vault.database.SecretBackendRole
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const db = new vault.Mount("db", {
path: "postgres",
type: "database",
});
const postgres = new vault.database.SecretBackendConnection("postgres", {
backend: db.path,
name: "postgres",
allowedRoles: [
"dev",
"prod",
],
postgresql: {
connectionUrl: "postgres://username:password@host:port/database",
},
});
const role = new vault.database.SecretBackendRole("role", {
backend: db.path,
name: "dev",
dbName: postgres.name,
creationStatements: ["CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"],
});
import pulumi
import pulumi_vault as vault
db = vault.Mount("db",
path="postgres",
type="database")
postgres = vault.database.SecretBackendConnection("postgres",
backend=db.path,
name="postgres",
allowed_roles=[
"dev",
"prod",
],
postgresql={
"connection_url": "postgres://username:password@host:port/database",
})
role = vault.database.SecretBackendRole("role",
backend=db.path,
name="dev",
db_name=postgres.name,
creation_statements=["CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"])
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/database"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
db, err := vault.NewMount(ctx, "db", &vault.MountArgs{
Path: pulumi.String("postgres"),
Type: pulumi.String("database"),
})
if err != nil {
return err
}
postgres, err := database.NewSecretBackendConnection(ctx, "postgres", &database.SecretBackendConnectionArgs{
Backend: db.Path,
Name: pulumi.String("postgres"),
AllowedRoles: pulumi.StringArray{
pulumi.String("dev"),
pulumi.String("prod"),
},
Postgresql: &database.SecretBackendConnectionPostgresqlArgs{
ConnectionUrl: pulumi.String("postgres://username:password@host:port/database"),
},
})
if err != nil {
return err
}
_, err = database.NewSecretBackendRole(ctx, "role", &database.SecretBackendRoleArgs{
Backend: db.Path,
Name: pulumi.String("dev"),
DbName: postgres.Name,
CreationStatements: pulumi.StringArray{
pulumi.String("CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var db = new Vault.Mount("db", new()
{
Path = "postgres",
Type = "database",
});
var postgres = new Vault.Database.SecretBackendConnection("postgres", new()
{
Backend = db.Path,
Name = "postgres",
AllowedRoles = new[]
{
"dev",
"prod",
},
Postgresql = new Vault.Database.Inputs.SecretBackendConnectionPostgresqlArgs
{
ConnectionUrl = "postgres://username:password@host:port/database",
},
});
var role = new Vault.Database.SecretBackendRole("role", new()
{
Backend = db.Path,
Name = "dev",
DbName = postgres.Name,
CreationStatements = new[]
{
"CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.database.SecretBackendConnection;
import com.pulumi.vault.database.SecretBackendConnectionArgs;
import com.pulumi.vault.database.inputs.SecretBackendConnectionPostgresqlArgs;
import com.pulumi.vault.database.SecretBackendRole;
import com.pulumi.vault.database.SecretBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var db = new Mount("db", MountArgs.builder()
.path("postgres")
.type("database")
.build());
var postgres = new SecretBackendConnection("postgres", SecretBackendConnectionArgs.builder()
.backend(db.path())
.name("postgres")
.allowedRoles(
"dev",
"prod")
.postgresql(SecretBackendConnectionPostgresqlArgs.builder()
.connectionUrl("postgres://username:password@host:port/database")
.build())
.build());
var role = new SecretBackendRole("role", SecretBackendRoleArgs.builder()
.backend(db.path())
.name("dev")
.dbName(postgres.name())
.creationStatements("CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';")
.build());
}
}
resources:
db:
type: vault:Mount
properties:
path: postgres
type: database
postgres:
type: vault:database:SecretBackendConnection
properties:
backend: ${db.path}
name: postgres
allowedRoles:
- dev
- prod
postgresql:
connectionUrl: postgres://username:password@host:port/database
role:
type: vault:database:SecretBackendRole
properties:
backend: ${db.path}
name: dev
dbName: ${postgres.name}
creationStatements:
- CREATE ROLE "{{name}}" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';
Create SecretBackendRole Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecretBackendRole(name: string, args: SecretBackendRoleArgs, opts?: CustomResourceOptions);
@overload
def SecretBackendRole(resource_name: str,
args: SecretBackendRoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecretBackendRole(resource_name: str,
opts: Optional[ResourceOptions] = None,
backend: Optional[str] = None,
creation_statements: Optional[Sequence[str]] = None,
db_name: Optional[str] = None,
credential_config: Optional[Mapping[str, str]] = None,
credential_type: Optional[str] = None,
default_ttl: Optional[int] = None,
max_ttl: Optional[int] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
renew_statements: Optional[Sequence[str]] = None,
revocation_statements: Optional[Sequence[str]] = None,
rollback_statements: Optional[Sequence[str]] = None)
func NewSecretBackendRole(ctx *Context, name string, args SecretBackendRoleArgs, opts ...ResourceOption) (*SecretBackendRole, error)
public SecretBackendRole(string name, SecretBackendRoleArgs args, CustomResourceOptions? opts = null)
public SecretBackendRole(String name, SecretBackendRoleArgs args)
public SecretBackendRole(String name, SecretBackendRoleArgs args, CustomResourceOptions options)
type: vault:database:SecretBackendRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretBackendRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretBackendRoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretBackendRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretBackendRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretBackendRoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplesecretBackendRoleResourceResourceFromDatabasesecretBackendRole = new Vault.Database.SecretBackendRole("examplesecretBackendRoleResourceResourceFromDatabasesecretBackendRole", new()
{
Backend = "string",
CreationStatements = new[]
{
"string",
},
DbName = "string",
CredentialConfig =
{
{ "string", "string" },
},
CredentialType = "string",
DefaultTtl = 0,
MaxTtl = 0,
Name = "string",
Namespace = "string",
RenewStatements = new[]
{
"string",
},
RevocationStatements = new[]
{
"string",
},
RollbackStatements = new[]
{
"string",
},
});
example, err := database.NewSecretBackendRole(ctx, "examplesecretBackendRoleResourceResourceFromDatabasesecretBackendRole", &database.SecretBackendRoleArgs{
Backend: pulumi.String("string"),
CreationStatements: pulumi.StringArray{
pulumi.String("string"),
},
DbName: pulumi.String("string"),
CredentialConfig: pulumi.StringMap{
"string": pulumi.String("string"),
},
CredentialType: pulumi.String("string"),
DefaultTtl: pulumi.Int(0),
MaxTtl: pulumi.Int(0),
Name: pulumi.String("string"),
Namespace: pulumi.String("string"),
RenewStatements: pulumi.StringArray{
pulumi.String("string"),
},
RevocationStatements: pulumi.StringArray{
pulumi.String("string"),
},
RollbackStatements: pulumi.StringArray{
pulumi.String("string"),
},
})
var examplesecretBackendRoleResourceResourceFromDatabasesecretBackendRole = new SecretBackendRole("examplesecretBackendRoleResourceResourceFromDatabasesecretBackendRole", SecretBackendRoleArgs.builder()
.backend("string")
.creationStatements("string")
.dbName("string")
.credentialConfig(Map.of("string", "string"))
.credentialType("string")
.defaultTtl(0)
.maxTtl(0)
.name("string")
.namespace("string")
.renewStatements("string")
.revocationStatements("string")
.rollbackStatements("string")
.build());
examplesecret_backend_role_resource_resource_from_databasesecret_backend_role = vault.database.SecretBackendRole("examplesecretBackendRoleResourceResourceFromDatabasesecretBackendRole",
backend="string",
creation_statements=["string"],
db_name="string",
credential_config={
"string": "string",
},
credential_type="string",
default_ttl=0,
max_ttl=0,
name="string",
namespace="string",
renew_statements=["string"],
revocation_statements=["string"],
rollback_statements=["string"])
const examplesecretBackendRoleResourceResourceFromDatabasesecretBackendRole = new vault.database.SecretBackendRole("examplesecretBackendRoleResourceResourceFromDatabasesecretBackendRole", {
backend: "string",
creationStatements: ["string"],
dbName: "string",
credentialConfig: {
string: "string",
},
credentialType: "string",
defaultTtl: 0,
maxTtl: 0,
name: "string",
namespace: "string",
renewStatements: ["string"],
revocationStatements: ["string"],
rollbackStatements: ["string"],
});
type: vault:database:SecretBackendRole
properties:
backend: string
creationStatements:
- string
credentialConfig:
string: string
credentialType: string
dbName: string
defaultTtl: 0
maxTtl: 0
name: string
namespace: string
renewStatements:
- string
revocationStatements:
- string
rollbackStatements:
- string
SecretBackendRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecretBackendRole resource accepts the following input properties:
- Backend string
- The unique name of the Vault mount to configure.
- Creation
Statements List<string> - The database statements to execute when creating a user.
- Db
Name string - The unique name of the database connection to use for the role.
- Credential
Config Dictionary<string, string> Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- Credential
Type string - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - Default
Ttl int - The default number of seconds for leases for this role.
- Max
Ttl int - The maximum number of seconds for leases for this role.
- Name string
- A unique name to give the role.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Renew
Statements List<string> - The database statements to execute when renewing a user.
- Revocation
Statements List<string> - The database statements to execute when revoking a user.
- Rollback
Statements List<string> - The database statements to execute when rolling back creation due to an error.
- Backend string
- The unique name of the Vault mount to configure.
- Creation
Statements []string - The database statements to execute when creating a user.
- Db
Name string - The unique name of the database connection to use for the role.
- Credential
Config map[string]string Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- Credential
Type string - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - Default
Ttl int - The default number of seconds for leases for this role.
- Max
Ttl int - The maximum number of seconds for leases for this role.
- Name string
- A unique name to give the role.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Renew
Statements []string - The database statements to execute when renewing a user.
- Revocation
Statements []string - The database statements to execute when revoking a user.
- Rollback
Statements []string - The database statements to execute when rolling back creation due to an error.
- backend String
- The unique name of the Vault mount to configure.
- creation
Statements List<String> - The database statements to execute when creating a user.
- db
Name String - The unique name of the database connection to use for the role.
- credential
Config Map<String,String> Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- credential
Type String - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - default
Ttl Integer - The default number of seconds for leases for this role.
- max
Ttl Integer - The maximum number of seconds for leases for this role.
- name String
- A unique name to give the role.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - renew
Statements List<String> - The database statements to execute when renewing a user.
- revocation
Statements List<String> - The database statements to execute when revoking a user.
- rollback
Statements List<String> - The database statements to execute when rolling back creation due to an error.
- backend string
- The unique name of the Vault mount to configure.
- creation
Statements string[] - The database statements to execute when creating a user.
- db
Name string - The unique name of the database connection to use for the role.
- credential
Config {[key: string]: string} Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- credential
Type string - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - default
Ttl number - The default number of seconds for leases for this role.
- max
Ttl number - The maximum number of seconds for leases for this role.
- name string
- A unique name to give the role.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - renew
Statements string[] - The database statements to execute when renewing a user.
- revocation
Statements string[] - The database statements to execute when revoking a user.
- rollback
Statements string[] - The database statements to execute when rolling back creation due to an error.
- backend str
- The unique name of the Vault mount to configure.
- creation_
statements Sequence[str] - The database statements to execute when creating a user.
- db_
name str - The unique name of the database connection to use for the role.
- credential_
config Mapping[str, str] Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- credential_
type str - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - default_
ttl int - The default number of seconds for leases for this role.
- max_
ttl int - The maximum number of seconds for leases for this role.
- name str
- A unique name to give the role.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - renew_
statements Sequence[str] - The database statements to execute when renewing a user.
- revocation_
statements Sequence[str] - The database statements to execute when revoking a user.
- rollback_
statements Sequence[str] - The database statements to execute when rolling back creation due to an error.
- backend String
- The unique name of the Vault mount to configure.
- creation
Statements List<String> - The database statements to execute when creating a user.
- db
Name String - The unique name of the database connection to use for the role.
- credential
Config Map<String> Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- credential
Type String - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - default
Ttl Number - The default number of seconds for leases for this role.
- max
Ttl Number - The maximum number of seconds for leases for this role.
- name String
- A unique name to give the role.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - renew
Statements List<String> - The database statements to execute when renewing a user.
- revocation
Statements List<String> - The database statements to execute when revoking a user.
- rollback
Statements List<String> - The database statements to execute when rolling back creation due to an error.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecretBackendRole resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecretBackendRole Resource
Get an existing SecretBackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretBackendRoleState, opts?: CustomResourceOptions): SecretBackendRole
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
backend: Optional[str] = None,
creation_statements: Optional[Sequence[str]] = None,
credential_config: Optional[Mapping[str, str]] = None,
credential_type: Optional[str] = None,
db_name: Optional[str] = None,
default_ttl: Optional[int] = None,
max_ttl: Optional[int] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
renew_statements: Optional[Sequence[str]] = None,
revocation_statements: Optional[Sequence[str]] = None,
rollback_statements: Optional[Sequence[str]] = None) -> SecretBackendRole
func GetSecretBackendRole(ctx *Context, name string, id IDInput, state *SecretBackendRoleState, opts ...ResourceOption) (*SecretBackendRole, error)
public static SecretBackendRole Get(string name, Input<string> id, SecretBackendRoleState? state, CustomResourceOptions? opts = null)
public static SecretBackendRole get(String name, Output<String> id, SecretBackendRoleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Backend string
- The unique name of the Vault mount to configure.
- Creation
Statements List<string> - The database statements to execute when creating a user.
- Credential
Config Dictionary<string, string> Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- Credential
Type string - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - Db
Name string - The unique name of the database connection to use for the role.
- Default
Ttl int - The default number of seconds for leases for this role.
- Max
Ttl int - The maximum number of seconds for leases for this role.
- Name string
- A unique name to give the role.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Renew
Statements List<string> - The database statements to execute when renewing a user.
- Revocation
Statements List<string> - The database statements to execute when revoking a user.
- Rollback
Statements List<string> - The database statements to execute when rolling back creation due to an error.
- Backend string
- The unique name of the Vault mount to configure.
- Creation
Statements []string - The database statements to execute when creating a user.
- Credential
Config map[string]string Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- Credential
Type string - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - Db
Name string - The unique name of the database connection to use for the role.
- Default
Ttl int - The default number of seconds for leases for this role.
- Max
Ttl int - The maximum number of seconds for leases for this role.
- Name string
- A unique name to give the role.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Renew
Statements []string - The database statements to execute when renewing a user.
- Revocation
Statements []string - The database statements to execute when revoking a user.
- Rollback
Statements []string - The database statements to execute when rolling back creation due to an error.
- backend String
- The unique name of the Vault mount to configure.
- creation
Statements List<String> - The database statements to execute when creating a user.
- credential
Config Map<String,String> Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- credential
Type String - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - db
Name String - The unique name of the database connection to use for the role.
- default
Ttl Integer - The default number of seconds for leases for this role.
- max
Ttl Integer - The maximum number of seconds for leases for this role.
- name String
- A unique name to give the role.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - renew
Statements List<String> - The database statements to execute when renewing a user.
- revocation
Statements List<String> - The database statements to execute when revoking a user.
- rollback
Statements List<String> - The database statements to execute when rolling back creation due to an error.
- backend string
- The unique name of the Vault mount to configure.
- creation
Statements string[] - The database statements to execute when creating a user.
- credential
Config {[key: string]: string} Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- credential
Type string - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - db
Name string - The unique name of the database connection to use for the role.
- default
Ttl number - The default number of seconds for leases for this role.
- max
Ttl number - The maximum number of seconds for leases for this role.
- name string
- A unique name to give the role.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - renew
Statements string[] - The database statements to execute when renewing a user.
- revocation
Statements string[] - The database statements to execute when revoking a user.
- rollback
Statements string[] - The database statements to execute when rolling back creation due to an error.
- backend str
- The unique name of the Vault mount to configure.
- creation_
statements Sequence[str] - The database statements to execute when creating a user.
- credential_
config Mapping[str, str] Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- credential_
type str - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - db_
name str - The unique name of the database connection to use for the role.
- default_
ttl int - The default number of seconds for leases for this role.
- max_
ttl int - The maximum number of seconds for leases for this role.
- name str
- A unique name to give the role.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - renew_
statements Sequence[str] - The database statements to execute when renewing a user.
- revocation_
statements Sequence[str] - The database statements to execute when revoking a user.
- rollback_
statements Sequence[str] - The database statements to execute when rolling back creation due to an error.
- backend String
- The unique name of the Vault mount to configure.
- creation
Statements List<String> - The database statements to execute when creating a user.
- credential
Config Map<String> Specifies the configuration for the given
credential_type
.The following options are available for each
credential_type
value:- credential
Type String - Specifies the type of credential that
will be generated for the role. Options include:
password
,rsa_private_key
,client_certificate
. See the plugin's API page for credential types supported by individual databases. - db
Name String - The unique name of the database connection to use for the role.
- default
Ttl Number - The default number of seconds for leases for this role.
- max
Ttl Number - The maximum number of seconds for leases for this role.
- name String
- A unique name to give the role.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - renew
Statements List<String> - The database statements to execute when renewing a user.
- revocation
Statements List<String> - The database statements to execute when revoking a user.
- rollback
Statements List<String> - The database statements to execute when rolling back creation due to an error.
Import
Database secret backend roles can be imported using the backend
, /roles/
, and the name
e.g.
$ pulumi import vault:database/secretBackendRole:SecretBackendRole example postgres/roles/my-role
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.