Docs Home
StrongDM v1.26.0 published on Friday, Mar 21, 2025 by Piers Karsenbarg
sdm.SecretStore
Explore with Pulumi AI
A SecretStore is a server where resource secrets (passwords, keys) are stored. Coming soon support for HashiCorp Vault and AWS Secret Store. This resource can be imported using the import command.
Create SecretStore Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecretStore(name: string, args?: SecretStoreArgs, opts?: CustomResourceOptions);@overload
def SecretStore(resource_name: str,
args: Optional[SecretStoreArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def SecretStore(resource_name: str,
opts: Optional[ResourceOptions] = None,
active_directory_store: Optional[SecretStoreActiveDirectoryStoreArgs] = None,
aws: Optional[SecretStoreAwsArgs] = None,
aws_cert_x509: Optional[SecretStoreAwsCertX509Args] = None,
azure_store: Optional[SecretStoreAzureStoreArgs] = None,
cyberark_conjur: Optional[SecretStoreCyberarkConjurArgs] = None,
cyberark_pam: Optional[SecretStoreCyberarkPamArgs] = None,
cyberark_pam_experimental: Optional[SecretStoreCyberarkPamExperimentalArgs] = None,
delinea_store: Optional[SecretStoreDelineaStoreArgs] = None,
gcp_cert_x509_store: Optional[SecretStoreGcpCertX509StoreArgs] = None,
gcp_store: Optional[SecretStoreGcpStoreArgs] = None,
keyfactor_ssh_store: Optional[SecretStoreKeyfactorSshStoreArgs] = None,
keyfactor_x509_store: Optional[SecretStoreKeyfactorX509StoreArgs] = None,
vault_approle: Optional[SecretStoreVaultApproleArgs] = None,
vault_approle_cert_ssh: Optional[SecretStoreVaultApproleCertSshArgs] = None,
vault_approle_cert_x509: Optional[SecretStoreVaultApproleCertX509Args] = None,
vault_aws_ec2: Optional[SecretStoreVaultAwsEc2Args] = None,
vault_aws_iam: Optional[SecretStoreVaultAwsIamArgs] = None,
vault_tls: Optional[SecretStoreVaultTlsArgs] = None,
vault_tls_cert_ssh: Optional[SecretStoreVaultTlsCertSshArgs] = None,
vault_tls_cert_x509: Optional[SecretStoreVaultTlsCertX509Args] = None,
vault_token: Optional[SecretStoreVaultTokenArgs] = None,
vault_token_cert_ssh: Optional[SecretStoreVaultTokenCertSshArgs] = None,
vault_token_cert_x509: Optional[SecretStoreVaultTokenCertX509Args] = None)func NewSecretStore(ctx *Context, name string, args *SecretStoreArgs, opts ...ResourceOption) (*SecretStore, error)public SecretStore(string name, SecretStoreArgs? args = null, CustomResourceOptions? opts = null)
public SecretStore(String name, SecretStoreArgs args)
public SecretStore(String name, SecretStoreArgs args, CustomResourceOptions options)
type: sdm:SecretStore
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretStoreArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretStoreArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretStoreArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretStoreArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretStoreArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secretStoreResource = new Sdm.SecretStore("secretStoreResource", new()
{
ActiveDirectoryStore = new Sdm.Inputs.SecretStoreActiveDirectoryStoreArgs
{
Name = "string",
ServerAddress = "string",
Tags =
{
{ "string", "string" },
},
},
Aws = new Sdm.Inputs.SecretStoreAwsArgs
{
Name = "string",
Region = "string",
Tags =
{
{ "string", "string" },
},
},
AwsCertX509 = new Sdm.Inputs.SecretStoreAwsCertX509Args
{
CaArn = "string",
CertificateTemplateArn = "string",
IssuedCertTtlMinutes = 0,
Name = "string",
Region = "string",
SigningAlgo = "string",
Tags =
{
{ "string", "string" },
},
},
AzureStore = new Sdm.Inputs.SecretStoreAzureStoreArgs
{
Name = "string",
VaultUri = "string",
Tags =
{
{ "string", "string" },
},
},
CyberarkConjur = new Sdm.Inputs.SecretStoreCyberarkConjurArgs
{
AppUrl = "string",
Name = "string",
Tags =
{
{ "string", "string" },
},
},
CyberarkPam = new Sdm.Inputs.SecretStoreCyberarkPamArgs
{
AppUrl = "string",
Name = "string",
Tags =
{
{ "string", "string" },
},
},
CyberarkPamExperimental = new Sdm.Inputs.SecretStoreCyberarkPamExperimentalArgs
{
AppUrl = "string",
Name = "string",
Tags =
{
{ "string", "string" },
},
},
DelineaStore = new Sdm.Inputs.SecretStoreDelineaStoreArgs
{
Name = "string",
ServerUrl = "string",
Tags =
{
{ "string", "string" },
},
TenantName = "string",
},
GcpCertX509Store = new Sdm.Inputs.SecretStoreGcpCertX509StoreArgs
{
CaPoolId = "string",
IssuedCertTtlMinutes = 0,
Location = "string",
Name = "string",
ProjectId = "string",
CaId = "string",
Tags =
{
{ "string", "string" },
},
},
GcpStore = new Sdm.Inputs.SecretStoreGcpStoreArgs
{
Name = "string",
ProjectId = "string",
Tags =
{
{ "string", "string" },
},
},
KeyfactorSshStore = new Sdm.Inputs.SecretStoreKeyfactorSshStoreArgs
{
CertificateFilePath = "string",
DefaultCertificateAuthorityName = "string",
DefaultCertificateProfileName = "string",
DefaultEndEntityProfileName = "string",
Name = "string",
ServerAddress = "string",
CaFilePath = "string",
EnrollmentCodeEnvVar = "string",
EnrollmentUsernameEnvVar = "string",
KeyFilePath = "string",
Tags =
{
{ "string", "string" },
},
},
KeyfactorX509Store = new Sdm.Inputs.SecretStoreKeyfactorX509StoreArgs
{
CertificateFilePath = "string",
DefaultCertificateAuthorityName = "string",
DefaultCertificateProfileName = "string",
DefaultEndEntityProfileName = "string",
Name = "string",
ServerAddress = "string",
CaFilePath = "string",
EnrollmentCodeEnvVar = "string",
EnrollmentUsernameEnvVar = "string",
KeyFilePath = "string",
Tags =
{
{ "string", "string" },
},
},
VaultApprole = new Sdm.Inputs.SecretStoreVaultApproleArgs
{
Name = "string",
ServerAddress = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
VaultApproleCertSsh = new Sdm.Inputs.SecretStoreVaultApproleCertSshArgs
{
IssuedCertTtlMinutes = 0,
Name = "string",
ServerAddress = "string",
SigningRole = "string",
SshMountPoint = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
VaultApproleCertX509 = new Sdm.Inputs.SecretStoreVaultApproleCertX509Args
{
IssuedCertTtlMinutes = 0,
Name = "string",
PkiMountPoint = "string",
ServerAddress = "string",
SigningRole = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
VaultAwsEc2 = new Sdm.Inputs.SecretStoreVaultAwsEc2Args
{
Name = "string",
ServerAddress = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
VaultAwsIam = new Sdm.Inputs.SecretStoreVaultAwsIamArgs
{
Name = "string",
ServerAddress = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
VaultTls = new Sdm.Inputs.SecretStoreVaultTlsArgs
{
ClientCertPath = "string",
ClientKeyPath = "string",
Name = "string",
ServerAddress = "string",
CaCertPath = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
VaultTlsCertSsh = new Sdm.Inputs.SecretStoreVaultTlsCertSshArgs
{
ClientCertPath = "string",
ClientKeyPath = "string",
IssuedCertTtlMinutes = 0,
Name = "string",
ServerAddress = "string",
SigningRole = "string",
SshMountPoint = "string",
CaCertPath = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
VaultTlsCertX509 = new Sdm.Inputs.SecretStoreVaultTlsCertX509Args
{
ClientCertPath = "string",
ClientKeyPath = "string",
IssuedCertTtlMinutes = 0,
Name = "string",
PkiMountPoint = "string",
ServerAddress = "string",
SigningRole = "string",
CaCertPath = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
VaultToken = new Sdm.Inputs.SecretStoreVaultTokenArgs
{
Name = "string",
ServerAddress = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
VaultTokenCertSsh = new Sdm.Inputs.SecretStoreVaultTokenCertSshArgs
{
IssuedCertTtlMinutes = 0,
Name = "string",
ServerAddress = "string",
SigningRole = "string",
SshMountPoint = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
VaultTokenCertX509 = new Sdm.Inputs.SecretStoreVaultTokenCertX509Args
{
IssuedCertTtlMinutes = 0,
Name = "string",
PkiMountPoint = "string",
ServerAddress = "string",
SigningRole = "string",
Namespace = "string",
Tags =
{
{ "string", "string" },
},
},
});
example, err := sdm.NewSecretStore(ctx, "secretStoreResource", &sdm.SecretStoreArgs{
ActiveDirectoryStore: &sdm.SecretStoreActiveDirectoryStoreArgs{
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
Aws: &sdm.SecretStoreAwsArgs{
Name: pulumi.String("string"),
Region: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
AwsCertX509: &sdm.SecretStoreAwsCertX509Args{
CaArn: pulumi.String("string"),
CertificateTemplateArn: pulumi.String("string"),
IssuedCertTtlMinutes: pulumi.Int(0),
Name: pulumi.String("string"),
Region: pulumi.String("string"),
SigningAlgo: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
AzureStore: &sdm.SecretStoreAzureStoreArgs{
Name: pulumi.String("string"),
VaultUri: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
CyberarkConjur: &sdm.SecretStoreCyberarkConjurArgs{
AppUrl: pulumi.String("string"),
Name: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
CyberarkPam: &sdm.SecretStoreCyberarkPamArgs{
AppUrl: pulumi.String("string"),
Name: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
CyberarkPamExperimental: &sdm.SecretStoreCyberarkPamExperimentalArgs{
AppUrl: pulumi.String("string"),
Name: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
