1. Packages
  2. Pulumi Vault Provider
  3. API Docs
  4. aws
  5. getAccessCredentials
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

vault.aws.getAccessCredentials

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Example Usage

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    resources:
      aws:
        type: vault:aws:SecretBackend
        properties:
          accessKey: AKIA.....
          secretKey: SECRETKEYFROMAWS
      role:
        type: vault:aws:SecretBackendRole
        properties:
          backend: ${aws.path}
          name: test
          policy: |
            {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "iam:*",
                  "Resource": "*"
                }
              ]
            }        
    variables:
      # generally, these blocks would be in a different module
      creds:
        fn::invoke:
          Function: vault:aws:getAccessCredentials
          Arguments:
            backend: ${aws.path}
            role: ${role.name}
    

    Using getAccessCredentials

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAccessCredentials(args: GetAccessCredentialsArgs, opts?: InvokeOptions): Promise<GetAccessCredentialsResult>
    function getAccessCredentialsOutput(args: GetAccessCredentialsOutputArgs, opts?: InvokeOptions): Output<GetAccessCredentialsResult>
    def get_access_credentials(backend: Optional[str] = None,
                               namespace: Optional[str] = None,
                               region: Optional[str] = None,
                               role: Optional[str] = None,
                               role_arn: Optional[str] = None,
                               ttl: Optional[str] = None,
                               type: Optional[str] = None,
                               opts: Optional[InvokeOptions] = None) -> GetAccessCredentialsResult
    def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
                               namespace: Optional[pulumi.Input[str]] = None,
                               region: Optional[pulumi.Input[str]] = None,
                               role: Optional[pulumi.Input[str]] = None,
                               role_arn: Optional[pulumi.Input[str]] = None,
                               ttl: Optional[pulumi.Input[str]] = None,
                               type: Optional[pulumi.Input[str]] = None,
                               opts: Optional[InvokeOptions] = None) -> Output[GetAccessCredentialsResult]
    func GetAccessCredentials(ctx *Context, args *GetAccessCredentialsArgs, opts ...InvokeOption) (*GetAccessCredentialsResult, error)
    func GetAccessCredentialsOutput(ctx *Context, args *GetAccessCredentialsOutputArgs, opts ...InvokeOption) GetAccessCredentialsResultOutput

    > Note: This function is named GetAccessCredentials in the Go SDK.

    public static class GetAccessCredentials 
    {
        public static Task<GetAccessCredentialsResult> InvokeAsync(GetAccessCredentialsArgs args, InvokeOptions? opts = null)
        public static Output<GetAccessCredentialsResult> Invoke(GetAccessCredentialsInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAccessCredentialsResult> getAccessCredentials(GetAccessCredentialsArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:aws/getAccessCredentials:getAccessCredentials
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Backend string
    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.
    Role string
    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Region string
    The region the read credentials belong to.
    RoleArn string
    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
    Ttl string
    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token
    Type string
    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.
    Backend string
    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.
    Role string
    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Region string
    The region the read credentials belong to.
    RoleArn string
    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
    Ttl string
    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token
    Type string
    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.
    backend String
    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.
    role String
    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    region String
    The region the read credentials belong to.
    roleArn String
    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
    ttl String
    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token
    type String
    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.
    backend string
    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.
    role string
    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    region string
    The region the read credentials belong to.
    roleArn string
    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
    ttl string
    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token
    type string
    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.
    backend str
    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.
    role str
    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    region str
    The region the read credentials belong to.
    role_arn str
    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
    ttl str
    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token
    type str
    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.
    backend String
    The path to the AWS secret backend to read credentials from, with no leading or trailing /s.
    role String
    The name of the AWS secret backend role to read credentials from, with no leading or trailing /s.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    region String
    The region the read credentials belong to.
    roleArn String
    The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
    ttl String
    Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when credential_type of the connected vault.aws.SecretBackendRole resource is assumed_role or federation_token
    type String
    The type of credentials to read. Defaults to "creds", which just returns an AWS Access Key ID and Secret Key. Can also be set to "sts", which will return a security token in addition to the keys.

    getAccessCredentials Result

    The following output properties are available:

    AccessKey string
    The AWS Access Key ID returned by Vault.
    Backend string
    Id string
    The provider-assigned unique ID for this managed resource.
    LeaseDuration int
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    LeaseId string
    The lease identifier assigned by Vault.
    LeaseRenewable bool
    LeaseStartTime string
    Role string
    SecretKey string
    The AWS Secret Key returned by Vault.
    SecurityToken string
    The STS token returned by Vault, if any.
    Namespace string
    Region string
    RoleArn string
    Ttl string
    Type string
    AccessKey string
    The AWS Access Key ID returned by Vault.
    Backend string
    Id string
    The provider-assigned unique ID for this managed resource.
    LeaseDuration int
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    LeaseId string
    The lease identifier assigned by Vault.
    LeaseRenewable bool
    LeaseStartTime string
    Role string
    SecretKey string
    The AWS Secret Key returned by Vault.
    SecurityToken string
    The STS token returned by Vault, if any.
    Namespace string
    Region string
    RoleArn string
    Ttl string
    Type string
    accessKey String
    The AWS Access Key ID returned by Vault.
    backend String
    id String
    The provider-assigned unique ID for this managed resource.
    leaseDuration Integer
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    leaseId String
    The lease identifier assigned by Vault.
    leaseRenewable Boolean
    leaseStartTime String
    role String
    secretKey String
    The AWS Secret Key returned by Vault.
    securityToken String
    The STS token returned by Vault, if any.
    namespace String
    region String
    roleArn String
    ttl String
    type String
    accessKey string
    The AWS Access Key ID returned by Vault.
    backend string
    id string
    The provider-assigned unique ID for this managed resource.
    leaseDuration number
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    leaseId string
    The lease identifier assigned by Vault.
    leaseRenewable boolean
    leaseStartTime string
    role string
    secretKey string
    The AWS Secret Key returned by Vault.
    securityToken string
    The STS token returned by Vault, if any.
    namespace string
    region string
    roleArn string
    ttl string
    type string
    access_key str
    The AWS Access Key ID returned by Vault.
    backend str
    id str
    The provider-assigned unique ID for this managed resource.
    lease_duration int
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    lease_id str
    The lease identifier assigned by Vault.
    lease_renewable bool
    lease_start_time str
    role str
    secret_key str
    The AWS Secret Key returned by Vault.
    security_token str
    The STS token returned by Vault, if any.
    namespace str
    region str
    role_arn str
    ttl str
    type str
    accessKey String
    The AWS Access Key ID returned by Vault.
    backend String
    id String
    The provider-assigned unique ID for this managed resource.
    leaseDuration Number
    The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
    leaseId String
    The lease identifier assigned by Vault.
    leaseRenewable Boolean
    leaseStartTime String
    role String
    secretKey String
    The AWS Secret Key returned by Vault.
    securityToken String
    The STS token returned by Vault, if any.
    namespace String
    region String
    roleArn String
    ttl String
    type String

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi