1. Packages
  2. Pulumi Vault Provider
  3. API Docs
  4. pkiSecret
  5. SecretBackendKey
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

vault.pkiSecret.SecretBackendKey

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Creates a key on a PKI Secret Backend for Vault.

    Example Usage

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    resources:
      pki:
        type: vault:Mount
        properties:
          path: pki
          type: pki
          defaultLeaseTtlSeconds: 3600
          maxLeaseTtlSeconds: 86400
      key:
        type: vault:pkiSecret:SecretBackendKey
        properties:
          mount: ${pki.path}
          type: exported
          keyName: example-key
          keyType: rsa
          keyBits: '2048'
    

    Create SecretBackendKey Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new SecretBackendKey(name: string, args: SecretBackendKeyArgs, opts?: CustomResourceOptions);
    @overload
    def SecretBackendKey(resource_name: str,
                         args: SecretBackendKeyArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def SecretBackendKey(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         backend: Optional[str] = None,
                         type: Optional[str] = None,
                         key_bits: Optional[int] = None,
                         key_name: Optional[str] = None,
                         key_type: Optional[str] = None,
                         managed_key_id: Optional[str] = None,
                         managed_key_name: Optional[str] = None,
                         namespace: Optional[str] = None)
    func NewSecretBackendKey(ctx *Context, name string, args SecretBackendKeyArgs, opts ...ResourceOption) (*SecretBackendKey, error)
    public SecretBackendKey(string name, SecretBackendKeyArgs args, CustomResourceOptions? opts = null)
    public SecretBackendKey(String name, SecretBackendKeyArgs args)
    public SecretBackendKey(String name, SecretBackendKeyArgs args, CustomResourceOptions options)
    
    type: vault:pkiSecret:SecretBackendKey
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SecretBackendKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecretBackendKeyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecretBackendKeyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecretBackendKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecretBackendKeyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var secretBackendKeyResource = new Vault.PkiSecret.SecretBackendKey("secretBackendKeyResource", new()
    {
        Backend = "string",
        Type = "string",
        KeyBits = 0,
        KeyName = "string",
        KeyType = "string",
        ManagedKeyId = "string",
        ManagedKeyName = "string",
        Namespace = "string",
    });
    
    example, err := pkiSecret.NewSecretBackendKey(ctx, "secretBackendKeyResource", &pkiSecret.SecretBackendKeyArgs{
    	Backend:        pulumi.String("string"),
    	Type:           pulumi.String("string"),
    	KeyBits:        pulumi.Int(0),
    	KeyName:        pulumi.String("string"),
    	KeyType:        pulumi.String("string"),
    	ManagedKeyId:   pulumi.String("string"),
    	ManagedKeyName: pulumi.String("string"),
    	Namespace:      pulumi.String("string"),
    })
    
    var secretBackendKeyResource = new SecretBackendKey("secretBackendKeyResource", SecretBackendKeyArgs.builder()
        .backend("string")
        .type("string")
        .keyBits(0)
        .keyName("string")
        .keyType("string")
        .managedKeyId("string")
        .managedKeyName("string")
        .namespace("string")
        .build());
    
    secret_backend_key_resource = vault.pki_secret.SecretBackendKey("secretBackendKeyResource",
        backend="string",
        type="string",
        key_bits=0,
        key_name="string",
        key_type="string",
        managed_key_id="string",
        managed_key_name="string",
        namespace="string")
    
    const secretBackendKeyResource = new vault.pkisecret.SecretBackendKey("secretBackendKeyResource", {
        backend: "string",
        type: "string",
        keyBits: 0,
        keyName: "string",
        keyType: "string",
        managedKeyId: "string",
        managedKeyName: "string",
        namespace: "string",
    });
    
    type: vault:pkiSecret:SecretBackendKey
    properties:
        backend: string
        keyBits: 0
        keyName: string
        keyType: string
        managedKeyId: string
        managedKeyName: string
        namespace: string
        type: string
    

    SecretBackendKey Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The SecretBackendKey resource accepts the following input properties:

    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    Type string
    Specifies the type of the key to create. Can be exported,internal or kms.
    KeyBits int
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    KeyName string
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    KeyType string
    Specifies the desired key type; must be rsa, ed25519 or ec.
    ManagedKeyId string
    The managed key's UUID.
    ManagedKeyName string
    The managed key's configured name.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    Type string
    Specifies the type of the key to create. Can be exported,internal or kms.
    KeyBits int
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    KeyName string
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    KeyType string
    Specifies the desired key type; must be rsa, ed25519 or ec.
    ManagedKeyId string
    The managed key's UUID.
    ManagedKeyName string
    The managed key's configured name.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    type String
    Specifies the type of the key to create. Can be exported,internal or kms.
    keyBits Integer
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    keyName String
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    keyType String
    Specifies the desired key type; must be rsa, ed25519 or ec.
    managedKeyId String
    The managed key's UUID.
    managedKeyName String
    The managed key's configured name.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    type string
    Specifies the type of the key to create. Can be exported,internal or kms.
    keyBits number
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    keyName string
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    keyType string
    Specifies the desired key type; must be rsa, ed25519 or ec.
    managedKeyId string
    The managed key's UUID.
    managedKeyName string
    The managed key's configured name.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend str
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    type str
    Specifies the type of the key to create. Can be exported,internal or kms.
    key_bits int
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    key_name str
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    key_type str
    Specifies the desired key type; must be rsa, ed25519 or ec.
    managed_key_id str
    The managed key's UUID.
    managed_key_name str
    The managed key's configured name.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    type String
    Specifies the type of the key to create. Can be exported,internal or kms.
    keyBits Number
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    keyName String
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    keyType String
    Specifies the desired key type; must be rsa, ed25519 or ec.
    managedKeyId String
    The managed key's UUID.
    managedKeyName String
    The managed key's configured name.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecretBackendKey resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string
    ID of the generated key.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string
    ID of the generated key.
    id String
    The provider-assigned unique ID for this managed resource.
    keyId String
    ID of the generated key.
    id string
    The provider-assigned unique ID for this managed resource.
    keyId string
    ID of the generated key.
    id str
    The provider-assigned unique ID for this managed resource.
    key_id str
    ID of the generated key.
    id String
    The provider-assigned unique ID for this managed resource.
    keyId String
    ID of the generated key.

    Look up Existing SecretBackendKey Resource

    Get an existing SecretBackendKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecretBackendKeyState, opts?: CustomResourceOptions): SecretBackendKey
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            backend: Optional[str] = None,
            key_bits: Optional[int] = None,
            key_id: Optional[str] = None,
            key_name: Optional[str] = None,
            key_type: Optional[str] = None,
            managed_key_id: Optional[str] = None,
            managed_key_name: Optional[str] = None,
            namespace: Optional[str] = None,
            type: Optional[str] = None) -> SecretBackendKey
    func GetSecretBackendKey(ctx *Context, name string, id IDInput, state *SecretBackendKeyState, opts ...ResourceOption) (*SecretBackendKey, error)
    public static SecretBackendKey Get(string name, Input<string> id, SecretBackendKeyState? state, CustomResourceOptions? opts = null)
    public static SecretBackendKey get(String name, Output<String> id, SecretBackendKeyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    KeyBits int
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    KeyId string
    ID of the generated key.
    KeyName string
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    KeyType string
    Specifies the desired key type; must be rsa, ed25519 or ec.
    ManagedKeyId string
    The managed key's UUID.
    ManagedKeyName string
    The managed key's configured name.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Type string
    Specifies the type of the key to create. Can be exported,internal or kms.
    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    KeyBits int
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    KeyId string
    ID of the generated key.
    KeyName string
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    KeyType string
    Specifies the desired key type; must be rsa, ed25519 or ec.
    ManagedKeyId string
    The managed key's UUID.
    ManagedKeyName string
    The managed key's configured name.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Type string
    Specifies the type of the key to create. Can be exported,internal or kms.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    keyBits Integer
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    keyId String
    ID of the generated key.
    keyName String
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    keyType String
    Specifies the desired key type; must be rsa, ed25519 or ec.
    managedKeyId String
    The managed key's UUID.
    managedKeyName String
    The managed key's configured name.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    type String
    Specifies the type of the key to create. Can be exported,internal or kms.
    backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    keyBits number
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    keyId string
    ID of the generated key.
    keyName string
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    keyType string
    Specifies the desired key type; must be rsa, ed25519 or ec.
    managedKeyId string
    The managed key's UUID.
    managedKeyName string
    The managed key's configured name.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    type string
    Specifies the type of the key to create. Can be exported,internal or kms.
    backend str
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    key_bits int
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    key_id str
    ID of the generated key.
    key_name str
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    key_type str
    Specifies the desired key type; must be rsa, ed25519 or ec.
    managed_key_id str
    The managed key's UUID.
    managed_key_name str
    The managed key's configured name.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    type str
    Specifies the type of the key to create. Can be exported,internal or kms.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    keyBits Number
    Specifies the number of bits to use for the generated keys. Allowed values are 0 (universal default); with key_type=rsa, allowed values are: 2048 (default), 3072, or 4096; with key_type=ec, allowed values are: 224, 256 (default), 384, or 521; ignored with key_type=ed25519.
    keyId String
    ID of the generated key.
    keyName String
    When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
    keyType String
    Specifies the desired key type; must be rsa, ed25519 or ec.
    managedKeyId String
    The managed key's UUID.
    managedKeyName String
    The managed key's configured name.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    type String
    Specifies the type of the key to create. Can be exported,internal or kms.

    Import

    PKI secret backend key can be imported using the id, e.g.

    $ pulumi import vault:pkiSecret/secretBackendKey:SecretBackendKey key pki/key/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi