vault.database.SecretsMount
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const db = new vault.database.SecretsMount("db", {
path: "db",
mssqls: [{
name: "db1",
username: "sa",
password: "super_secret_1",
connectionUrl: "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
allowedRoles: ["dev1"],
}],
postgresqls: [{
name: "db2",
username: "postgres",
password: "super_secret_2",
connectionUrl: "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
verifyConnection: true,
allowedRoles: ["dev2"],
}],
});
const dev1 = new vault.database.SecretBackendRole("dev1", {
name: "dev1",
backend: db.path,
dbName: db.mssqls.apply(mssqls => mssqls?.[0]?.name),
creationStatements: [
"CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';",
"CREATE USER [{{name}}] FOR LOGIN [{{name}}];",
"GRANT SELECT ON SCHEMA::dbo TO [{{name}}];",
],
});
const dev2 = new vault.database.SecretBackendRole("dev2", {
name: "dev2",
backend: db.path,
dbName: db.postgresqls.apply(postgresqls => postgresqls?.[0]?.name),
creationStatements: [
"CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';",
"GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";",
],
});
import pulumi
import pulumi_vault as vault
db = vault.database.SecretsMount("db",
path="db",
mssqls=[{
"name": "db1",
"username": "sa",
"password": "super_secret_1",
"connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
"allowed_roles": ["dev1"],
}],
postgresqls=[{
"name": "db2",
"username": "postgres",
"password": "super_secret_2",
"connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
"verify_connection": True,
"allowed_roles": ["dev2"],
}])
dev1 = vault.database.SecretBackendRole("dev1",
name="dev1",
backend=db.path,
db_name=db.mssqls[0].name,
creation_statements=[
"CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';",
"CREATE USER [{{name}}] FOR LOGIN [{{name}}];",
"GRANT SELECT ON SCHEMA::dbo TO [{{name}}];",
])
dev2 = vault.database.SecretBackendRole("dev2",
name="dev2",
backend=db.path,
db_name=db.postgresqls[0].name,
creation_statements=[
"CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';",
"GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";",
])
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/database"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
db, err := database.NewSecretsMount(ctx, "db", &database.SecretsMountArgs{
Path: pulumi.String("db"),
Mssqls: database.SecretsMountMssqlArray{
&database.SecretsMountMssqlArgs{
Name: pulumi.String("db1"),
Username: pulumi.String("sa"),
Password: pulumi.String("super_secret_1"),
ConnectionUrl: pulumi.String("sqlserver://{{username}}:{{password}}@127.0.0.1:1433"),
AllowedRoles: pulumi.StringArray{
pulumi.String("dev1"),
},
},
},
Postgresqls: database.SecretsMountPostgresqlArray{
&database.SecretsMountPostgresqlArgs{
Name: pulumi.String("db2"),
Username: pulumi.String("postgres"),
Password: pulumi.String("super_secret_2"),
ConnectionUrl: pulumi.String("postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres"),
VerifyConnection: pulumi.Bool(true),
AllowedRoles: pulumi.StringArray{
pulumi.String("dev2"),
},
},
},
})
if err != nil {
return err
}
_, err = database.NewSecretBackendRole(ctx, "dev1", &database.SecretBackendRoleArgs{
Name: pulumi.String("dev1"),
Backend: db.Path,
DbName: pulumi.String(db.Mssqls.ApplyT(func(mssqls []database.SecretsMountMssql) (*string, error) {
return &mssqls[0].Name, nil
}).(pulumi.StringPtrOutput)),
CreationStatements: pulumi.StringArray{
pulumi.String("CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';"),
pulumi.String("CREATE USER [{{name}}] FOR LOGIN [{{name}}];"),
pulumi.String("GRANT SELECT ON SCHEMA::dbo TO [{{name}}];"),
},
})
if err != nil {
return err
}
_, err = database.NewSecretBackendRole(ctx, "dev2", &database.SecretBackendRoleArgs{
Name: pulumi.String("dev2"),
Backend: db.Path,
DbName: pulumi.String(db.Postgresqls.ApplyT(func(postgresqls []database.SecretsMountPostgresql) (*string, error) {
return &postgresqls[0].Name, nil
}).(pulumi.StringPtrOutput)),
CreationStatements: pulumi.StringArray{
pulumi.String("CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"),
pulumi.String("GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var db = new Vault.Database.SecretsMount("db", new()
{
Path = "db",
Mssqls = new[]
{
new Vault.Database.Inputs.SecretsMountMssqlArgs
{
Name = "db1",
Username = "sa",
Password = "super_secret_1",
ConnectionUrl = "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
AllowedRoles = new[]
{
"dev1",
},
},
},
Postgresqls = new[]
{
new Vault.Database.Inputs.SecretsMountPostgresqlArgs
{
Name = "db2",
Username = "postgres",
Password = "super_secret_2",
ConnectionUrl = "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
VerifyConnection = true,
AllowedRoles = new[]
{
"dev2",
},
},
},
});
var dev1 = new Vault.Database.SecretBackendRole("dev1", new()
{
Name = "dev1",
Backend = db.Path,
DbName = db.Mssqls.Apply(mssqls => mssqls[0]?.Name),
CreationStatements = new[]
{
"CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';",
"CREATE USER [{{name}}] FOR LOGIN [{{name}}];",
"GRANT SELECT ON SCHEMA::dbo TO [{{name}}];",
},
});
var dev2 = new Vault.Database.SecretBackendRole("dev2", new()
{
Name = "dev2",
Backend = db.Path,
DbName = db.Postgresqls.Apply(postgresqls => postgresqls[0]?.Name),
CreationStatements = new[]
{
"CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';",
"GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.database.SecretsMount;
import com.pulumi.vault.database.SecretsMountArgs;
import com.pulumi.vault.database.inputs.SecretsMountMssqlArgs;
import com.pulumi.vault.database.inputs.SecretsMountPostgresqlArgs;
import com.pulumi.vault.database.SecretBackendRole;
import com.pulumi.vault.database.SecretBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var db = new SecretsMount("db", SecretsMountArgs.builder()
.path("db")
.mssqls(SecretsMountMssqlArgs.builder()
.name("db1")
.username("sa")
.password("super_secret_1")
.connectionUrl("sqlserver://{{username}}:{{password}}@127.0.0.1:1433")
.allowedRoles("dev1")
.build())
.postgresqls(SecretsMountPostgresqlArgs.builder()
.name("db2")
.username("postgres")
.password("super_secret_2")
.connectionUrl("postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres")
.verifyConnection(true)
.allowedRoles("dev2")
.build())
.build());
var dev1 = new SecretBackendRole("dev1", SecretBackendRoleArgs.builder()
.name("dev1")
.backend(db.path())
.dbName(db.mssqls().applyValue(mssqls -> mssqls[0].name()))
.creationStatements(
"CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';",
"CREATE USER [{{name}}] FOR LOGIN [{{name}}];",
"GRANT SELECT ON SCHEMA::dbo TO [{{name}}];")
.build());
var dev2 = new SecretBackendRole("dev2", SecretBackendRoleArgs.builder()
.name("dev2")
.backend(db.path())
.dbName(db.postgresqls().applyValue(postgresqls -> postgresqls[0].name()))
.creationStatements(
"CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';",
"GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";")
.build());
}
}
resources:
db:
type: vault:database:SecretsMount
properties:
path: db
mssqls:
- name: db1
username: sa
password: super_secret_1
connectionUrl: sqlserver://{{username}}:{{password}}@127.0.0.1:1433
allowedRoles:
- dev1
postgresqls:
- name: db2
username: postgres
password: super_secret_2
connectionUrl: postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres
verifyConnection: true
allowedRoles:
- dev2
dev1:
type: vault:database:SecretBackendRole
properties:
name: dev1
backend: ${db.path}
dbName: ${db.mssqls[0].name}
creationStatements:
- CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';
- CREATE USER [{{name}}] FOR LOGIN [{{name}}];
- GRANT SELECT ON SCHEMA::dbo TO [{{name}}];
dev2:
type: vault:database:SecretBackendRole
properties:
name: dev2
backend: ${db.path}
dbName: ${db.postgresqls[0].name}
creationStatements:
- CREATE ROLE "{{name}}" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';
- GRANT SELECT ON ALL TABLES IN SCHEMA public TO "{{name}}";
Create SecretsMount Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecretsMount(name: string, args: SecretsMountArgs, opts?: CustomResourceOptions);
@overload
def SecretsMount(resource_name: str,
args: SecretsMountArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecretsMount(resource_name: str,
opts: Optional[ResourceOptions] = None,
path: Optional[str] = None,
mongodbs: Optional[Sequence[SecretsMountMongodbArgs]] = None,
cassandras: Optional[Sequence[SecretsMountCassandraArgs]] = None,
audit_non_hmac_response_keys: Optional[Sequence[str]] = None,
allowed_managed_keys: Optional[Sequence[str]] = None,
couchbases: Optional[Sequence[SecretsMountCouchbaseArgs]] = None,
mssqls: Optional[Sequence[SecretsMountMssqlArgs]] = None,
delegated_auth_accessors: Optional[Sequence[str]] = None,
description: Optional[str] = None,
elasticsearches: Optional[Sequence[SecretsMountElasticsearchArgs]] = None,
external_entropy_access: Optional[bool] = None,
hanas: Optional[Sequence[SecretsMountHanaArgs]] = None,
identity_token_key: Optional[str] = None,
influxdbs: Optional[Sequence[SecretsMountInfluxdbArgs]] = None,
listing_visibility: Optional[str] = None,
local: Optional[bool] = None,
max_lease_ttl_seconds: Optional[int] = None,
seal_wrap: Optional[bool] = None,
audit_non_hmac_request_keys: Optional[Sequence[str]] = None,
default_lease_ttl_seconds: Optional[int] = None,
mysql_auroras: Optional[Sequence[SecretsMountMysqlAuroraArgs]] = None,
mysql_legacies: Optional[Sequence[SecretsMountMysqlLegacyArgs]] = None,
mysql_rds: Optional[Sequence[SecretsMountMysqlRdArgs]] = None,
mysqls: Optional[Sequence[SecretsMountMysqlArgs]] = None,
namespace: Optional[str] = None,
options: Optional[Mapping[str, str]] = None,
oracles: Optional[Sequence[SecretsMountOracleArgs]] = None,
passthrough_request_headers: Optional[Sequence[str]] = None,
allowed_response_headers: Optional[Sequence[str]] = None,
plugin_version: Optional[str] = None,
postgresqls: Optional[Sequence[SecretsMountPostgresqlArgs]] = None,
redis: Optional[Sequence[SecretsMountRediArgs]] = None,
redis_elasticaches: Optional[Sequence[SecretsMountRedisElasticachArgs]] = None,
redshifts: Optional[Sequence[SecretsMountRedshiftArgs]] = None,
mongodbatlas: Optional[Sequence[SecretsMountMongodbatlaArgs]] = None,
snowflakes: Optional[Sequence[SecretsMountSnowflakeArgs]] = None)
func NewSecretsMount(ctx *Context, name string, args SecretsMountArgs, opts ...ResourceOption) (*SecretsMount, error)
public SecretsMount(string name, SecretsMountArgs args, CustomResourceOptions? opts = null)
public SecretsMount(String name, SecretsMountArgs args)
public SecretsMount(String name, SecretsMountArgs args, CustomResourceOptions options)
type: vault:database:SecretsMount
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretsMountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretsMountArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretsMountArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretsMountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretsMountArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secretsMountResource = new Vault.Database.SecretsMount("secretsMountResource", new()
{
Path = "string",
Mongodbs = new[]
{
new Vault.Database.Inputs.SecretsMountMongodbArgs
{
Name = "string",
MaxConnectionLifetime = 0,
Data =
{
{ "string", "string" },
},
AllowedRoles = new[]
{
"string",
},
MaxIdleConnections = 0,
MaxOpenConnections = 0,
ConnectionUrl = "string",
Password = "string",
PluginName = "string",
RootRotationStatements = new[]
{
"string",
},
Username = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
Cassandras = new[]
{
new Vault.Database.Inputs.SecretsMountCassandraArgs
{
Name = "string",
PemJson = "string",
PemBundle = "string",
Hosts = new[]
{
"string",
},
InsecureTls = false,
PluginName = "string",
Password = "string",
Data =
{
{ "string", "string" },
},
AllowedRoles = new[]
{
"string",
},
ConnectTimeout = 0,
Port = 0,
ProtocolVersion = 0,
RootRotationStatements = new[]
{
"string",
},
SkipVerification = false,
Tls = false,
Username = "string",
VerifyConnection = false,
},
},
AuditNonHmacResponseKeys = new[]
{
"string",
},
AllowedManagedKeys = new[]
{
"string",
},
Couchbases = new[]
{
new Vault.Database.Inputs.SecretsMountCouchbaseArgs
{
Hosts = new[]
{
"string",
},
Username = "string",
Password = "string",
Name = "string",
Data =
{
{ "string", "string" },
},
InsecureTls = false,
AllowedRoles = new[]
{
"string",
},
BucketName = "string",
PluginName = "string",
RootRotationStatements = new[]
{
"string",
},
Tls = false,
Base64Pem = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
Mssqls = new[]
{
new Vault.Database.Inputs.SecretsMountMssqlArgs
{
Name = "string",
MaxIdleConnections = 0,
ConnectionUrl = "string",
Data =
{
{ "string", "string" },
},
DisableEscaping = false,
MaxConnectionLifetime = 0,
AllowedRoles = new[]
{
"string",
},
MaxOpenConnections = 0,
ContainedDb = false,
Password = "string",
PluginName = "string",
RootRotationStatements = new[]
{
"string",
},
Username = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
DelegatedAuthAccessors = new[]
{
"string",
},
Description = "string",
Elasticsearches = new[]
{
new Vault.Database.Inputs.SecretsMountElasticsearchArgs
{
Url = "string",
Password = "string",
Username = "string",
Name = "string",
Insecure = false,
Data =
{
{ "string", "string" },
},
CaCert = "string",
ClientCert = "string",
ClientKey = "string",
PluginName = "string",
RootRotationStatements = new[]
{
"string",
},
TlsServerName = "string",
AllowedRoles = new[]
{
"string",
},
CaPath = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
ExternalEntropyAccess = false,
Hanas = new[]
{
new Vault.Database.Inputs.SecretsMountHanaArgs
{
Name = "string",
MaxOpenConnections = 0,
Data =
{
{ "string", "string" },
},
DisableEscaping = false,
MaxConnectionLifetime = 0,
MaxIdleConnections = 0,
AllowedRoles = new[]
{
"string",
},
ConnectionUrl = "string",
Password = "string",
PluginName = "string",
RootRotationStatements = new[]
{
"string",
},
Username = "string",
VerifyConnection = false,
},
},
IdentityTokenKey = "string",
Influxdbs = new[]
{
new Vault.Database.Inputs.SecretsMountInfluxdbArgs
{
Name = "string",
Username = "string",
Password = "string",
Host = "string",
PemJson = "string",
InsecureTls = false,
Data =
{
{ "string", "string" },
},
PemBundle = "string",
AllowedRoles = new[]
{
"string",
},
PluginName = "string",
Port = 0,
RootRotationStatements = new[]
{
"string",
},
Tls = false,
ConnectTimeout = 0,
UsernameTemplate = "string",
VerifyConnection = false,
},
},
ListingVisibility = "string",
Local = false,
MaxLeaseTtlSeconds = 0,
SealWrap = false,
AuditNonHmacRequestKeys = new[]
{
"string",
},
DefaultLeaseTtlSeconds = 0,
MysqlAuroras = new[]
{
new Vault.Database.Inputs.SecretsMountMysqlAuroraArgs
{
Name = "string",
Password = "string",
AuthType = "string",
Data =
{
{ "string", "string" },
},
MaxConnectionLifetime = 0,
PluginName = "string",
MaxOpenConnections = 0,
ConnectionUrl = "string",
AllowedRoles = new[]
{
"string",
},
MaxIdleConnections = 0,
RootRotationStatements = new[]
{
"string",
},
ServiceAccountJson = "string",
TlsCa = "string",
TlsCertificateKey = "string",
Username = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
MysqlLegacies = new[]
{
new Vault.Database.Inputs.SecretsMountMysqlLegacyArgs
{
Name = "string",
Password = "string",
AuthType = "string",
Data =
{
{ "string", "string" },
},
MaxConnectionLifetime = 0,
PluginName = "string",
MaxOpenConnections = 0,
ConnectionUrl = "string",
AllowedRoles = new[]
{
"string",
},
MaxIdleConnections = 0,
RootRotationStatements = new[]
{
"string",
},
ServiceAccountJson = "string",
TlsCa = "string",
TlsCertificateKey = "string",
Username = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
MysqlRds = new[]
{