DelineaStore: &sdm.SecretStoreDelineaStoreArgs{
Name: pulumi.String("string"),
ServerUrl: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
TenantName: pulumi.String("string"),
},
GcpCertX509Store: &sdm.SecretStoreGcpCertX509StoreArgs{
CaPoolId: pulumi.String("string"),
IssuedCertTtlMinutes: pulumi.Int(0),
Location: pulumi.String("string"),
Name: pulumi.String("string"),
ProjectId: pulumi.String("string"),
CaId: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
GcpStore: &sdm.SecretStoreGcpStoreArgs{
Name: pulumi.String("string"),
ProjectId: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
KeyfactorSshStore: &sdm.SecretStoreKeyfactorSshStoreArgs{
CertificateFilePath: pulumi.String("string"),
DefaultCertificateAuthorityName: pulumi.String("string"),
DefaultCertificateProfileName: pulumi.String("string"),
DefaultEndEntityProfileName: pulumi.String("string"),
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
CaFilePath: pulumi.String("string"),
EnrollmentCodeEnvVar: pulumi.String("string"),
EnrollmentUsernameEnvVar: pulumi.String("string"),
KeyFilePath: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
KeyfactorX509Store: &sdm.SecretStoreKeyfactorX509StoreArgs{
CertificateFilePath: pulumi.String("string"),
DefaultCertificateAuthorityName: pulumi.String("string"),
DefaultCertificateProfileName: pulumi.String("string"),
DefaultEndEntityProfileName: pulumi.String("string"),
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
CaFilePath: pulumi.String("string"),
EnrollmentCodeEnvVar: pulumi.String("string"),
EnrollmentUsernameEnvVar: pulumi.String("string"),
KeyFilePath: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultApprole: &sdm.SecretStoreVaultApproleArgs{
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultApproleCertSsh: &sdm.SecretStoreVaultApproleCertSshArgs{
IssuedCertTtlMinutes: pulumi.Int(0),
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
SigningRole: pulumi.String("string"),
SshMountPoint: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultApproleCertX509: &sdm.SecretStoreVaultApproleCertX509Args{
IssuedCertTtlMinutes: pulumi.Int(0),
Name: pulumi.String("string"),
PkiMountPoint: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
SigningRole: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultAwsEc2: &sdm.SecretStoreVaultAwsEc2Args{
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultAwsIam: &sdm.SecretStoreVaultAwsIamArgs{
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultTls: &sdm.SecretStoreVaultTlsArgs{
ClientCertPath: pulumi.String("string"),
ClientKeyPath: pulumi.String("string"),
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
CaCertPath: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultTlsCertSsh: &sdm.SecretStoreVaultTlsCertSshArgs{
ClientCertPath: pulumi.String("string"),
ClientKeyPath: pulumi.String("string"),
IssuedCertTtlMinutes: pulumi.Int(0),
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
SigningRole: pulumi.String("string"),
SshMountPoint: pulumi.String("string"),
CaCertPath: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultTlsCertX509: &sdm.SecretStoreVaultTlsCertX509Args{
ClientCertPath: pulumi.String("string"),
ClientKeyPath: pulumi.String("string"),
IssuedCertTtlMinutes: pulumi.Int(0),
Name: pulumi.String("string"),
PkiMountPoint: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
SigningRole: pulumi.String("string"),
CaCertPath: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultToken: &sdm.SecretStoreVaultTokenArgs{
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultTokenCertSsh: &sdm.SecretStoreVaultTokenCertSshArgs{
IssuedCertTtlMinutes: pulumi.Int(0),
Name: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
SigningRole: pulumi.String("string"),
SshMountPoint: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
VaultTokenCertX509: &sdm.SecretStoreVaultTokenCertX509Args{
IssuedCertTtlMinutes: pulumi.Int(0),
Name: pulumi.String("string"),
PkiMountPoint: pulumi.String("string"),
ServerAddress: pulumi.String("string"),
SigningRole: pulumi.String("string"),
Namespace: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
})
var secretStoreResource = new SecretStore("secretStoreResource", SecretStoreArgs.builder()
.activeDirectoryStore(SecretStoreActiveDirectoryStoreArgs.builder()
.name("string")
.serverAddress("string")
.tags(Map.of("string", "string"))
.build())
.aws(SecretStoreAwsArgs.builder()
.name("string")
.region("string")
.tags(Map.of("string", "string"))
.build())
.awsCertX509(SecretStoreAwsCertX509Args.builder()
.caArn("string")
.certificateTemplateArn("string")
.issuedCertTtlMinutes(0)
.name("string")
.region("string")
.signingAlgo("string")
.tags(Map.of("string", "string"))
.build())
.azureStore(SecretStoreAzureStoreArgs.builder()
.name("string")
.vaultUri("string")
.tags(Map.of("string", "string"))
.build())
.cyberarkConjur(SecretStoreCyberarkConjurArgs.builder()
.appUrl("string")
.name("string")
.tags(Map.of("string", "string"))
.build())
.cyberarkPam(SecretStoreCyberarkPamArgs.builder()
.appUrl("string")
.name("string")
.tags(Map.of("string", "string"))
.build())
.cyberarkPamExperimental(SecretStoreCyberarkPamExperimentalArgs.builder()
.appUrl("string")
.name("string")
.tags(Map.of("string", "string"))
.build())
.delineaStore(SecretStoreDelineaStoreArgs.builder()
.name("string")
.serverUrl("string")
.tags(Map.of("string", "string"))
.tenantName("string")
.build())
.gcpCertX509Store(SecretStoreGcpCertX509StoreArgs.builder()
.caPoolId("string")
.issuedCertTtlMinutes(0)
.location("string")
.name("string")
.projectId("string")
.caId("string")
.tags(Map.of("string", "string"))
.build())
.gcpStore(SecretStoreGcpStoreArgs.builder()
.name("string")
.projectId("string")
.tags(Map.of("string", "string"))
.build())
.keyfactorSshStore(SecretStoreKeyfactorSshStoreArgs.builder()
.certificateFilePath("string")
.defaultCertificateAuthorityName("string")
.defaultCertificateProfileName("string")
.defaultEndEntityProfileName("string")
.name("string")
.serverAddress("string")
.caFilePath("string")
.enrollmentCodeEnvVar("string")
.enrollmentUsernameEnvVar("string")
.keyFilePath("string")
.tags(Map.of("string", "string"))
.build())
.keyfactorX509Store(SecretStoreKeyfactorX509StoreArgs.builder()
.certificateFilePath("string")
.defaultCertificateAuthorityName("string")
.defaultCertificateProfileName("string")
.defaultEndEntityProfileName("string")
.name("string")
.serverAddress("string")
.caFilePath("string")
.enrollmentCodeEnvVar("string")
.enrollmentUsernameEnvVar("string")
.keyFilePath("string")
.tags(Map.of("string", "string"))
.build())
.vaultApprole(SecretStoreVaultApproleArgs.builder()
.name("string")
.serverAddress("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.vaultApproleCertSsh(SecretStoreVaultApproleCertSshArgs.builder()
.issuedCertTtlMinutes(0)
.name("string")
.serverAddress("string")
.signingRole("string")
.sshMountPoint("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.vaultApproleCertX509(SecretStoreVaultApproleCertX509Args.builder()
.issuedCertTtlMinutes(0)
.name("string")
.pkiMountPoint("string")
.serverAddress("string")
.signingRole("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.vaultAwsEc2(SecretStoreVaultAwsEc2Args.builder()
.name("string")
.serverAddress("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.vaultAwsIam(SecretStoreVaultAwsIamArgs.builder()
.name("string")
.serverAddress("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.vaultTls(SecretStoreVaultTlsArgs.builder()
.clientCertPath("string")
.clientKeyPath("string")
.name("string")
.serverAddress("string")
.caCertPath("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.vaultTlsCertSsh(SecretStoreVaultTlsCertSshArgs.builder()
.clientCertPath("string")
.clientKeyPath("string")
.issuedCertTtlMinutes(0)
.name("string")
.serverAddress("string")
.signingRole("string")
.sshMountPoint("string")
.caCertPath("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.vaultTlsCertX509(SecretStoreVaultTlsCertX509Args.builder()
.clientCertPath("string")
.clientKeyPath("string")
.issuedCertTtlMinutes(0)
.name("string")
.pkiMountPoint("string")
.serverAddress("string")
.signingRole("string")
.caCertPath("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.vaultToken(SecretStoreVaultTokenArgs.builder()
.name("string")
.serverAddress("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.vaultTokenCertSsh(SecretStoreVaultTokenCertSshArgs.builder()
.issuedCertTtlMinutes(0)
.name("string")
.serverAddress("string")
.signingRole("string")
.sshMountPoint("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.vaultTokenCertX509(SecretStoreVaultTokenCertX509Args.builder()
.issuedCertTtlMinutes(0)
.name("string")
.pkiMountPoint("string")
.serverAddress("string")
.signingRole("string")
.namespace("string")
.tags(Map.of("string", "string"))
.build())
.build());
secret_store_resource = sdm.SecretStore("secretStoreResource",
active_directory_store={
"name": "string",
"server_address": "string",
"tags": {
"string": "string",
},
},
aws={
"name": "string",
"region": "string",
"tags": {
"string": "string",
},
},
aws_cert_x509={
"ca_arn": "string",
"certificate_template_arn": "string",
"issued_cert_ttl_minutes": 0,
"name": "string",
"region": "string",
"signing_algo": "string",
"tags": {
"string": "string",
},
},
azure_store={
"name": "string",
"vault_uri": "string",
"tags": {
"string": "string",
},
},
cyberark_conjur={
"app_url": "string",
"name": "string",
"tags": {
"string": "string",
},
},
cyberark_pam={
"app_url": "string",
"name": "string",
"tags": {
"string": "string",
},
},
cyberark_pam_experimental={
"app_url": "string",
"name": "string",
"tags": {
"string": "string",
},
},
delinea_store={
"name": "string",
"server_url": "string",
"tags": {
"string": "string",
},
"tenant_name": "string",
},
gcp_cert_x509_store={
"ca_pool_id": "string",
"issued_cert_ttl_minutes": 0,
"location": "string",
"name": "string",
"project_id": "string",
"ca_id": "string",
"tags": {
"string": "string",
},
},
gcp_store={
"name": "string",
"project_id": "string",
"tags": {
"string": "string",
},
},
keyfactor_ssh_store={
"certificate_file_path": "string",
"default_certificate_authority_name": "string",
"default_certificate_profile_name": "string",
"default_end_entity_profile_name": "string",
"name": "string",
"server_address": "string",
"ca_file_path": "string",
"enrollment_code_env_var": "string",
"enrollment_username_env_var": "string",
"key_file_path": "string",
"tags": {
"string": "string",
},
},
keyfactor_x509_store={
"certificate_file_path": "string",
"default_certificate_authority_name": "string",
"default_certificate_profile_name": "string",
"default_end_entity_profile_name": "string",
"name": "string",
"server_address": "string",
"ca_file_path": "string",
"enrollment_code_env_var": "string",
"enrollment_username_env_var": "string",
"key_file_path": "string",
"tags": {
"string": "string",
},
},
vault_approle={
"name": "string",
"server_address": "string",
"namespace": "string",
"tags": {
"string": "string",
},
},
vault_approle_cert_ssh={
"issued_cert_ttl_minutes": 0,
"name": "string",
"server_address": "string",
"signing_role": "string",
"ssh_mount_point": "string",
"namespace": "string",
"tags": {
"string": "string",
},
},
vault_approle_cert_x509={
"issued_cert_ttl_minutes": 0,
"name": "string",
"pki_mount_point": "string",
"server_address": "string",
"signing_role": "string",
"namespace": "string",
"tags": {
"string": "string",
},
},
vault_aws_ec2={
"name": "string",
"server_address": "string",
"namespace": "string",
"tags": {
"string": "string",
},
},
vault_aws_iam={
"name": "string",
"server_address": "string",
"namespace": "string",
"tags": {
"string": "string",
},
},
vault_tls={
"client_cert_path": "string",
"client_key_path": "string",
"name": "string",
"server_address": "string",
"ca_cert_path": "string",
"namespace": "string",
"tags": {
"string": "string",
},
},
vault_tls_cert_ssh={
"client_cert_path": "string",
"client_key_path": "string",
"issued_cert_ttl_minutes": 0,
"name": "string",
"server_address": "string",
"signing_role": "string",
"ssh_mount_point": "string",
"ca_cert_path": "string",
"namespace": "string",
"tags": {
"string": "string",
},
},
vault_tls_cert_x509={
"client_cert_path": "string",
"client_key_path": "string",
"issued_cert_ttl_minutes": 0,
"name": "string",
"pki_mount_point": "string",
"server_address": "string",
"signing_role": "string",
"ca_cert_path": "string",
"namespace": "string",
"tags": {
"string": "string",
},
},
vault_token={
"name": "string",
"server_address": "string",
"namespace": "string",
"tags": {
"string": "string",
},
},
vault_token_cert_ssh={
"issued_cert_ttl_minutes": 0,
"name": "string",
"server_address": "string",
"signing_role": "string",
"ssh_mount_point": "string",
"namespace": "string",
"tags": {
"string": "string",
},
},
vault_token_cert_x509={
"issued_cert_ttl_minutes": 0,
"name": "string",
"pki_mount_point": "string",
"server_address": "string",
"signing_role": "string",
"namespace": "string",
"tags": {
"string": "string",
},
})
const secretStoreResource = new sdm.SecretStore("secretStoreResource", {
activeDirectoryStore: {
name: "string",
serverAddress: "string",
tags: {
string: "string",
},
},
aws: {
name: "string",
region: "string",
tags: {
string: "string",
},
},
awsCertX509: {
caArn: "string",
certificateTemplateArn: "string",
issuedCertTtlMinutes: 0,
name: "string",
region: "string",
signingAlgo: "string",
tags: {
string: "string",
},
},
azureStore: {
name: "string",
vaultUri: "string",
tags: {
string: "string",
},
},
cyberarkConjur: {
appUrl: "string",
name: "string",
tags: {
string: "string",
},
},
cyberarkPam: {
appUrl: "string",
name: "string",
tags: {
string: "string",
},
},
cyberarkPamExperimental: {
appUrl: "string",
name: "string",
tags: {
string: "string",
},
},
delineaStore: {
name: "string",
serverUrl: "string",
tags: {
string: "string",
},
tenantName: "string",
},
gcpCertX509Store: {
caPoolId: "string",
issuedCertTtlMinutes: 0,
location: "string",
name: "string",
projectId: "string",
caId: "string",
tags: {
string: "string",
},
},
gcpStore: {
name: "string",
projectId: "string",
tags: {
string: "string",
},
},
keyfactorSshStore: {
certificateFilePath: "string",
defaultCertificateAuthorityName: "string",
defaultCertificateProfileName: "string",
defaultEndEntityProfileName: "string",
name: "string",
serverAddress: "string",
caFilePath: "string",
enrollmentCodeEnvVar: "string",
enrollmentUsernameEnvVar: "string",
keyFilePath: "string",
tags: {
string: "string",
},
},
keyfactorX509Store: {
certificateFilePath: "string",
defaultCertificateAuthorityName: "string",
defaultCertificateProfileName: "string",
defaultEndEntityProfileName: "string",
name: "string",
serverAddress: "string",
caFilePath: "string",
enrollmentCodeEnvVar: "string",
enrollmentUsernameEnvVar: "string",
keyFilePath: "string",
tags: {
string: "string",
},
},
vaultApprole: {
name: "string",
serverAddress: "string",
namespace: "string",
tags: {
string: "string",
},
},
vaultApproleCertSsh: {
issuedCertTtlMinutes: 0,
name: "string",
serverAddress: "string",
signingRole: "string",
sshMountPoint: "string",
namespace: "string",
tags: {
string: "string",
},
},
vaultApproleCertX509: {
issuedCertTtlMinutes: 0,
name: "string",
pkiMountPoint: "string",
serverAddress: "string",
signingRole: "string",
namespace: "string",
tags: {
string: "string",
},
},
vaultAwsEc2: {
name: "string",
serverAddress: "string",
namespace: "string",
tags: {
string: "string",
},
},
vaultAwsIam: {
name: "string",
serverAddress: "string",
namespace: "string",
tags: {
string: "string",
},
},
vaultTls: {
clientCertPath: "string",
clientKeyPath: "string",
name: "string",
serverAddress: "string",
caCertPath: "string",
namespace: "string",
tags: {
string: "string",
},
},
vaultTlsCertSsh: {
clientCertPath: "string",
clientKeyPath: "string",
issuedCertTtlMinutes: 0,
name: "string",
serverAddress: "string",
signingRole: "string",
sshMountPoint: "string",
caCertPath: "string",
namespace: "string",
tags: {
string: "string",
},
},
vaultTlsCertX509: {
clientCertPath: "string",
clientKeyPath: "string",
issuedCertTtlMinutes: 0,
name: "string",
pkiMountPoint: "string",
serverAddress: "string",
signingRole: "string",
caCertPath: "string",
namespace: "string",
tags: {
string: "string",
},
},
vaultToken: {
name: "string",
serverAddress: "string",
namespace: "string",
tags: {
string: "string",
},
},
vaultTokenCertSsh: {
issuedCertTtlMinutes: 0,
name: "string",
serverAddress: "string",
signingRole: "string",
sshMountPoint: "string",
namespace: "string",
tags: {
string: "string",
},
},
vaultTokenCertX509: {
issuedCertTtlMinutes: 0,
name: "string",
pkiMountPoint: "string",
serverAddress: "string",
signingRole: "string",
namespace: "string",
tags: {
string: "string",
},
},
});
type: sdm:SecretStore
properties:
activeDirectoryStore:
name: string
serverAddress: string
tags:
string: string
aws:
name: string
region: string
tags:
string: string
awsCertX509:
caArn: string
certificateTemplateArn: string
issuedCertTtlMinutes: 0
name: string
region: string
signingAlgo: string
tags:
string: string
azureStore:
name: string
tags:
string: string
vaultUri: string
cyberarkConjur:
appUrl: string
name: string
tags:
string: string
cyberarkPam:
appUrl: string
name: string
tags:
string: string
cyberarkPamExperimental:
appUrl: string
name: string
tags:
string: string
delineaStore:
name: string
serverUrl: string
tags:
string: string
tenantName: string
gcpCertX509Store:
caId: string
caPoolId: string
issuedCertTtlMinutes: 0
location: string
name: string
projectId: string
tags:
string: string
gcpStore:
name: string
projectId: string
tags:
string: string
keyfactorSshStore:
caFilePath: string
certificateFilePath: string
defaultCertificateAuthorityName: string
defaultCertificateProfileName: string
defaultEndEntityProfileName: string
enrollmentCodeEnvVar: string
enrollmentUsernameEnvVar: string
keyFilePath: string
name: string
serverAddress: string
tags:
string: string
