayOutput
}

SecretBackendKeyArrayInput is an input type that accepts SecretBackendKeyArray and SecretBackendKeyArrayOutput values. You can construct a concrete instance of `SecretBackendKeyArrayInput` via: 

SecretBackendKeyArray{ SecretBackendKeyArgs{...} }

type SecretBackendKeyArrayOutput 

type SecretBackendKeyArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendKeyArrayOutput) ElementType 

func (SecretBackendKeyArrayOutput) ElementType() reflect.Type

func (SecretBackendKeyArrayOutput) Index 

func (o SecretBackendKeyArrayOutput) Index(i pulumi.IntInput) SecretBackendKeyOutput

func (SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutput 

func (o SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutput() SecretBackendKeyArrayOutput

func (SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutputWithContext 

func (o SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutputWithContext(ctx context.Context) SecretBackendKeyArrayOutput

type SecretBackendKeyInput 

type SecretBackendKeyInput interface {
	pulumi.Input

	ToSecretBackendKeyOutput() SecretBackendKeyOutput
	ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput
}

type SecretBackendKeyMap 

type SecretBackendKeyMap map[string]SecretBackendKeyInput

func (SecretBackendKeyMap) ElementType 

func (SecretBackendKeyMap) ElementType() reflect.Type

func (SecretBackendKeyMap) ToSecretBackendKeyMapOutput 

func (i SecretBackendKeyMap) ToSecretBackendKeyMapOutput() SecretBackendKeyMapOutput

func (SecretBackendKeyMap) ToSecretBackendKeyMapOutputWithContext 

func (i SecretBackendKeyMap) ToSecretBackendKeyMapOutputWithContext(ctx context.Context) SecretBackendKeyMapOutput

type SecretBackendKeyMapInput 

type SecretBackendKeyMapInput interface {
	pulumi.Input

	ToSecretBackendKeyMapOutput() SecretBackendKeyMapOutput
	ToSecretBackendKeyMapOutputWithContext(context.Context) SecretBackendKeyMapOutput
}

SecretBackendKeyMapInput is an input type that accepts SecretBackendKeyMap and SecretBackendKeyMapOutput values. You can construct a concrete instance of `SecretBackendKeyMapInput` via: 

SecretBackendKeyMap{ "key": SecretBackendKeyArgs{...} }

type SecretBackendKeyMapOutput 

type SecretBackendKeyMapOutput struct{ *pulumi.OutputState }

func (SecretBackendKeyMapOutput) ElementType 

func (SecretBackendKeyMapOutput) ElementType() reflect.Type

func (SecretBackendKeyMapOutput) MapIndex 

func (o SecretBackendKeyMapOutput) MapIndex(k pulumi.StringInput) SecretBackendKeyOutput

func (SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutput 

func (o SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutput() SecretBackendKeyMapOutput

func (SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutputWithContext 

func (o SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutputWithContext(ctx context.Context) SecretBackendKeyMapOutput

type SecretBackendKeyOutput 

type SecretBackendKeyOutput struct{ *pulumi.OutputState }

func (SecretBackendKeyOutput) ElementType 

func (SecretBackendKeyOutput) ElementType() reflect.Type

func (SecretBackendKeyOutput) ToSecretBackendKeyOutput 

func (o SecretBackendKeyOutput) ToSecretBackendKeyOutput() SecretBackendKeyOutput

func (SecretBackendKeyOutput) ToSecretBackendKeyOutputWithContext 

func (o SecretBackendKeyOutput) ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput

func (SecretBackendKeyOutput) ToSecretBackendKeyPtrOutput 

func (o SecretBackendKeyOutput) ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput

func (SecretBackendKeyOutput) ToSecretBackendKeyPtrOutputWithContext 

func (o SecretBackendKeyOutput) ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput

type SecretBackendKeyPtrInput 

type SecretBackendKeyPtrInput interface {
	pulumi.Input

	ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput
	ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput
}

type SecretBackendKeyPtrOutput 

type SecretBackendKeyPtrOutput struct{ *pulumi.OutputState }

func (SecretBackendKeyPtrOutput) Elem added in v4.6.0 

func (o SecretBackendKeyPtrOutput) Elem() SecretBackendKeyOutput

func (SecretBackendKeyPtrOutput) ElementType 

func (SecretBackendKeyPtrOutput) ElementType() reflect.Type

func (SecretBackendKeyPtrOutput) ToSecretBackendKeyPtrOutput 

func (o SecretBackendKeyPtrOutput) ToSecretBackendKeyPtrOutput() SecretBackendKeyPtrOutput

func (SecretBackendKeyPtrOutput) ToSecretBackendKeyPtrOutputWithContext 

func (o SecretBackendKeyPtrOutput) ToSecretBackendKeyPtrOutputWithContext(ctx context.Context) SecretBackendKeyPtrOutput