new Vault.Database.Inputs.SecretsMountMysqlRdArgs
{
Name = "string",
Password = "string",
AuthType = "string",
Data =
{
{ "string", "string" },
},
MaxConnectionLifetime = 0,
PluginName = "string",
MaxOpenConnections = 0,
ConnectionUrl = "string",
AllowedRoles = new[]
{
"string",
},
MaxIdleConnections = 0,
RootRotationStatements = new[]
{
"string",
},
ServiceAccountJson = "string",
TlsCa = "string",
TlsCertificateKey = "string",
Username = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
Mysqls = new[]
{
new Vault.Database.Inputs.SecretsMountMysqlArgs
{
Name = "string",
Password = "string",
AuthType = "string",
Data =
{
{ "string", "string" },
},
MaxConnectionLifetime = 0,
PluginName = "string",
MaxOpenConnections = 0,
ConnectionUrl = "string",
AllowedRoles = new[]
{
"string",
},
MaxIdleConnections = 0,
RootRotationStatements = new[]
{
"string",
},
ServiceAccountJson = "string",
TlsCa = "string",
TlsCertificateKey = "string",
Username = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
Namespace = "string",
Options =
{
{ "string", "string" },
},
Oracles = new[]
{
new Vault.Database.Inputs.SecretsMountOracleArgs
{
Name = "string",
MaxOpenConnections = 0,
Password = "string",
DisconnectSessions = false,
MaxConnectionLifetime = 0,
MaxIdleConnections = 0,
AllowedRoles = new[]
{
"string",
},
ConnectionUrl = "string",
Data =
{
{ "string", "string" },
},
PluginName = "string",
RootRotationStatements = new[]
{
"string",
},
SplitStatements = false,
Username = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
PassthroughRequestHeaders = new[]
{
"string",
},
AllowedResponseHeaders = new[]
{
"string",
},
PluginVersion = "string",
Postgresqls = new[]
{
new Vault.Database.Inputs.SecretsMountPostgresqlArgs
{
Name = "string",
PluginName = "string",
VerifyConnection = false,
Password = "string",
DisableEscaping = false,
MaxConnectionLifetime = 0,
MaxIdleConnections = 0,
MaxOpenConnections = 0,
AuthType = "string",
Data =
{
{ "string", "string" },
},
ConnectionUrl = "string",
RootRotationStatements = new[]
{
"string",
},
PrivateKey = "string",
SelfManaged = false,
ServiceAccountJson = "string",
TlsCa = "string",
TlsCertificate = "string",
Username = "string",
UsernameTemplate = "string",
AllowedRoles = new[]
{
"string",
},
},
},
Redis = new[]
{
new Vault.Database.Inputs.SecretsMountRediArgs
{
Password = "string",
Host = "string",
Name = "string",
Username = "string",
CaCert = "string",
Data =
{
{ "string", "string" },
},
InsecureTls = false,
AllowedRoles = new[]
{
"string",
},
PluginName = "string",
Port = 0,
RootRotationStatements = new[]
{
"string",
},
Tls = false,
VerifyConnection = false,
},
},
RedisElasticaches = new[]
{
new Vault.Database.Inputs.SecretsMountRedisElasticachArgs
{
Name = "string",
Url = "string",
AllowedRoles = new[]
{
"string",
},
Data =
{
{ "string", "string" },
},
Password = "string",
PluginName = "string",
Region = "string",
RootRotationStatements = new[]
{
"string",
},
Username = "string",
VerifyConnection = false,
},
},
Redshifts = new[]
{
new Vault.Database.Inputs.SecretsMountRedshiftArgs
{
Name = "string",
MaxOpenConnections = 0,
Data =
{
{ "string", "string" },
},
DisableEscaping = false,
MaxConnectionLifetime = 0,
MaxIdleConnections = 0,
AllowedRoles = new[]
{
"string",
},
ConnectionUrl = "string",
Password = "string",
PluginName = "string",
RootRotationStatements = new[]
{
"string",
},
Username = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
Mongodbatlas = new[]
{
new Vault.Database.Inputs.SecretsMountMongodbatlaArgs
{
Name = "string",
PrivateKey = "string",
ProjectId = "string",
PublicKey = "string",
AllowedRoles = new[]
{
"string",
},
Data =
{
{ "string", "string" },
},
PluginName = "string",
RootRotationStatements = new[]
{
"string",
},
VerifyConnection = false,
},
},
Snowflakes = new[]
{
new Vault.Database.Inputs.SecretsMountSnowflakeArgs
{
Name = "string",
MaxConnectionLifetime = 0,
Data =
{
{ "string", "string" },
},
AllowedRoles = new[]
{
"string",
},
MaxIdleConnections = 0,
MaxOpenConnections = 0,
ConnectionUrl = "string",
Password = "string",
PluginName = "string",
RootRotationStatements = new[]
{
"string",
},
Username = "string",
UsernameTemplate = "string",
VerifyConnection = false,
},
},
});
example, err := database.NewSecretsMount(ctx, "secretsMountResource", &database.SecretsMountArgs{
Path: pulumi.String("string"),
Mongodbs: database.SecretsMountMongodbArray{
&database.SecretsMountMongodbArgs{
Name: pulumi.String("string"),
MaxConnectionLifetime: pulumi.Int(0),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
MaxIdleConnections: pulumi.Int(0),
MaxOpenConnections: pulumi.Int(0),
ConnectionUrl: pulumi.String("string"),
Password: pulumi.String("string"),
PluginName: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
Username: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
Cassandras: database.SecretsMountCassandraArray{
&database.SecretsMountCassandraArgs{
Name: pulumi.String("string"),
PemJson: pulumi.String("string"),
PemBundle: pulumi.String("string"),
Hosts: pulumi.StringArray{
pulumi.String("string"),
},
InsecureTls: pulumi.Bool(false),
PluginName: pulumi.String("string"),
Password: pulumi.String("string"),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
ConnectTimeout: pulumi.Int(0),
Port: pulumi.Int(0),
ProtocolVersion: pulumi.Int(0),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
SkipVerification: pulumi.Bool(false),
Tls: pulumi.Bool(false),
Username: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
AuditNonHmacResponseKeys: pulumi.StringArray{
pulumi.String("string"),
},
AllowedManagedKeys: pulumi.StringArray{
pulumi.String("string"),
},
Couchbases: database.SecretsMountCouchbaseArray{
&database.SecretsMountCouchbaseArgs{
Hosts: pulumi.StringArray{
pulumi.String("string"),
},
Username: pulumi.String("string"),
Password: pulumi.String("string"),
Name: pulumi.String("string"),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
InsecureTls: pulumi.Bool(false),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
BucketName: pulumi.String("string"),
PluginName: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
Tls: pulumi.Bool(false),
Base64Pem: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
Mssqls: database.SecretsMountMssqlArray{
&database.SecretsMountMssqlArgs{
Name: pulumi.String("string"),
MaxIdleConnections: pulumi.Int(0),
ConnectionUrl: pulumi.String("string"),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
DisableEscaping: pulumi.Bool(false),
MaxConnectionLifetime: pulumi.Int(0),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
MaxOpenConnections: pulumi.Int(0),
ContainedDb: pulumi.Bool(false),
Password: pulumi.String("string"),
PluginName: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
Username: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
DelegatedAuthAccessors: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Elasticsearches: database.SecretsMountElasticsearchArray{
&database.SecretsMountElasticsearchArgs{
Url: pulumi.String("string"),
Password: pulumi.String("string"),
Username: pulumi.String("string"),
Name: pulumi.String("string"),
Insecure: pulumi.Bool(false),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
CaCert: pulumi.String("string"),
ClientCert: pulumi.String("string"),
ClientKey: pulumi.String("string"),
PluginName: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
TlsServerName: pulumi.String("string"),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
CaPath: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
ExternalEntropyAccess: pulumi.Bool(false),
Hanas: database.SecretsMountHanaArray{
&database.SecretsMountHanaArgs{
Name: pulumi.String("string"),
MaxOpenConnections: pulumi.Int(0),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
DisableEscaping: pulumi.Bool(false),
MaxConnectionLifetime: pulumi.Int(0),
MaxIdleConnections: pulumi.Int(0),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
ConnectionUrl: pulumi.String("string"),
Password: pulumi.String("string"),
PluginName: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
Username: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
IdentityTokenKey: pulumi.String("string"),
Influxdbs: database.SecretsMountInfluxdbArray{
&database.SecretsMountInfluxdbArgs{
Name: pulumi.String("string"),
Username: pulumi.String("string"),
Password: pulumi.String("string"),
Host: pulumi.String("string"),
PemJson: pulumi.String("string"),
InsecureTls: pulumi.Bool(false),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
PemBundle: pulumi.String("string"),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
PluginName: pulumi.String("string"),
Port: pulumi.Int(0),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
Tls: pulumi.Bool(false),
ConnectTimeout: pulumi.Int(0),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
ListingVisibility: pulumi.String("string"),
Local: pulumi.Bool(false),
MaxLeaseTtlSeconds: pulumi.Int(0),
SealWrap: pulumi.Bool(false),
AuditNonHmacRequestKeys: pulumi.StringArray{
pulumi.String("string"),
},
DefaultLeaseTtlSeconds: pulumi.Int(0),
MysqlAuroras: database.SecretsMountMysqlAuroraArray{
&database.SecretsMountMysqlAuroraArgs{
Name: pulumi.String("string"),
Password: pulumi.String("string"),
AuthType: pulumi.String("string"),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
MaxConnectionLifetime: pulumi.Int(0),
PluginName: pulumi.String("string"),
MaxOpenConnections: pulumi.Int(0),
ConnectionUrl: pulumi.String("string"),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
MaxIdleConnections: pulumi.Int(0),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
ServiceAccountJson: pulumi.String("string"),
TlsCa: pulumi.String("string"),
TlsCertificateKey: pulumi.String("string"),
Username: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
MysqlLegacies: database.SecretsMountMysqlLegacyArray{
&database.SecretsMountMysqlLegacyArgs{
Name: pulumi.String("string"),
Password: pulumi.String("string"),
AuthType: pulumi.String("string"),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
MaxConnectionLifetime: pulumi.Int(0),
PluginName: pulumi.String("string"),
MaxOpenConnections: pulumi.Int(0),
ConnectionUrl: pulumi.String("string"),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
MaxIdleConnections: pulumi.Int(0),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
ServiceAccountJson: pulumi.String("string"),
TlsCa: pulumi.String("string"),
TlsCertificateKey: pulumi.String("string"),
Username: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
MysqlRds: database.SecretsMountMysqlRdArray{
&database.SecretsMountMysqlRdArgs{
Name: pulumi.String("string"),
Password: pulumi.String("string"),
AuthType: pulumi.String("string"),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
MaxConnectionLifetime: pulumi.Int(0),
PluginName: pulumi.String("string"),
MaxOpenConnections: pulumi.Int(0),
ConnectionUrl: pulumi.String("string"),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
MaxIdleConnections: pulumi.Int(0),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
ServiceAccountJson: pulumi.String("string"),
TlsCa: pulumi.String("string"),
TlsCertificateKey: pulumi.String("string"),
Username: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
Mysqls: database.SecretsMountMysqlArray{
&database.SecretsMountMysqlArgs{
Name: pulumi.String("string"),
Password: pulumi.String("string"),
AuthType: pulumi.String("string"),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
MaxConnectionLifetime: pulumi.Int(0),
PluginName: pulumi.String("string"),
MaxOpenConnections: pulumi.Int(0),
ConnectionUrl: pulumi.String("string"),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
MaxIdleConnections: pulumi.Int(0),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
ServiceAccountJson: pulumi.String("string"),
TlsCa: pulumi.String("string"),
TlsCertificateKey: pulumi.String("string"),
Username: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
Namespace: pulumi.String("string"),
Options: pulumi.StringMap{
"string": pulumi.String("string"),
},
Oracles: database.SecretsMountOracleArray{
&database.SecretsMountOracleArgs{
Name: pulumi.String("string"),
MaxOpenConnections: pulumi.Int(0),
Password: pulumi.String("string"),
DisconnectSessions: pulumi.Bool(false),
MaxConnectionLifetime: pulumi.Int(0),
MaxIdleConnections: pulumi.Int(0),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
ConnectionUrl: pulumi.String("string"),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
PluginName: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
SplitStatements: pulumi.Bool(false),
Username: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
PassthroughRequestHeaders: pulumi.StringArray{
pulumi.String("string"),
},
AllowedResponseHeaders: pulumi.StringArray{
pulumi.String("string"),
},
PluginVersion: pulumi.String("string"),
Postgresqls: database.SecretsMountPostgresqlArray{
&database.SecretsMountPostgresqlArgs{
Name: pulumi.String("string"),
PluginName: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
Password: pulumi.String("string"),
DisableEscaping: pulumi.Bool(false),
MaxConnectionLifetime: pulumi.Int(0),
MaxIdleConnections: pulumi.Int(0),
MaxOpenConnections: pulumi.Int(0),
AuthType: pulumi.String("string"),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
ConnectionUrl: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
PrivateKey: pulumi.String("string"),
SelfManaged: pulumi.Bool(false),
ServiceAccountJson: pulumi.String("string"),
TlsCa: pulumi.String("string"),
TlsCertificate: pulumi.String("string"),
Username: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Redis: database.SecretsMountRediArray{
&database.SecretsMountRediArgs{
Password: pulumi.String("string"),
Host: pulumi.String("string"),
Name: pulumi.String("string"),
Username: pulumi.String("string"),
CaCert: pulumi.String("string"),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
InsecureTls: pulumi.Bool(false),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
PluginName: pulumi.String("string"),
Port: pulumi.Int(0),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
Tls: pulumi.Bool(false),
VerifyConnection: pulumi.Bool(false),
},
},
RedisElasticaches: database.SecretsMountRedisElasticachArray{
&database.SecretsMountRedisElasticachArgs{
Name: pulumi.String("string"),
Url: pulumi.String("string"),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
Password: pulumi.String("string"),
PluginName: pulumi.String("string"),
Region: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
Username: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
Redshifts: database.SecretsMountRedshiftArray{
&database.SecretsMountRedshiftArgs{
Name: pulumi.String("string"),
MaxOpenConnections: pulumi.Int(0),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
DisableEscaping: pulumi.Bool(false),
MaxConnectionLifetime: pulumi.Int(0),
MaxIdleConnections: pulumi.Int(0),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
ConnectionUrl: pulumi.String("string"),
Password: pulumi.String("string"),
PluginName: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
Username: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
Mongodbatlas: database.SecretsMountMongodbatlaArray{
&database.SecretsMountMongodbatlaArgs{
Name: pulumi.String("string"),
PrivateKey: pulumi.String("string"),
ProjectId: pulumi.String("string"),
PublicKey: pulumi.String("string"),
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
PluginName: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
VerifyConnection: pulumi.Bool(false),
},
},
Snowflakes: database.SecretsMountSnowflakeArray{
&database.SecretsMountSnowflakeArgs{
Name: pulumi.String("string"),
MaxConnectionLifetime: pulumi.Int(0),
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
MaxIdleConnections: pulumi.Int(0),
MaxOpenConnections: pulumi.Int(0),
ConnectionUrl: pulumi.String("string"),
