harness.platform.VaultConnector
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as harness from "@pulumi/harness";
const awsAuth = new harness.platform.VaultConnector("aws_auth", {
identifier: "identifier",
name: "name",
description: "test",
tags: ["foo:bar"],
awsRegion: "aws_region",
basePath: "base_path",
accessType: "AWS_IAM",
"default": false,
xvaultAwsIamServerId: `account.${test.id}`,
readOnly: true,
renewalIntervalMinutes: 60,
secretEngineManuallyConfigured: true,
secretEngineName: "secret_engine_name",
secretEngineVersion: 2,
vaultAwsIamRole: "vault_aws_iam_role",
useAwsIam: true,
useK8sAuth: false,
useVaultAgent: false,
delegateSelectors: ["harness-delegate"],
vaultUrl: "https://vault_url.com",
});
const appRole = new harness.platform.VaultConnector("app_role", {
identifier: "identifier",
name: "name",
description: "test",
tags: ["foo:bar"],
appRoleId: "app_role_id",
basePath: "base_path",
accessType: "APP_ROLE",
"default": false,
secretId: `account.${test.id}`,
readOnly: true,
renewalIntervalMinutes: 60,
secretEngineManuallyConfigured: true,
secretEngineName: "secret_engine_name",
secretEngineVersion: 2,
useAwsIam: false,
useK8sAuth: false,
useVaultAgent: false,
renewAppRoleToken: true,
delegateSelectors: ["harness-delegate"],
vaultUrl: "https://vault_url.com",
});
const k8sAuth = new harness.platform.VaultConnector("k8s_auth", {
identifier: "identifier",
name: "name",
description: "test",
tags: ["foo:bar"],
authToken: `account.${test.id}`,
basePath: "base_path",
accessType: "K8s_AUTH",
"default": false,
k8sAuthEndpoint: "k8s_auth_endpoint",
namespace: "namespace",
readOnly: true,
renewalIntervalMinutes: 10,
secretEngineManuallyConfigured: true,
secretEngineName: "secret_engine_name",
secretEngineVersion: 2,
serviceAccountTokenPath: "service_account_token_path",
useAwsIam: false,
useK8sAuth: true,
useVaultAgent: false,
vaultK8sAuthRole: "vault_k8s_auth_role",
vaultAwsIamRole: "vault_aws_iam_role",
delegateSelectors: ["harness-delegate"],
vaultUrl: "https://vault_url.com",
});
const vaultAgent = new harness.platform.VaultConnector("vault_agent", {
identifier: "identifier",
name: "name",
description: "test",
tags: ["foo:bar"],
authToken: `account.${test.id}`,
basePath: "base_path",
accessType: "VAULT_AGENT",
"default": false,
namespace: "namespace",
readOnly: true,
renewalIntervalMinutes: 10,
secretEngineManuallyConfigured: true,
secretEngineName: "secret_engine_name",
secretEngineVersion: 2,
useAwsIam: false,
useK8sAuth: false,
useVaultAgent: true,
sinkPath: "sink_path",
delegateSelectors: ["harness-delegate"],
vaultUrl: "https://vault_url.com",
});
const token = new harness.platform.VaultConnector("token", {
identifier: "identifier",
name: "name",
description: "test",
tags: ["foo:bar"],
authToken: `account.${test.id}`,
basePath: "base_path",
accessType: "TOKEN",
"default": false,
namespace: "namespace",
readOnly: true,
renewalIntervalMinutes: 10,
secretEngineManuallyConfigured: true,
secretEngineName: "secret_engine_name",
secretEngineVersion: 2,
useAwsIam: false,
useK8sAuth: false,
vaultUrl: "https://vault_url.com",
});
import pulumi
import pulumi_harness as harness
aws_auth = harness.platform.VaultConnector("aws_auth",
identifier="identifier",
name="name",
description="test",
tags=["foo:bar"],
aws_region="aws_region",
base_path="base_path",
access_type="AWS_IAM",
default=False,
xvault_aws_iam_server_id=f"account.{test['id']}",
read_only=True,
renewal_interval_minutes=60,
secret_engine_manually_configured=True,
secret_engine_name="secret_engine_name",
secret_engine_version=2,
vault_aws_iam_role="vault_aws_iam_role",
use_aws_iam=True,
use_k8s_auth=False,
use_vault_agent=False,
delegate_selectors=["harness-delegate"],
vault_url="https://vault_url.com")
app_role = harness.platform.VaultConnector("app_role",
identifier="identifier",
name="name",
description="test",
tags=["foo:bar"],
app_role_id="app_role_id",
base_path="base_path",
access_type="APP_ROLE",
default=False,
secret_id=f"account.{test['id']}",
read_only=True,
renewal_interval_minutes=60,
secret_engine_manually_configured=True,
secret_engine_name="secret_engine_name",
secret_engine_version=2,
use_aws_iam=False,
use_k8s_auth=False,
use_vault_agent=False,
renew_app_role_token=True,
delegate_selectors=["harness-delegate"],
vault_url="https://vault_url.com")
k8s_auth = harness.platform.VaultConnector("k8s_auth",
identifier="identifier",
name="name",
description="test",
tags=["foo:bar"],
auth_token=f"account.{test['id']}",
base_path="base_path",
access_type="K8s_AUTH",
default=False,
k8s_auth_endpoint="k8s_auth_endpoint",
namespace="namespace",
read_only=True,
renewal_interval_minutes=10,
secret_engine_manually_configured=True,
secret_engine_name="secret_engine_name",
secret_engine_version=2,
service_account_token_path="service_account_token_path",
use_aws_iam=False,
use_k8s_auth=True,
use_vault_agent=False,
vault_k8s_auth_role="vault_k8s_auth_role",
vault_aws_iam_role="vault_aws_iam_role",
delegate_selectors=["harness-delegate"],
vault_url="https://vault_url.com")
vault_agent = harness.platform.VaultConnector("vault_agent",
identifier="identifier",
name="name",
description="test",
tags=["foo:bar"],
auth_token=f"account.{test['id']}",
base_path="base_path",
access_type="VAULT_AGENT",
default=False,
namespace="namespace",
read_only=True,
renewal_interval_minutes=10,
secret_engine_manually_configured=True,
secret_engine_name="secret_engine_name",
secret_engine_version=2,
use_aws_iam=False,
use_k8s_auth=False,
use_vault_agent=True,
sink_path="sink_path",
delegate_selectors=["harness-delegate"],
vault_url="https://vault_url.com")
token = harness.platform.VaultConnector("token",
identifier="identifier",
name="name",
description="test",
tags=["foo:bar"],
auth_token=f"account.{test['id']}",
base_path="base_path",
access_type="TOKEN",
default=False,
namespace="namespace",
read_only=True,
renewal_interval_minutes=10,
secret_engine_manually_configured=True,
secret_engine_name="secret_engine_name",
secret_engine_version=2,
use_aws_iam=False,
use_k8s_auth=False,
vault_url="https://vault_url.com")
package main
import (
"fmt"
"github.com/pulumi/pulumi-harness/sdk/go/harness/platform"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := platform.NewVaultConnector(ctx, "aws_auth", &platform.VaultConnectorArgs{
Identifier: pulumi.String("identifier"),
Name: pulumi.String("name"),
Description: pulumi.String("test"),
Tags: pulumi.StringArray{
pulumi.String("foo:bar"),
},
AwsRegion: pulumi.String("aws_region"),
BasePath: pulumi.String("base_path"),
AccessType: pulumi.String("AWS_IAM"),
Default: pulumi.Bool(false),
XvaultAwsIamServerId: pulumi.Sprintf("account.%v", test.Id),
ReadOnly: pulumi.Bool(true),
RenewalIntervalMinutes: pulumi.Int(60),
SecretEngineManuallyConfigured: pulumi.Bool(true),
SecretEngineName: pulumi.String("secret_engine_name"),
SecretEngineVersion: pulumi.Int(2),
VaultAwsIamRole: pulumi.String("vault_aws_iam_role"),
UseAwsIam: pulumi.Bool(true),
UseK8sAuth: pulumi.Bool(false),
UseVaultAgent: pulumi.Bool(false),
DelegateSelectors: pulumi.StringArray{
pulumi.String("harness-delegate"),
},
VaultUrl: pulumi.String("https://vault_url.com"),
})
if err != nil {
return err
}
_, err = platform.NewVaultConnector(ctx, "app_role", &platform.VaultConnectorArgs{
Identifier: pulumi.String("identifier"),
Name: pulumi.String("name"),
Description: pulumi.String("test"),
Tags: pulumi.StringArray{
pulumi.String("foo:bar"),
},
AppRoleId: pulumi.String("app_role_id"),
BasePath: pulumi.String("base_path"),
AccessType: pulumi.String("APP_ROLE"),
Default: pulumi.Bool(false),
SecretId: pulumi.Sprintf("account.%v", test.Id),
ReadOnly: pulumi.Bool(true),
RenewalIntervalMinutes: pulumi.Int(60),
SecretEngineManuallyConfigured: pulumi.Bool(true),
SecretEngineName: pulumi.String("secret_engine_name"),
SecretEngineVersion: pulumi.Int(2),
UseAwsIam: pulumi.Bool(false),
UseK8sAuth: pulumi.Bool(false),
UseVaultAgent: pulumi.Bool(false),
RenewAppRoleToken: pulumi.Bool(true),
DelegateSelectors: pulumi.StringArray{
pulumi.String("harness-delegate"),
},
VaultUrl: pulumi.String("https://vault_url.com"),
})
if err != nil {
return err
}
_, err = platform.NewVaultConnector(ctx, "k8s_auth", &platform.VaultConnectorArgs{
Identifier: pulumi.String("identifier"),
Name: pulumi.String("name"),
Description: pulumi.String("test"),
Tags: pulumi.StringArray{
pulumi.String("foo:bar"),
},
AuthToken: pulumi.Sprintf("account.%v", test.Id),
BasePath: pulumi.String("base_path"),
AccessType: pulumi.String("K8s_AUTH"),
Default: pulumi.Bool(false),
K8sAuthEndpoint: pulumi.String("k8s_auth_endpoint"),
Namespace: pulumi.String("namespace"),
ReadOnly: pulumi.Bool(true),
RenewalIntervalMinutes: pulumi.Int(10),
SecretEngineManuallyConfigured: pulumi.Bool(true),
SecretEngineName: pulumi.String("secret_engine_name"),
SecretEngineVersion: pulumi.Int(2),
ServiceAccountTokenPath: pulumi.String("service_account_token_path"),
UseAwsIam: pulumi.Bool(false),
UseK8sAuth: pulumi.Bool(true),
UseVaultAgent: pulumi.Bool(false),
VaultK8sAuthRole: pulumi.String("vault_k8s_auth_role"),
VaultAwsIamRole: pulumi.String("vault_aws_iam_role"),
DelegateSelectors: pulumi.StringArray{
pulumi.String("harness-delegate"),
},
VaultUrl: pulumi.String("https://vault_url.com"),
})
if err != nil {
return err
}
_, err = platform.NewVaultConnector(ctx, "vault_agent", &platform.VaultConnectorArgs{
Identifier: pulumi.String("identifier"),
Name: pulumi.String("name"),
Description: pulumi.String("test"),
Tags: pulumi.StringArray{
pulumi.String("foo:bar"),
},
AuthToken: pulumi.Sprintf("account.%v", test.Id),
BasePath: pulumi.String("base_path"),
AccessType: pulumi.String("VAULT_AGENT"),
Default: pulumi.Bool(false),
Namespace: pulumi.String("namespace"),
ReadOnly: pulumi.Bool(true),
RenewalIntervalMinutes: pulumi.Int(10),
SecretEngineManuallyConfigured: pulumi.Bool(true),
SecretEngineName: pulumi.String("secret_engine_name"),
SecretEngineVersion: pulumi.Int(2),
UseAwsIam: pulumi.Bool(false),
UseK8sAuth: pulumi.Bool(false),
UseVaultAgent: pulumi.Bool(true),
SinkPath: pulumi.String("sink_path"),
DelegateSelectors: pulumi.StringArray{
pulumi.String("harness-delegate"),
},
VaultUrl: pulumi.String("https://vault_url.com"),
})
if err != nil {
return err
}
_, err = platform.NewVaultConnector(ctx, "token", &platform.VaultConnectorArgs{
Identifier: pulumi.String("identifier"),
Name: pulumi.String("name"),
Description: pulumi.String("test"),
Tags: pulumi.StringArray{
pulumi.String("foo:bar"),
},
AuthToken: pulumi.Sprintf("account.%v", test.Id),
BasePath: pulumi.String("base_path"),
AccessType: pulumi.String("TOKEN"),
Default: pulumi.Bool(false),
Namespace: pulumi.String("namespace"),
ReadOnly: pulumi.Bool(true),
RenewalIntervalMinutes: pulumi.Int(10),
SecretEngineManuallyConfigured: pulumi.Bool(true),
SecretEngineName: pulumi.String("secret_engine_name"),
SecretEngineVersion: pulumi.Int(2),
UseAwsIam: pulumi.Bool(false),
UseK8sAuth: pulumi.Bool(false),
VaultUrl: pulumi.String("https://vault_url.com"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Harness = Pulumi.Harness;
return await Deployment.RunAsync(() =>
{
var awsAuth = new Harness.Platform.VaultConnector("aws_auth", new()
{
Identifier = "identifier",
Name = "name",
Description = "test",
Tags = new[]
{
"foo:bar",
},
AwsRegion = "aws_region",
BasePath = "base_path",
AccessType = "AWS_IAM",
Default = false,
XvaultAwsIamServerId = $"account.{test.Id}",
ReadOnly = true,
RenewalIntervalMinutes = 60,
SecretEngineManuallyConfigured = true,
SecretEngineName = "secret_engine_name",
SecretEngineVersion = 2,
VaultAwsIamRole = "vault_aws_iam_role",
UseAwsIam = true,
UseK8sAuth = false,
UseVaultAgent = false,
DelegateSelectors = new[]
{
"harness-delegate",
},
VaultUrl = "https://vault_url.com",
});
var appRole = new Harness.Platform.VaultConnector("app_role", new()
{
Identifier = "identifier",
Name = "name",
Description = "test",
Tags = new[]
{
"foo:bar",
},
AppRoleId = "app_role_id",
BasePath = "base_path",
AccessType = "APP_ROLE",
Default = false,
SecretId = $"account.{test.Id}",
ReadOnly = true,
RenewalIntervalMinutes = 60,
SecretEngineManuallyConfigured = true,
SecretEngineName = "secret_engine_name",
SecretEngineVersion = 2,
UseAwsIam = false,
UseK8sAuth = false,
UseVaultAgent = false,
RenewAppRoleToken = true,
DelegateSelectors = new[]
{
"harness-delegate",
},
VaultUrl = "https://vault_url.com",
});
var k8sAuth = new Harness.Platform.VaultConnector("k8s_auth", new()
{
Identifier = "identifier",
Name = "name",
Description = "test",
Tags = new[]
{
"foo:bar",
},
AuthToken = $"account.{test.Id}",
BasePath = "base_path",
AccessType = "K8s_AUTH",
Default = false,
K8sAuthEndpoint = "k8s_auth_endpoint",
Namespace = "namespace",
ReadOnly = true,
RenewalIntervalMinutes = 10,
SecretEngineManuallyConfigured = true,
SecretEngineName = "secret_engine_name",
SecretEngineVersion = 2,
ServiceAccountTokenPath = "service_account_token_path",
UseAwsIam = false,
UseK8sAuth = true,
UseVaultAgent = false,
VaultK8sAuthRole = "vault_k8s_auth_role",
VaultAwsIamRole = "vault_aws_iam_role",
DelegateSelectors = new[]
{
"harness-delegate",
},
VaultUrl = "https://vault_url.com",
});
var vaultAgent = new Harness.Platform.VaultConnector("vault_agent", new()
{
Identifier = "identifier",
Name = "name",
Description = "test",
Tags = new[]
{
"foo:bar",
},
AuthToken = $"account.{test.Id}",
BasePath = "base_path",
AccessType = "VAULT_AGENT",
Default = false,
Namespace = "namespace",
ReadOnly = true,
RenewalIntervalMinutes = 10,
SecretEngineManuallyConfigured = true,
SecretEngineName = "secret_engine_name",
SecretEngineVersion = 2,
UseAwsIam = false,
UseK8sAuth = false,
UseVaultAgent = true,
SinkPath = "sink_path",
DelegateSelectors = new[]
{
"harness-delegate",
},
VaultUrl = "https://vault_url.com",
});
var token = new Harness.Platform.VaultConnector("token", new()
{
Identifier = "identifier",
Name = "name",
Description = "test",
Tags = new[]
{
"foo:bar",
},
AuthToken = $"account.{test.Id}",
BasePath = "base_path",
AccessType = "TOKEN",
Default = false,
Namespace = "namespace",
ReadOnly = true,
RenewalIntervalMinutes = 10,
SecretEngineManuallyConfigured = true,
SecretEngineName = "secret_engine_name",
SecretEngineVersion = 2,
UseAwsIam = false,
UseK8sAuth = false,
VaultUrl = "https://vault_url.com",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.harness.platform.VaultConnector;
import com.pulumi.harness.platform.VaultConnectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var awsAuth = new VaultConnector("awsAuth", VaultConnectorArgs.builder()
.identifier("identifier")
.name("name")
.description("test")
.tags("foo:bar")
.awsRegion("aws_region")
.basePath("base_path")
.accessType("AWS_IAM")
.default_(false)
.xvaultAwsIamServerId(String.format("account.%s", test.id()))
.readOnly(true)
.renewalIntervalMinutes(60)
.secretEngineManuallyConfigured(true)
.secretEngineName("secret_engine_name")
.secretEngineVersion(2)
.vaultAwsIamRole("vault_aws_iam_role")
.useAwsIam(true)
.useK8sAuth(false)
.useVaultAgent(false)
.delegateSelectors("harness-delegate")
.vaultUrl("https://vault_url.com")
.build());
var appRole = new VaultConnector("appRole", VaultConnectorArgs.builder()
.identifier("identifier")
.name("name")
.description("test")
.tags("foo:bar")
.appRoleId("app_role_id")
.basePath("base_path")
.accessType("APP_ROLE")
.default_(false)
.secretId(String.format("account.%s", test.id()))
.readOnly(true)
.renewalIntervalMinutes(60)
.secretEngineManuallyConfigured(true)
.secretEngineName("secret_engine_name")
.secretEngineVersion(2)
.useAwsIam(false)
.useK8sAuth(false)
.useVaultAgent(false)
.renewAppRoleToken(true)
.delegateSelectors("harness-delegate")
.vaultUrl("https://vault_url.com")
.build());
var k8sAuth = new VaultConnector("k8sAuth", VaultConnectorArgs.builder()
.identifier("identifier")
.name("name")
.description("test")
.tags("foo:bar")
.authToken(String.format("account.%s", test.id()))
.basePath("base_path")
.accessType("K8s_AUTH")
.default_(false)
.k8sAuthEndpoint("k8s_auth_endpoint")
.namespace("namespace")
.readOnly(true)
.renewalIntervalMinutes(10)
.secretEngineManuallyConfigured(true)
.secretEngineName("secret_engine_name")
.secretEngineVersion(2)
.serviceAccountTokenPath("service_account_token_path")
.useAwsIam(false)
.useK8sAuth(true)
.useVaultAgent(false)
.vaultK8sAuthRole("vault_k8s_auth_role")
.vaultAwsIamRole("vault_aws_iam_role")
.delegateSelectors("harness-delegate")
.vaultUrl("https://vault_url.com")
.build());
var vaultAgent = new VaultConnector("vaultAgent", VaultConnectorArgs.builder()
.identifier("identifier")
.name("name")
.description("test")
.tags("foo:bar")
.authToken(String.format("account.%s", test.id()))
.basePath("base_path")
.accessType("VAULT_AGENT")
.default_(false)
.namespace("namespace")
.readOnly(true)
.renewalIntervalMinutes(10)
.secretEngineManuallyConfigured(true)
.secretEngineName("secret_engine_name")
.secretEngineVersion(2)
.useAwsIam(false)
.useK8sAuth(false)
.useVaultAgent(true)
.sinkPath("sink_path")
.delegateSelectors("harness-delegate")
.vaultUrl("https://vault_url.com")
.build());
var token = new VaultConnector("token", VaultConnectorArgs.builder()
.identifier("identifier")
.name("name")
.description("test")
.tags("foo:bar")
.authToken(String.format("account.%s", test.id()))
.basePath("base_path")
.accessType("TOKEN")
.default_(false)
.namespace("namespace")
.readOnly(true)
.renewalIntervalMinutes(10)
.secretEngineManuallyConfigured(true)
.secretEngineName("secret_engine_name")
.secretEngineVersion(2)
.useAwsIam(false)
.useK8sAuth(false)
.vaultUrl("https://vault_url.com")
.build());
}
}
resources:
awsAuth:
type: harness:platform:VaultConnector
name: aws_auth
properties:
identifier: identifier
name: name
description: test
tags:
- foo:bar
awsRegion: aws_region
basePath: base_path
accessType: AWS_IAM
default: false
xvaultAwsIamServerId: account.${test.id}
readOnly: true
renewalIntervalMinutes: 60
secretEngineManuallyConfigured: true
secretEngineName: secret_engine_name
secretEngineVersion: 2
vaultAwsIamRole: vault_aws_iam_role
useAwsIam: true
useK8sAuth: false
useVaultAgent: false
delegateSelectors:
- harness-delegate
vaultUrl: https://vault_url.com
appRole:
type: harness:platform:VaultConnector
name: app_role
properties:
identifier: identifier
name: name
description: test
tags:
- foo:bar
appRoleId: app_role_id
basePath: base_path
accessType: APP_ROLE
default: false
secretId: account.${test.id}
readOnly: true
renewalIntervalMinutes: 60
secretEngineManuallyConfigured: true
secretEngineName: secret_engine_name
secretEngineVersion: 2
useAwsIam: false
useK8sAuth: false
useVaultAgent: false
renewAppRoleToken: true
delegateSelectors:
- harness-delegate
vaultUrl: https://vault_url.com
k8sAuth:
type: harness:platform:VaultConnector
name: k8s_auth
properties:
identifier: identifier
name: name
description: test
tags:
- foo:bar
authToken: account.${test.id}
basePath: base_path
accessType: K8s_AUTH
default: false
k8sAuthEndpoint: k8s_auth_endpoint
namespace: namespace
readOnly: true
renewalIntervalMinutes: 10
secretEngineManuallyConfigured: true
secretEngineName: secret_engine_name
secretEngineVersion: 2
serviceAccountTokenPath: service_account_token_path
useAwsIam: false
useK8sAuth: true
useVaultAgent: false
vaultK8sAuthRole: vault_k8s_auth_role
vaultAwsIamRole: vault_aws_iam_role
delegateSelectors:
- harness-delegate
vaultUrl: https://vault_url.com
vaultAgent:
type: harness:platform:VaultConnector
name: vault_agent
properties:
identifier: identifier
name: name
description: test
tags:
- foo:bar
authToken: account.${test.id}
basePath: base_path
accessType: VAULT_AGENT
default: false
namespace: namespace
readOnly: true
renewalIntervalMinutes: 10
secretEngineManuallyConfigured: true
secretEngineName: secret_engine_name
secretEngineVersion: 2
useAwsIam: false
useK8sAuth: false
useVaultAgent: true
sinkPath: sink_path
delegateSelectors:
- harness-delegate
vaultUrl: https://vault_url.com
token:
type: harness:platform:VaultConnector
properties:
identifier: identifier
name: name
description: test
tags:
- foo:bar
authToken: account.${test.id}
basePath: base_path
accessType: TOKEN
default: false
namespace: namespace
readOnly: true
renewalIntervalMinutes: 10
secretEngineManuallyConfigured: true
secretEngineName: secret_engine_name
secretEngineVersion: 2
useAwsIam: false
useK8sAuth: false
vaultUrl: https://vault_url.com
Create VaultConnector Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new VaultConnector(name: string, args: VaultConnectorArgs, opts?: CustomResourceOptions);
@overload
def VaultConnector(resource_name: str,
args: VaultConnectorArgs,
opts: Optional[ResourceOptions] = None)
@overload
def VaultConnector(resource_name: str,
opts: Optional[ResourceOptions] = None,
identifier: Optional[str] = None,
vault_url: Optional[str] = None,
renewal_interval_minutes: Optional[int] = None,
read_only: Optional[bool] = None,
default: Optional[bool] = None,
auth_token: Optional[str] = None,
delegate_selectors: Optional[Sequence[str]] = None,
description: Optional[str] = None,
aws_region: Optional[str] = None,
is_default: Optional[bool] = None,
is_read_only: Optional[bool] = None,
k8s_auth_endpoint: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
org_id: Optional[str] = None,
project_id: Optional[str] = None,
access_type: Optional[str] = None,
xvault_aws_iam_server_id: Optional[str] = None,
base_path: Optional[str] = None,
secret_engine_manually_configured: Optional[bool] = None,
secret_engine_name: Optional[str] = None,
secret_engine_version: Optional[int] = None,
secret_id: Optional[str] = None,
service_account_token_path: Optional[str] = None,
sink_path: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
use_aws_iam: Optional[bool] = None,
use_k8s_auth: Optional[bool] = None,
use_vault_agent: Optional[bool] = None,
vault_aws_iam_role: Optional[str] = None,
vault_k8s_auth_role: Optional[str] = None,
app_role_id: Optional[str] = None,
renew_app_role_token: Optional[bool] = None)
func NewVaultConnector(ctx *Context, name string, args VaultConnectorArgs, opts ...ResourceOption) (*VaultConnector, error)
public VaultConnector(string name, VaultConnectorArgs args, CustomResourceOptions? opts = null)
public VaultConnector(String name, VaultConnectorArgs args)
public VaultConnector(String name, VaultConnectorArgs args, CustomResourceOptions options)
type: harness:platform:VaultConnector
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args VaultConnectorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VaultConnectorArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VaultConnectorArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VaultConnectorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VaultConnectorArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var vaultConnectorResource = new Harness.Platform.VaultConnector("vaultConnectorResource", new()
{
Identifier = "string",
VaultUrl = "string",
RenewalIntervalMinutes = 0,
ReadOnly = false,
Default = false,
AuthToken = "string",
DelegateSelectors = new[]
{
"string",
},
Description = "string",
AwsRegion = "string",
IsDefault = false,
IsReadOnly = false,
K8sAuthEndpoint = "string",
Name = "string",
Namespace = "string",
OrgId = "string",
ProjectId = "string",
AccessType = "string",
XvaultAwsIamServerId = "string",
BasePath = "string",
SecretEngineManuallyConfigured = false,
SecretEngineName = "string",
SecretEngineVersion = 0,
SecretId = "string",
ServiceAccountTokenPath = "string",
SinkPath = "string",
Tags = new[]
{
"string",
},
UseAwsIam = false,
UseK8sAuth = false,
UseVaultAgent = false,
VaultAwsIamRole = "string",
VaultK8sAuthRole = "string",
AppRoleId = "string",
RenewAppRoleToken = false,
});
example, err := platform.NewVaultConnector(ctx, "vaultConnectorResource", &platform.VaultConnectorArgs{
Identifier: pulumi.String("string"),
VaultUrl: pulumi.String("string"),
RenewalIntervalMinutes: pulumi.Int(0),
ReadOnly: pulumi.Bool(false),
Default: pulumi.Bool(false),
AuthToken: pulumi.String("string"),
DelegateSelectors: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
AwsRegion: pulumi.String("string"),
IsDefault: pulumi.Bool(false),
IsReadOnly: pulumi.Bool(false),
K8sAuthEndpoint: pulumi.String("string"),
Name: pulumi.String("string"),
Namespace: pulumi.String("string"),
OrgId: pulumi.String("string"),
ProjectId: pulumi.String("string"),
AccessType: pulumi.String("string"),
XvaultAwsIamServerId: pulumi.String("string"),
BasePath: pulumi.String("string"),
SecretEngineManuallyConfigured: pulumi.Bool(false),
SecretEngineName: pulumi.String("string"),
SecretEngineVersion: pulumi.Int(0),
SecretId: pulumi.String("string"),
ServiceAccountTokenPath: pulumi.String("string"),
SinkPath: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
UseAwsIam: pulumi.Bool(false),
UseK8sAuth: pulumi.Bool(false),
UseVaultAgent: pulumi.Bool(false),
VaultAwsIamRole: pulumi.String("string"),
VaultK8sAuthRole: pulumi.String("string"),
AppRoleId: pulumi.String("string"),
RenewAppRoleToken: pulumi.Bool(false),
})
var vaultConnectorResource = new VaultConnector("vaultConnectorResource", VaultConnectorArgs.builder()
.identifier("string")
.vaultUrl("string")
.renewalIntervalMinutes(0)
.readOnly(false)
.default_(false)
.authToken("string")
.delegateSelectors("string")
.description("string")
.awsRegion("string")
