transit

package
v5.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetDecryptArgs 

type GetDecryptArgs struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`.
	Backend string `pulumi:"backend"`
	// Ciphertext to be decoded.
	Ciphertext string `pulumi:"ciphertext"`
	// Context for key derivation. This is required if key derivation is enabled for this key.
	Context *string `pulumi:"context"`
	// Specifies the name of the transit key to decrypt against.
	Key       string  `pulumi:"key"`
	Namespace *string `pulumi:"namespace"`
}

A collection of arguments for invoking getDecrypt.

type GetDecryptOutputArgs 

type GetDecryptOutputArgs struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`.
	Backend pulumi.StringInput `pulumi:"backend"`
	// Ciphertext to be decoded.
	Ciphertext pulumi.StringInput `pulumi:"ciphertext"`
	// Context for key derivation. This is required if key derivation is enabled for this key.
	Context pulumi.StringPtrInput `pulumi:"context"`
	// Specifies the name of the transit key to decrypt against.
	Key       pulumi.StringInput    `pulumi:"key"`
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
}

A collection of arguments for invoking getDecrypt.

func (GetDecryptOutputArgs) ElementType 

func (GetDecryptOutputArgs) ElementType() reflect.Type

type GetDecryptResult 

type GetDecryptResult struct {
	Backend    string  `pulumi:"backend"`
	Ciphertext string  `pulumi:"ciphertext"`
	Context    *string `pulumi:"context"`
	// The provider-assigned unique ID for this managed resource.
	Id        string  `pulumi:"id"`
	Key       string  `pulumi:"key"`
	Namespace *string `pulumi:"namespace"`
	// Decrypted plaintext returned from Vault
	Plaintext string `pulumi:"plaintext"`
}

A collection of values returned by getDecrypt.

func GetDecrypt 

func GetDecrypt(ctx *pulumi.Context, args *GetDecryptArgs, opts ...pulumi.InvokeOption) (*GetDecryptResult, error)

This is a data source which can be used to decrypt ciphertext using a Vault Transit key.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/transit"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transit.GetDecrypt(ctx, &transit.GetDecryptArgs{
			Backend:    "transit",
			Ciphertext: "vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==",
			Key:        "test",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetDecryptResultOutput 

type GetDecryptResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getDecrypt.

func GetDecryptOutput 

func GetDecryptOutput(ctx *pulumi.Context, args GetDecryptOutputArgs, opts ...pulumi.InvokeOption) GetDecryptResultOutput

func (GetDecryptResultOutput) Backend 

func (o GetDecryptResultOutput) Backend() pulumi.StringOutput

func (GetDecryptResultOutput) Ciphertext 

func (o GetDecryptResultOutput) Ciphertext() pulumi.StringOutput

func (GetDecryptResultOutput) Context 

func (o GetDecryptResultOutput) Context() pulumi.StringPtrOutput

func (GetDecryptResultOutput) ElementType 

func (GetDecryptResultOutput) ElementType() reflect.Type

func (GetDecryptResultOutput) Id 

func (o GetDecryptResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetDecryptResultOutput) Key 

func (o GetDecryptResultOutput) Key() pulumi.StringOutput

func (GetDecryptResultOutput) Namespace added in v5.7.0 

func (o GetDecryptResultOutput) Namespace() pulumi.StringPtrOutput

func (GetDecryptResultOutput) Plaintext 

func (o GetDecryptResultOutput) Plaintext() pulumi.StringOutput

Decrypted plaintext returned from Vault

func (GetDecryptResultOutput) ToGetDecryptResultOutput 

func (o GetDecryptResultOutput) ToGetDecryptResultOutput() GetDecryptResultOutput

func (GetDecryptResultOutput) ToGetDecryptResultOutputWithContext 

func (o GetDecryptResultOutput) ToGetDecryptResultOutputWithContext(ctx context.Context) GetDecryptResultOutput

type GetEncryptArgs 

type GetEncryptArgs struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`.
	Backend string `pulumi:"backend"`
	// Context for key derivation. This is required if key derivation is enabled for this key.
	Context *string `pulumi:"context"`
	// Specifies the name of the transit key to encrypt against.
	Key string `pulumi:"key"`
	// The version of the key to use for encryption. If not set, uses the latest version. Must be greater than or equal to the key's `minEncryptionVersion`, if set.
	KeyVersion *int    `pulumi:"keyVersion"`
	Namespace  *string `pulumi:"namespace"`
	// Plaintext to be encoded.
	Plaintext string `pulumi:"plaintext"`
}

A collection of arguments for invoking getEncrypt.

type GetEncryptOutputArgs 

type GetEncryptOutputArgs struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`.
	Backend pulumi.StringInput `pulumi:"backend"`
	// Context for key derivation. This is required if key derivation is enabled for this key.
	Context pulumi.StringPtrInput `pulumi:"context"`
	// Specifies the name of the transit key to encrypt against.
	Key pulumi.StringInput `pulumi:"key"`
	// The version of the key to use for encryption. If not set, uses the latest version. Must be greater than or equal to the key's `minEncryptionVersion`, if set.
	KeyVersion pulumi.IntPtrInput    `pulumi:"keyVersion"`
	Namespace  pulumi.StringPtrInput `pulumi:"namespace"`
	// Plaintext to be encoded.
	Plaintext pulumi.StringInput `pulumi:"plaintext"`
}

A collection of arguments for invoking getEncrypt.

func (GetEncryptOutputArgs) ElementType 

func (GetEncryptOutputArgs) ElementType() reflect.Type

type GetEncryptResult 

type GetEncryptResult struct {
	Backend string `pulumi:"backend"`
	// Encrypted ciphertext returned from Vault
	Ciphertext string  `pulumi:"ciphertext"`
	Context    *string `pulumi:"context"`
	// The provider-assigned unique ID for this managed resource.
	Id         string  `pulumi:"id"`
	Key        string  `pulumi:"key"`
	KeyVersion *int    `pulumi:"keyVersion"`
	Namespace  *string `pulumi:"namespace"`
	Plaintext  string  `pulumi:"plaintext"`
}

A collection of values returned by getEncrypt.

func GetEncrypt 

func GetEncrypt(ctx *pulumi.Context, args *GetEncryptArgs, opts ...pulumi.InvokeOption) (*GetEncryptResult, error)

This is a data source which can be used to encrypt plaintext using a Vault Transit key.

type GetEncryptResultOutput 

type GetEncryptResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getEncrypt.

func GetEncryptOutput 

func GetEncryptOutput(ctx *pulumi.Context, args GetEncryptOutputArgs, opts ...pulumi.InvokeOption) GetEncryptResultOutput

func (GetEncryptResultOutput) Backend 

func (o GetEncryptResultOutput) Backend() pulumi.StringOutput

func (GetEncryptResultOutput) Ciphertext 

func (o GetEncryptResultOutput) Ciphertext() pulumi.StringOutput

Encrypted ciphertext returned from Vault

func (GetEncryptResultOutput) Context 

func (o GetEncryptResultOutput) Context() pulumi.StringPtrOutput

func (GetEncryptResultOutput) ElementType 

func (GetEncryptResultOutput) ElementType() reflect.Type

func (GetEncryptResultOutput) Id 

func (o GetEncryptResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetEncryptResultOutput) Key 

func (o GetEncryptResultOutput) Key() pulumi.StringOutput

func (GetEncryptResultOutput) KeyVersion 

func (o GetEncryptResultOutput) KeyVersion() pulumi.IntPtrOutput

func (GetEncryptResultOutput) Namespace added in v5.7.0 

func (o GetEncryptResultOutput) Namespace() pulumi.StringPtrOutput

func (GetEncryptResultOutput) Plaintext 

func (o GetEncryptResultOutput) Plaintext() pulumi.StringOutput

func (GetEncryptResultOutput) ToGetEncryptResultOutput 

func (o GetEncryptResultOutput) ToGetEncryptResultOutput() GetEncryptResultOutput

func (GetEncryptResultOutput) ToGetEncryptResultOutputWithContext 

func (o GetEncryptResultOutput) ToGetEncryptResultOutputWithContext(ctx context.Context) GetEncryptResultOutput

type SecretBackendKey 

type SecretBackendKey struct {
	pulumi.CustomResourceState

	// Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
	// * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
	AllowPlaintextBackup pulumi.BoolPtrOutput `pulumi:"allowPlaintextBackup"`
	// Amount of time the key should live before being automatically rotated. A value of 0 disables automatic rotation for the
	// key.
	//
	// Deprecated: Use auto_rotate_period instead
	AutoRotateInterval pulumi.IntOutput `pulumi:"autoRotateInterval"`
	// Amount of seconds the key should live before being automatically rotated.
	// A value of 0 disables automatic rotation for the key.
	AutoRotatePeriod pulumi.IntOutput `pulumi:"autoRotatePeriod"`
	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
	ConvergentEncryption pulumi.BoolPtrOutput `pulumi:"convergentEncryption"`
	// Specifies if the key is allowed to be deleted.
	DeletionAllowed pulumi.BoolPtrOutput `pulumi:"deletionAllowed"`
	// Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
	Derived pulumi.BoolPtrOutput `pulumi:"derived"`
	// Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
	Exportable pulumi.BoolPtrOutput `pulumi:"exportable"`
	// The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
	KeySize pulumi.IntPtrOutput `pulumi:"keySize"`
	// List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
	// * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
	// * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
	Keys pulumi.MapArrayOutput `pulumi:"keys"`
	// Latest key version available. This value is 1-indexed, so if `latestVersion` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
	LatestVersion pulumi.IntOutput `pulumi:"latestVersion"`
	// Minimum key version available for use. If keys have been archived by increasing `minDecryptionVersion`, this attribute will reflect that change.
	MinAvailableVersion pulumi.IntOutput `pulumi:"minAvailableVersion"`
	// Minimum key version to use for decryption.
	MinDecryptionVersion pulumi.IntPtrOutput `pulumi:"minDecryptionVersion"`
	// Minimum key version to use for encryption
	MinEncryptionVersion pulumi.IntPtrOutput `pulumi:"minEncryptionVersion"`
	// The name to identify this key within the backend. Must be unique within the backend.
	Name pulumi.StringOutput `pulumi:"name"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Whether or not the key supports decryption, based on key type.
	SupportsDecryption pulumi.BoolOutput `pulumi:"supportsDecryption"`
	// Whether or not the key supports derivation, based on key type.
	SupportsDerivation pulumi.BoolOutput `pulumi:"supportsDerivation"`
	// Whether or not the key supports encryption, based on key type.
	SupportsEncryption pulumi.BoolOutput `pulumi:"supportsEncryption"`
	// Whether or not the key supports signing, based on key type.
	SupportsSigning pulumi.BoolOutput `pulumi:"supportsSigning"`
	// Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
	// * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
	Type pulumi.StringPtrOutput `pulumi:"type"`
}

Creates an Encryption Keyring on a Transit Secret Backend for Vault.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/transit"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		transit, err := vault.NewMount(ctx, "transit", &vault.MountArgs{
			Path:                   pulumi.String("transit"),
			Type:                   pulumi.String("transit"),
			Description:            pulumi.String("Example description"),
			DefaultLeaseTtlSeconds: pulumi.Int(3600),
			MaxLeaseTtlSeconds:     pulumi.Int(86400),
		})
		if err != nil {
			return err
		}
		_, err = transit.NewSecretBackendKey(ctx, "key", &transit.SecretBackendKeyArgs{
			Backend: transit.Path,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## Deprecations

* `autoRotateInterval` - Replaced by `autoRotatePeriod`.