Password: pulumi.String("string"),
PluginName: pulumi.String("string"),
RootRotationStatements: pulumi.StringArray{
pulumi.String("string"),
},
Username: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
VerifyConnection: pulumi.Bool(false),
},
},
})
var secretsMountResource = new SecretsMount("secretsMountResource", SecretsMountArgs.builder()
.path("string")
.mongodbs(SecretsMountMongodbArgs.builder()
.name("string")
.maxConnectionLifetime(0)
.data(Map.of("string", "string"))
.allowedRoles("string")
.maxIdleConnections(0)
.maxOpenConnections(0)
.connectionUrl("string")
.password("string")
.pluginName("string")
.rootRotationStatements("string")
.username("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.cassandras(SecretsMountCassandraArgs.builder()
.name("string")
.pemJson("string")
.pemBundle("string")
.hosts("string")
.insecureTls(false)
.pluginName("string")
.password("string")
.data(Map.of("string", "string"))
.allowedRoles("string")
.connectTimeout(0)
.port(0)
.protocolVersion(0)
.rootRotationStatements("string")
.skipVerification(false)
.tls(false)
.username("string")
.verifyConnection(false)
.build())
.auditNonHmacResponseKeys("string")
.allowedManagedKeys("string")
.couchbases(SecretsMountCouchbaseArgs.builder()
.hosts("string")
.username("string")
.password("string")
.name("string")
.data(Map.of("string", "string"))
.insecureTls(false)
.allowedRoles("string")
.bucketName("string")
.pluginName("string")
.rootRotationStatements("string")
.tls(false)
.base64Pem("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.mssqls(SecretsMountMssqlArgs.builder()
.name("string")
.maxIdleConnections(0)
.connectionUrl("string")
.data(Map.of("string", "string"))
.disableEscaping(false)
.maxConnectionLifetime(0)
.allowedRoles("string")
.maxOpenConnections(0)
.containedDb(false)
.password("string")
.pluginName("string")
.rootRotationStatements("string")
.username("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.delegatedAuthAccessors("string")
.description("string")
.elasticsearches(SecretsMountElasticsearchArgs.builder()
.url("string")
.password("string")
.username("string")
.name("string")
.insecure(false)
.data(Map.of("string", "string"))
.caCert("string")
.clientCert("string")
.clientKey("string")
.pluginName("string")
.rootRotationStatements("string")
.tlsServerName("string")
.allowedRoles("string")
.caPath("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.externalEntropyAccess(false)
.hanas(SecretsMountHanaArgs.builder()
.name("string")
.maxOpenConnections(0)
.data(Map.of("string", "string"))
.disableEscaping(false)
.maxConnectionLifetime(0)
.maxIdleConnections(0)
.allowedRoles("string")
.connectionUrl("string")
.password("string")
.pluginName("string")
.rootRotationStatements("string")
.username("string")
.verifyConnection(false)
.build())
.identityTokenKey("string")
.influxdbs(SecretsMountInfluxdbArgs.builder()
.name("string")
.username("string")
.password("string")
.host("string")
.pemJson("string")
.insecureTls(false)
.data(Map.of("string", "string"))
.pemBundle("string")
.allowedRoles("string")
.pluginName("string")
.port(0)
.rootRotationStatements("string")
.tls(false)
.connectTimeout(0)
.usernameTemplate("string")
.verifyConnection(false)
.build())
.listingVisibility("string")
.local(false)
.maxLeaseTtlSeconds(0)
.sealWrap(false)
.auditNonHmacRequestKeys("string")
.defaultLeaseTtlSeconds(0)
.mysqlAuroras(SecretsMountMysqlAuroraArgs.builder()
.name("string")
.password("string")
.authType("string")
.data(Map.of("string", "string"))
.maxConnectionLifetime(0)
.pluginName("string")
.maxOpenConnections(0)
.connectionUrl("string")
.allowedRoles("string")
.maxIdleConnections(0)
.rootRotationStatements("string")
.serviceAccountJson("string")
.tlsCa("string")
.tlsCertificateKey("string")
.username("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.mysqlLegacies(SecretsMountMysqlLegacyArgs.builder()
.name("string")
.password("string")
.authType("string")
.data(Map.of("string", "string"))
.maxConnectionLifetime(0)
.pluginName("string")
.maxOpenConnections(0)
.connectionUrl("string")
.allowedRoles("string")
.maxIdleConnections(0)
.rootRotationStatements("string")
.serviceAccountJson("string")
.tlsCa("string")
.tlsCertificateKey("string")
.username("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.mysqlRds(SecretsMountMysqlRdArgs.builder()
.name("string")
.password("string")
.authType("string")
.data(Map.of("string", "string"))
.maxConnectionLifetime(0)
.pluginName("string")
.maxOpenConnections(0)
.connectionUrl("string")
.allowedRoles("string")
.maxIdleConnections(0)
.rootRotationStatements("string")
.serviceAccountJson("string")
.tlsCa("string")
.tlsCertificateKey("string")
.username("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.mysqls(SecretsMountMysqlArgs.builder()
.name("string")
.password("string")
.authType("string")
.data(Map.of("string", "string"))
.maxConnectionLifetime(0)
.pluginName("string")
.maxOpenConnections(0)
.connectionUrl("string")
.allowedRoles("string")
.maxIdleConnections(0)
.rootRotationStatements("string")
.serviceAccountJson("string")
.tlsCa("string")
.tlsCertificateKey("string")
.username("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.namespace("string")
.options(Map.of("string", "string"))
.oracles(SecretsMountOracleArgs.builder()
.name("string")
.maxOpenConnections(0)
.password("string")
.disconnectSessions(false)
.maxConnectionLifetime(0)
.maxIdleConnections(0)
.allowedRoles("string")
.connectionUrl("string")
.data(Map.of("string", "string"))
.pluginName("string")
.rootRotationStatements("string")
.splitStatements(false)
.username("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.passthroughRequestHeaders("string")
.allowedResponseHeaders("string")
.pluginVersion("string")
.postgresqls(SecretsMountPostgresqlArgs.builder()
.name("string")
.pluginName("string")
.verifyConnection(false)
.password("string")
.disableEscaping(false)
.maxConnectionLifetime(0)
.maxIdleConnections(0)
.maxOpenConnections(0)
.authType("string")
.data(Map.of("string", "string"))
.connectionUrl("string")
.rootRotationStatements("string")
.privateKey("string")
.selfManaged(false)
.serviceAccountJson("string")
.tlsCa("string")
.tlsCertificate("string")
.username("string")
.usernameTemplate("string")
.allowedRoles("string")
.build())
.redis(SecretsMountRediArgs.builder()
.password("string")
.host("string")
.name("string")
.username("string")
.caCert("string")
.data(Map.of("string", "string"))
.insecureTls(false)
.allowedRoles("string")
.pluginName("string")
.port(0)
.rootRotationStatements("string")
.tls(false)
.verifyConnection(false)
.build())
.redisElasticaches(SecretsMountRedisElasticachArgs.builder()
.name("string")
.url("string")
.allowedRoles("string")
.data(Map.of("string", "string"))
.password("string")
.pluginName("string")
.region("string")
.rootRotationStatements("string")
.username("string")
.verifyConnection(false)
.build())
.redshifts(SecretsMountRedshiftArgs.builder()
.name("string")
.maxOpenConnections(0)
.data(Map.of("string", "string"))
.disableEscaping(false)
.maxConnectionLifetime(0)
.maxIdleConnections(0)
.allowedRoles("string")
.connectionUrl("string")
.password("string")
.pluginName("string")
.rootRotationStatements("string")
.username("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.mongodbatlas(SecretsMountMongodbatlaArgs.builder()
.name("string")
.privateKey("string")
.projectId("string")
.publicKey("string")
.allowedRoles("string")
.data(Map.of("string", "string"))
.pluginName("string")
.rootRotationStatements("string")
.verifyConnection(false)
.build())
.snowflakes(SecretsMountSnowflakeArgs.builder()
.name("string")
.maxConnectionLifetime(0)
.data(Map.of("string", "string"))
.allowedRoles("string")
.maxIdleConnections(0)
.maxOpenConnections(0)
.connectionUrl("string")
.password("string")
.pluginName("string")
.rootRotationStatements("string")
.username("string")
.usernameTemplate("string")
.verifyConnection(false)
.build())
.build());
secrets_mount_resource = vault.database.SecretsMount("secretsMountResource",
path="string",
mongodbs=[{
"name": "string",
"max_connection_lifetime": 0,
"data": {
"string": "string",
},
"allowed_roles": ["string"],
"max_idle_connections": 0,
"max_open_connections": 0,
"connection_url": "string",
"password": "string",
"plugin_name": "string",
"root_rotation_statements": ["string"],
"username": "string",
"username_template": "string",
"verify_connection": False,
}],
cassandras=[{
"name": "string",
"pem_json": "string",
"pem_bundle": "string",
"hosts": ["string"],
"insecure_tls": False,
"plugin_name": "string",
"password": "string",
"data": {
"string": "string",
},
"allowed_roles": ["string"],
"connect_timeout": 0,
"port": 0,
"protocol_version": 0,
"root_rotation_statements": ["string"],
"skip_verification": False,
"tls": False,
"username": "string",
"verify_connection": False,
}],
audit_non_hmac_response_keys=["string"],
allowed_managed_keys=["string"],
couchbases=[{
"hosts": ["string"],
"username": "string",
"password": "string",
"name": "string",
"data": {
"string": "string",
},
"insecure_tls": False,
"allowed_roles": ["string"],
"bucket_name": "string",
"plugin_name": "string",
"root_rotation_statements": ["string"],
"tls": False,
"base64_pem": "string",
"username_template": "string",
"verify_connection": False,
}],
mssqls=[{
"name": "string",
"max_idle_connections": 0,
"connection_url": "string",
"data": {
"string": "string",
},
"disable_escaping": False,
"max_connection_lifetime": 0,
"allowed_roles": ["string"],
"max_open_connections": 0,
"contained_db": False,
"password": "string",
"plugin_name": "string",
"root_rotation_statements": ["string"],
"username": "string",
"username_template": "string",
"verify_connection": False,
}],
delegated_auth_accessors=["string"],
description="string",
elasticsearches=[{
"url": "string",
"password": "string",
"username": "string",
"name": "string",
"insecure": False,
"data": {
"string": "string",
},
"ca_cert": "string",
"client_cert": "string",
"client_key": "string",
"plugin_name": "string",
"root_rotation_statements": ["string"],
"tls_server_name": "string",
"allowed_roles": ["string"],
"ca_path": "string",
"username_template": "string",
"verify_connection": False,
}],
external_entropy_access=False,
hanas=[{
"name": "string",
"max_open_connections": 0,
"data": {
"string": "string",
},
"disable_escaping": False,
"max_connection_lifetime": 0,
"max_idle_connections": 0,
"allowed_roles": ["string"],
"connection_url": "string",
"password": "string",
"plugin_name": "string",
"root_rotation_statements": ["string"],
"username": "string",
"verify_connection": False,
}],
identity_token_key="string",
influxdbs=[{
"name": "string",
"username": "string",
"password": "string",
"host": "string",
"pem_json": "string",
"insecure_tls": False,
"data": {
"string": "string",
},
"pem_bundle": "string",
"allowed_roles": ["string"],
"plugin_name": "string",
"port": 0,
"root_rotation_statements": ["string"],
"tls": False,
"connect_timeout": 0,
"username_template": "string",
"verify_connection": False,
}],
listing_visibility="string",
local=False,
max_lease_ttl_seconds=0,
seal_wrap=False,
audit_non_hmac_request_keys=["string"],
default_lease_ttl_seconds=0,
mysql_auroras=[{
"name": "string",
"password": "string",
"auth_type": "string",
"data": {
"string": "string",
},
"max_connection_lifetime": 0,
"plugin_name": "string",
"max_open_connections": 0,
"connection_url": "string",
"allowed_roles": ["string"],
"max_idle_connections": 0,
"root_rotation_statements": ["string"],
"service_account_json": "string",
"tls_ca": "string",
"tls_certificate_key": "string",
"username": "string",
"username_template": "string",
"verify_connection": False,
}],
mysql_legacies=[{
"name": "string",
"password": "string",
"auth_type": "string",
"data": {
"string": "string",
},
"max_connection_lifetime": 0,
"plugin_name": "string",
"max_open_connections": 0,
"connection_url": "string",
"allowed_roles": ["string"],
"max_idle_connections": 0,
"root_rotation_statements": ["string"],
"service_account_json": "string",
"tls_ca": "string",
"tls_certificate_key": "string",
"username": "string",
"username_template": "string",
"verify_connection": False,
}],
mysql_rds=[{
"name": "string",
"password": "string",
"auth_type": "string",
"data": {
"string": "string",
},
"max_connection_lifetime": 0,
"plugin_name": "string",
"max_open_connections": 0,
"connection_url": "string",
"allowed_roles": ["string"],
"max_idle_connections": 0,
"root_rotation_statements": ["string"],
"service_account_json": "string",
"tls_ca": "string",
"tls_certificate_key": "string",
"username": "string",
"username_template": "string",
"verify_connection": False,
}],
mysqls=[{
"name": "string",
"password": "string",
"auth_type": "string",
"data": {
"string": "string",
},
"max_connection_lifetime": 0,
"plugin_name": "string",
"max_open_connections": 0,
"connection_url": "string",
"allowed_roles": ["string"],
"max_idle_connections": 0,
"root_rotation_statements": ["string"],
"service_account_json": "string",
"tls_ca": "string",
"tls_certificate_key": "string",
"username": "string",
"username_template": "string",
"verify_connection": False,
}],
namespace="string",
options={
"string": "string",
},
oracles=[{
"name": "string",
"max_open_connections": 0,
"password": "string",
"disconnect_sessions": False,
"max_connection_lifetime": 0,
"max_idle_connections": 0,
"allowed_roles": ["string"],
"connection_url": "string",
"data": {
"string": "string",
},
"plugin_name": "string",
"root_rotation_statements": ["string"],
"split_statements": False,
"username": "string",
"username_template": "string",
"verify_connection": False,
}],
passthrough_request_headers=["string"],
allowed_response_headers=["string"],
plugin_version="string",
postgresqls=[{
"name": "string",
"plugin_name": "string",
"verify_connection": False,
"password": "string",
"disable_escaping": False,
"max_connection_lifetime": 0,
"max_idle_connections": 0,
"max_open_connections": 0,
"auth_type": "string",
"data": {
"string": "string",
},
"connection_url": "string",
"root_rotation_statements": ["string"],
"private_key": "string",
"self_managed": False,
"service_account_json": "string",
"tls_ca": "string",
"tls_certificate": "string",
"username": "string",
"username_template": "string",
"allowed_roles": ["string"],
}],
redis=[{
"password": "string",
"host": "string",
"name": "string",
"username": "string",
"ca_cert": "string",
"data": {
"string": "string",
},
"insecure_tls": False,
"allowed_roles": ["string"],
"plugin_name": "string",
"port": 0,
"root_rotation_statements": ["string"],
"tls": False,
"verify_connection": False,
}],
redis_elasticaches=[{
"name": "string",
"url": "string",
"allowed_roles": ["string"],
"data": {
"string": "string",
},
"password": "string",
"plugin_name": "string",
"region": "string",
"root_rotation_statements": ["string"],
"username": "string",
"verify_connection": False,
}],
redshifts=[{
"name": "string",
"max_open_connections": 0,
"data": {
"string": "string",
},
"disable_escaping": False,
"max_connection_lifetime": 0,
"max_idle_connections": 0,
"allowed_roles": ["string"],
"connection_url": "string",
"password": "string",
"plugin_name": "string",
"root_rotation_statements": ["string"],
"username": "string",
"username_template": "string",
"verify_connection": False,
}],
mongodbatlas=[{
"name": "string",
"private_key": "string",
"project_id": "string",
"public_key": "string",
"allowed_roles": ["string"],
"data": {
"string": "string",
},
"plugin_name": "string",
"root_rotation_statements": ["string"],
"verify_connection": False,
}],
snowflakes=[{
"name": "string",
"max_connection_lifetime": 0,
"data": {
"string": "string",
},
"allowed_roles": ["string"],
"max_idle_connections": 0,
"max_open_connections": 0,
"connection_url": "string",
"password": "string",
"plugin_name": "string",
"root_rotation_statements": ["string"],
"username": "string",
"username_template": "string",
"verify_connection": False,
}])
const secretsMountResource = new vault.database.SecretsMount("secretsMountResource", {
path: "string",
mongodbs: [{
name: "string",
maxConnectionLifetime: 0,
data: {
string: "string",
},
allowedRoles: ["string"],
maxIdleConnections: 0,
maxOpenConnections: 0,
connectionUrl: "string",
password: "string",
pluginName: "string",
rootRotationStatements: ["string"],
username: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
cassandras: [{
name: "string",
pemJson: "string",
pemBundle: "string",
hosts: ["string"],
insecureTls: false,
pluginName: "string",
password: "string",
data: {
string: "string",
},
allowedRoles: ["string"],
connectTimeout: 0,
port: 0,
protocolVersion: 0,
rootRotationStatements: ["string"],
skipVerification: false,
tls: false,
username: "string",
verifyConnection: false,
}],
auditNonHmacResponseKeys: ["string"],
allowedManagedKeys: ["string"],
couchbases: [{
hosts: ["string"],
username: "string",
password: "string",
name: "string",
data: {
string: "string",
},
insecureTls: false,
allowedRoles: ["string"],
bucketName: "string",
pluginName: "string",
rootRotationStatements: ["string"],
tls: false,
base64Pem: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
mssqls: [{
name: "string",
maxIdleConnections: 0,
connectionUrl: "string",
data: {
string: "string",
},
disableEscaping: false,
maxConnectionLifetime: 0,
allowedRoles: ["string"],
maxOpenConnections: 0,
containedDb: false,
password: "string",
pluginName: "string",
rootRotationStatements: ["string"],
username: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
delegatedAuthAccessors: ["string"],
description: "string",
elasticsearches: [{
url: "string",
password: "string",
username: "string",
name: "string",
insecure: false,
data: {
string: "string",
},
caCert: "string",
clientCert: "string",
clientKey: "string",
pluginName: "string",
rootRotationStatements: ["string"],
tlsServerName: "string",
allowedRoles: ["string"],
caPath: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
externalEntropyAccess: false,
hanas: [{
name: "string",
maxOpenConnections: 0,
data: {
string: "string",
},
disableEscaping: false,
maxConnectionLifetime: 0,
maxIdleConnections: 0,
allowedRoles: ["string"],
connectionUrl: "string",
password: "string",
pluginName: "string",
rootRotationStatements: ["string"],
username: "string",
verifyConnection: false,
}],
identityTokenKey: "string",
influxdbs: [{
name: "string",
username: "string",
password: "string",
host: "string",
pemJson: "string",
insecureTls: false,
data: {
string: "string",
},
pemBundle: "string",
allowedRoles: ["string"],
pluginName: "string",
port: 0,
rootRotationStatements: ["string"],
tls: false,
connectTimeout: 0,
usernameTemplate: "string",
verifyConnection: false,
}],
listingVisibility: "string",
local: false,
maxLeaseTtlSeconds: 0,
sealWrap: false,
auditNonHmacRequestKeys: ["string"],
defaultLeaseTtlSeconds: 0,
mysqlAuroras: [{
name: "string",
password: "string",
authType: "string",
data: {
string: "string",
},
maxConnectionLifetime: 0,
pluginName: "string",
maxOpenConnections: 0,
connectionUrl: "string",
allowedRoles: ["string"],
maxIdleConnections: 0,
rootRotationStatements: ["string"],
serviceAccountJson: "string",
tlsCa: "string",
tlsCertificateKey: "string",
username: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
mysqlLegacies: [{
name: "string",
password: "string",
authType: "string",
data: {
string: "string",
},
maxConnectionLifetime: 0,
pluginName: "string",
maxOpenConnections: 0,
connectionUrl: "string",
allowedRoles: ["string"],
maxIdleConnections: 0,
rootRotationStatements: ["string"],
serviceAccountJson: "string",
tlsCa: "string",
tlsCertificateKey: "string",
username: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
mysqlRds: [{
name: "string",
password: "string",
authType: "string",
data: {
string: "string",
},
maxConnectionLifetime: 0,
pluginName: "string",
maxOpenConnections: 0,
connectionUrl: "string",
allowedRoles: ["string"],
maxIdleConnections: 0,
rootRotationStatements: ["string"],
serviceAccountJson: "string",
tlsCa: "string",
tlsCertificateKey: "string",
username: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
mysqls: [{
name: "string",
password: "string",
authType: "string",
data: {
string: "string",
},
maxConnectionLifetime: 0,
pluginName: "string",
maxOpenConnections: 0,
connectionUrl: "string",
allowedRoles: ["string"],
maxIdleConnections: 0,
rootRotationStatements: ["string"],
serviceAccountJson: "string",
tlsCa: "string",
tlsCertificateKey: "string",
username: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
namespace: "string",
options: {
string: "string",
},
oracles: [{
name: "string",
maxOpenConnections: 0,
password: "string",
disconnectSessions: false,
maxConnectionLifetime: 0,
maxIdleConnections: 0,
allowedRoles: ["string"],
connectionUrl: "string",
data: {
string: "string",
},
pluginName: "string",
rootRotationStatements: ["string"],
splitStatements: false,
username: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
passthroughRequestHeaders: ["string"],
allowedResponseHeaders: ["string"],
pluginVersion: "string",
postgresqls: [{
name: "string",
pluginName: "string",
verifyConnection: false,
password: "string",
disableEscaping: false,
maxConnectionLifetime: 0,
maxIdleConnections: 0,
maxOpenConnections: 0,
authType: "string",
data: {
string: "string",
},
connectionUrl: "string",
rootRotationStatements: ["string"],
privateKey: "string",
selfManaged: false,
serviceAccountJson: "string",
tlsCa: "string",
tlsCertificate: "string",
username: "string",
usernameTemplate: "string",
allowedRoles: ["string"],
}],
redis: [{
password: "string",
host: "string",
name: "string",
username: "string",
caCert: "string",
data: {
string: "string",
},
insecureTls: false,
allowedRoles: ["string"],
pluginName: "string",
port: 0,
rootRotationStatements: ["string"],
tls: false,
verifyConnection: false,
}],
redisElasticaches: [{
name: "string",
url: "string",
allowedRoles: ["string"],
data: {
string: "string",
},
password: "string",
pluginName: "string",
region: "string",
rootRotationStatements: ["string"],
username: "string",
verifyConnection: false,
}],
redshifts: [{
name: "string",
maxOpenConnections: 0,
data: {
string: "string",
},
disableEscaping: false,
maxConnectionLifetime: 0,
maxIdleConnections: 0,
allowedRoles: ["string"],
connectionUrl: "string",
password: "string",
pluginName: "string",
rootRotationStatements: ["string"],
username: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
mongodbatlas: [{
name: "string",
privateKey: "string",
projectId: "string",
publicKey: "string",
allowedRoles: ["string"],
data: {
string: "string",
},
pluginName: "string",
rootRotationStatements: ["string"],
verifyConnection: false,
}],
snowflakes: [{
name: "string",
maxConnectionLifetime: 0,
data: {
string: "string",
},
allowedRoles: ["string"],
maxIdleConnections: 0,
maxOpenConnections: 0,
connectionUrl: "string",
password: "string",
pluginName: "string",
rootRotationStatements: ["string"],
username: "string",
usernameTemplate: "string",
verifyConnection: false,
}],
});
type: vault:database:SecretsMount
properties:
allowedManagedKeys:
- string
allowedResponseHeaders:
- string
auditNonHmacRequestKeys:
- string
auditNonHmacResponseKeys:
- string
cassandras:
- allowedRoles:
- string
connectTimeout: 0
data:
string: string
hosts:
- string
insecureTls: false
name: string
password: string
pemBundle: string
pemJson: string
pluginName: string
port: 0
protocolVersion: 0
rootRotationStatements:
- string
skipVerification: false
tls: false
username: string
verifyConnection: false
couchbases:
- allowedRoles:
- string
base64Pem: string
bucketName: string
data:
string: string
hosts:
- string
insecureTls: false
name: string
password: string
pluginName: string
rootRotationStatements:
- string
tls: false
username: string
usernameTemplate: string
verifyConnection: false
defaultLeaseTtlSeconds: 0
delegatedAuthAccessors:
- string
description: string
elasticsearches:
- allowedRoles:
- string
caCert: string
caPath: string
clientCert: string
clientKey: string
data:
string: string
insecure: false
name: string
password: string
pluginName: string
rootRotationStatements:
- string
tlsServerName: string
url: string
username: string
usernameTemplate: string
verifyConnection: false
externalEntropyAccess: false
hanas:
- allowedRoles:
- string
connectionUrl: string
data:
string: string
disableEscaping: false
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
rootRotationStatements:
- string
username: string
verifyConnection: false
identityTokenKey: string
influxdbs:
- allowedRoles:
- string
connectTimeout: 0
data:
string: string
host: string
insecureTls: false
name: string
password: string
pemBundle: string
pemJson: string
pluginName: string
port: 0
rootRotationStatements:
- string
tls: false
username: string
usernameTemplate: string
verifyConnection: false
listingVisibility: string
local: false
maxLeaseTtlSeconds: 0
mongodbatlas:
- allowedRoles:
- string
data:
string: string
name: string
pluginName: string
privateKey: string
projectId: string
publicKey: string
rootRotationStatements:
- string
verifyConnection: false
mongodbs:
- allowedRoles:
- string
connectionUrl: string
data:
string: string
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
rootRotationStatements:
- string
username: string
usernameTemplate: string
verifyConnection: false
mssqls:
- allowedRoles:
- string
connectionUrl: string
containedDb: false
data:
string: string
disableEscaping: false
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
rootRotationStatements:
- string
username: string
usernameTemplate: string
verifyConnection: false
mysqlAuroras:
- allowedRoles:
- string
authType: string
connectionUrl: string
data:
string: string
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
rootRotationStatements:
- string
serviceAccountJson: string
tlsCa: string
tlsCertificateKey: string
username: string
usernameTemplate: string
verifyConnection: false
mysqlLegacies:
- allowedRoles:
- string
authType: string
connectionUrl: string
data:
string: string
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
rootRotationStatements:
- string
serviceAccountJson: string
tlsCa: string
tlsCertificateKey: string
username: string
usernameTemplate: string
verifyConnection: false
mysqlRds:
- allowedRoles:
- string
authType: string
connectionUrl: string
data:
string: string
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
rootRotationStatements:
- string
serviceAccountJson: string
tlsCa: string
tlsCertificateKey: string
username: string
usernameTemplate: string
verifyConnection: false
mysqls:
- allowedRoles:
- string
authType: string
connectionUrl: string
data:
string: string
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
rootRotationStatements:
- string
serviceAccountJson: string
tlsCa: string
tlsCertificateKey: string
username: string
usernameTemplate: string
verifyConnection: false
namespace: string
options:
string: string
oracles:
- allowedRoles:
- string
connectionUrl: string
data:
string: string
disconnectSessions: false
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
rootRotationStatements:
- string
splitStatements: false
username: string
usernameTemplate: string
verifyConnection: false
passthroughRequestHeaders:
- string
path: string
pluginVersion: string
postgresqls:
- allowedRoles:
- string
authType: string
connectionUrl: string
data:
string: string
disableEscaping: false
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
privateKey: string
rootRotationStatements:
- string
selfManaged: false
serviceAccountJson: string
tlsCa: string
tlsCertificate: string
username: string
usernameTemplate: string
verifyConnection: false
redis:
- allowedRoles:
- string
caCert: string
data:
string: string
host: string
insecureTls: false
name: string
password: string
pluginName: string
port: 0
rootRotationStatements:
- string
tls: false
username: string
verifyConnection: false
redisElasticaches:
- allowedRoles:
- string
data:
string: string
name: string
password: string
pluginName: string
region: string
rootRotationStatements:
- string
url: string
username: string
verifyConnection: false
redshifts:
- allowedRoles:
- string
connectionUrl: string
data:
string: string
disableEscaping: false
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
rootRotationStatements:
- string
username: string
usernameTemplate: string
verifyConnection: false
sealWrap: false
snowflakes:
- allowedRoles:
- string
connectionUrl: string
data:
string: string
maxConnectionLifetime: 0
maxIdleConnections: 0
maxOpenConnections: 0
name: string
password: string
pluginName: string
rootRotationStatements:
- string
username: string
usernameTemplate: string
verifyConnection: false
SecretsMount Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecretsMount resource accepts the following input properties:
- Path string
- Where the secret backend will be mounted
- Allowed
Managed List<string>Keys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- Allowed
Response List<string>Headers - List of headers to allow and pass from the request to the plugin
- Audit
Non List<string>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non List<string>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Cassandras
List<Secrets
Mount Cassandra> - A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - Couchbases
List<Secrets
Mount Couchbase> - A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - Default
Lease intTtl Seconds - Default lease duration for tokens and secrets in seconds
- Delegated
Auth List<string>Accessors - List of headers to allow and pass from the request to the plugin
- Description string
- Human-friendly description of the mount
- Elasticsearches
List<Secrets
Mount Elasticsearch> - A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - External
Entropy boolAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Hanas
List<Secrets
Mount Hana> - A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - Identity
Token stringKey - The key to use for signing plugin workload identity tokens
- Influxdbs
List<Secrets
Mount Influxdb> - A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - Listing
Visibility string - Specifies whether to show this mount in the UI-specific listing endpoint
- Local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- Mongodbatlas
List<Secrets
Mount Mongodbatla> - A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - Mongodbs
List<Secrets
Mount Mongodb> - A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - Mssqls
List<Secrets
Mount Mssql> - A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - Mysql
Auroras List<SecretsMount Mysql Aurora> - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - Mysql
Legacies List<SecretsMount Mysql Legacy> - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - Mysql
Rds List<SecretsMount Mysql Rd> - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - Mysqls
List<Secrets
Mount Mysql> - A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - Namespace string
- Target namespace. (requires Enterprise)
- Options Dictionary<string, string>
- Specifies mount type specific options that are passed to the backend
- Oracles
List<Secrets
Mount Oracle> - A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - Passthrough
Request List<string>Headers - List of headers to allow and pass from the request to the plugin
- Plugin
Version string - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- Postgresqls
List<Secrets
Mount Postgresql> - A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - Redis
List<Secrets
Mount Redi> - A nested block containing configuration options for Redis connections.
See Configuration Options for more info - Redis
Elasticaches List<SecretsMount Redis Elasticach> - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - Redshifts
List<Secrets
Mount Redshift> - A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - Seal
Wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- Snowflakes
List<Secrets
Mount Snowflake> - A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
- Path string
- Where the secret backend will be mounted
- Allowed
Managed []stringKeys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- Allowed
Response []stringHeaders - List of headers to allow and pass from the request to the plugin
- Audit
Non []stringHmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non []stringHmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Cassandras
[]Secrets
Mount Cassandra Args - A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - Couchbases
[]Secrets
Mount Couchbase Args - A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - Default
Lease intTtl Seconds - Default lease duration for tokens and secrets in seconds
- Delegated
Auth []stringAccessors - List of headers to allow and pass from the request to the plugin
- Description string
- Human-friendly description of the mount
- Elasticsearches
[]Secrets
Mount Elasticsearch Args - A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - External
Entropy boolAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Hanas
[]Secrets
Mount Hana Args - A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - Identity
Token stringKey - The key to use for signing plugin workload identity tokens
- Influxdbs
[]Secrets
Mount Influxdb Args - A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - Listing
Visibility string - Specifies whether to show this mount in the UI-specific listing endpoint
- Local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- Mongodbatlas
[]Secrets
Mount Mongodbatla Args - A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - Mongodbs
[]Secrets
Mount Mongodb Args - A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - Mssqls
[]Secrets
Mount Mssql Args - A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - Mysql
Auroras []SecretsMount Mysql Aurora Args - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - Mysql
Legacies []SecretsMount Mysql Legacy Args - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - Mysql
Rds []SecretsMount Mysql Rd Args - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - Mysqls
[]Secrets
Mount Mysql Args - A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - Namespace string
- Target namespace. (requires Enterprise)
- Options map[string]string
- Specifies mount type specific options that are passed to the backend
- Oracles
[]Secrets
Mount Oracle Args - A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - Passthrough
Request []stringHeaders - List of headers to allow and pass from the request to the plugin
- Plugin
Version string - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- Postgresqls
[]Secrets
Mount Postgresql Args - A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - Redis
[]Secrets
Mount Redi Args - A nested block containing configuration options for Redis connections.
See Configuration Options for more info - Redis
Elasticaches []SecretsMount Redis Elasticach Args - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - Redshifts
[]Secrets
Mount Redshift Args - A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - Seal
Wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- Snowflakes
[]Secrets
Mount Snowflake Args - A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
- path String
- Where the secret backend will be mounted
- allowed
Managed List<String>Keys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- allowed
Response List<String>Headers - List of headers to allow and pass from the request to the plugin
- audit
Non List<String>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- cassandras
List<Secrets
Mount Cassandra> - A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - couchbases
List<Secrets
Mount Couchbase> - A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - default
Lease IntegerTtl Seconds - Default lease duration for tokens and secrets in seconds
- delegated
Auth List<String>Accessors - List of headers to allow and pass from the request to the plugin
- description String
- Human-friendly description of the mount
- elasticsearches
List<Secrets
Mount Elasticsearch> - A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - external
Entropy BooleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- hanas
List<Secrets
Mount Hana> - A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - identity
Token StringKey - The key to use for signing plugin workload identity tokens
- influxdbs
List<Secrets
Mount Influxdb> - A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - listing
Visibility String - Specifies whether to show this mount in the UI-specific listing endpoint
- local Boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease IntegerTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- mongodbatlas
List<Secrets
Mount Mongodbatla> - A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - mongodbs
List<Secrets
Mount Mongodb> - A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - mssqls
List<Secrets
Mount Mssql> - A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - mysql
Auroras List<SecretsMount Mysql Aurora> - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - mysql
Legacies List<SecretsMount Mysql Legacy> - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - mysql
Rds List<SecretsMount Mysql Rd> - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - mysqls
List<Secrets
Mount Mysql> - A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - namespace String
- Target namespace. (requires Enterprise)
- options Map<String,String>
- Specifies mount type specific options that are passed to the backend
- oracles
List<Secrets
Mount Oracle> - A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - passthrough
Request List<String>Headers - List of headers to allow and pass from the request to the plugin
- plugin
Version String - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- postgresqls
List<Secrets
Mount Postgresql> - A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - redis
List<Secrets
Mount Redi> - A nested block containing configuration options for Redis connections.
See Configuration Options for more info - redis
Elasticaches List<SecretsMount Redis Elasticach> - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - redshifts
List<Secrets
Mount Redshift> - A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - seal
Wrap Boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- snowflakes
List<Secrets
Mount Snowflake> - A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
- path string
- Where the secret backend will be mounted
- allowed
Managed string[]Keys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- allowed
Response string[]Headers - List of headers to allow and pass from the request to the plugin
- audit
Non string[]Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non string[]Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- cassandras
Secrets
Mount Cassandra[] - A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - couchbases
Secrets
Mount Couchbase[] - A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - default
Lease numberTtl Seconds - Default lease duration for tokens and secrets in seconds
- delegated
Auth string[]Accessors - List of headers to allow and pass from the request to the plugin
- description string
- Human-friendly description of the mount
- elasticsearches
Secrets
Mount Elasticsearch[] - A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - external
Entropy booleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- hanas
Secrets
Mount Hana[] - A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - identity
Token stringKey - The key to use for signing plugin workload identity tokens
- influxdbs
Secrets
Mount Influxdb[] - A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - listing
Visibility string - Specifies whether to show this mount in the UI-specific listing endpoint
- local boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease numberTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- mongodbatlas
Secrets
Mount Mongodbatla[] - A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - mongodbs
Secrets
Mount Mongodb[] - A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - mssqls
Secrets
Mount Mssql[] - A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - mysql
Auroras SecretsMount Mysql Aurora[] - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - mysql
Legacies SecretsMount Mysql Legacy[] - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - mysql
Rds SecretsMount Mysql Rd[] - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - mysqls
Secrets
Mount Mysql[] - A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - namespace string
- Target namespace. (requires Enterprise)
- options {[key: string]: string}
- Specifies mount type specific options that are passed to the backend
- oracles
Secrets
Mount Oracle[] - A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - passthrough
Request string[]Headers - List of headers to allow and pass from the request to the plugin
- plugin
Version string - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- postgresqls
Secrets
Mount Postgresql[] - A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - redis
Secrets
Mount Redi[] - A nested block containing configuration options for Redis connections.
See Configuration Options for more info - redis
Elasticaches SecretsMount Redis Elasticach[] - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - redshifts
Secrets
Mount Redshift[] - A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - seal
Wrap boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- snowflakes
Secrets
Mount Snowflake[] - A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
- path str
- Where the secret backend will be mounted
- allowed_
managed_ Sequence[str]keys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- allowed_
response_ Sequence[str]headers - List of headers to allow and pass from the request to the plugin
- audit_
non_ Sequence[str]hmac_ request_ keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit_
non_ Sequence[str]hmac_ response_ keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- cassandras
Sequence[Secrets
Mount Cassandra Args] - A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - couchbases
Sequence[Secrets
Mount Couchbase Args] - A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - default_
lease_ intttl_ seconds - Default lease duration for tokens and secrets in seconds
- delegated_
auth_ Sequence[str]accessors - List of headers to allow and pass from the request to the plugin
- description str
- Human-friendly description of the mount
- elasticsearches
Sequence[Secrets
Mount Elasticsearch Args] - A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - external_
entropy_ boolaccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- hanas
Sequence[Secrets
Mount Hana Args] - A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - identity_
token_ strkey - The key to use for signing plugin workload identity tokens
- influxdbs
Sequence[Secrets
Mount Influxdb Args] - A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - listing_
visibility str - Specifies whether to show this mount in the UI-specific listing endpoint
- local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max_
lease_ intttl_ seconds - Maximum possible lease duration for tokens and secrets in seconds
- mongodbatlas
Sequence[Secrets
Mount Mongodbatla Args] - A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - mongodbs
Sequence[Secrets
Mount Mongodb Args] - A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - mssqls
Sequence[Secrets
Mount Mssql Args] - A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - mysql_
auroras Sequence[SecretsMount Mysql Aurora Args] - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - mysql_
legacies Sequence[SecretsMount Mysql Legacy Args] - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - mysql_
rds Sequence[SecretsMount Mysql Rd Args] - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - mysqls
Sequence[Secrets
Mount Mysql Args] - A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - namespace str
- Target namespace. (requires Enterprise)
- options Mapping[str, str]
- Specifies mount type specific options that are passed to the backend
- oracles
Sequence[Secrets
Mount Oracle Args] - A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - passthrough_
request_ Sequence[str]headers - List of headers to allow and pass from the request to the plugin
- plugin_
version str - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- postgresqls
Sequence[Secrets
Mount Postgresql Args] - A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - redis
Sequence[Secrets
Mount Redi Args] - A nested block containing configuration options for Redis connections.
See Configuration Options for more info - redis_
elasticaches Sequence[SecretsMount Redis Elasticach Args] - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - redshifts
Sequence[Secrets
Mount Redshift Args] - A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - seal_
wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- snowflakes
Sequence[Secrets
Mount Snowflake Args] - A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
- path String
- Where the secret backend will be mounted
- allowed
Managed List<String>Keys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- allowed
Response List<String>Headers - List of headers to allow and pass from the request to the plugin
- audit
Non List<String>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- cassandras List<Property Map>
- A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - couchbases List<Property Map>
- A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - default
Lease NumberTtl Seconds - Default lease duration for tokens and secrets in seconds
- delegated
Auth List<String>Accessors - List of headers to allow and pass from the request to the plugin
- description String
- Human-friendly description of the mount
- elasticsearches List<Property Map>
- A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - external
Entropy BooleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- hanas List<Property Map>
- A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - identity
Token StringKey - The key to use for signing plugin workload identity tokens
- influxdbs List<Property Map>
- A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - listing
Visibility String - Specifies whether to show this mount in the UI-specific listing endpoint
- local Boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease NumberTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- mongodbatlas List<Property Map>
- A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - mongodbs List<Property Map>
- A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - mssqls List<Property Map>
- A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - mysql
Auroras List<Property Map> - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - mysql
Legacies List<Property Map> - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - mysql
Rds List<Property Map> - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - mysqls List<Property Map>
- A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - namespace String
- Target namespace. (requires Enterprise)
- options Map<String>
- Specifies mount type specific options that are passed to the backend
- oracles List<Property Map>
- A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - passthrough
Request List<String>Headers - List of headers to allow and pass from the request to the plugin
- plugin
Version String - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- postgresqls List<Property Map>
- A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - redis List<Property Map>
- A nested block containing configuration options for Redis connections.
See Configuration Options for more info - redis
Elasticaches List<Property Map> - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - redshifts List<Property Map>
- A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - seal
Wrap Boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- snowflakes List<Property Map>
- A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
Outputs
All input properties are implicitly available as output properties. Additionally, the SecretsMount resource produces the following output properties:
- Accessor string
- Accessor of the mount
- Engine
Count int - The total number of database secrets engines configured.
- Id string
- The provider-assigned unique ID for this managed resource.
- Accessor string
- Accessor of the mount
- Engine
Count int - The total number of database secrets engines configured.
- Id string
- The provider-assigned unique ID for this managed resource.
- accessor String
- Accessor of the mount
- engine
Count Integer - The total number of database secrets engines configured.
- id String
- The provider-assigned unique ID for this managed resource.
- accessor string
- Accessor of the mount
- engine
Count number - The total number of database secrets engines configured.
- id string
- The provider-assigned unique ID for this managed resource.
- accessor str
- Accessor of the mount
- engine_
count int - The total number of database secrets engines configured.
- id str
- The provider-assigned unique ID for this managed resource.
- accessor String
- Accessor of the mount
- engine
Count Number - The total number of database secrets engines configured.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecretsMount Resource
Get an existing SecretsMount resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretsMountState, opts?: CustomResourceOptions): SecretsMount
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
accessor: Optional[str] = None,
allowed_managed_keys: Optional[Sequence[str]] = None,
allowed_response_headers: Optional[Sequence[str]] = None,
audit_non_hmac_request_keys: Optional[Sequence[str]] = None,
audit_non_hmac_response_keys: Optional[Sequence[str]] = None,
cassandras: Optional[Sequence[SecretsMountCassandraArgs]] = None,
couchbases: Optional[Sequence[SecretsMountCouchbaseArgs]] = None,
default_lease_ttl_seconds: Optional[int] = None,
delegated_auth_accessors: Optional[Sequence[str]] = None,
description: Optional[str] = None,
elasticsearches: Optional[Sequence[SecretsMountElasticsearchArgs]] = None,
engine_count: Optional[int] = None,
external_entropy_access: Optional[bool] = None,
hanas: Optional[Sequence[SecretsMountHanaArgs]] = None,
identity_token_key: Optional[str] = None,
influxdbs: Optional[Sequence[SecretsMountInfluxdbArgs]] = None,
listing_visibility: Optional[str] = None,
local: Optional[bool] = None,
max_lease_ttl_seconds: Optional[int] = None,
mongodbatlas: Optional[Sequence[SecretsMountMongodbatlaArgs]] = None,
mongodbs: Optional[Sequence[SecretsMountMongodbArgs]] = None,
mssqls: Optional[Sequence[SecretsMountMssqlArgs]] = None,
mysql_auroras: Optional[Sequence[SecretsMountMysqlAuroraArgs]] = None,
mysql_legacies: Optional[Sequence[SecretsMountMysqlLegacyArgs]] = None,
mysql_rds: Optional[Sequence[SecretsMountMysqlRdArgs]] = None,
mysqls: Optional[Sequence[SecretsMountMysqlArgs]] = None,
namespace: Optional[str] = None,
options: Optional[Mapping[str, str]] = None,
oracles: Optional[Sequence[SecretsMountOracleArgs]] = None,
passthrough_request_headers: Optional[Sequence[str]] = None,
path: Optional[str] = None,
plugin_version: Optional[str] = None,
postgresqls: Optional[Sequence[SecretsMountPostgresqlArgs]] = None,
redis: Optional[Sequence[SecretsMountRediArgs]] = None,
redis_elasticaches: Optional[Sequence[SecretsMountRedisElasticachArgs]] = None,
redshifts: Optional[Sequence[SecretsMountRedshiftArgs]] = None,
seal_wrap: Optional[bool] = None,
snowflakes: Optional[Sequence[SecretsMountSnowflakeArgs]] = None) -> SecretsMount
func GetSecretsMount(ctx *Context, name string, id IDInput, state *SecretsMountState, opts ...ResourceOption) (*SecretsMount, error)
public static SecretsMount Get(string name, Input<string> id, SecretsMountState? state, CustomResourceOptions? opts = null)
public static SecretsMount get(String name, Output<String> id, SecretsMountState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Accessor string
- Accessor of the mount
- Allowed
Managed List<string>Keys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- Allowed
Response List<string>Headers - List of headers to allow and pass from the request to the plugin
- Audit
Non List<string>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non List<string>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Cassandras
List<Secrets
Mount Cassandra> - A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - Couchbases
List<Secrets
Mount Couchbase> - A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - Default
Lease intTtl Seconds - Default lease duration for tokens and secrets in seconds
- Delegated
Auth List<string>Accessors - List of headers to allow and pass from the request to the plugin
- Description string
- Human-friendly description of the mount
- Elasticsearches
List<Secrets
Mount Elasticsearch> - A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - Engine
Count int - The total number of database secrets engines configured.
- External
Entropy boolAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Hanas
List<Secrets
Mount Hana> - A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - Identity
Token stringKey - The key to use for signing plugin workload identity tokens
- Influxdbs
List<Secrets
Mount Influxdb> - A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - Listing
Visibility string - Specifies whether to show this mount in the UI-specific listing endpoint
- Local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- Mongodbatlas
List<Secrets
Mount Mongodbatla> - A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - Mongodbs
List<Secrets
Mount Mongodb> - A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - Mssqls
List<Secrets
Mount Mssql> - A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - Mysql
Auroras List<SecretsMount Mysql Aurora> - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - Mysql
Legacies List<SecretsMount Mysql Legacy> - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - Mysql
Rds List<SecretsMount Mysql Rd> - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - Mysqls
List<Secrets
Mount Mysql> - A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - Namespace string
- Target namespace. (requires Enterprise)
- Options Dictionary<string, string>
- Specifies mount type specific options that are passed to the backend
- Oracles
List<Secrets
Mount Oracle> - A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - Passthrough
Request List<string>Headers - List of headers to allow and pass from the request to the plugin
- Path string
- Where the secret backend will be mounted
- Plugin
Version string - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- Postgresqls
List<Secrets
Mount Postgresql> - A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - Redis
List<Secrets
Mount Redi> - A nested block containing configuration options for Redis connections.
See Configuration Options for more info - Redis
Elasticaches List<SecretsMount Redis Elasticach> - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - Redshifts
List<Secrets
Mount Redshift> - A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - Seal
Wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- Snowflakes
List<Secrets
Mount Snowflake> - A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
- Accessor string
- Accessor of the mount
- Allowed
Managed []stringKeys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- Allowed
Response []stringHeaders - List of headers to allow and pass from the request to the plugin
- Audit
Non []stringHmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non []stringHmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Cassandras
[]Secrets
Mount Cassandra Args - A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - Couchbases
[]Secrets
Mount Couchbase Args - A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - Default
Lease intTtl Seconds - Default lease duration for tokens and secrets in seconds
- Delegated
Auth []stringAccessors - List of headers to allow and pass from the request to the plugin
- Description string
- Human-friendly description of the mount
- Elasticsearches
[]Secrets
Mount Elasticsearch Args - A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - Engine
Count int - The total number of database secrets engines configured.
- External
Entropy boolAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- Hanas
[]Secrets
Mount Hana Args - A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - Identity
Token stringKey - The key to use for signing plugin workload identity tokens
- Influxdbs
[]Secrets
Mount Influxdb Args - A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - Listing
Visibility string - Specifies whether to show this mount in the UI-specific listing endpoint
- Local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- Max
Lease intTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- Mongodbatlas
[]Secrets
Mount Mongodbatla Args - A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - Mongodbs
[]Secrets
Mount Mongodb Args - A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - Mssqls
[]Secrets
Mount Mssql Args - A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - Mysql
Auroras []SecretsMount Mysql Aurora Args - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - Mysql
Legacies []SecretsMount Mysql Legacy Args - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - Mysql
Rds []SecretsMount Mysql Rd Args - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - Mysqls
[]Secrets
Mount Mysql Args - A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - Namespace string
- Target namespace. (requires Enterprise)
- Options map[string]string
- Specifies mount type specific options that are passed to the backend
- Oracles
[]Secrets
Mount Oracle Args - A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - Passthrough
Request []stringHeaders - List of headers to allow and pass from the request to the plugin
- Path string
- Where the secret backend will be mounted
- Plugin
Version string - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- Postgresqls
[]Secrets
Mount Postgresql Args - A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - Redis
[]Secrets
Mount Redi Args - A nested block containing configuration options for Redis connections.
See Configuration Options for more info - Redis
Elasticaches []SecretsMount Redis Elasticach Args - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - Redshifts
[]Secrets
Mount Redshift Args - A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - Seal
Wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- Snowflakes
[]Secrets
Mount Snowflake Args - A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
- accessor String
- Accessor of the mount
- allowed
Managed List<String>Keys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- allowed
Response List<String>Headers - List of headers to allow and pass from the request to the plugin
- audit
Non List<String>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- cassandras
List<Secrets
Mount Cassandra> - A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - couchbases
List<Secrets
Mount Couchbase> - A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - default
Lease IntegerTtl Seconds - Default lease duration for tokens and secrets in seconds
- delegated
Auth List<String>Accessors - List of headers to allow and pass from the request to the plugin
- description String
- Human-friendly description of the mount
- elasticsearches
List<Secrets
Mount Elasticsearch> - A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - engine
Count Integer - The total number of database secrets engines configured.
- external
Entropy BooleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- hanas
List<Secrets
Mount Hana> - A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - identity
Token StringKey - The key to use for signing plugin workload identity tokens
- influxdbs
List<Secrets
Mount Influxdb> - A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - listing
Visibility String - Specifies whether to show this mount in the UI-specific listing endpoint
- local Boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease IntegerTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- mongodbatlas
List<Secrets
Mount Mongodbatla> - A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - mongodbs
List<Secrets
Mount Mongodb> - A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - mssqls
List<Secrets
Mount Mssql> - A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - mysql
Auroras List<SecretsMount Mysql Aurora> - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - mysql
Legacies List<SecretsMount Mysql Legacy> - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - mysql
Rds List<SecretsMount Mysql Rd> - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - mysqls
List<Secrets
Mount Mysql> - A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - namespace String
- Target namespace. (requires Enterprise)
- options Map<String,String>
- Specifies mount type specific options that are passed to the backend
- oracles
List<Secrets
Mount Oracle> - A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - passthrough
Request List<String>Headers - List of headers to allow and pass from the request to the plugin
- path String
- Where the secret backend will be mounted
- plugin
Version String - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- postgresqls
List<Secrets
Mount Postgresql> - A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - redis
List<Secrets
Mount Redi> - A nested block containing configuration options for Redis connections.
See Configuration Options for more info - redis
Elasticaches List<SecretsMount Redis Elasticach> - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - redshifts
List<Secrets
Mount Redshift> - A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - seal
Wrap Boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- snowflakes
List<Secrets
Mount Snowflake> - A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
- accessor string
- Accessor of the mount
- allowed
Managed string[]Keys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- allowed
Response string[]Headers - List of headers to allow and pass from the request to the plugin
- audit
Non string[]Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non string[]Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- cassandras
Secrets
Mount Cassandra[] - A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - couchbases
Secrets
Mount Couchbase[] - A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - default
Lease numberTtl Seconds - Default lease duration for tokens and secrets in seconds
- delegated
Auth string[]Accessors - List of headers to allow and pass from the request to the plugin
- description string
- Human-friendly description of the mount
- elasticsearches
Secrets
Mount Elasticsearch[] - A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - engine
Count number - The total number of database secrets engines configured.
- external
Entropy booleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- hanas
Secrets
Mount Hana[] - A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - identity
Token stringKey - The key to use for signing plugin workload identity tokens
- influxdbs
Secrets
Mount Influxdb[] - A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - listing
Visibility string - Specifies whether to show this mount in the UI-specific listing endpoint
- local boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease numberTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- mongodbatlas
Secrets
Mount Mongodbatla[] - A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - mongodbs
Secrets
Mount Mongodb[] - A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - mssqls
Secrets
Mount Mssql[] - A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - mysql
Auroras SecretsMount Mysql Aurora[] - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - mysql
Legacies SecretsMount Mysql Legacy[] - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - mysql
Rds SecretsMount Mysql Rd[] - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - mysqls
Secrets
Mount Mysql[] - A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - namespace string
- Target namespace. (requires Enterprise)
- options {[key: string]: string}
- Specifies mount type specific options that are passed to the backend
- oracles
Secrets
Mount Oracle[] - A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - passthrough
Request string[]Headers - List of headers to allow and pass from the request to the plugin
- path string
- Where the secret backend will be mounted
- plugin
Version string - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- postgresqls
Secrets
Mount Postgresql[] - A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - redis
Secrets
Mount Redi[] - A nested block containing configuration options for Redis connections.
See Configuration Options for more info - redis
Elasticaches SecretsMount Redis Elasticach[] - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - redshifts
Secrets
Mount Redshift[] - A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - seal
Wrap boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- snowflakes
Secrets
Mount Snowflake[] - A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
- accessor str
- Accessor of the mount
- allowed_
managed_ Sequence[str]keys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- allowed_
response_ Sequence[str]headers - List of headers to allow and pass from the request to the plugin
- audit_
non_ Sequence[str]hmac_ request_ keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit_
non_ Sequence[str]hmac_ response_ keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- cassandras
Sequence[Secrets
Mount Cassandra Args] - A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - couchbases
Sequence[Secrets
Mount Couchbase Args] - A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - default_
lease_ intttl_ seconds - Default lease duration for tokens and secrets in seconds
- delegated_
auth_ Sequence[str]accessors - List of headers to allow and pass from the request to the plugin
- description str
- Human-friendly description of the mount
- elasticsearches
Sequence[Secrets
Mount Elasticsearch Args] - A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - engine_
count int - The total number of database secrets engines configured.
- external_
entropy_ boolaccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- hanas
Sequence[Secrets
Mount Hana Args] - A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - identity_
token_ strkey - The key to use for signing plugin workload identity tokens
- influxdbs
Sequence[Secrets
Mount Influxdb Args] - A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - listing_
visibility str - Specifies whether to show this mount in the UI-specific listing endpoint
- local bool
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max_
lease_ intttl_ seconds - Maximum possible lease duration for tokens and secrets in seconds
- mongodbatlas
Sequence[Secrets
Mount Mongodbatla Args] - A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - mongodbs
Sequence[Secrets
Mount Mongodb Args] - A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - mssqls
Sequence[Secrets
Mount Mssql Args] - A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - mysql_
auroras Sequence[SecretsMount Mysql Aurora Args] - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - mysql_
legacies Sequence[SecretsMount Mysql Legacy Args] - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - mysql_
rds Sequence[SecretsMount Mysql Rd Args] - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - mysqls
Sequence[Secrets
Mount Mysql Args] - A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - namespace str
- Target namespace. (requires Enterprise)
- options Mapping[str, str]
- Specifies mount type specific options that are passed to the backend
- oracles
Sequence[Secrets
Mount Oracle Args] - A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - passthrough_
request_ Sequence[str]headers - List of headers to allow and pass from the request to the plugin
- path str
- Where the secret backend will be mounted
- plugin_
version str - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- postgresqls
Sequence[Secrets
Mount Postgresql Args] - A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - redis
Sequence[Secrets
Mount Redi Args] - A nested block containing configuration options for Redis connections.
See Configuration Options for more info - redis_
elasticaches Sequence[SecretsMount Redis Elasticach Args] - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - redshifts
Sequence[Secrets
Mount Redshift Args] - A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - seal_
wrap bool - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- snowflakes
Sequence[Secrets
Mount Snowflake Args] - A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
- accessor String
- Accessor of the mount
- allowed
Managed List<String>Keys Set of managed key registry entry names that the mount in question is allowed to access
The following arguments are common to all database engines:
- allowed
Response List<String>Headers - List of headers to allow and pass from the request to the plugin
- audit
Non List<String>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- cassandras List<Property Map>
- A nested block containing configuration options for Cassandra connections.
See Configuration Options for more info - couchbases List<Property Map>
- A nested block containing configuration options for Couchbase connections.
See Configuration Options for more info - default
Lease NumberTtl Seconds - Default lease duration for tokens and secrets in seconds
- delegated
Auth List<String>Accessors - List of headers to allow and pass from the request to the plugin
- description String
- Human-friendly description of the mount
- elasticsearches List<Property Map>
- A nested block containing configuration options for Elasticsearch connections.
See Configuration Options for more info - engine
Count Number - The total number of database secrets engines configured.
- external
Entropy BooleanAccess - Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
- hanas List<Property Map>
- A nested block containing configuration options for SAP HanaDB connections.
See Configuration Options for more info - identity
Token StringKey - The key to use for signing plugin workload identity tokens
- influxdbs List<Property Map>
- A nested block containing configuration options for InfluxDB connections.
See Configuration Options for more info - listing
Visibility String - Specifies whether to show this mount in the UI-specific listing endpoint
- local Boolean
- Boolean flag that can be explicitly set to true to enforce local mount in HA environment
- max
Lease NumberTtl Seconds - Maximum possible lease duration for tokens and secrets in seconds
- mongodbatlas List<Property Map>
- A nested block containing configuration options for MongoDB Atlas connections.
See Configuration Options for more info - mongodbs List<Property Map>
- A nested block containing configuration options for MongoDB connections.
See Configuration Options for more info - mssqls List<Property Map>
- A nested block containing configuration options for MSSQL connections.
See Configuration Options for more info - mysql
Auroras List<Property Map> - A nested block containing configuration options for Aurora MySQL connections.
See Configuration Options for more info - mysql
Legacies List<Property Map> - A nested block containing configuration options for legacy MySQL connections.
See Configuration Options for more info - mysql
Rds List<Property Map> - A nested block containing configuration options for RDS MySQL connections.
See Configuration Options for more info - mysqls List<Property Map>
- A nested block containing configuration options for MySQL connections.
See Configuration Options for more info - namespace String
- Target namespace. (requires Enterprise)
- options Map<String>
- Specifies mount type specific options that are passed to the backend
- oracles List<Property Map>
- A nested block containing configuration options for Oracle connections.
See Configuration Options for more info - passthrough
Request List<String>Headers - List of headers to allow and pass from the request to the plugin
- path String
- Where the secret backend will be mounted
- plugin
Version String - Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
- postgresqls List<Property Map>
- A nested block containing configuration options for PostgreSQL connections.
See Configuration Options for more info - redis List<Property Map>
- A nested block containing configuration options for Redis connections.
See Configuration Options for more info - redis
Elasticaches List<Property Map> - A nested block containing configuration options for Redis ElastiCache connections.
See Configuration Options for more info - redshifts List<Property Map>
- A nested block containing configuration options for AWS Redshift connections.
See Configuration Options for more info - seal
Wrap Boolean - Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
- snowflakes List<Property Map>
- A nested block containing configuration options for Snowflake connections.
See Configuration Options for more info
Supporting Types
SecretsMountCassandra, SecretsMountCassandraArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Connect
Timeout int - The number of seconds to use as a connection timeout.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Hosts List<string>
- Cassandra hosts to connect to.
- Insecure
Tls bool - Whether to skip verification of the server certificate when using TLS.
- Password string
- The password to use when authenticating with Cassandra.
- Pem
Bundle string - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- Pem
Json string - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- Plugin
Name string - Specifies the name of the plugin to use.
- Port int
- The transport port to use to connect to Cassandra.
- Protocol
Version int - The CQL protocol version to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Skip
Verification bool - Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
- Tls bool
- Whether to use TLS when connecting to Cassandra.
- Username string
- The username to use when authenticating with Cassandra.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Connect
Timeout int - The number of seconds to use as a connection timeout.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Hosts []string
- Cassandra hosts to connect to.
- Insecure
Tls bool - Whether to skip verification of the server certificate when using TLS.
- Password string
- The password to use when authenticating with Cassandra.
- Pem
Bundle string - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- Pem
Json string - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- Plugin
Name string - Specifies the name of the plugin to use.
- Port int
- The transport port to use to connect to Cassandra.
- Protocol
Version int - The CQL protocol version to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Skip
Verification bool - Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
- Tls bool
- Whether to use TLS when connecting to Cassandra.
- Username string
- The username to use when authenticating with Cassandra.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connect
Timeout Integer - The number of seconds to use as a connection timeout.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- hosts List<String>
- Cassandra hosts to connect to.
- insecure
Tls Boolean - Whether to skip verification of the server certificate when using TLS.
- password String
- The password to use when authenticating with Cassandra.
- pem
Bundle String - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- pem
Json String - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- plugin
Name String - Specifies the name of the plugin to use.
- port Integer
- The transport port to use to connect to Cassandra.
- protocol
Version Integer - The CQL protocol version to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- skip
Verification Boolean - Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
- tls Boolean
- Whether to use TLS when connecting to Cassandra.
- username String
- The username to use when authenticating with Cassandra.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- connect
Timeout number - The number of seconds to use as a connection timeout.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- hosts string[]
- Cassandra hosts to connect to.
- insecure
Tls boolean - Whether to skip verification of the server certificate when using TLS.
- password string
- The password to use when authenticating with Cassandra.
- pem
Bundle string - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- pem
Json string - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- plugin
Name string - Specifies the name of the plugin to use.