.isDefault(false)
.isReadOnly(false)
.k8sAuthEndpoint("string")
.name("string")
.namespace("string")
.orgId("string")
.projectId("string")
.accessType("string")
.xvaultAwsIamServerId("string")
.basePath("string")
.secretEngineManuallyConfigured(false)
.secretEngineName("string")
.secretEngineVersion(0)
.secretId("string")
.serviceAccountTokenPath("string")
.sinkPath("string")
.tags("string")
.useAwsIam(false)
.useK8sAuth(false)
.useVaultAgent(false)
.vaultAwsIamRole("string")
.vaultK8sAuthRole("string")
.appRoleId("string")
.renewAppRoleToken(false)
.build());
vault_connector_resource = harness.platform.VaultConnector("vaultConnectorResource",
identifier="string",
vault_url="string",
renewal_interval_minutes=0,
read_only=False,
default=False,
auth_token="string",
delegate_selectors=["string"],
description="string",
aws_region="string",
is_default=False,
is_read_only=False,
k8s_auth_endpoint="string",
name="string",
namespace="string",
org_id="string",
project_id="string",
access_type="string",
xvault_aws_iam_server_id="string",
base_path="string",
secret_engine_manually_configured=False,
secret_engine_name="string",
secret_engine_version=0,
secret_id="string",
service_account_token_path="string",
sink_path="string",
tags=["string"],
use_aws_iam=False,
use_k8s_auth=False,
use_vault_agent=False,
vault_aws_iam_role="string",
vault_k8s_auth_role="string",
app_role_id="string",
renew_app_role_token=False)
const vaultConnectorResource = new harness.platform.VaultConnector("vaultConnectorResource", {
identifier: "string",
vaultUrl: "string",
renewalIntervalMinutes: 0,
readOnly: false,
"default": false,
authToken: "string",
delegateSelectors: ["string"],
description: "string",
awsRegion: "string",
isDefault: false,
isReadOnly: false,
k8sAuthEndpoint: "string",
name: "string",
namespace: "string",
orgId: "string",
projectId: "string",
accessType: "string",
xvaultAwsIamServerId: "string",
basePath: "string",
secretEngineManuallyConfigured: false,
secretEngineName: "string",
secretEngineVersion: 0,
secretId: "string",
serviceAccountTokenPath: "string",
sinkPath: "string",
tags: ["string"],
useAwsIam: false,
useK8sAuth: false,
useVaultAgent: false,
vaultAwsIamRole: "string",
vaultK8sAuthRole: "string",
appRoleId: "string",
renewAppRoleToken: false,
});
type: harness:platform:VaultConnector
properties:
accessType: string
appRoleId: string
authToken: string
awsRegion: string
basePath: string
default: false
delegateSelectors:
- string
description: string
identifier: string
isDefault: false
isReadOnly: false
k8sAuthEndpoint: string
name: string
namespace: string
orgId: string
projectId: string
readOnly: false
renewAppRoleToken: false
renewalIntervalMinutes: 0
secretEngineManuallyConfigured: false
secretEngineName: string
secretEngineVersion: 0
secretId: string
serviceAccountTokenPath: string
sinkPath: string
tags:
- string
useAwsIam: false
useK8sAuth: false
useVaultAgent: false
vaultAwsIamRole: string
vaultK8sAuthRole: string
vaultUrl: string
xvaultAwsIamServerId: string
VaultConnector Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The VaultConnector resource accepts the following input properties:
- Identifier string
- Unique identifier of the resource.
- Renewal
Interval intMinutes - The time interval for the token renewal.
- Vault
Url string - URL of the HashiCorp Vault.
- Access
Type string - Access type.
- App
Role stringId - ID of App Role.
- Auth
Token string - Authentication token for Vault.
- Aws
Region string - AWS region where the AWS IAM authentication will happen.
- Base
Path string - Location of the Vault directory where the secret will be stored.
- Default bool
- Is default or not.
- Delegate
Selectors List<string> - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- Description string
- Description of the resource.
- Is
Default bool - Is default or not.
- Is
Read boolOnly - Read only or not.
- K8s
Auth stringEndpoint - The path where Kubernetes Auth is enabled in Vault.
- Name string
- Name of the resource.
- Namespace string
- Vault namespace where the Secret will be created.
- Org
Id string - Unique identifier of the organization.
- Project
Id string - Unique identifier of the project.
- Read
Only bool - Read only.
- Renew
App boolRole Token - Boolean value to indicate if AppRole token renewal is enabled or not.
- Secret
Engine boolManually Configured - Manually entered Secret Engine.
- Secret
Engine stringName - Name of the Secret Engine.
- Secret
Engine intVersion - Version of Secret Engine.
- Secret
Id string - ID of the Secret.
- Service
Account stringToken Path - The Service Account token path in the K8s pod where the token is mounted.
- Sink
Path string - The location from which the authentication token should be read.
- List<string>
- Tags to associate with the resource.
- Use
Aws boolIam - Boolean value to indicate if AWS IAM is used for authentication.
- Use
K8s boolAuth - Boolean value to indicate if K8s Auth is used for authentication.
- Use
Vault boolAgent - Boolean value to indicate if Vault Agent is used for authentication.
- Vault
Aws stringIam Role - The Vault role defined to bind to aws iam account/role being accessed.
- Vault
K8s stringAuth Role - The role where K8s Auth will happen.
- Xvault
Aws stringIam Server Id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- Identifier string
- Unique identifier of the resource.
- Renewal
Interval intMinutes - The time interval for the token renewal.
- Vault
Url string - URL of the HashiCorp Vault.
- Access
Type string - Access type.
- App
Role stringId - ID of App Role.
- Auth
Token string - Authentication token for Vault.
- Aws
Region string - AWS region where the AWS IAM authentication will happen.
- Base
Path string - Location of the Vault directory where the secret will be stored.
- Default bool
- Is default or not.
- Delegate
Selectors []string - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- Description string
- Description of the resource.
- Is
Default bool - Is default or not.
- Is
Read boolOnly - Read only or not.
- K8s
Auth stringEndpoint - The path where Kubernetes Auth is enabled in Vault.
- Name string
- Name of the resource.
- Namespace string
- Vault namespace where the Secret will be created.
- Org
Id string - Unique identifier of the organization.
- Project
Id string - Unique identifier of the project.
- Read
Only bool - Read only.
- Renew
App boolRole Token - Boolean value to indicate if AppRole token renewal is enabled or not.
- Secret
Engine boolManually Configured - Manually entered Secret Engine.
- Secret
Engine stringName - Name of the Secret Engine.
- Secret
Engine intVersion - Version of Secret Engine.
- Secret
Id string - ID of the Secret.
- Service
Account stringToken Path - The Service Account token path in the K8s pod where the token is mounted.
- Sink
Path string - The location from which the authentication token should be read.
- []string
- Tags to associate with the resource.
- Use
Aws boolIam - Boolean value to indicate if AWS IAM is used for authentication.
- Use
K8s boolAuth - Boolean value to indicate if K8s Auth is used for authentication.
- Use
Vault boolAgent - Boolean value to indicate if Vault Agent is used for authentication.
- Vault
Aws stringIam Role - The Vault role defined to bind to aws iam account/role being accessed.
- Vault
K8s stringAuth Role - The role where K8s Auth will happen.
- Xvault
Aws stringIam Server Id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- identifier String
- Unique identifier of the resource.
- renewal
Interval IntegerMinutes - The time interval for the token renewal.
- vault
Url String - URL of the HashiCorp Vault.
- access
Type String - Access type.
- app
Role StringId - ID of App Role.
- auth
Token String - Authentication token for Vault.
- aws
Region String - AWS region where the AWS IAM authentication will happen.
- base
Path String - Location of the Vault directory where the secret will be stored.
- default_ Boolean
- Is default or not.
- delegate
Selectors List<String> - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description String
- Description of the resource.
- is
Default Boolean - Is default or not.
- is
Read BooleanOnly - Read only or not.
- k8s
Auth StringEndpoint - The path where Kubernetes Auth is enabled in Vault.
- name String
- Name of the resource.
- namespace String
- Vault namespace where the Secret will be created.
- org
Id String - Unique identifier of the organization.
- project
Id String - Unique identifier of the project.
- read
Only Boolean - Read only.
- renew
App BooleanRole Token - Boolean value to indicate if AppRole token renewal is enabled or not.
- secret
Engine BooleanManually Configured - Manually entered Secret Engine.
- secret
Engine StringName - Name of the Secret Engine.
- secret
Engine IntegerVersion - Version of Secret Engine.
- secret
Id String - ID of the Secret.
- service
Account StringToken Path - The Service Account token path in the K8s pod where the token is mounted.
- sink
Path String - The location from which the authentication token should be read.
- List<String>
- Tags to associate with the resource.
- use
Aws BooleanIam - Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s BooleanAuth - Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault BooleanAgent - Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws StringIam Role - The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s StringAuth Role - The role where K8s Auth will happen.
- xvault
Aws StringIam Server Id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- identifier string
- Unique identifier of the resource.
- renewal
Interval numberMinutes - The time interval for the token renewal.
- vault
Url string - URL of the HashiCorp Vault.
- access
Type string - Access type.
- app
Role stringId - ID of App Role.
- auth
Token string - Authentication token for Vault.
- aws
Region string - AWS region where the AWS IAM authentication will happen.
- base
Path string - Location of the Vault directory where the secret will be stored.
- default boolean
- Is default or not.
- delegate
Selectors string[] - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description string
- Description of the resource.
- is
Default boolean - Is default or not.
- is
Read booleanOnly - Read only or not.
- k8s
Auth stringEndpoint - The path where Kubernetes Auth is enabled in Vault.
- name string
- Name of the resource.
- namespace string
- Vault namespace where the Secret will be created.
- org
Id string - Unique identifier of the organization.
- project
Id string - Unique identifier of the project.
- read
Only boolean - Read only.
- renew
App booleanRole Token - Boolean value to indicate if AppRole token renewal is enabled or not.
- secret
Engine booleanManually Configured - Manually entered Secret Engine.
- secret
Engine stringName - Name of the Secret Engine.
- secret
Engine numberVersion - Version of Secret Engine.
- secret
Id string - ID of the Secret.
- service
Account stringToken Path - The Service Account token path in the K8s pod where the token is mounted.
- sink
Path string - The location from which the authentication token should be read.
- string[]
- Tags to associate with the resource.
- use
Aws booleanIam - Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s booleanAuth - Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault booleanAgent - Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws stringIam Role - The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s stringAuth Role - The role where K8s Auth will happen.
- xvault
Aws stringIam Server Id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- identifier str
- Unique identifier of the resource.
- renewal_
interval_ intminutes - The time interval for the token renewal.
- vault_
url str - URL of the HashiCorp Vault.
- access_
type str - Access type.
- app_
role_ strid - ID of App Role.
- auth_
token str - Authentication token for Vault.
- aws_
region str - AWS region where the AWS IAM authentication will happen.
- base_
path str - Location of the Vault directory where the secret will be stored.
- default bool
- Is default or not.
- delegate_
selectors Sequence[str] - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description str
- Description of the resource.
- is_
default bool - Is default or not.
- is_
read_ boolonly - Read only or not.
- k8s_
auth_ strendpoint - The path where Kubernetes Auth is enabled in Vault.
- name str
- Name of the resource.
- namespace str
- Vault namespace where the Secret will be created.
- org_
id str - Unique identifier of the organization.
- project_
id str - Unique identifier of the project.
- read_
only bool - Read only.
- renew_
app_ boolrole_ token - Boolean value to indicate if AppRole token renewal is enabled or not.
- secret_
engine_ boolmanually_ configured - Manually entered Secret Engine.
- secret_
engine_ strname - Name of the Secret Engine.
- secret_
engine_ intversion - Version of Secret Engine.
- secret_
id str - ID of the Secret.
- service_
account_ strtoken_ path - The Service Account token path in the K8s pod where the token is mounted.
- sink_
path str - The location from which the authentication token should be read.
- Sequence[str]
- Tags to associate with the resource.
- use_
aws_ booliam - Boolean value to indicate if AWS IAM is used for authentication.
- use_
k8s_ boolauth - Boolean value to indicate if K8s Auth is used for authentication.
- use_
vault_ boolagent - Boolean value to indicate if Vault Agent is used for authentication.
- vault_
aws_ striam_ role - The Vault role defined to bind to aws iam account/role being accessed.
- vault_
k8s_ strauth_ role - The role where K8s Auth will happen.
- xvault_
aws_ striam_ server_ id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- identifier String
- Unique identifier of the resource.
- renewal
Interval NumberMinutes - The time interval for the token renewal.
- vault
Url String - URL of the HashiCorp Vault.
- access
Type String - Access type.
- app
Role StringId - ID of App Role.
- auth
Token String - Authentication token for Vault.
- aws
Region String - AWS region where the AWS IAM authentication will happen.
- base
Path String - Location of the Vault directory where the secret will be stored.
- default Boolean
- Is default or not.
- delegate
Selectors List<String> - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description String
- Description of the resource.
- is
Default Boolean - Is default or not.
- is
Read BooleanOnly - Read only or not.
- k8s
Auth StringEndpoint - The path where Kubernetes Auth is enabled in Vault.
- name String
- Name of the resource.
- namespace String
- Vault namespace where the Secret will be created.
- org
Id String - Unique identifier of the organization.
- project
Id String - Unique identifier of the project.
- read
Only Boolean - Read only.
- renew
App BooleanRole Token - Boolean value to indicate if AppRole token renewal is enabled or not.
- secret
Engine BooleanManually Configured - Manually entered Secret Engine.
- secret
Engine StringName - Name of the Secret Engine.
- secret
Engine NumberVersion - Version of Secret Engine.
- secret
Id String - ID of the Secret.
- service
Account StringToken Path - The Service Account token path in the K8s pod where the token is mounted.
- sink
Path String - The location from which the authentication token should be read.
- List<String>
- Tags to associate with the resource.
- use
Aws BooleanIam - Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s BooleanAuth - Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault BooleanAgent - Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws StringIam Role - The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s StringAuth Role - The role where K8s Auth will happen.
- xvault
Aws StringIam Server Id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
Outputs
All input properties are implicitly available as output properties. Additionally, the VaultConnector resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing VaultConnector Resource
Get an existing VaultConnector resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VaultConnectorState, opts?: CustomResourceOptions): VaultConnector
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_type: Optional[str] = None,
app_role_id: Optional[str] = None,
auth_token: Optional[str] = None,
aws_region: Optional[str] = None,
base_path: Optional[str] = None,
default: Optional[bool] = None,
delegate_selectors: Optional[Sequence[str]] = None,
description: Optional[str] = None,
identifier: Optional[str] = None,
is_default: Optional[bool] = None,
is_read_only: Optional[bool] = None,
k8s_auth_endpoint: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
org_id: Optional[str] = None,
project_id: Optional[str] = None,
read_only: Optional[bool] = None,
renew_app_role_token: Optional[bool] = None,
renewal_interval_minutes: Optional[int] = None,
secret_engine_manually_configured: Optional[bool] = None,
secret_engine_name: Optional[str] = None,
secret_engine_version: Optional[int] = None,
secret_id: Optional[str] = None,
service_account_token_path: Optional[str] = None,
sink_path: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
use_aws_iam: Optional[bool] = None,
use_k8s_auth: Optional[bool] = None,
use_vault_agent: Optional[bool] = None,
vault_aws_iam_role: Optional[str] = None,
vault_k8s_auth_role: Optional[str] = None,
vault_url: Optional[str] = None,
xvault_aws_iam_server_id: Optional[str] = None) -> VaultConnector
func GetVaultConnector(ctx *Context, name string, id IDInput, state *VaultConnectorState, opts ...ResourceOption) (*VaultConnector, error)
public static VaultConnector Get(string name, Input<string> id, VaultConnectorState? state, CustomResourceOptions? opts = null)
public static VaultConnector get(String name, Output<String> id, VaultConnectorState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Type string - Access type.
- App
Role stringId - ID of App Role.
- Auth
Token string - Authentication token for Vault.
- Aws
Region string - AWS region where the AWS IAM authentication will happen.
- Base
Path string - Location of the Vault directory where the secret will be stored.
- Default bool
- Is default or not.
- Delegate
Selectors List<string> - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- Description string
- Description of the resource.
- Identifier string
- Unique identifier of the resource.
- Is
Default bool - Is default or not.
- Is
Read boolOnly - Read only or not.
- K8s
Auth stringEndpoint - The path where Kubernetes Auth is enabled in Vault.
- Name string
- Name of the resource.
- Namespace string
- Vault namespace where the Secret will be created.
- Org
Id string - Unique identifier of the organization.
- Project
Id string - Unique identifier of the project.
- Read
Only bool - Read only.
- Renew
App boolRole Token - Boolean value to indicate if AppRole token renewal is enabled or not.
- Renewal
Interval intMinutes - The time interval for the token renewal.
- Secret
Engine boolManually Configured - Manually entered Secret Engine.
- Secret
Engine stringName - Name of the Secret Engine.
- Secret
Engine intVersion - Version of Secret Engine.
- Secret
Id string - ID of the Secret.
- Service
Account stringToken Path - The Service Account token path in the K8s pod where the token is mounted.
- Sink
Path string - The location from which the authentication token should be read.
- List<string>
- Tags to associate with the resource.
- Use
Aws boolIam - Boolean value to indicate if AWS IAM is used for authentication.
- Use
K8s boolAuth - Boolean value to indicate if K8s Auth is used for authentication.
- Use
Vault boolAgent - Boolean value to indicate if Vault Agent is used for authentication.
- Vault
Aws stringIam Role - The Vault role defined to bind to aws iam account/role being accessed.
- Vault
K8s stringAuth Role - The role where K8s Auth will happen.
- Vault
Url string - URL of the HashiCorp Vault.
- Xvault
Aws stringIam Server Id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- Access
Type string - Access type.
- App
Role stringId - ID of App Role.
- Auth
Token string - Authentication token for Vault.
- Aws
Region string - AWS region where the AWS IAM authentication will happen.
- Base
Path string - Location of the Vault directory where the secret will be stored.
- Default bool
- Is default or not.
- Delegate
Selectors []string - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- Description string
- Description of the resource.
- Identifier string
- Unique identifier of the resource.
- Is
Default bool - Is default or not.
- Is
Read boolOnly - Read only or not.
- K8s
Auth stringEndpoint - The path where Kubernetes Auth is enabled in Vault.
- Name string
- Name of the resource.
- Namespace string
- Vault namespace where the Secret will be created.
- Org
Id string - Unique identifier of the organization.
- Project
Id string - Unique identifier of the project.
- Read
Only bool - Read only.
- Renew
App boolRole Token - Boolean value to indicate if AppRole token renewal is enabled or not.
- Renewal
Interval intMinutes - The time interval for the token renewal.
- Secret
Engine boolManually Configured - Manually entered Secret Engine.
- Secret
Engine stringName - Name of the Secret Engine.
- Secret
Engine intVersion - Version of Secret Engine.
- Secret
Id string - ID of the Secret.
- Service
Account stringToken Path - The Service Account token path in the K8s pod where the token is mounted.
- Sink
Path string - The location from which the authentication token should be read.
- []string
- Tags to associate with the resource.
- Use
Aws boolIam - Boolean value to indicate if AWS IAM is used for authentication.
- Use
K8s boolAuth - Boolean value to indicate if K8s Auth is used for authentication.
- Use
Vault boolAgent - Boolean value to indicate if Vault Agent is used for authentication.
- Vault
Aws stringIam Role - The Vault role defined to bind to aws iam account/role being accessed.
- Vault
K8s stringAuth Role - The role where K8s Auth will happen.
- Vault
Url string - URL of the HashiCorp Vault.
- Xvault
Aws stringIam Server Id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- access
Type String - Access type.
- app
Role StringId - ID of App Role.
- auth
Token String - Authentication token for Vault.
- aws
Region String - AWS region where the AWS IAM authentication will happen.
- base
Path String - Location of the Vault directory where the secret will be stored.
- default_ Boolean
- Is default or not.
- delegate
Selectors List<String> - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description String
- Description of the resource.
- identifier String
- Unique identifier of the resource.
- is
Default Boolean - Is default or not.
- is
Read BooleanOnly - Read only or not.
- k8s
Auth StringEndpoint - The path where Kubernetes Auth is enabled in Vault.
- name String
- Name of the resource.
- namespace String
- Vault namespace where the Secret will be created.
- org
Id String - Unique identifier of the organization.
- project
Id String - Unique identifier of the project.
- read
Only Boolean - Read only.
- renew
App BooleanRole Token - Boolean value to indicate if AppRole token renewal is enabled or not.
- renewal
Interval IntegerMinutes - The time interval for the token renewal.
- secret
Engine BooleanManually Configured - Manually entered Secret Engine.
- secret
Engine StringName - Name of the Secret Engine.
- secret
Engine IntegerVersion - Version of Secret Engine.
- secret
Id String - ID of the Secret.
- service
Account StringToken Path - The Service Account token path in the K8s pod where the token is mounted.
- sink
Path String - The location from which the authentication token should be read.
- List<String>
- Tags to associate with the resource.
- use
Aws BooleanIam - Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s BooleanAuth - Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault BooleanAgent - Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws StringIam Role - The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s StringAuth Role - The role where K8s Auth will happen.
- vault
Url String - URL of the HashiCorp Vault.
- xvault
Aws StringIam Server Id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- access
Type string - Access type.
- app
Role stringId - ID of App Role.
- auth
Token string - Authentication token for Vault.
- aws
Region string - AWS region where the AWS IAM authentication will happen.
- base
Path string - Location of the Vault directory where the secret will be stored.
- default boolean
- Is default or not.
- delegate
Selectors string[] - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description string
- Description of the resource.
- identifier string
- Unique identifier of the resource.
- is
Default boolean - Is default or not.
- is
Read booleanOnly - Read only or not.
- k8s
Auth stringEndpoint - The path where Kubernetes Auth is enabled in Vault.
- name string
- Name of the resource.
- namespace string
- Vault namespace where the Secret will be created.
- org
Id string - Unique identifier of the organization.
- project
Id string - Unique identifier of the project.
- read
Only boolean - Read only.
- renew
App booleanRole Token - Boolean value to indicate if AppRole token renewal is enabled or not.
- renewal
Interval numberMinutes - The time interval for the token renewal.
- secret
Engine booleanManually Configured - Manually entered Secret Engine.
- secret
Engine stringName - Name of the Secret Engine.
- secret
Engine numberVersion - Version of Secret Engine.
- secret
Id string - ID of the Secret.
- service
Account stringToken Path - The Service Account token path in the K8s pod where the token is mounted.
- sink
Path string - The location from which the authentication token should be read.
- string[]
- Tags to associate with the resource.
- use
Aws booleanIam - Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s booleanAuth - Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault booleanAgent - Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws stringIam Role - The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s stringAuth Role - The role where K8s Auth will happen.
- vault
Url string - URL of the HashiCorp Vault.
- xvault
Aws stringIam Server Id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- access_
type str - Access type.
- app_
role_ strid - ID of App Role.
- auth_
token str - Authentication token for Vault.
- aws_
region str - AWS region where the AWS IAM authentication will happen.
- base_
path str - Location of the Vault directory where the secret will be stored.
- default bool
- Is default or not.
- delegate_
selectors Sequence[str] - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description str
- Description of the resource.
- identifier str
- Unique identifier of the resource.
- is_
default bool - Is default or not.
- is_
read_ boolonly - Read only or not.
- k8s_
auth_ strendpoint - The path where Kubernetes Auth is enabled in Vault.
- name str
- Name of the resource.
- namespace str
- Vault namespace where the Secret will be created.
- org_
id str - Unique identifier of the organization.
- project_
id str - Unique identifier of the project.
- read_
only bool - Read only.
- renew_
app_ boolrole_ token - Boolean value to indicate if AppRole token renewal is enabled or not.
- renewal_
interval_ intminutes - The time interval for the token renewal.
- secret_
engine_ boolmanually_ configured - Manually entered Secret Engine.
- secret_
engine_ strname - Name of the Secret Engine.
- secret_
engine_ intversion - Version of Secret Engine.
- secret_
id str - ID of the Secret.
- service_
account_ strtoken_ path - The Service Account token path in the K8s pod where the token is mounted.
- sink_
path str - The location from which the authentication token should be read.
- Sequence[str]
- Tags to associate with the resource.
- use_
aws_ booliam - Boolean value to indicate if AWS IAM is used for authentication.
- use_
k8s_ boolauth - Boolean value to indicate if K8s Auth is used for authentication.
- use_
vault_ boolagent - Boolean value to indicate if Vault Agent is used for authentication.
- vault_
aws_ striam_ role - The Vault role defined to bind to aws iam account/role being accessed.
- vault_
k8s_ strauth_ role - The role where K8s Auth will happen.
- vault_
url str - URL of the HashiCorp Vault.
- xvault_
aws_ striam_ server_ id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
- access
Type String - Access type.
- app
Role StringId - ID of App Role.
- auth
Token String - Authentication token for Vault.
- aws
Region String - AWS region where the AWS IAM authentication will happen.
- base
Path String - Location of the Vault directory where the secret will be stored.
- default Boolean
- Is default or not.
- delegate
Selectors List<String> - List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
- description String
- Description of the resource.
- identifier String
- Unique identifier of the resource.
- is
Default Boolean - Is default or not.
- is
Read BooleanOnly - Read only or not.
- k8s
Auth StringEndpoint - The path where Kubernetes Auth is enabled in Vault.
- name String
- Name of the resource.
- namespace String
- Vault namespace where the Secret will be created.
- org
Id String - Unique identifier of the organization.
- project
Id String - Unique identifier of the project.
- read
Only Boolean - Read only.
- renew
App BooleanRole Token - Boolean value to indicate if AppRole token renewal is enabled or not.
- renewal
Interval NumberMinutes - The time interval for the token renewal.
- secret
Engine BooleanManually Configured - Manually entered Secret Engine.
- secret
Engine StringName - Name of the Secret Engine.
- secret
Engine NumberVersion - Version of Secret Engine.
- secret
Id String - ID of the Secret.
- service
Account StringToken Path - The Service Account token path in the K8s pod where the token is mounted.
- sink
Path String - The location from which the authentication token should be read.
- List<String>
- Tags to associate with the resource.
- use
Aws BooleanIam - Boolean value to indicate if AWS IAM is used for authentication.
- use
K8s BooleanAuth - Boolean value to indicate if K8s Auth is used for authentication.
- use
Vault BooleanAgent - Boolean value to indicate if Vault Agent is used for authentication.
- vault
Aws StringIam Role - The Vault role defined to bind to aws iam account/role being accessed.
- vault
K8s StringAuth Role - The role where K8s Auth will happen.
- vault
Url String - URL of the HashiCorp Vault.
- xvault
Aws StringIam Server Id - The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
Import
Import account level vault connector
$ pulumi import harness:platform/vaultConnector:VaultConnector example <connector_id>
Import org level vault connector
$ pulumi import harness:platform/vaultConnector:VaultConnector example <ord_id>/<connector_id>
Import project level vault connector
$ pulumi import harness:platform/vaultConnector:VaultConnector example <org_id>/<project_id>/<connector_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- harness pulumi/pulumi-harness
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
harness
Terraform Provider.