keyfactorX509Store:
caFilePath: string
certificateFilePath: string
defaultCertificateAuthorityName: string
defaultCertificateProfileName: string
defaultEndEntityProfileName: string
enrollmentCodeEnvVar: string
enrollmentUsernameEnvVar: string
keyFilePath: string
name: string
serverAddress: string
tags:
string: string
vaultApprole:
name: string
namespace: string
serverAddress: string
tags:
string: string
vaultApproleCertSsh:
issuedCertTtlMinutes: 0
name: string
namespace: string
serverAddress: string
signingRole: string
sshMountPoint: string
tags:
string: string
vaultApproleCertX509:
issuedCertTtlMinutes: 0
name: string
namespace: string
pkiMountPoint: string
serverAddress: string
signingRole: string
tags:
string: string
vaultAwsEc2:
name: string
namespace: string
serverAddress: string
tags:
string: string
vaultAwsIam:
name: string
namespace: string
serverAddress: string
tags:
string: string
vaultTls:
caCertPath: string
clientCertPath: string
clientKeyPath: string
name: string
namespace: string
serverAddress: string
tags:
string: string
vaultTlsCertSsh:
caCertPath: string
clientCertPath: string
clientKeyPath: string
issuedCertTtlMinutes: 0
name: string
namespace: string
serverAddress: string
signingRole: string
sshMountPoint: string
tags:
string: string
vaultTlsCertX509:
caCertPath: string
clientCertPath: string
clientKeyPath: string
issuedCertTtlMinutes: 0
name: string
namespace: string
pkiMountPoint: string
serverAddress: string
signingRole: string
tags:
string: string
vaultToken:
name: string
namespace: string
serverAddress: string
tags:
string: string
vaultTokenCertSsh:
issuedCertTtlMinutes: 0
name: string
namespace: string
serverAddress: string
signingRole: string
sshMountPoint: string
tags:
string: string
vaultTokenCertX509:
issuedCertTtlMinutes: 0
name: string
namespace: string
pkiMountPoint: string
serverAddress: string
signingRole: string
tags:
string: string
SecretStore Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecretStore resource accepts the following input properties:
- Active
Directory PiersStore Karsenbarg. Sdm. Inputs. Secret Store Active Directory Store - Aws
Piers
Karsenbarg. Sdm. Inputs. Secret Store Aws - Aws
Cert PiersX509 Karsenbarg. Sdm. Inputs. Secret Store Aws Cert X509 - Azure
Store PiersKarsenbarg. Sdm. Inputs. Secret Store Azure Store - Cyberark
Conjur PiersKarsenbarg. Sdm. Inputs. Secret Store Cyberark Conjur - Cyberark
Pam PiersKarsenbarg. Sdm. Inputs. Secret Store Cyberark Pam - Cyberark
Pam PiersExperimental Karsenbarg. Sdm. Inputs. Secret Store Cyberark Pam Experimental - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Delinea
Store PiersKarsenbarg. Sdm. Inputs. Secret Store Delinea Store - Gcp
Cert PiersX509Store Karsenbarg. Sdm. Inputs. Secret Store Gcp Cert X509Store - Gcp
Store PiersKarsenbarg. Sdm. Inputs. Secret Store Gcp Store - Keyfactor
Ssh PiersStore Karsenbarg. Sdm. Inputs. Secret Store Keyfactor Ssh Store - Keyfactor
X509Store PiersKarsenbarg. Sdm. Inputs. Secret Store Keyfactor X509Store - Vault
Approle PiersKarsenbarg. Sdm. Inputs. Secret Store Vault Approle - Vault
Approle PiersCert Ssh Karsenbarg. Sdm. Inputs. Secret Store Vault Approle Cert Ssh - Vault
Approle PiersCert X509 Karsenbarg. Sdm. Inputs. Secret Store Vault Approle Cert X509 - Vault
Aws PiersEc2 Karsenbarg. Sdm. Inputs. Secret Store Vault Aws Ec2 - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Vault
Aws PiersIam Karsenbarg. Sdm. Inputs. Secret Store Vault Aws Iam - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Vault
Tls PiersKarsenbarg. Sdm. Inputs. Secret Store Vault Tls - Vault
Tls PiersCert Ssh Karsenbarg. Sdm. Inputs. Secret Store Vault Tls Cert Ssh - Vault
Tls PiersCert X509 Karsenbarg. Sdm. Inputs. Secret Store Vault Tls Cert X509 - Vault
Token PiersKarsenbarg. Sdm. Inputs. Secret Store Vault Token - Vault
Token PiersCert Ssh Karsenbarg. Sdm. Inputs. Secret Store Vault Token Cert Ssh - Vault
Token PiersCert X509 Karsenbarg. Sdm. Inputs. Secret Store Vault Token Cert X509
- Active
Directory SecretStore Store Active Directory Store Args - Aws
Secret
Store Aws Args - Aws
Cert SecretX509 Store Aws Cert X509Args - Azure
Store SecretStore Azure Store Args - Cyberark
Conjur SecretStore Cyberark Conjur Args - Cyberark
Pam SecretStore Cyberark Pam Args - Cyberark
Pam SecretExperimental Store Cyberark Pam Experimental Args - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Delinea
Store SecretStore Delinea Store Args - Gcp
Cert SecretX509Store Store Gcp Cert X509Store Args - Gcp
Store SecretStore Gcp Store Args - Keyfactor
Ssh SecretStore Store Keyfactor Ssh Store Args - Keyfactor
X509Store SecretStore Keyfactor X509Store Args - Vault
Approle SecretStore Vault Approle Args - Vault
Approle SecretCert Ssh Store Vault Approle Cert Ssh Args - Vault
Approle SecretCert X509 Store Vault Approle Cert X509Args - Vault
Aws SecretEc2 Store Vault Aws Ec2Args - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Vault
Aws SecretIam Store Vault Aws Iam Args - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Vault
Tls SecretStore Vault Tls Args - Vault
Tls SecretCert Ssh Store Vault Tls Cert Ssh Args - Vault
Tls SecretCert X509 Store Vault Tls Cert X509Args - Vault
Token SecretStore Vault Token Args - Vault
Token SecretCert Ssh Store Vault Token Cert Ssh Args - Vault
Token SecretCert X509 Store Vault Token Cert X509Args
- active
Directory SecretStore Store Active Directory Store - aws
Secret
Store Aws - aws
Cert SecretX509 Store Aws Cert X509 - azure
Store SecretStore Azure Store - cyberark
Conjur SecretStore Cyberark Conjur - cyberark
Pam SecretStore Cyberark Pam - cyberark
Pam SecretExperimental Store Cyberark Pam Experimental - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- delinea
Store SecretStore Delinea Store - gcp
Cert SecretX509Store Store Gcp Cert X509Store - gcp
Store SecretStore Gcp Store - keyfactor
Ssh SecretStore Store Keyfactor Ssh Store - keyfactor
X509Store SecretStore Keyfactor X509Store - vault
Approle SecretStore Vault Approle - vault
Approle SecretCert Ssh Store Vault Approle Cert Ssh - vault
Approle SecretCert X509 Store Vault Approle Cert X509 - vault
Aws SecretEc2 Store Vault Aws Ec2 - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Aws SecretIam Store Vault Aws Iam - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Tls SecretStore Vault Tls - vault
Tls SecretCert Ssh Store Vault Tls Cert Ssh - vault
Tls SecretCert X509 Store Vault Tls Cert X509 - vault
Token SecretStore Vault Token - vault
Token SecretCert Ssh Store Vault Token Cert Ssh - vault
Token SecretCert X509 Store Vault Token Cert X509
- active
Directory SecretStore Store Active Directory Store - aws
Secret
Store Aws - aws
Cert SecretX509 Store Aws Cert X509 - azure
Store SecretStore Azure Store - cyberark
Conjur SecretStore Cyberark Conjur - cyberark
Pam SecretStore Cyberark Pam - cyberark
Pam SecretExperimental Store Cyberark Pam Experimental - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- delinea
Store SecretStore Delinea Store - gcp
Cert SecretX509Store Store Gcp Cert X509Store - gcp
Store SecretStore Gcp Store - keyfactor
Ssh SecretStore Store Keyfactor Ssh Store - keyfactor
X509Store SecretStore Keyfactor X509Store - vault
Approle SecretStore Vault Approle - vault
Approle SecretCert Ssh Store Vault Approle Cert Ssh - vault
Approle SecretCert X509 Store Vault Approle Cert X509 - vault
Aws SecretEc2 Store Vault Aws Ec2 - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Aws SecretIam Store Vault Aws Iam - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Tls SecretStore Vault Tls - vault
Tls SecretCert Ssh Store Vault Tls Cert Ssh - vault
Tls SecretCert X509 Store Vault Tls Cert X509 - vault
Token SecretStore Vault Token - vault
Token SecretCert Ssh Store Vault Token Cert Ssh - vault
Token SecretCert X509 Store Vault Token Cert X509
- active_
directory_ Secretstore Store Active Directory Store Args - aws
Secret
Store Aws Args - aws_
cert_ Secretx509 Store Aws Cert X509Args - azure_
store SecretStore Azure Store Args - cyberark_
conjur SecretStore Cyberark Conjur Args - cyberark_
pam SecretStore Cyberark Pam Args - cyberark_
pam_ Secretexperimental Store Cyberark Pam Experimental Args - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- delinea_
store SecretStore Delinea Store Args - gcp_
cert_ Secretx509_ store Store Gcp Cert X509Store Args - gcp_
store SecretStore Gcp Store Args - keyfactor_
ssh_ Secretstore Store Keyfactor Ssh Store Args - keyfactor_
x509_ Secretstore Store Keyfactor X509Store Args - vault_
approle SecretStore Vault Approle Args - vault_
approle_ Secretcert_ ssh Store Vault Approle Cert Ssh Args - vault_
approle_ Secretcert_ x509 Store Vault Approle Cert X509Args - vault_
aws_ Secretec2 Store Vault Aws Ec2Args - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault_
aws_ Secretiam Store Vault Aws Iam Args - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault_
tls SecretStore Vault Tls Args - vault_
tls_ Secretcert_ ssh Store Vault Tls Cert Ssh Args - vault_
tls_ Secretcert_ x509 Store Vault Tls Cert X509Args - vault_
token SecretStore Vault Token Args - vault_
token_ Secretcert_ ssh Store Vault Token Cert Ssh Args - vault_
token_ Secretcert_ x509 Store Vault Token Cert X509Args
- active
Directory Property MapStore - aws Property Map
- aws
Cert Property MapX509 - azure
Store Property Map - cyberark
Conjur Property Map - cyberark
Pam Property Map - cyberark
Pam Property MapExperimental - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- delinea
Store Property Map - gcp
Cert Property MapX509Store - gcp
Store Property Map - keyfactor
Ssh Property MapStore - keyfactor
X509Store Property Map - vault
Approle Property Map - vault
Approle Property MapCert Ssh - vault
Approle Property MapCert X509 - vault
Aws Property MapEc2 - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Aws Property MapIam - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Tls Property Map - vault
Tls Property MapCert Ssh - vault
Tls Property MapCert X509 - vault
Token Property Map - vault
Token Property MapCert Ssh - vault
Token Property MapCert X509
Outputs
All input properties are implicitly available as output properties. Additionally, the SecretStore resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecretStore Resource
Get an existing SecretStore resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretStoreState, opts?: CustomResourceOptions): SecretStore@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
active_directory_store: Optional[SecretStoreActiveDirectoryStoreArgs] = None,
aws: Optional[SecretStoreAwsArgs] = None,
aws_cert_x509: Optional[SecretStoreAwsCertX509Args] = None,
azure_store: Optional[SecretStoreAzureStoreArgs] = None,
cyberark_conjur: Optional[SecretStoreCyberarkConjurArgs] = None,
cyberark_pam: Optional[SecretStoreCyberarkPamArgs] = None,
cyberark_pam_experimental: Optional[SecretStoreCyberarkPamExperimentalArgs] = None,
delinea_store: Optional[SecretStoreDelineaStoreArgs] = None,
gcp_cert_x509_store: Optional[SecretStoreGcpCertX509StoreArgs] = None,
gcp_store: Optional[SecretStoreGcpStoreArgs] = None,
keyfactor_ssh_store: Optional[SecretStoreKeyfactorSshStoreArgs] = None,
keyfactor_x509_store: Optional[SecretStoreKeyfactorX509StoreArgs] = None,
vault_approle: Optional[SecretStoreVaultApproleArgs] = None,
vault_approle_cert_ssh: Optional[SecretStoreVaultApproleCertSshArgs] = None,
vault_approle_cert_x509: Optional[SecretStoreVaultApproleCertX509Args] = None,
vault_aws_ec2: Optional[SecretStoreVaultAwsEc2Args] = None,
vault_aws_iam: Optional[SecretStoreVaultAwsIamArgs] = None,
vault_tls: Optional[SecretStoreVaultTlsArgs] = None,
vault_tls_cert_ssh: Optional[SecretStoreVaultTlsCertSshArgs] = None,
vault_tls_cert_x509: Optional[SecretStoreVaultTlsCertX509Args] = None,
vault_token: Optional[SecretStoreVaultTokenArgs] = None,
vault_token_cert_ssh: Optional[SecretStoreVaultTokenCertSshArgs] = None,
vault_token_cert_x509: Optional[SecretStoreVaultTokenCertX509Args] = None) -> SecretStorefunc GetSecretStore(ctx *Context, name string, id IDInput, state *SecretStoreState, opts ...ResourceOption) (*SecretStore, error)public static SecretStore Get(string name, Input<string> id, SecretStoreState? state, CustomResourceOptions? opts = null)public static SecretStore get(String name, Output<String> id, SecretStoreState state, CustomResourceOptions options)resources: _: type: sdm:SecretStore get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Active
Directory PiersStore Karsenbarg. Sdm. Inputs. Secret Store Active Directory Store - Aws
Piers
Karsenbarg. Sdm. Inputs. Secret Store Aws - Aws
Cert PiersX509 Karsenbarg. Sdm. Inputs. Secret Store Aws Cert X509 - Azure
Store PiersKarsenbarg. Sdm. Inputs. Secret Store Azure Store - Cyberark
Conjur PiersKarsenbarg. Sdm. Inputs. Secret Store Cyberark Conjur - Cyberark
Pam PiersKarsenbarg. Sdm. Inputs. Secret Store Cyberark Pam - Cyberark
Pam PiersExperimental Karsenbarg. Sdm. Inputs. Secret Store Cyberark Pam Experimental - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Delinea
Store PiersKarsenbarg. Sdm. Inputs. Secret Store Delinea Store - Gcp
Cert PiersX509Store Karsenbarg. Sdm. Inputs. Secret Store Gcp Cert X509Store - Gcp
Store PiersKarsenbarg. Sdm. Inputs. Secret Store Gcp Store - Keyfactor
Ssh PiersStore Karsenbarg. Sdm. Inputs. Secret Store Keyfactor Ssh Store - Keyfactor
X509Store PiersKarsenbarg. Sdm. Inputs. Secret Store Keyfactor X509Store - Vault
Approle PiersKarsenbarg. Sdm. Inputs. Secret Store Vault Approle - Vault
Approle PiersCert Ssh Karsenbarg. Sdm. Inputs. Secret Store Vault Approle Cert Ssh - Vault
Approle PiersCert X509 Karsenbarg. Sdm. Inputs. Secret Store Vault Approle Cert X509 - Vault
Aws PiersEc2 Karsenbarg. Sdm. Inputs. Secret Store Vault Aws Ec2 - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Vault
Aws PiersIam Karsenbarg. Sdm. Inputs. Secret Store Vault Aws Iam - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Vault
Tls PiersKarsenbarg. Sdm. Inputs. Secret Store Vault Tls - Vault
Tls PiersCert Ssh Karsenbarg. Sdm. Inputs. Secret Store Vault Tls Cert Ssh - Vault
Tls PiersCert X509 Karsenbarg. Sdm. Inputs. Secret Store Vault Tls Cert X509 - Vault
Token PiersKarsenbarg. Sdm. Inputs. Secret Store Vault Token - Vault
Token PiersCert Ssh Karsenbarg. Sdm. Inputs. Secret Store Vault Token Cert Ssh - Vault
Token PiersCert X509 Karsenbarg. Sdm. Inputs. Secret Store Vault Token Cert X509
- Active
Directory SecretStore Store Active Directory Store Args - Aws
Secret
Store Aws Args - Aws
Cert SecretX509 Store Aws Cert X509Args - Azure
Store SecretStore Azure Store Args - Cyberark
Conjur SecretStore Cyberark Conjur Args - Cyberark
Pam SecretStore Cyberark Pam Args - Cyberark
Pam SecretExperimental Store Cyberark Pam Experimental Args - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Delinea
Store SecretStore Delinea Store Args - Gcp
Cert SecretX509Store Store Gcp Cert X509Store Args - Gcp
Store SecretStore Gcp Store Args - Keyfactor
Ssh SecretStore Store Keyfactor Ssh Store Args - Keyfactor
X509Store SecretStore Keyfactor X509Store Args - Vault
Approle SecretStore Vault Approle Args - Vault
Approle SecretCert Ssh Store Vault Approle Cert Ssh Args - Vault
Approle SecretCert X509 Store Vault Approle Cert X509Args - Vault
Aws SecretEc2 Store Vault Aws Ec2Args - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Vault
Aws SecretIam Store Vault Aws Iam Args - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- Vault
Tls SecretStore Vault Tls Args - Vault
Tls SecretCert Ssh Store Vault Tls Cert Ssh Args - Vault
Tls SecretCert X509 Store Vault Tls Cert X509Args - Vault
Token SecretStore Vault Token Args - Vault
Token SecretCert Ssh Store Vault Token Cert Ssh Args - Vault
Token SecretCert X509 Store Vault Token Cert X509Args
- active
Directory SecretStore Store Active Directory Store - aws
Secret
Store Aws - aws
Cert SecretX509 Store Aws Cert X509 - azure
Store SecretStore Azure Store - cyberark
Conjur SecretStore Cyberark Conjur - cyberark
Pam SecretStore Cyberark Pam - cyberark
Pam SecretExperimental Store Cyberark Pam Experimental - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- delinea
Store SecretStore Delinea Store - gcp
Cert SecretX509Store Store Gcp Cert X509Store - gcp
Store SecretStore Gcp Store - keyfactor
Ssh SecretStore Store Keyfactor Ssh Store - keyfactor
X509Store SecretStore Keyfactor X509Store - vault
Approle SecretStore Vault Approle - vault
Approle SecretCert Ssh Store Vault Approle Cert Ssh - vault
Approle SecretCert X509 Store Vault Approle Cert X509 - vault
Aws SecretEc2 Store Vault Aws Ec2 - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Aws SecretIam Store Vault Aws Iam - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Tls SecretStore Vault Tls - vault
Tls SecretCert Ssh Store Vault Tls Cert Ssh - vault
Tls SecretCert X509 Store Vault Tls Cert X509 - vault
Token SecretStore Vault Token - vault
Token SecretCert Ssh Store Vault Token Cert Ssh - vault
Token SecretCert X509 Store Vault Token Cert X509
- active
Directory SecretStore Store Active Directory Store - aws
Secret
Store Aws - aws
Cert SecretX509 Store Aws Cert X509 - azure
Store SecretStore Azure Store - cyberark
Conjur SecretStore Cyberark Conjur - cyberark
Pam SecretStore Cyberark Pam - cyberark
Pam SecretExperimental Store Cyberark Pam Experimental - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- delinea
Store SecretStore Delinea Store - gcp
Cert SecretX509Store Store Gcp Cert X509Store - gcp
Store SecretStore Gcp Store - keyfactor
Ssh SecretStore Store Keyfactor Ssh Store - keyfactor
X509Store SecretStore Keyfactor X509Store - vault
Approle SecretStore Vault Approle - vault
Approle SecretCert Ssh Store Vault Approle Cert Ssh - vault
Approle SecretCert X509 Store Vault Approle Cert X509 - vault
Aws SecretEc2 Store Vault Aws Ec2 - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Aws SecretIam Store Vault Aws Iam - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Tls SecretStore Vault Tls - vault
Tls SecretCert Ssh Store Vault Tls Cert Ssh - vault
Tls SecretCert X509 Store Vault Tls Cert X509 - vault
Token SecretStore Vault Token - vault
Token SecretCert Ssh Store Vault Token Cert Ssh - vault
Token SecretCert X509 Store Vault Token Cert X509
- active_
directory_ Secretstore Store Active Directory Store Args - aws
Secret
Store Aws Args - aws_
cert_ Secretx509 Store Aws Cert X509Args - azure_
store SecretStore Azure Store Args - cyberark_
conjur SecretStore Cyberark Conjur Args - cyberark_
pam SecretStore Cyberark Pam Args - cyberark_
pam_ Secretexperimental Store Cyberark Pam Experimental Args - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- delinea_
store SecretStore Delinea Store Args - gcp_
cert_ Secretx509_ store Store Gcp Cert X509Store Args - gcp_
store SecretStore Gcp Store Args - keyfactor_
ssh_ Secretstore Store Keyfactor Ssh Store Args - keyfactor_
x509_ Secretstore Store Keyfactor X509Store Args - vault_
approle SecretStore Vault Approle Args - vault_
approle_ Secretcert_ ssh Store Vault Approle Cert Ssh Args - vault_
approle_ Secretcert_ x509 Store Vault Approle Cert X509Args - vault_
aws_ Secretec2 Store Vault Aws Ec2Args - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault_
aws_ Secretiam Store Vault Aws Iam Args - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault_
tls SecretStore Vault Tls Args - vault_
tls_ Secretcert_ ssh Store Vault Tls Cert Ssh Args - vault_
tls_ Secretcert_ x509 Store Vault Tls Cert X509Args - vault_
token SecretStore Vault Token Args - vault_
token_ Secretcert_ ssh Store Vault Token Cert Ssh Args - vault_
token_ Secretcert_ x509 Store Vault Token Cert X509Args
- active
Directory Property MapStore - aws Property Map
- aws
Cert Property MapX509 - azure
Store Property Map - cyberark
Conjur Property Map - cyberark
Pam Property Map - cyberark
Pam Property MapExperimental - CyberarkPAMExperimentalStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- delinea
Store Property Map - gcp
Cert Property MapX509Store - gcp
Store Property Map - keyfactor
Ssh Property MapStore - keyfactor
X509Store Property Map - vault
Approle Property Map - vault
Approle Property MapCert Ssh - vault
Approle Property MapCert X509 - vault
Aws Property MapEc2 - VaultAWSEC2Store is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Aws Property MapIam - VaultAWSIAMStore is currently unstable, and its API may change, or it may be removed, without a major version bump.
- vault
Tls Property Map - vault
Tls Property MapCert Ssh - vault
Tls Property MapCert X509 - vault
Token Property Map - vault
Token Property MapCert Ssh - vault
Token Property MapCert X509
Supporting Types
SecretStoreActiveDirectoryStore, SecretStoreActiveDirectoryStoreArgs
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- map[string]string
- Tags is a map of key, value pairs.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- Map<String,String>
- Tags is a map of key, value pairs.
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- {[key: string]: string}
- Tags is a map of key, value pairs.
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- Mapping[str, str]
- Tags is a map of key, value pairs.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreAws, SecretStoreAwsArgs
SecretStoreAwsCertX509, SecretStoreAwsCertX509Args
- Ca
Arn string - The ARN of the CA in AWS Private CA
- Certificate
Template stringArn - The ARN of the AWS certificate template for requested certificates. Must allow SAN, key usage, and ext key usage passthrough from CSR
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Region string
- The AWS region to target e.g. us-east-1
- Signing
Algo string - The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. e.g. SHA256WITHRSA
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Ca
Arn string - The ARN of the CA in AWS Private CA
- Certificate
Template stringArn - The ARN of the AWS certificate template for requested certificates. Must allow SAN, key usage, and ext key usage passthrough from CSR
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Region string
- The AWS region to target e.g. us-east-1
- Signing
Algo string - The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. e.g. SHA256WITHRSA
- map[string]string
- Tags is a map of key, value pairs.
- ca
Arn String - The ARN of the CA in AWS Private CA
- certificate
Template StringArn - The ARN of the AWS certificate template for requested certificates. Must allow SAN, key usage, and ext key usage passthrough from CSR
- issued
Cert IntegerTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- region String
- The AWS region to target e.g. us-east-1
- signing
Algo String - The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. e.g. SHA256WITHRSA
- Map<String,String>
- Tags is a map of key, value pairs.
- ca
Arn string - The ARN of the CA in AWS Private CA
- certificate
Template stringArn - The ARN of the AWS certificate template for requested certificates. Must allow SAN, key usage, and ext key usage passthrough from CSR
- issued
Cert numberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name string
- Unique human-readable name of the SecretStore.
- region string
- The AWS region to target e.g. us-east-1
- signing
Algo string - The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. e.g. SHA256WITHRSA
- {[key: string]: string}
- Tags is a map of key, value pairs.
- ca_
arn str - The ARN of the CA in AWS Private CA
- certificate_
template_ strarn - The ARN of the AWS certificate template for requested certificates. Must allow SAN, key usage, and ext key usage passthrough from CSR
- issued_
cert_ intttl_ minutes - The lifetime of certificates issued by this CA represented in minutes.
- name str
- Unique human-readable name of the SecretStore.
- region str
- The AWS region to target e.g. us-east-1
- signing_
algo str - The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. e.g. SHA256WITHRSA
- Mapping[str, str]
- Tags is a map of key, value pairs.
- ca
Arn String - The ARN of the CA in AWS Private CA
- certificate
Template StringArn - The ARN of the AWS certificate template for requested certificates. Must allow SAN, key usage, and ext key usage passthrough from CSR
- issued
Cert NumberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- region String
- The AWS region to target e.g. us-east-1
- signing
Algo String - The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. e.g. SHA256WITHRSA
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreAzureStore, SecretStoreAzureStoreArgs
SecretStoreCyberarkConjur, SecretStoreCyberarkConjurArgs
SecretStoreCyberarkPam, SecretStoreCyberarkPamArgs
SecretStoreCyberarkPamExperimental, SecretStoreCyberarkPamExperimentalArgs
SecretStoreDelineaStore, SecretStoreDelineaStoreArgs
- Name string
- Unique human-readable name of the SecretStore.
- Server
Url string - The URL of the Delinea instance
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Tenant
Name string - The tenant name to target
- gcp_store:
- Name string
- Unique human-readable name of the SecretStore.
- Server
Url string - The URL of the Delinea instance
- map[string]string
- Tags is a map of key, value pairs.
- Tenant
Name string - The tenant name to target
- gcp_store:
- name String
- Unique human-readable name of the SecretStore.
- server
Url String - The URL of the Delinea instance
- Map<String,String>
- Tags is a map of key, value pairs.
- tenant
Name String - The tenant name to target
- gcp_store:
- name string
- Unique human-readable name of the SecretStore.
- server
Url string - The URL of the Delinea instance
- {[key: string]: string}
- Tags is a map of key, value pairs.
- tenant
Name string - The tenant name to target
- gcp_store:
- name str
- Unique human-readable name of the SecretStore.
- server_
url str - The URL of the Delinea instance
- Mapping[str, str]
- Tags is a map of key, value pairs.
- tenant_
name str - The tenant name to target
- gcp_store:
- name String
- Unique human-readable name of the SecretStore.
- server
Url String - The URL of the Delinea instance
- Map<String>
- Tags is a map of key, value pairs.
- tenant
Name String - The tenant name to target
- gcp_store:
SecretStoreGcpCertX509Store, SecretStoreGcpCertX509StoreArgs
- Ca
Pool stringId - The ID of the target CA pool
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Location string
- The Region for the CA in GCP format e.g. us-west1
- Name string
- Unique human-readable name of the SecretStore.
- Project
Id string - The GCP project ID to target.
- Ca
Id string - The ID of the target CA
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Ca
Pool stringId - The ID of the target CA pool
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Location string
- The Region for the CA in GCP format e.g. us-west1
- Name string
- Unique human-readable name of the SecretStore.
- Project
Id string - The GCP project ID to target.
- Ca
Id string - The ID of the target CA
- map[string]string
- Tags is a map of key, value pairs.
- ca
Pool StringId - The ID of the target CA pool
- issued
Cert IntegerTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- location String
- The Region for the CA in GCP format e.g. us-west1
- name String
- Unique human-readable name of the SecretStore.
- project
Id String - The GCP project ID to target.
- ca
Id String - The ID of the target CA
- Map<String,String>
- Tags is a map of key, value pairs.
- ca
Pool stringId - The ID of the target CA pool
- issued
Cert numberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- location string
- The Region for the CA in GCP format e.g. us-west1
- name string
- Unique human-readable name of the SecretStore.
- project
Id string - The GCP project ID to target.
- ca
Id string - The ID of the target CA
- {[key: string]: string}
- Tags is a map of key, value pairs.
- ca_
pool_ strid - The ID of the target CA pool
- issued_
cert_ intttl_ minutes - The lifetime of certificates issued by this CA represented in minutes.
- location str
- The Region for the CA in GCP format e.g. us-west1
- name str
- Unique human-readable name of the SecretStore.
- project_
id str - The GCP project ID to target.
- ca_
id str - The ID of the target CA
- Mapping[str, str]
- Tags is a map of key, value pairs.
- ca
Pool StringId - The ID of the target CA pool
- issued
Cert NumberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- location String
- The Region for the CA in GCP format e.g. us-west1
- name String
- Unique human-readable name of the SecretStore.
- project
Id String - The GCP project ID to target.
- ca
Id String - The ID of the target CA
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreGcpStore, SecretStoreGcpStoreArgs
- name str
- Unique human-readable name of the SecretStore.
- project_
id str - The GCP project ID to target.
- Mapping[str, str]
- Tags is a map of key, value pairs.
SecretStoreKeyfactorSshStore, SecretStoreKeyfactorSshStoreArgs
- Certificate
File stringPath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- string
- Name of EJBCA certificate authority that will enroll CSR.
- Default
Certificate stringProfile Name - Certificate profile name that EJBCA will enroll the CSR with.
- Default
End stringEntity Profile Name - End entity profile that EJBCA will enroll the CSR with.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Ca
File stringPath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- Enrollment
Code stringEnv Var - code used by EJBCA during enrollment. May be left blank if no code is required.
- Enrollment
Username stringEnv Var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- Key
File stringPath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Certificate
File stringPath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- string
- Name of EJBCA certificate authority that will enroll CSR.
- Default
Certificate stringProfile Name - Certificate profile name that EJBCA will enroll the CSR with.
- Default
End stringEntity Profile Name - End entity profile that EJBCA will enroll the CSR with.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Ca
File stringPath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- Enrollment
Code stringEnv Var - code used by EJBCA during enrollment. May be left blank if no code is required.
- Enrollment
Username stringEnv Var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- Key
File stringPath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- map[string]string
- Tags is a map of key, value pairs.
- certificate
File StringPath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- String
- Name of EJBCA certificate authority that will enroll CSR.
- default
Certificate StringProfile Name - Certificate profile name that EJBCA will enroll the CSR with.
- default
End StringEntity Profile Name - End entity profile that EJBCA will enroll the CSR with.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- ca
File StringPath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- enrollment
Code StringEnv Var - code used by EJBCA during enrollment. May be left blank if no code is required.
- enrollment
Username StringEnv Var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- key
File StringPath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- Map<String,String>
- Tags is a map of key, value pairs.
- certificate
File stringPath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- string
- Name of EJBCA certificate authority that will enroll CSR.
- default
Certificate stringProfile Name - Certificate profile name that EJBCA will enroll the CSR with.
- default
End stringEntity Profile Name - End entity profile that EJBCA will enroll the CSR with.
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- ca
File stringPath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- enrollment
Code stringEnv Var - code used by EJBCA during enrollment. May be left blank if no code is required.
- enrollment
Username stringEnv Var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- key
File stringPath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- {[key: string]: string}
- Tags is a map of key, value pairs.
- certificate_
file_ strpath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- str
- Name of EJBCA certificate authority that will enroll CSR.
- default_
certificate_ strprofile_ name - Certificate profile name that EJBCA will enroll the CSR with.
- default_
end_ strentity_ profile_ name - End entity profile that EJBCA will enroll the CSR with.
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- ca_
file_ strpath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- enrollment_
code_ strenv_ var - code used by EJBCA during enrollment. May be left blank if no code is required.
- enrollment_
username_ strenv_ var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- key_
file_ strpath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- Mapping[str, str]
- Tags is a map of key, value pairs.
- certificate
File StringPath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- String
- Name of EJBCA certificate authority that will enroll CSR.
- default
Certificate StringProfile Name - Certificate profile name that EJBCA will enroll the CSR with.
- default
End StringEntity Profile Name - End entity profile that EJBCA will enroll the CSR with.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- ca
File StringPath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- enrollment
Code StringEnv Var - code used by EJBCA during enrollment. May be left blank if no code is required.
- enrollment
Username StringEnv Var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- key
File StringPath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreKeyfactorX509Store, SecretStoreKeyfactorX509StoreArgs
- Certificate
File stringPath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- string
- Name of EJBCA certificate authority that will enroll CSR.
- Default
Certificate stringProfile Name - Certificate profile name that EJBCA will enroll the CSR with.
- Default
End stringEntity Profile Name - End entity profile that EJBCA will enroll the CSR with.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Ca
File stringPath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- Enrollment
Code stringEnv Var - code used by EJBCA during enrollment. May be left blank if no code is required.
- Enrollment
Username stringEnv Var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- Key
File stringPath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Certificate
File stringPath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- string
- Name of EJBCA certificate authority that will enroll CSR.
- Default
Certificate stringProfile Name - Certificate profile name that EJBCA will enroll the CSR with.
- Default
End stringEntity Profile Name - End entity profile that EJBCA will enroll the CSR with.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Ca
File stringPath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- Enrollment
Code stringEnv Var - code used by EJBCA during enrollment. May be left blank if no code is required.
- Enrollment
Username stringEnv Var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- Key
File stringPath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- map[string]string
- Tags is a map of key, value pairs.
- certificate
File StringPath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- String
- Name of EJBCA certificate authority that will enroll CSR.
- default
Certificate StringProfile Name - Certificate profile name that EJBCA will enroll the CSR with.
- default
End StringEntity Profile Name - End entity profile that EJBCA will enroll the CSR with.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- ca
File StringPath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- enrollment
Code StringEnv Var - code used by EJBCA during enrollment. May be left blank if no code is required.
- enrollment
Username StringEnv Var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- key
File StringPath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- Map<String,String>
- Tags is a map of key, value pairs.
- certificate
File stringPath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- string
- Name of EJBCA certificate authority that will enroll CSR.
- default
Certificate stringProfile Name - Certificate profile name that EJBCA will enroll the CSR with.
- default
End stringEntity Profile Name - End entity profile that EJBCA will enroll the CSR with.
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- ca
File stringPath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- enrollment
Code stringEnv Var - code used by EJBCA during enrollment. May be left blank if no code is required.
- enrollment
Username stringEnv Var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- key
File stringPath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- {[key: string]: string}
- Tags is a map of key, value pairs.
- certificate_
file_ strpath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- str
- Name of EJBCA certificate authority that will enroll CSR.
- default_
certificate_ strprofile_ name - Certificate profile name that EJBCA will enroll the CSR with.
- default_
end_ strentity_ profile_ name - End entity profile that EJBCA will enroll the CSR with.
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- ca_
file_ strpath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- enrollment_
code_ strenv_ var - code used by EJBCA during enrollment. May be left blank if no code is required.
- enrollment_
username_ strenv_ var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- key_
file_ strpath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- Mapping[str, str]
- Tags is a map of key, value pairs.
- certificate
File StringPath - Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
- String
- Name of EJBCA certificate authority that will enroll CSR.
- default
Certificate StringProfile Name - Certificate profile name that EJBCA will enroll the CSR with.
- default
End StringEntity Profile Name - End entity profile that EJBCA will enroll the CSR with.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- ca
File StringPath - Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
- enrollment
Code StringEnv Var - code used by EJBCA during enrollment. May be left blank if no code is required.
- enrollment
Username StringEnv Var - username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
- key
File StringPath - Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultApprole, SecretStoreVaultApproleArgs
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultApproleCertSsh, SecretStoreVaultApproleCertSshArgs
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Ssh
Mount stringPoint - The mount point of the SSH engine configured with the desired CA
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Ssh
Mount stringPoint - The mount point of the SSH engine configured with the desired CA
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- issued
Cert IntegerTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- ssh
Mount StringPoint - The mount point of the SSH engine configured with the desired CA
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- issued
Cert numberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- signing
Role string - The signing role to be used for signing certificates
- ssh
Mount stringPoint - The mount point of the SSH engine configured with the desired CA
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- issued_
cert_ intttl_ minutes - The lifetime of certificates issued by this CA represented in minutes.
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- signing_
role str - The signing role to be used for signing certificates
- ssh_
mount_ strpoint - The mount point of the SSH engine configured with the desired CA
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- issued
Cert NumberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- ssh
Mount StringPoint - The mount point of the SSH engine configured with the desired CA
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultApproleCertX509, SecretStoreVaultApproleCertX509Args
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Pki
Mount stringPoint - The mount point of the PKI engine configured with the desired CA
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Pki
Mount stringPoint - The mount point of the PKI engine configured with the desired CA
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- issued
Cert IntegerTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- pki
Mount StringPoint - The mount point of the PKI engine configured with the desired CA
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- issued
Cert numberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name string
- Unique human-readable name of the SecretStore.
- pki
Mount stringPoint - The mount point of the PKI engine configured with the desired CA
- server
Address string - The URL of the Vault to target
- signing
Role string - The signing role to be used for signing certificates
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- issued_
cert_ intttl_ minutes - The lifetime of certificates issued by this CA represented in minutes.
- name str
- Unique human-readable name of the SecretStore.
- pki_
mount_ strpoint - The mount point of the PKI engine configured with the desired CA
- server_
address str - The URL of the Vault to target
- signing_
role str - The signing role to be used for signing certificates
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- issued
Cert NumberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- pki
Mount StringPoint - The mount point of the PKI engine configured with the desired CA
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultAwsEc2, SecretStoreVaultAwsEc2Args
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultAwsIam, SecretStoreVaultAwsIamArgs
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultTls, SecretStoreVaultTlsArgs
- Client
Cert stringPath - A path to a client certificate file accessible by a Node
- Client
Key stringPath - A path to a client key file accessible by a Node
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Ca
Cert stringPath - A path to a CA file accessible by a Node
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Client
Cert stringPath - A path to a client certificate file accessible by a Node
- Client
Key stringPath - A path to a client key file accessible by a Node
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Ca
Cert stringPath - A path to a CA file accessible by a Node
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- client
Cert StringPath - A path to a client certificate file accessible by a Node
- client
Key StringPath - A path to a client key file accessible by a Node
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- ca
Cert StringPath - A path to a CA file accessible by a Node
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- client
Cert stringPath - A path to a client certificate file accessible by a Node
- client
Key stringPath - A path to a client key file accessible by a Node
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- ca
Cert stringPath - A path to a CA file accessible by a Node
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- client_
cert_ strpath - A path to a client certificate file accessible by a Node
- client_
key_ strpath - A path to a client key file accessible by a Node
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- ca_
cert_ strpath - A path to a CA file accessible by a Node
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- client
Cert StringPath - A path to a client certificate file accessible by a Node
- client
Key StringPath - A path to a client key file accessible by a Node
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- ca
Cert StringPath - A path to a CA file accessible by a Node
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultTlsCertSsh, SecretStoreVaultTlsCertSshArgs
- Client
Cert stringPath - A path to a client certificate file accessible by a Node
- Client
Key stringPath - A path to a client key file accessible by a Node
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Ssh
Mount stringPoint - The mount point of the SSH engine configured with the desired CA
- Ca
Cert stringPath - A path to a CA file accessible by a Node
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Client
Cert stringPath - A path to a client certificate file accessible by a Node
- Client
Key stringPath - A path to a client key file accessible by a Node
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Ssh
Mount stringPoint - The mount point of the SSH engine configured with the desired CA
- Ca
Cert stringPath - A path to a CA file accessible by a Node
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- client
Cert StringPath - A path to a client certificate file accessible by a Node
- client
Key StringPath - A path to a client key file accessible by a Node
- issued
Cert IntegerTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- ssh
Mount StringPoint - The mount point of the SSH engine configured with the desired CA
- ca
Cert StringPath - A path to a CA file accessible by a Node
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- client
Cert stringPath - A path to a client certificate file accessible by a Node
- client
Key stringPath - A path to a client key file accessible by a Node
- issued
Cert numberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- signing
Role string - The signing role to be used for signing certificates
- ssh
Mount stringPoint - The mount point of the SSH engine configured with the desired CA
- ca
Cert stringPath - A path to a CA file accessible by a Node
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- client_
cert_ strpath - A path to a client certificate file accessible by a Node
- client_
key_ strpath - A path to a client key file accessible by a Node
- issued_
cert_ intttl_ minutes - The lifetime of certificates issued by this CA represented in minutes.
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- signing_
role str - The signing role to be used for signing certificates
- ssh_
mount_ strpoint - The mount point of the SSH engine configured with the desired CA
- ca_
cert_ strpath - A path to a CA file accessible by a Node
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- client
Cert StringPath - A path to a client certificate file accessible by a Node
- client
Key StringPath - A path to a client key file accessible by a Node
- issued
Cert NumberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- ssh
Mount StringPoint - The mount point of the SSH engine configured with the desired CA
- ca
Cert StringPath - A path to a CA file accessible by a Node
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultTlsCertX509, SecretStoreVaultTlsCertX509Args
- Client
Cert stringPath - A path to a client certificate file accessible by a Node
- Client
Key stringPath - A path to a client key file accessible by a Node
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Pki
Mount stringPoint - The mount point of the PKI engine configured with the desired CA
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Ca
Cert stringPath - A path to a CA file accessible by a Node
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Client
Cert stringPath - A path to a client certificate file accessible by a Node
- Client
Key stringPath - A path to a client key file accessible by a Node
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Pki
Mount stringPoint - The mount point of the PKI engine configured with the desired CA
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Ca
Cert stringPath - A path to a CA file accessible by a Node
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- client
Cert StringPath - A path to a client certificate file accessible by a Node
- client
Key StringPath - A path to a client key file accessible by a Node
- issued
Cert IntegerTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- pki
Mount StringPoint - The mount point of the PKI engine configured with the desired CA
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- ca
Cert StringPath - A path to a CA file accessible by a Node
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- client
Cert stringPath - A path to a client certificate file accessible by a Node
- client
Key stringPath - A path to a client key file accessible by a Node
- issued
Cert numberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name string
- Unique human-readable name of the SecretStore.
- pki
Mount stringPoint - The mount point of the PKI engine configured with the desired CA
- server
Address string - The URL of the Vault to target
- signing
Role string - The signing role to be used for signing certificates
- ca
Cert stringPath - A path to a CA file accessible by a Node
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- client_
cert_ strpath - A path to a client certificate file accessible by a Node
- client_
key_ strpath - A path to a client key file accessible by a Node
- issued_
cert_ intttl_ minutes - The lifetime of certificates issued by this CA represented in minutes.
- name str
- Unique human-readable name of the SecretStore.
- pki_
mount_ strpoint - The mount point of the PKI engine configured with the desired CA
- server_
address str - The URL of the Vault to target
- signing_
role str - The signing role to be used for signing certificates
- ca_
cert_ strpath - A path to a CA file accessible by a Node
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- client
Cert StringPath - A path to a client certificate file accessible by a Node
- client
Key StringPath - A path to a client key file accessible by a Node
- issued
Cert NumberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- pki
Mount StringPoint - The mount point of the PKI engine configured with the desired CA
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- ca
Cert StringPath - A path to a CA file accessible by a Node
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultToken, SecretStoreVaultTokenArgs
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultTokenCertSsh, SecretStoreVaultTokenCertSshArgs
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Ssh
Mount stringPoint - The mount point of the SSH engine configured with the desired CA
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Ssh
Mount stringPoint - The mount point of the SSH engine configured with the desired CA
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- issued
Cert IntegerTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- ssh
Mount StringPoint - The mount point of the SSH engine configured with the desired CA
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- issued
Cert numberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name string
- Unique human-readable name of the SecretStore.
- server
Address string - The URL of the Vault to target
- signing
Role string - The signing role to be used for signing certificates
- ssh
Mount stringPoint - The mount point of the SSH engine configured with the desired CA
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- issued_
cert_ intttl_ minutes - The lifetime of certificates issued by this CA represented in minutes.
- name str
- Unique human-readable name of the SecretStore.
- server_
address str - The URL of the Vault to target
- signing_
role str - The signing role to be used for signing certificates
- ssh_
mount_ strpoint - The mount point of the SSH engine configured with the desired CA
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- issued
Cert NumberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- ssh
Mount StringPoint - The mount point of the SSH engine configured with the desired CA
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
SecretStoreVaultTokenCertX509, SecretStoreVaultTokenCertX509Args
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Pki
Mount stringPoint - The mount point of the PKI engine configured with the desired CA
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Namespace string
- The namespace to make requests within
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Issued
Cert intTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- Name string
- Unique human-readable name of the SecretStore.
- Pki
Mount stringPoint - The mount point of the PKI engine configured with the desired CA
- Server
Address string - The URL of the Vault to target
- Signing
Role string - The signing role to be used for signing certificates
- Namespace string
- The namespace to make requests within
- map[string]string
- Tags is a map of key, value pairs.
- issued
Cert IntegerTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- pki
Mount StringPoint - The mount point of the PKI engine configured with the desired CA
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- namespace String
- The namespace to make requests within
- Map<String,String>
- Tags is a map of key, value pairs.
- issued
Cert numberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name string
- Unique human-readable name of the SecretStore.
- pki
Mount stringPoint - The mount point of the PKI engine configured with the desired CA
- server
Address string - The URL of the Vault to target
- signing
Role string - The signing role to be used for signing certificates
- namespace string
- The namespace to make requests within
- {[key: string]: string}
- Tags is a map of key, value pairs.
- issued_
cert_ intttl_ minutes - The lifetime of certificates issued by this CA represented in minutes.
- name str
- Unique human-readable name of the SecretStore.
- pki_
mount_ strpoint - The mount point of the PKI engine configured with the desired CA
- server_
address str - The URL of the Vault to target
- signing_
role str - The signing role to be used for signing certificates
- namespace str
- The namespace to make requests within
- Mapping[str, str]
- Tags is a map of key, value pairs.
- issued
Cert NumberTtl Minutes - The lifetime of certificates issued by this CA represented in minutes.
- name String
- Unique human-readable name of the SecretStore.
- pki
Mount StringPoint - The mount point of the PKI engine configured with the desired CA
- server
Address String - The URL of the Vault to target
- signing
Role String - The signing role to be used for signing certificates
- namespace String
- The namespace to make requests within
- Map<String>
- Tags is a map of key, value pairs.
Import
A SecretStore can be imported using the id, e.g.,
$ pulumi import sdm:index/secretStore:SecretStore example se-12345678
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sdm pierskarsenbarg/pulumi-sdm
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
sdmTerraform Provider.