- port number
- The transport port to use to connect to Cassandra.
- protocol
Version number - The CQL protocol version to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- skip
Verification boolean - Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
- tls boolean
- Whether to use TLS when connecting to Cassandra.
- username string
- The username to use when authenticating with Cassandra.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- connect_
timeout int - The number of seconds to use as a connection timeout.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- hosts Sequence[str]
- Cassandra hosts to connect to.
- insecure_
tls bool - Whether to skip verification of the server certificate when using TLS.
- password str
- The password to use when authenticating with Cassandra.
- pem_
bundle str - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- pem_
json str - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- plugin_
name str - Specifies the name of the plugin to use.
- port int
- The transport port to use to connect to Cassandra.
- protocol_
version int - The CQL protocol version to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- skip_
verification bool - Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
- tls bool
- Whether to use TLS when connecting to Cassandra.
- username str
- The username to use when authenticating with Cassandra.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connect
Timeout Number - The number of seconds to use as a connection timeout.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- hosts List<String>
- Cassandra hosts to connect to.
- insecure
Tls Boolean - Whether to skip verification of the server certificate when using TLS.
- password String
- The password to use when authenticating with Cassandra.
- pem
Bundle String - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- pem
Json String - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- plugin
Name String - Specifies the name of the plugin to use.
- port Number
- The transport port to use to connect to Cassandra.
- protocol
Version Number - The CQL protocol version to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- skip
Verification Boolean - Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
- tls Boolean
- Whether to use TLS when connecting to Cassandra.
- username String
- The username to use when authenticating with Cassandra.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountCouchbase, SecretsMountCouchbaseArgs
- Hosts List<string>
- A set of Couchbase URIs to connect to. Must use
couchbases://
scheme iftls
istrue
. - Name string
- Name of the database connection.
- Password string
- Specifies the password corresponding to the given username.
- Username string
- Specifies the username for Vault to use.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Base64Pem string
- Required if
tls
istrue
. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded. - Bucket
Name string - Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Insecure
Tls bool - Specifies whether to skip verification of the server certificate when using TLS.
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Tls bool
- Specifies whether to use TLS when connecting to Couchbase.
- Username
Template string - Template describing how dynamic usernames are generated.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Hosts []string
- A set of Couchbase URIs to connect to. Must use
couchbases://
scheme iftls
istrue
. - Name string
- Name of the database connection.
- Password string
- Specifies the password corresponding to the given username.
- Username string
- Specifies the username for Vault to use.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Base64Pem string
- Required if
tls
istrue
. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded. - Bucket
Name string - Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Insecure
Tls bool - Specifies whether to skip verification of the server certificate when using TLS.
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Tls bool
- Specifies whether to use TLS when connecting to Couchbase.
- Username
Template string - Template describing how dynamic usernames are generated.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- hosts List<String>
- A set of Couchbase URIs to connect to. Must use
couchbases://
scheme iftls
istrue
. - name String
- Name of the database connection.
- password String
- Specifies the password corresponding to the given username.
- username String
- Specifies the username for Vault to use.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- base64Pem String
- Required if
tls
istrue
. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded. - bucket
Name String - Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure
Tls Boolean - Specifies whether to skip verification of the server certificate when using TLS.
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls Boolean
- Specifies whether to use TLS when connecting to Couchbase.
- username
Template String - Template describing how dynamic usernames are generated.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- hosts string[]
- A set of Couchbase URIs to connect to. Must use
couchbases://
scheme iftls
istrue
. - name string
- Name of the database connection.
- password string
- Specifies the password corresponding to the given username.
- username string
- Specifies the username for Vault to use.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- base64Pem string
- Required if
tls
istrue
. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded. - bucket
Name string - Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure
Tls boolean - Specifies whether to skip verification of the server certificate when using TLS.
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls boolean
- Specifies whether to use TLS when connecting to Couchbase.
- username
Template string - Template describing how dynamic usernames are generated.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- hosts Sequence[str]
- A set of Couchbase URIs to connect to. Must use
couchbases://
scheme iftls
istrue
. - name str
- Name of the database connection.
- password str
- Specifies the password corresponding to the given username.
- username str
- Specifies the username for Vault to use.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- base64_
pem str - Required if
tls
istrue
. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded. - bucket_
name str - Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure_
tls bool - Specifies whether to skip verification of the server certificate when using TLS.
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- tls bool
- Specifies whether to use TLS when connecting to Couchbase.
- username_
template str - Template describing how dynamic usernames are generated.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- hosts List<String>
- A set of Couchbase URIs to connect to. Must use
couchbases://
scheme iftls
istrue
. - name String
- Name of the database connection.
- password String
- Specifies the password corresponding to the given username.
- username String
- Specifies the username for Vault to use.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- base64Pem String
- Required if
tls
istrue
. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded. - bucket
Name String - Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure
Tls Boolean - Specifies whether to skip verification of the server certificate when using TLS.
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls Boolean
- Specifies whether to use TLS when connecting to Couchbase.
- username
Template String - Template describing how dynamic usernames are generated.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountElasticsearch, SecretsMountElasticsearchArgs
- Name string
- Name of the database connection.
- Password string
- The password to be used in the connection URL
- Url string
- The URL for Elasticsearch's API
- Username string
- The username to be used in the connection URL
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Ca
Cert string - The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity
- Ca
Path string - The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity
- Client
Cert string - The path to the certificate for the Elasticsearch client to present for communication
- Client
Key string - The path to the key for the Elasticsearch client to use for communication
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Insecure bool
- Whether to disable certificate verification
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Tls
Server stringName - This, if set, is used to set the SNI host when connecting via TLS
- Username
Template string - Template describing how dynamic usernames are generated.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Password string
- The password to be used in the connection URL
- Url string
- The URL for Elasticsearch's API
- Username string
- The username to be used in the connection URL
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Ca
Cert string - The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity
- Ca
Path string - The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity
- Client
Cert string - The path to the certificate for the Elasticsearch client to present for communication
- Client
Key string - The path to the key for the Elasticsearch client to use for communication
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Insecure bool
- Whether to disable certificate verification
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Tls
Server stringName - This, if set, is used to set the SNI host when connecting via TLS
- Username
Template string - Template describing how dynamic usernames are generated.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- password String
- The password to be used in the connection URL
- url String
- The URL for Elasticsearch's API
- username String
- The username to be used in the connection URL
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- ca
Cert String - The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity
- ca
Path String - The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity
- client
Cert String - The path to the certificate for the Elasticsearch client to present for communication
- client
Key String - The path to the key for the Elasticsearch client to use for communication
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure Boolean
- Whether to disable certificate verification
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls
Server StringName - This, if set, is used to set the SNI host when connecting via TLS
- username
Template String - Template describing how dynamic usernames are generated.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- password string
- The password to be used in the connection URL
- url string
- The URL for Elasticsearch's API
- username string
- The username to be used in the connection URL
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- ca
Cert string - The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity
- ca
Path string - The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity
- client
Cert string - The path to the certificate for the Elasticsearch client to present for communication
- client
Key string - The path to the key for the Elasticsearch client to use for communication
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure boolean
- Whether to disable certificate verification
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls
Server stringName - This, if set, is used to set the SNI host when connecting via TLS
- username
Template string - Template describing how dynamic usernames are generated.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- password str
- The password to be used in the connection URL
- url str
- The URL for Elasticsearch's API
- username str
- The username to be used in the connection URL
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- ca_
cert str - The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity
- ca_
path str - The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity
- client_
cert str - The path to the certificate for the Elasticsearch client to present for communication
- client_
key str - The path to the key for the Elasticsearch client to use for communication
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure bool
- Whether to disable certificate verification
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- tls_
server_ strname - This, if set, is used to set the SNI host when connecting via TLS
- username_
template str - Template describing how dynamic usernames are generated.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- password String
- The password to be used in the connection URL
- url String
- The URL for Elasticsearch's API
- username String
- The username to be used in the connection URL
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- ca
Cert String - The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity
- ca
Path String - The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity
- client
Cert String - The path to the certificate for the Elasticsearch client to present for communication
- client
Key String - The path to the key for the Elasticsearch client to use for communication
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure Boolean
- Whether to disable certificate verification
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls
Server StringName - This, if set, is used to set the SNI host when connecting via TLS
- username
Template String - Template describing how dynamic usernames are generated.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountHana, SecretsMountHanaArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Disable
Escaping bool - Disable special character escaping in username and password
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The root credential username used in the connection URL
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Disable
Escaping bool - Disable special character escaping in username and password
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The root credential username used in the connection URL
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping Boolean - Disable special character escaping in username and password
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The root credential username used in the connection URL
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- connection
Url string - Connection string to use to connect to the database.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping boolean - Disable special character escaping in username and password
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- username string
- The root credential username used in the connection URL
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- connection_
url str - Connection string to use to connect to the database.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable_
escaping bool - Disable special character escaping in username and password
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- username str
- The root credential username used in the connection URL
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping Boolean - Disable special character escaping in username and password
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The root credential username used in the connection URL
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountInfluxdb, SecretsMountInfluxdbArgs
- Host string
- Influxdb host to connect to.
- Name string
- Name of the database connection.
- Password string
- Specifies the password corresponding to the given username.
- Username string
- Specifies the username to use for superuser access.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Connect
Timeout int - The number of seconds to use as a connection timeout.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Insecure
Tls bool - Whether to skip verification of the server certificate when using TLS.
- Pem
Bundle string - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- Pem
Json string - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- Plugin
Name string - Specifies the name of the plugin to use.
- Port int
- The transport port to use to connect to Influxdb.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Tls bool
- Whether to use TLS when connecting to Influxdb.
- Username
Template string - Template describing how dynamic usernames are generated.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Host string
- Influxdb host to connect to.
- Name string
- Name of the database connection.
- Password string
- Specifies the password corresponding to the given username.
- Username string
- Specifies the username to use for superuser access.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Connect
Timeout int - The number of seconds to use as a connection timeout.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Insecure
Tls bool - Whether to skip verification of the server certificate when using TLS.
- Pem
Bundle string - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- Pem
Json string - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- Plugin
Name string - Specifies the name of the plugin to use.
- Port int
- The transport port to use to connect to Influxdb.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Tls bool
- Whether to use TLS when connecting to Influxdb.
- Username
Template string - Template describing how dynamic usernames are generated.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- host String
- Influxdb host to connect to.
- name String
- Name of the database connection.
- password String
- Specifies the password corresponding to the given username.
- username String
- Specifies the username to use for superuser access.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connect
Timeout Integer - The number of seconds to use as a connection timeout.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure
Tls Boolean - Whether to skip verification of the server certificate when using TLS.
- pem
Bundle String - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- pem
Json String - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- plugin
Name String - Specifies the name of the plugin to use.
- port Integer
- The transport port to use to connect to Influxdb.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls Boolean
- Whether to use TLS when connecting to Influxdb.
- username
Template String - Template describing how dynamic usernames are generated.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- host string
- Influxdb host to connect to.
- name string
- Name of the database connection.
- password string
- Specifies the password corresponding to the given username.
- username string
- Specifies the username to use for superuser access.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- connect
Timeout number - The number of seconds to use as a connection timeout.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure
Tls boolean - Whether to skip verification of the server certificate when using TLS.
- pem
Bundle string - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- pem
Json string - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- plugin
Name string - Specifies the name of the plugin to use.
- port number
- The transport port to use to connect to Influxdb.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls boolean
- Whether to use TLS when connecting to Influxdb.
- username
Template string - Template describing how dynamic usernames are generated.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- host str
- Influxdb host to connect to.
- name str
- Name of the database connection.
- password str
- Specifies the password corresponding to the given username.
- username str
- Specifies the username to use for superuser access.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- connect_
timeout int - The number of seconds to use as a connection timeout.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure_
tls bool - Whether to skip verification of the server certificate when using TLS.
- pem_
bundle str - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- pem_
json str - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- plugin_
name str - Specifies the name of the plugin to use.
- port int
- The transport port to use to connect to Influxdb.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- tls bool
- Whether to use TLS when connecting to Influxdb.
- username_
template str - Template describing how dynamic usernames are generated.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- host String
- Influxdb host to connect to.
- name String
- Name of the database connection.
- password String
- Specifies the password corresponding to the given username.
- username String
- Specifies the username to use for superuser access.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connect
Timeout Number - The number of seconds to use as a connection timeout.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure
Tls Boolean - Whether to skip verification of the server certificate when using TLS.
- pem
Bundle String - Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- pem
Json String - Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
- plugin
Name String - Specifies the name of the plugin to use.
- port Number
- The transport port to use to connect to Influxdb.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls Boolean
- Whether to use TLS when connecting to Influxdb.
- username
Template String - Template describing how dynamic usernames are generated.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountMongodb, SecretsMountMongodbArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- connection
Url string - Connection string to use to connect to the database.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- username string
- The root credential username used in the connection URL
- username
Template string - Username generation template.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- connection_
url str - Connection string to use to connect to the database.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- username str
- The root credential username used in the connection URL
- username_
template str - Username generation template.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountMongodbatla, SecretsMountMongodbatlaArgs
- Name string
- Name of the database connection.
- Private
Key string - The Private Programmatic API Key used to connect with MongoDB Atlas API.
- Project
Id string - The Project ID the Database User should be created within.
- Public
Key string - The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Private
Key string - The Private Programmatic API Key used to connect with MongoDB Atlas API.
- Project
Id string - The Project ID the Database User should be created within.
- Public
Key string - The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- private
Key String - The Private Programmatic API Key used to connect with MongoDB Atlas API.
- project
Id String - The Project ID the Database User should be created within.
- public
Key String - The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- private
Key string - The Private Programmatic API Key used to connect with MongoDB Atlas API.
- project
Id string - The Project ID the Database User should be created within.
- public
Key string - The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- private_
key str - The Private Programmatic API Key used to connect with MongoDB Atlas API.
- project_
id str - The Project ID the Database User should be created within.
- public_
key str - The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- private
Key String - The Private Programmatic API Key used to connect with MongoDB Atlas API.
- project
Id String - The Project ID the Database User should be created within.
- public
Key String - The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountMssql, SecretsMountMssqlArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Contained
Db bool - Set to true when the target is a Contained Database, e.g. AzureSQL.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Disable
Escaping bool - Disable special character escaping in username and password
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Contained
Db bool - Set to true when the target is a Contained Database, e.g. AzureSQL.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Disable
Escaping bool - Disable special character escaping in username and password
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- contained
Db Boolean - Set to true when the target is a Contained Database, e.g. AzureSQL.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping Boolean - Disable special character escaping in username and password
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- connection
Url string - Connection string to use to connect to the database.
- contained
Db boolean - Set to true when the target is a Contained Database, e.g. AzureSQL.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping boolean - Disable special character escaping in username and password
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- username string
- The root credential username used in the connection URL
- username
Template string - Username generation template.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- connection_
url str - Connection string to use to connect to the database.
- contained_
db bool - Set to true when the target is a Contained Database, e.g. AzureSQL.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable_
escaping bool - Disable special character escaping in username and password
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- username str
- The root credential username used in the connection URL
- username_
template str - Username generation template.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- contained
Db Boolean - Set to true when the target is a Contained Database, e.g. AzureSQL.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping Boolean - Disable special character escaping in username and password
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountMysql, SecretsMountMysqlArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- Connection
Url string - Connection string to use to connect to the database.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Service
Account stringJson - A JSON encoded credential for use with IAM authorization
- Tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- Tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- Connection
Url string - Connection string to use to connect to the database.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Service
Account stringJson - A JSON encoded credential for use with IAM authorization
- Tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- Tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- auth
Type String - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url String - Connection string to use to connect to the database.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account StringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca String - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate StringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url string - Connection string to use to connect to the database.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account stringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username string
- The root credential username used in the connection URL
- username
Template string - Username generation template.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- auth_
type str - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection_
url str - Connection string to use to connect to the database.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- service_
account_ strjson - A JSON encoded credential for use with IAM authorization
- tls_
ca str - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls_
certificate_ strkey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username str
- The root credential username used in the connection URL
- username_
template str - Username generation template.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- auth
Type String - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url String - Connection string to use to connect to the database.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account StringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca String - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate StringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountMysqlAurora, SecretsMountMysqlAuroraArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- Connection
Url string - Connection string to use to connect to the database.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Service
Account stringJson - A JSON encoded credential for use with IAM authorization
- Tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- Tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- Connection
Url string - Connection string to use to connect to the database.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Service
Account stringJson - A JSON encoded credential for use with IAM authorization
- Tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- Tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- auth
Type String - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url String - Connection string to use to connect to the database.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account StringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca String - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate StringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url string - Connection string to use to connect to the database.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account stringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username string
- The root credential username used in the connection URL
- username
Template string - Username generation template.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- auth_
type str - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection_
url str - Connection string to use to connect to the database.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- service_
account_ strjson - A JSON encoded credential for use with IAM authorization
- tls_
ca str - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls_
certificate_ strkey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username str
- The root credential username used in the connection URL
- username_
template str - Username generation template.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- auth
Type String - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url String - Connection string to use to connect to the database.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account StringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca String - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate StringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountMysqlLegacy, SecretsMountMysqlLegacyArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- Connection
Url string - Connection string to use to connect to the database.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Service
Account stringJson - A JSON encoded credential for use with IAM authorization
- Tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- Tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- Connection
Url string - Connection string to use to connect to the database.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Service
Account stringJson - A JSON encoded credential for use with IAM authorization
- Tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- Tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- auth
Type String - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url String - Connection string to use to connect to the database.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account StringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca String - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate StringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url string - Connection string to use to connect to the database.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account stringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username string
- The root credential username used in the connection URL
- username
Template string - Username generation template.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- auth_
type str - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection_
url str - Connection string to use to connect to the database.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- service_
account_ strjson - A JSON encoded credential for use with IAM authorization
- tls_
ca str - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls_
certificate_ strkey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username str
- The root credential username used in the connection URL
- username_
template str - Username generation template.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- auth
Type String - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url String - Connection string to use to connect to the database.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account StringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca String - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate StringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountMysqlRd, SecretsMountMysqlRdArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- Connection
Url string - Connection string to use to connect to the database.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Service
Account stringJson - A JSON encoded credential for use with IAM authorization
- Tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- Tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- Connection
Url string - Connection string to use to connect to the database.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Service
Account stringJson - A JSON encoded credential for use with IAM authorization
- Tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- Tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- auth
Type String - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url String - Connection string to use to connect to the database.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account StringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca String - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate StringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url string - Connection string to use to connect to the database.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account stringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca string - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate stringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username string
- The root credential username used in the connection URL
- username
Template string - Username generation template.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- auth_
type str - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection_
url str - Connection string to use to connect to the database.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- service_
account_ strjson - A JSON encoded credential for use with IAM authorization
- tls_
ca str - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls_
certificate_ strkey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username str
- The root credential username used in the connection URL
- username_
template str - Username generation template.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- auth
Type String - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url String - Connection string to use to connect to the database.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- service
Account StringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca String - x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
- tls
Certificate StringKey - x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountOracle, SecretsMountOracleArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Disconnect
Sessions bool - Set to true to disconnect any open sessions prior to running the revocation statements.
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Split
Statements bool - Set to true in order to split statements after semi-colons.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Disconnect
Sessions bool - Set to true to disconnect any open sessions prior to running the revocation statements.
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Split
Statements bool - Set to true in order to split statements after semi-colons.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disconnect
Sessions Boolean - Set to true to disconnect any open sessions prior to running the revocation statements.
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- split
Statements Boolean - Set to true in order to split statements after semi-colons.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- connection
Url string - Connection string to use to connect to the database.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disconnect
Sessions boolean - Set to true to disconnect any open sessions prior to running the revocation statements.
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- split
Statements boolean - Set to true in order to split statements after semi-colons.
- username string
- The root credential username used in the connection URL
- username
Template string - Username generation template.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- connection_
url str - Connection string to use to connect to the database.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disconnect_
sessions bool - Set to true to disconnect any open sessions prior to running the revocation statements.
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- split_
statements bool - Set to true in order to split statements after semi-colons.
- username str
- The root credential username used in the connection URL
- username_
template str - Username generation template.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disconnect
Sessions Boolean - Set to true to disconnect any open sessions prior to running the revocation statements.
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- split
Statements Boolean - Set to true in order to split statements after semi-colons.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountPostgresql, SecretsMountPostgresqlArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- Connection
Url string - Connection string to use to connect to the database.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Disable
Escaping bool - Disable special character escaping in username and password
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Private
Key string - The secret key used for the x509 client certificate. Must be PEM encoded.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Self
Managed bool - If set, allows onboarding static roles with a rootless connection configuration.
- Service
Account stringJson - A JSON encoded credential for use with IAM authorization
- Tls
Ca string - The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
- Tls
Certificate string - The x509 client certificate for connecting to the database. Must be PEM encoded.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- Connection
Url string - Connection string to use to connect to the database.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Disable
Escaping bool - Disable special character escaping in username and password
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Private
Key string - The secret key used for the x509 client certificate. Must be PEM encoded.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Self
Managed bool - If set, allows onboarding static roles with a rootless connection configuration.
- Service
Account stringJson - A JSON encoded credential for use with IAM authorization
- Tls
Ca string - The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
- Tls
Certificate string - The x509 client certificate for connecting to the database. Must be PEM encoded.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- auth
Type String - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url String - Connection string to use to connect to the database.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping Boolean - Disable special character escaping in username and password
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- private
Key String - The secret key used for the x509 client certificate. Must be PEM encoded.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- self
Managed Boolean - If set, allows onboarding static roles with a rootless connection configuration.
- service
Account StringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca String - The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
- tls
Certificate String - The x509 client certificate for connecting to the database. Must be PEM encoded.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- auth
Type string - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url string - Connection string to use to connect to the database.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping boolean - Disable special character escaping in username and password
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- private
Key string - The secret key used for the x509 client certificate. Must be PEM encoded.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- self
Managed boolean - If set, allows onboarding static roles with a rootless connection configuration.
- service
Account stringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca string - The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
- tls
Certificate string - The x509 client certificate for connecting to the database. Must be PEM encoded.
- username string
- The root credential username used in the connection URL
- username
Template string - Username generation template.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- auth_
type str - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection_
url str - Connection string to use to connect to the database.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable_
escaping bool - Disable special character escaping in username and password
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- private_
key str - The secret key used for the x509 client certificate. Must be PEM encoded.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- self_
managed bool - If set, allows onboarding static roles with a rootless connection configuration.
- service_
account_ strjson - A JSON encoded credential for use with IAM authorization
- tls_
ca str - The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
- tls_
certificate str - The x509 client certificate for connecting to the database. Must be PEM encoded.
- username str
- The root credential username used in the connection URL
- username_
template str - Username generation template.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- auth
Type String - Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
- connection
Url String - Connection string to use to connect to the database.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping Boolean - Disable special character escaping in username and password
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- private
Key String - The secret key used for the x509 client certificate. Must be PEM encoded.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- self
Managed Boolean - If set, allows onboarding static roles with a rootless connection configuration.
- service
Account StringJson - A JSON encoded credential for use with IAM authorization
- tls
Ca String - The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
- tls
Certificate String - The x509 client certificate for connecting to the database. Must be PEM encoded.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountRedi, SecretsMountRediArgs
- Host string
- Specifies the host to connect to
- Name string
- Name of the database connection.
- Password string
- Specifies the password corresponding to the given username.
- Username string
- Specifies the username for Vault to use.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Ca
Cert string - The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Insecure
Tls bool - Specifies whether to skip verification of the server certificate when using TLS.
- Plugin
Name string - Specifies the name of the plugin to use.
- Port int
- The transport port to use to connect to Redis.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Tls bool
- Specifies whether to use TLS when connecting to Redis.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Host string
- Specifies the host to connect to
- Name string
- Name of the database connection.
- Password string
- Specifies the password corresponding to the given username.
- Username string
- Specifies the username for Vault to use.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Ca
Cert string - The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Insecure
Tls bool - Specifies whether to skip verification of the server certificate when using TLS.
- Plugin
Name string - Specifies the name of the plugin to use.
- Port int
- The transport port to use to connect to Redis.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Tls bool
- Specifies whether to use TLS when connecting to Redis.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- host String
- Specifies the host to connect to
- name String
- Name of the database connection.
- password String
- Specifies the password corresponding to the given username.
- username String
- Specifies the username for Vault to use.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- ca
Cert String - The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure
Tls Boolean - Specifies whether to skip verification of the server certificate when using TLS.
- plugin
Name String - Specifies the name of the plugin to use.
- port Integer
- The transport port to use to connect to Redis.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls Boolean
- Specifies whether to use TLS when connecting to Redis.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- host string
- Specifies the host to connect to
- name string
- Name of the database connection.
- password string
- Specifies the password corresponding to the given username.
- username string
- Specifies the username for Vault to use.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- ca
Cert string - The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure
Tls boolean - Specifies whether to skip verification of the server certificate when using TLS.
- plugin
Name string - Specifies the name of the plugin to use.
- port number
- The transport port to use to connect to Redis.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls boolean
- Specifies whether to use TLS when connecting to Redis.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- host str
- Specifies the host to connect to
- name str
- Name of the database connection.
- password str
- Specifies the password corresponding to the given username.
- username str
- Specifies the username for Vault to use.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- ca_
cert str - The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure_
tls bool - Specifies whether to skip verification of the server certificate when using TLS.
- plugin_
name str - Specifies the name of the plugin to use.
- port int
- The transport port to use to connect to Redis.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- tls bool
- Specifies whether to use TLS when connecting to Redis.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- host String
- Specifies the host to connect to
- name String
- Name of the database connection.
- password String
- Specifies the password corresponding to the given username.
- username String
- Specifies the username for Vault to use.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- ca
Cert String - The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- insecure
Tls Boolean - Specifies whether to skip verification of the server certificate when using TLS.
- plugin
Name String - Specifies the name of the plugin to use.
- port Number
- The transport port to use to connect to Redis.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- tls Boolean
- Specifies whether to use TLS when connecting to Redis.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountRedisElasticach, SecretsMountRedisElasticachArgs
- Name string
- Name of the database connection.
- Url string
- The configuration endpoint for the ElastiCache cluster to connect to.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Password string
- The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- Plugin
Name string - Specifies the name of the plugin to use.
- Region string
- The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Url string
- The configuration endpoint for the ElastiCache cluster to connect to.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Password string
- The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- Plugin
Name string - Specifies the name of the plugin to use.
- Region string
- The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- url String
- The configuration endpoint for the ElastiCache cluster to connect to.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- password String
- The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- plugin
Name String - Specifies the name of the plugin to use.
- region String
- The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- url string
- The configuration endpoint for the ElastiCache cluster to connect to.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- password string
- The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- plugin
Name string - Specifies the name of the plugin to use.
- region string
- The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- username string
- The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- url str
- The configuration endpoint for the ElastiCache cluster to connect to.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- password str
- The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- plugin_
name str - Specifies the name of the plugin to use.
- region str
- The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- username str
- The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- url String
- The configuration endpoint for the ElastiCache cluster to connect to.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- password String
- The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- plugin
Name String - Specifies the name of the plugin to use.
- region String
- The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountRedshift, SecretsMountRedshiftArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Disable
Escaping bool - Disable special character escaping in username and password
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Disable
Escaping bool - Disable special character escaping in username and password
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping Boolean - Disable special character escaping in username and password
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- connection
Url string - Connection string to use to connect to the database.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping boolean - Disable special character escaping in username and password
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- username string
- The root credential username used in the connection URL
- username
Template string - Username generation template.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- connection_
url str - Connection string to use to connect to the database.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable_
escaping bool - Disable special character escaping in username and password
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- username str
- The root credential username used in the connection URL
- username_
template str - Username generation template.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- disable
Escaping Boolean - Disable special character escaping in username and password
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
SecretsMountSnowflake, SecretsMountSnowflakeArgs
- Name string
- Name of the database connection.
- Allowed
Roles List<string> - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Data Dictionary<string, string>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation List<string>Statements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- Name string
- Name of the database connection.
- Allowed
Roles []string - A list of roles that are allowed to use this connection.
- Connection
Url string - Connection string to use to connect to the database.
- Data map[string]string
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- Max
Connection intLifetime - Maximum number of seconds a connection may be reused.
- Max
Idle intConnections - Maximum number of idle connections to the database.
- Max
Open intConnections - Maximum number of open connections to the database.
- Password string
- The root credential password used in the connection URL
- Plugin
Name string - Specifies the name of the plugin to use.
- Root
Rotation []stringStatements - A list of database statements to be executed to rotate the root user's credentials.
- Username string
- The root credential username used in the connection URL
- Username
Template string - Username generation template.
- Verify
Connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- data Map<String,String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection IntegerLifetime - Maximum number of seconds a connection may be reused.
- max
Idle IntegerConnections - Maximum number of idle connections to the database.
- max
Open IntegerConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
- name string
- Name of the database connection.
- allowed
Roles string[] - A list of roles that are allowed to use this connection.
- connection
Url string - Connection string to use to connect to the database.
- data {[key: string]: string}
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection numberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle numberConnections - Maximum number of idle connections to the database.
- max
Open numberConnections - Maximum number of open connections to the database.
- password string
- The root credential password used in the connection URL
- plugin
Name string - Specifies the name of the plugin to use.
- root
Rotation string[]Statements - A list of database statements to be executed to rotate the root user's credentials.
- username string
- The root credential username used in the connection URL
- username
Template string - Username generation template.
- verify
Connection boolean - Whether the connection should be verified on initial configuration or not.
- name str
- Name of the database connection.
- allowed_
roles Sequence[str] - A list of roles that are allowed to use this connection.
- connection_
url str - Connection string to use to connect to the database.
- data Mapping[str, str]
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max_
connection_ intlifetime - Maximum number of seconds a connection may be reused.
- max_
idle_ intconnections - Maximum number of idle connections to the database.
- max_
open_ intconnections - Maximum number of open connections to the database.
- password str
- The root credential password used in the connection URL
- plugin_
name str - Specifies the name of the plugin to use.
- root_
rotation_ Sequence[str]statements - A list of database statements to be executed to rotate the root user's credentials.
- username str
- The root credential username used in the connection URL
- username_
template str - Username generation template.
- verify_
connection bool - Whether the connection should be verified on initial configuration or not.
- name String
- Name of the database connection.
- allowed
Roles List<String> - A list of roles that are allowed to use this connection.
- connection
Url String - Connection string to use to connect to the database.
- data Map<String>
A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
Supported list of database secrets engines that can be configured:
- max
Connection NumberLifetime - Maximum number of seconds a connection may be reused.
- max
Idle NumberConnections - Maximum number of idle connections to the database.
- max
Open NumberConnections - Maximum number of open connections to the database.
- password String
- The root credential password used in the connection URL
- plugin
Name String - Specifies the name of the plugin to use.
- root
Rotation List<String>Statements - A list of database statements to be executed to rotate the root user's credentials.
- username String
- The root credential username used in the connection URL
- username
Template String - Username generation template.
- verify
Connection Boolean - Whether the connection should be verified on initial configuration or not.
Import
Database secret backend connections can be imported using the path
e.g.
$ pulumi import vault:database/secretsMount:SecretsMount db db
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.