type SecretBackendKeyState 

type SecretBackendKeyState struct {
	// Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
	// * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
	AllowPlaintextBackup pulumi.BoolPtrInput
	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringPtrInput
	// Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
	ConvergentEncryption pulumi.BoolPtrInput
	// Specifies if the key is allowed to be deleted.
	DeletionAllowed pulumi.BoolPtrInput
	// Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
	Derived pulumi.BoolPtrInput
	// Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
	Exportable pulumi.BoolPtrInput
	// List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
	// * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
	// * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
	Keys pulumi.MapArrayInput
	// Latest key version available. This value is 1-indexed, so if `latestVersion` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
	LatestVersion pulumi.IntPtrInput
	// Minimum key version available for use. If keys have been archived by increasing `minDecryptionVersion`, this attribute will reflect that change.
	MinAvailableVersion pulumi.IntPtrInput
	// Minimum key version to use for decryption.
	MinDecryptionVersion pulumi.IntPtrInput
	// Minimum key version to use for encryption
	MinEncryptionVersion pulumi.IntPtrInput
	// The name to identify this key within the backend. Must be unique within the backend.
	Name pulumi.StringPtrInput
	// Whether or not the key supports decryption, based on key type.
	SupportsDecryption pulumi.BoolPtrInput
	// Whether or not the key supports derivation, based on key type.
	SupportsDerivation pulumi.BoolPtrInput
	// Whether or not the key supports encryption, based on key type.
	SupportsEncryption pulumi.BoolPtrInput
	// Whether or not the key supports signing, based on key type.
	SupportsSigning pulumi.BoolPtrInput
	// Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
	// * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
	Type pulumi.StringPtrInput
}

func (SecretBackendKeyState) ElementType 

func (SecretBackendKeyState) ElementType() reflect.Type

type SecretCacheConfig 

type SecretCacheConfig struct {
	pulumi.CustomResourceState

	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// The number of cache entries. 0 means unlimited.
	Size pulumi.IntOutput `pulumi:"size"`
}

Configure the cache for the Transit Secret Backend in Vault.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/transit"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		transit, err := vault.NewMount(ctx, "transit", &vault.MountArgs{
			Path:                   pulumi.String("transit"),
			Type:                   pulumi.String("transit"),
			Description:            pulumi.String("Example description"),
			DefaultLeaseTtlSeconds: pulumi.Int(3600),
			MaxLeaseTtlSeconds:     pulumi.Int(86400),
		})
		if err != nil {
			return err
		}
		_, err = transit.NewSecretCacheConfig(ctx, "cfg", &transit.SecretCacheConfigArgs{
			Backend: transit.Path,
			Size:    pulumi.Int(500),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetSecretCacheConfig 

func GetSecretCacheConfig(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretCacheConfigState, opts ...pulumi.ResourceOption) (*SecretCacheConfig, error)

GetSecretCacheConfig gets an existing SecretCacheConfig resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretCacheConfig 

func NewSecretCacheConfig(ctx *pulumi.Context,
	name string, args *SecretCacheConfigArgs, opts ...pulumi.ResourceOption) (*SecretCacheConfig, error)

NewSecretCacheConfig registers a new resource with the given unique name, arguments, and options.

func (*SecretCacheConfig) ElementType 

func (*SecretCacheConfig) ElementType() reflect.Type

func (*SecretCacheConfig) ToSecretCacheConfigOutput 

func (i *SecretCacheConfig) ToSecretCacheConfigOutput() SecretCacheConfigOutput

func (*SecretCacheConfig) ToSecretCacheConfigOutputWithContext 

func (i *SecretCacheConfig) ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput

func (*SecretCacheConfig) ToSecretCacheConfigPtrOutput 

func (i *SecretCacheConfig) ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput

func (*SecretCacheConfig) ToSecretCacheConfigPtrOutputWithContext 

func (i *SecretCacheConfig) ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput

type SecretCacheConfigArgs 

type SecretCacheConfigArgs struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringInput
	// The number of cache entries. 0 means unlimited.
	Size pulumi.IntInput
}

The set of arguments for constructing a SecretCacheConfig resource.

func (SecretCacheConfigArgs) ElementType 

func (SecretCacheConfigArgs) ElementType() reflect.Type

type SecretCacheConfigArray 

type SecretCacheConfigArray []SecretCacheConfigInput

func (SecretCacheConfigArray) ElementType 

func (SecretCacheConfigArray) ElementType() reflect.Type

func (SecretCacheConfigArray) ToSecretCacheConfigArrayOutput 

func (i SecretCacheConfigArray) ToSecretCacheConfigArrayOutput() SecretCacheConfigArrayOutput

func (SecretCacheConfigArray) ToSecretCacheConfigArrayOutputWithContext 

func (i SecretCacheConfigArray) ToSecretCacheConfigArrayOutputWithContext(ctx context.Context) SecretCacheConfigArrayOutput

type SecretCacheConfigArrayInput 

type SecretCacheConfigArrayInput interface {
	pulumi.Input

	ToSecretCacheConfigArrayOutput() SecretCacheConfigArrayOutput
	ToSecretCacheConfigArrayOutputWithContext(context.Context) SecretCacheConfigArrayOutput
}