## Import

Transit secret backend keys can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:transit/secretBackendKey:SecretBackendKey key transit/keys/my_key

```

func GetSecretBackendKey 

func GetSecretBackendKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendKeyState, opts ...pulumi.ResourceOption) (*SecretBackendKey, error)

GetSecretBackendKey gets an existing SecretBackendKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendKey 

func NewSecretBackendKey(ctx *pulumi.Context,
	name string, args *SecretBackendKeyArgs, opts ...pulumi.ResourceOption) (*SecretBackendKey, error)

NewSecretBackendKey registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendKey) ElementType 

func (*SecretBackendKey) ElementType() reflect.Type

func (*SecretBackendKey) ToSecretBackendKeyOutput 

func (i *SecretBackendKey) ToSecretBackendKeyOutput() SecretBackendKeyOutput

func (*SecretBackendKey) ToSecretBackendKeyOutputWithContext 

func (i *SecretBackendKey) ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput

type SecretBackendKeyArgs 

type SecretBackendKeyArgs struct {
	// Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
	// * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
	AllowPlaintextBackup pulumi.BoolPtrInput
	// Amount of time the key should live before being automatically rotated. A value of 0 disables automatic rotation for the
	// key.
	//
	// Deprecated: Use auto_rotate_period instead
	AutoRotateInterval pulumi.IntPtrInput
	// Amount of seconds the key should live before being automatically rotated.
	// A value of 0 disables automatic rotation for the key.
	AutoRotatePeriod pulumi.IntPtrInput
	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringInput
	// Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
	ConvergentEncryption pulumi.BoolPtrInput
	// Specifies if the key is allowed to be deleted.
	DeletionAllowed pulumi.BoolPtrInput
	// Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
	Derived pulumi.BoolPtrInput
	// Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
	Exportable pulumi.BoolPtrInput
	// The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
	KeySize pulumi.IntPtrInput
	// Minimum key version to use for decryption.
	MinDecryptionVersion pulumi.IntPtrInput
	// Minimum key version to use for encryption
	MinEncryptionVersion pulumi.IntPtrInput
	// The name to identify this key within the backend. Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
	// * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
	Type pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackendKey resource.

func (SecretBackendKeyArgs) ElementType 

func (SecretBackendKeyArgs) ElementType() reflect.Type

type SecretBackendKeyArray 

type SecretBackendKeyArray []SecretBackendKeyInput

func (SecretBackendKeyArray) ElementType 

func (SecretBackendKeyArray) ElementType() reflect.Type

func (SecretBackendKeyArray) ToSecretBackendKeyArrayOutput 

func (i SecretBackendKeyArray) ToSecretBackendKeyArrayOutput() SecretBackendKeyArrayOutput

func (SecretBackendKeyArray) ToSecretBackendKeyArrayOutputWithContext 

func (i SecretBackendKeyArray) ToSecretBackendKeyArrayOutputWithContext(ctx context.Context) SecretBackendKeyArrayOutput

type SecretBackendKeyArrayInput 

type SecretBackendKeyArrayInput interface {
	pulumi.Input

	ToSecretBackendKeyArrayOutput() SecretBackendKeyArrayOutput
	ToSecretBackendKeyArrayOutputWithContext(context.Context) SecretBackendKeyArrayOutput
}

SecretBackendKeyArrayInput is an input type that accepts SecretBackendKeyArray and SecretBackendKeyArrayOutput values. You can construct a concrete instance of `SecretBackendKeyArrayInput` via: 

SecretBackendKeyArray{ SecretBackendKeyArgs{...} }

type SecretBackendKeyArrayOutput 

type SecretBackendKeyArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendKeyArrayOutput) ElementType 

func (SecretBackendKeyArrayOutput) ElementType() reflect.Type

func (SecretBackendKeyArrayOutput) Index 

func (o SecretBackendKeyArrayOutput) Index(i pulumi.IntInput) SecretBackendKeyOutput

func (SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutput 

func (o SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutput() SecretBackendKeyArrayOutput

func (SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutputWithContext 

func (o SecretBackendKeyArrayOutput) ToSecretBackendKeyArrayOutputWithContext(ctx context.Context) SecretBackendKeyArrayOutput

type SecretBackendKeyInput 

type SecretBackendKeyInput interface {
	pulumi.Input

	ToSecretBackendKeyOutput() SecretBackendKeyOutput
	ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput
}

type SecretBackendKeyMap 

type SecretBackendKeyMap map[string]SecretBackendKeyInput

func (SecretBackendKeyMap) ElementType 

func (SecretBackendKeyMap) ElementType() reflect.Type

func (SecretBackendKeyMap) ToSecretBackendKeyMapOutput 

func (i SecretBackendKeyMap) ToSecretBackendKeyMapOutput() SecretBackendKeyMapOutput

func (SecretBackendKeyMap) ToSecretBackendKeyMapOutputWithContext 

func (i SecretBackendKeyMap) ToSecretBackendKeyMapOutputWithContext(ctx context.Context) SecretBackendKeyMapOutput

type SecretBackendKeyMapInput 

type SecretBackendKeyMapInput interface {
	pulumi.Input

	ToSecretBackendKeyMapOutput() SecretBackendKeyMapOutput
	ToSecretBackendKeyMapOutputWithContext(context.Context) SecretBackendKeyMapOutput
}

SecretBackendKeyMapInput is an input type that accepts SecretBackendKeyMap and SecretBackendKeyMapOutput values. You can construct a concrete instance of `SecretBackendKeyMapInput` via: 

SecretBackendKeyMap{ "key": SecretBackendKeyArgs{...} }

type SecretBackendKeyMapOutput 

type SecretBackendKeyMapOutput struct{ *pulumi.OutputState }

func (SecretBackendKeyMapOutput) ElementType 

func (SecretBackendKeyMapOutput) ElementType() reflect.Type

func (SecretBackendKeyMapOutput) MapIndex 

func (o SecretBackendKeyMapOutput) MapIndex(k pulumi.StringInput) SecretBackendKeyOutput

func (SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutput 

func (o SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutput() SecretBackendKeyMapOutput

func (SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutputWithContext 

func (o SecretBackendKeyMapOutput) ToSecretBackendKeyMapOutputWithContext(ctx context.Context) SecretBackendKeyMapOutput

type SecretBackendKeyOutput 

type SecretBackendKeyOutput struct{ *pulumi.OutputState }

func (SecretBackendKeyOutput) AllowPlaintextBackup added in v5.6.0 

func (o SecretBackendKeyOutput) AllowPlaintextBackup() pulumi.BoolPtrOutput

Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled. * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)

func (SecretBackendKeyOutput) AutoRotateInterval deprecated added in v5.6.0 

func (o SecretBackendKeyOutput) AutoRotateInterval() pulumi.IntOutput

Amount of time the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key.

Deprecated: Use auto_rotate_period instead

func (SecretBackendKeyOutput) AutoRotatePeriod added in v5.6.0 

func (o SecretBackendKeyOutput) AutoRotatePeriod() pulumi.IntOutput

Amount of seconds the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key.

func (SecretBackendKeyOutput) Backend added in v5.6.0 

func (o SecretBackendKeyOutput) Backend() pulumi.StringOutput

The path the transit secret backend is mounted at, with no leading or trailing `/`s.

func (SecretBackendKeyOutput) ConvergentEncryption added in v5.6.0 

func (o SecretBackendKeyOutput) ConvergentEncryption() pulumi.BoolPtrOutput

Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.

func (SecretBackendKeyOutput) DeletionAllowed added in v5.6.0 

func (o SecretBackendKeyOutput) DeletionAllowed() pulumi.BoolPtrOutput

Specifies if the key is allowed to be deleted.

func (SecretBackendKeyOutput) Derived added in v5.6.0 

func (o SecretBackendKeyOutput) Derived() pulumi.BoolPtrOutput

Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.

func (SecretBackendKeyOutput) ElementType 

func (SecretBackendKeyOutput) ElementType() reflect.Type

func (SecretBackendKeyOutput) Exportable added in v5.6.0 

func (o SecretBackendKeyOutput) Exportable() pulumi.BoolPtrOutput

Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.

func (SecretBackendKeyOutput) KeySize added in v5.16.0 

func (o SecretBackendKeyOutput) KeySize() pulumi.IntPtrOutput

The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.

func (SecretBackendKeyOutput) Keys added in v5.6.0 

func (o SecretBackendKeyOutput) Keys() pulumi.MapArrayOutput

List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key. * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata. * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:

func (SecretBackendKeyOutput) LatestVersion added in v5.6.0 

func (o SecretBackendKeyOutput) LatestVersion() pulumi.IntOutput

Latest key version available. This value is 1-indexed, so if `latestVersion` is `1`, then the key's information can be referenced from `keys` by selecting element `0`

func (SecretBackendKeyOutput) MinAvailableVersion added in v5.6.0 

func (o SecretBackendKeyOutput) MinAvailableVersion() pulumi.IntOutput

Minimum key version available for use. If keys have been archived by increasing `minDecryptionVersion`, this attribute will reflect that change.

func (SecretBackendKeyOutput) MinDecryptionVersion added in v5.6.0 

func (o SecretBackendKeyOutput) MinDecryptionVersion() pulumi.IntPtrOutput

Minimum key version to use for decryption.

func (SecretBackendKeyOutput) MinEncryptionVersion added in v5.6.0 

func (o SecretBackendKeyOutput) MinEncryptionVersion() pulumi.IntPtrOutput

Minimum key version to use for encryption

func (SecretBackendKeyOutput) Name added in v5.6.0 

func (o SecretBackendKeyOutput) Name() pulumi.StringOutput

The name to identify this key within the backend. Must be unique within the backend.

func (SecretBackendKeyOutput) Namespace added in v5.7.0 

func (o SecretBackendKeyOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (SecretBackendKeyOutput) SupportsDecryption added in v5.6.0 

func (o SecretBackendKeyOutput) SupportsDecryption() pulumi.BoolOutput

Whether or not the key supports decryption, based on key type.

func (SecretBackendKeyOutput) SupportsDerivation added in v5.6.0 

func (o SecretBackendKeyOutput) SupportsDerivation() pulumi.BoolOutput

Whether or not the key supports derivation, based on key type.

func (SecretBackendKeyOutput) SupportsEncryption added in v5.6.0 

func (o SecretBackendKeyOutput) SupportsEncryption() pulumi.BoolOutput

Whether or not the key supports encryption, based on key type.

func (SecretBackendKeyOutput) SupportsSigning added in v5.6.0 

func (o SecretBackendKeyOutput) SupportsSigning() pulumi.BoolOutput

Whether or not the key supports signing, based on key type.

func (SecretBackendKeyOutput) ToSecretBackendKeyOutput 

func (o SecretBackendKeyOutput) ToSecretBackendKeyOutput() SecretBackendKeyOutput

func (SecretBackendKeyOutput) ToSecretBackendKeyOutputWithContext 

func (o SecretBackendKeyOutput) ToSecretBackendKeyOutputWithContext(ctx context.Context) SecretBackendKeyOutput

func (SecretBackendKeyOutput) Type added in v5.6.0 

func (o SecretBackendKeyOutput) Type() pulumi.StringPtrOutput

Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`. * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)

type SecretBackendKeyState 

type SecretBackendKeyState struct {
	// Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
	// * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
	AllowPlaintextBackup pulumi.BoolPtrInput
	// Amount of time the key should live before being automatically rotated. A value of 0 disables automatic rotation for the
	// key.
	//
	// Deprecated: Use auto_rotate_period instead
	AutoRotateInterval pulumi.IntPtrInput
	// Amount of seconds the key should live before being automatically rotated.
	// A value of 0 disables automatic rotation for the key.
	AutoRotatePeriod pulumi.IntPtrInput
	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringPtrInput
	// Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
	ConvergentEncryption pulumi.BoolPtrInput
	// Specifies if the key is allowed to be deleted.
	DeletionAllowed pulumi.BoolPtrInput
	// Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
	Derived pulumi.BoolPtrInput
	// Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
	Exportable pulumi.BoolPtrInput
	// The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
	KeySize pulumi.IntPtrInput
	// List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
	// * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
	// * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
	Keys pulumi.MapArrayInput
	// Latest key version available. This value is 1-indexed, so if `latestVersion` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
	LatestVersion pulumi.IntPtrInput
	// Minimum key version available for use. If keys have been archived by increasing `minDecryptionVersion`, this attribute will reflect that change.
	MinAvailableVersion pulumi.IntPtrInput
	// Minimum key version to use for decryption.
	MinDecryptionVersion pulumi.IntPtrInput
	// Minimum key version to use for encryption
	MinEncryptionVersion pulumi.IntPtrInput
	// The name to identify this key within the backend. Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Whether or not the key supports decryption, based on key type.
	SupportsDecryption pulumi.BoolPtrInput
	// Whether or not the key supports derivation, based on key type.
	SupportsDerivation pulumi.BoolPtrInput
	// Whether or not the key supports encryption, based on key type.
	SupportsEncryption pulumi.BoolPtrInput
	// Whether or not the key supports signing, based on key type.
	SupportsSigning pulumi.BoolPtrInput
	// Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
	// * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
	Type pulumi.StringPtrInput
}

func (SecretBackendKeyState) ElementType 

func (SecretBackendKeyState) ElementType() reflect.Type

type SecretCacheConfig 

type SecretCacheConfig struct {
	pulumi.CustomResourceState

	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The number of cache entries. 0 means unlimited.
	Size pulumi.IntOutput `pulumi:"size"`
}

Configure the cache for the Transit Secret Backend in Vault.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/transit"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		transit, err := vault.NewMount(ctx, "transit", &vault.MountArgs{
			Path:                   pulumi.String("transit"),
			Type:                   pulumi.String("transit"),
			Description:            pulumi.String("Example description"),
			DefaultLeaseTtlSeconds: pulumi.Int(3600),
			MaxLeaseTtlSeconds:     pulumi.Int(86400),
		})
		if err != nil {
			return err
		}
		_, err = transit.NewSecretCacheConfig(ctx, "cfg", &transit.SecretCacheConfigArgs{
			Backend: transit.Path,
			Size:    pulumi.Int(500),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetSecretCacheConfig 

func GetSecretCacheConfig(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretCacheConfigState, opts ...pulumi.ResourceOption) (*SecretCacheConfig, error)

GetSecretCacheConfig gets an existing SecretCacheConfig resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretCacheConfig 

func NewSecretCacheConfig(ctx *pulumi.Context,
	name string, args *SecretCacheConfigArgs, opts ...pulumi.ResourceOption) (*SecretCacheConfig, error)

NewSecretCacheConfig registers a new resource with the given unique name, arguments, and options.

func (*SecretCacheConfig) ElementType 

func (*SecretCacheConfig) ElementType() reflect.Type

func (*SecretCacheConfig) ToSecretCacheConfigOutput 

func (i *SecretCacheConfig) ToSecretCacheConfigOutput() SecretCacheConfigOutput

func (*SecretCacheConfig) ToSecretCacheConfigOutputWithContext 

func (i *SecretCacheConfig) ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput

type SecretCacheConfigArgs 

type SecretCacheConfigArgs struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The number of cache entries. 0 means unlimited.
	Size pulumi.IntInput
}

The set of arguments for constructing a SecretCacheConfig resource.

func (SecretCacheConfigArgs) ElementType 

func (SecretCacheConfigArgs) ElementType() reflect.Type

type SecretCacheConfigArray 

type SecretCacheConfigArray []SecretCacheConfigInput

func (SecretCacheConfigArray) ElementType 

func (SecretCacheConfigArray) ElementType() reflect.Type

func (SecretCacheConfigArray) ToSecretCacheConfigArrayOutput 

func (i SecretCacheConfigArray) ToSecretCacheConfigArrayOutput() SecretCacheConfigArrayOutput

func (SecretCacheConfigArray) ToSecretCacheConfigArrayOutputWithContext 

func (i SecretCacheConfigArray) ToSecretCacheConfigArrayOutputWithContext(ctx context.Context) SecretCacheConfigArrayOutput

type SecretCacheConfigArrayInput 

type SecretCacheConfigArrayInput interface {
	pulumi.Input

	ToSecretCacheConfigArrayOutput() SecretCacheConfigArrayOutput
	ToSecretCacheConfigArrayOutputWithContext(context.Context) SecretCacheConfigArrayOutput
}