SecretCacheConfigArrayInput is an input type that accepts SecretCacheConfigArray and SecretCacheConfigArrayOutput values. You can construct a concrete instance of `SecretCacheConfigArrayInput` via: 

SecretCacheConfigArray{ SecretCacheConfigArgs{...} }

type SecretCacheConfigArrayOutput 

type SecretCacheConfigArrayOutput struct{ *pulumi.OutputState }

func (SecretCacheConfigArrayOutput) ElementType 

func (SecretCacheConfigArrayOutput) ElementType() reflect.Type

func (SecretCacheConfigArrayOutput) Index 

func (o SecretCacheConfigArrayOutput) Index(i pulumi.IntInput) SecretCacheConfigOutput

func (SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutput 

func (o SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutput() SecretCacheConfigArrayOutput

func (SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutputWithContext 

func (o SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutputWithContext(ctx context.Context) SecretCacheConfigArrayOutput

type SecretCacheConfigInput 

type SecretCacheConfigInput interface {
	pulumi.Input

	ToSecretCacheConfigOutput() SecretCacheConfigOutput
	ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput
}

type SecretCacheConfigMap 

type SecretCacheConfigMap map[string]SecretCacheConfigInput

func (SecretCacheConfigMap) ElementType 

func (SecretCacheConfigMap) ElementType() reflect.Type

func (SecretCacheConfigMap) ToSecretCacheConfigMapOutput 

func (i SecretCacheConfigMap) ToSecretCacheConfigMapOutput() SecretCacheConfigMapOutput

func (SecretCacheConfigMap) ToSecretCacheConfigMapOutputWithContext 

func (i SecretCacheConfigMap) ToSecretCacheConfigMapOutputWithContext(ctx context.Context) SecretCacheConfigMapOutput

type SecretCacheConfigMapInput 

type SecretCacheConfigMapInput interface {
	pulumi.Input

	ToSecretCacheConfigMapOutput() SecretCacheConfigMapOutput
	ToSecretCacheConfigMapOutputWithContext(context.Context) SecretCacheConfigMapOutput
}

SecretCacheConfigMapInput is an input type that accepts SecretCacheConfigMap and SecretCacheConfigMapOutput values. You can construct a concrete instance of `SecretCacheConfigMapInput` via: 

SecretCacheConfigMap{ "key": SecretCacheConfigArgs{...} }

type SecretCacheConfigMapOutput 

type SecretCacheConfigMapOutput struct{ *pulumi.OutputState }

func (SecretCacheConfigMapOutput) ElementType 

func (SecretCacheConfigMapOutput) ElementType() reflect.Type

func (SecretCacheConfigMapOutput) MapIndex 

func (o SecretCacheConfigMapOutput) MapIndex(k pulumi.StringInput) SecretCacheConfigOutput

func (SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutput 

func (o SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutput() SecretCacheConfigMapOutput

func (SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutputWithContext 

func (o SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutputWithContext(ctx context.Context) SecretCacheConfigMapOutput

type SecretCacheConfigOutput 

type SecretCacheConfigOutput struct{ *pulumi.OutputState }

func (SecretCacheConfigOutput) ElementType 

func (SecretCacheConfigOutput) ElementType() reflect.Type

func (SecretCacheConfigOutput) ToSecretCacheConfigOutput 

func (o SecretCacheConfigOutput) ToSecretCacheConfigOutput() SecretCacheConfigOutput

func (SecretCacheConfigOutput) ToSecretCacheConfigOutputWithContext 

func (o SecretCacheConfigOutput) ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput

func (SecretCacheConfigOutput) ToSecretCacheConfigPtrOutput 

func (o SecretCacheConfigOutput) ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput

func (SecretCacheConfigOutput) ToSecretCacheConfigPtrOutputWithContext 

func (o SecretCacheConfigOutput) ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput

type SecretCacheConfigPtrInput 

type SecretCacheConfigPtrInput interface {
	pulumi.Input

	ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput
	ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput
}

type SecretCacheConfigPtrOutput 

type SecretCacheConfigPtrOutput struct{ *pulumi.OutputState }

func (SecretCacheConfigPtrOutput) Elem added in v4.6.0 

func (o SecretCacheConfigPtrOutput) Elem() SecretCacheConfigOutput

func (SecretCacheConfigPtrOutput) ElementType 

func (SecretCacheConfigPtrOutput) ElementType() reflect.Type

func (SecretCacheConfigPtrOutput) ToSecretCacheConfigPtrOutput 

func (o SecretCacheConfigPtrOutput) ToSecretCacheConfigPtrOutput() SecretCacheConfigPtrOutput

func (SecretCacheConfigPtrOutput) ToSecretCacheConfigPtrOutputWithContext 

func (o SecretCacheConfigPtrOutput) ToSecretCacheConfigPtrOutputWithContext(ctx context.Context) SecretCacheConfigPtrOutput

type SecretCacheConfigState 

type SecretCacheConfigState struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringPtrInput
	// The number of cache entries. 0 means unlimited.
	Size pulumi.IntPtrInput
}

func (SecretCacheConfigState) ElementType 

func (SecretCacheConfigState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.