SecretCacheConfigArrayInput is an input type that accepts SecretCacheConfigArray and SecretCacheConfigArrayOutput values. You can construct a concrete instance of `SecretCacheConfigArrayInput` via: 

SecretCacheConfigArray{ SecretCacheConfigArgs{...} }

type SecretCacheConfigArrayOutput 

type SecretCacheConfigArrayOutput struct{ *pulumi.OutputState }

func (SecretCacheConfigArrayOutput) ElementType 

func (SecretCacheConfigArrayOutput) ElementType() reflect.Type

func (SecretCacheConfigArrayOutput) Index 

func (o SecretCacheConfigArrayOutput) Index(i pulumi.IntInput) SecretCacheConfigOutput

func (SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutput 

func (o SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutput() SecretCacheConfigArrayOutput

func (SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutputWithContext 

func (o SecretCacheConfigArrayOutput) ToSecretCacheConfigArrayOutputWithContext(ctx context.Context) SecretCacheConfigArrayOutput

type SecretCacheConfigInput 

type SecretCacheConfigInput interface {
	pulumi.Input

	ToSecretCacheConfigOutput() SecretCacheConfigOutput
	ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput
}

type SecretCacheConfigMap 

type SecretCacheConfigMap map[string]SecretCacheConfigInput

func (SecretCacheConfigMap) ElementType 

func (SecretCacheConfigMap) ElementType() reflect.Type

func (SecretCacheConfigMap) ToSecretCacheConfigMapOutput 

func (i SecretCacheConfigMap) ToSecretCacheConfigMapOutput() SecretCacheConfigMapOutput

func (SecretCacheConfigMap) ToSecretCacheConfigMapOutputWithContext 

func (i SecretCacheConfigMap) ToSecretCacheConfigMapOutputWithContext(ctx context.Context) SecretCacheConfigMapOutput

type SecretCacheConfigMapInput 

type SecretCacheConfigMapInput interface {
	pulumi.Input

	ToSecretCacheConfigMapOutput() SecretCacheConfigMapOutput
	ToSecretCacheConfigMapOutputWithContext(context.Context) SecretCacheConfigMapOutput
}

SecretCacheConfigMapInput is an input type that accepts SecretCacheConfigMap and SecretCacheConfigMapOutput values. You can construct a concrete instance of `SecretCacheConfigMapInput` via: 

SecretCacheConfigMap{ "key": SecretCacheConfigArgs{...} }

type SecretCacheConfigMapOutput 

type SecretCacheConfigMapOutput struct{ *pulumi.OutputState }

func (SecretCacheConfigMapOutput) ElementType 

func (SecretCacheConfigMapOutput) ElementType() reflect.Type

func (SecretCacheConfigMapOutput) MapIndex 

func (o SecretCacheConfigMapOutput) MapIndex(k pulumi.StringInput) SecretCacheConfigOutput

func (SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutput 

func (o SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutput() SecretCacheConfigMapOutput

func (SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutputWithContext 

func (o SecretCacheConfigMapOutput) ToSecretCacheConfigMapOutputWithContext(ctx context.Context) SecretCacheConfigMapOutput

type SecretCacheConfigOutput 

type SecretCacheConfigOutput struct{ *pulumi.OutputState }

func (SecretCacheConfigOutput) Backend added in v5.6.0 

func (o SecretCacheConfigOutput) Backend() pulumi.StringOutput

The path the transit secret backend is mounted at, with no leading or trailing `/`s.

func (SecretCacheConfigOutput) ElementType 

func (SecretCacheConfigOutput) ElementType() reflect.Type

func (SecretCacheConfigOutput) Namespace added in v5.7.0 

func (o SecretCacheConfigOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (SecretCacheConfigOutput) Size added in v5.6.0 

func (o SecretCacheConfigOutput) Size() pulumi.IntOutput

The number of cache entries. 0 means unlimited.

func (SecretCacheConfigOutput) ToSecretCacheConfigOutput 

func (o SecretCacheConfigOutput) ToSecretCacheConfigOutput() SecretCacheConfigOutput

func (SecretCacheConfigOutput) ToSecretCacheConfigOutputWithContext 

func (o SecretCacheConfigOutput) ToSecretCacheConfigOutputWithContext(ctx context.Context) SecretCacheConfigOutput

type SecretCacheConfigState 

type SecretCacheConfigState struct {
	// The path the transit secret backend is mounted at, with no leading or trailing `/`s.
	Backend pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The number of cache entries. 0 means unlimited.
	Size pulumi.IntPtrInput
}

func (SecretCacheConfigState) ElementType 

func (SecretCacheConfigState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.