com.pulumi.vault.transit.SecretBackendKeyArgs Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of vault Show documentation
Show all versions of vault Show documentation
A Pulumi package for creating and managing HashiCorp Vault cloud resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.vault.transit;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.exceptions.MissingRequiredPropertyException;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
public final class SecretBackendKeyArgs extends com.pulumi.resources.ResourceArgs {
public static final SecretBackendKeyArgs Empty = new SecretBackendKeyArgs();
/**
* Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
* * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
*
*/
@Import(name="allowPlaintextBackup")
private @Nullable Output allowPlaintextBackup;
/**
* @return Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
* * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
*
*/
public Optional> allowPlaintextBackup() {
return Optional.ofNullable(this.allowPlaintextBackup);
}
/**
* Amount of seconds the key should live before being automatically rotated.
* A value of 0 disables automatic rotation for the key.
*
*/
@Import(name="autoRotatePeriod")
private @Nullable Output autoRotatePeriod;
/**
* @return Amount of seconds the key should live before being automatically rotated.
* A value of 0 disables automatic rotation for the key.
*
*/
public Optional> autoRotatePeriod() {
return Optional.ofNullable(this.autoRotatePeriod);
}
/**
* The path the transit secret backend is mounted at, with no leading or trailing `/`s.
*
*/
@Import(name="backend", required=true)
private Output backend;
/**
* @return The path the transit secret backend is mounted at, with no leading or trailing `/`s.
*
*/
public Output backend() {
return this.backend;
}
/**
* Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
*
*/
@Import(name="convergentEncryption")
private @Nullable Output convergentEncryption;
/**
* @return Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
*
*/
public Optional> convergentEncryption() {
return Optional.ofNullable(this.convergentEncryption);
}
/**
* Specifies if the key is allowed to be deleted.
*
*/
@Import(name="deletionAllowed")
private @Nullable Output deletionAllowed;
/**
* @return Specifies if the key is allowed to be deleted.
*
*/
public Optional> deletionAllowed() {
return Optional.ofNullable(this.deletionAllowed);
}
/**
* Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
*
*/
@Import(name="derived")
private @Nullable Output derived;
/**
* @return Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
*
*/
public Optional> derived() {
return Optional.ofNullable(this.derived);
}
/**
* Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
*
*/
@Import(name="exportable")
private @Nullable Output exportable;
/**
* @return Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
*
*/
public Optional> exportable() {
return Optional.ofNullable(this.exportable);
}
/**
* The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
*
*/
@Import(name="keySize")
private @Nullable Output keySize;
/**
* @return The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
*
*/
public Optional> keySize() {
return Optional.ofNullable(this.keySize);
}
/**
* Minimum key version to use for decryption.
*
*/
@Import(name="minDecryptionVersion")
private @Nullable Output minDecryptionVersion;
/**
* @return Minimum key version to use for decryption.
*
*/
public Optional> minDecryptionVersion() {
return Optional.ofNullable(this.minDecryptionVersion);
}
/**
* Minimum key version to use for encryption
*
*/
@Import(name="minEncryptionVersion")
private @Nullable Output minEncryptionVersion;
/**
* @return Minimum key version to use for encryption
*
*/
public Optional> minEncryptionVersion() {
return Optional.ofNullable(this.minEncryptionVersion);
}
/**
* The name to identify this key within the backend. Must be unique within the backend.
*
*/
@Import(name="name")
private @Nullable Output name;
/**
* @return The name to identify this key within the backend. Must be unique within the backend.
*
*/
public Optional> name() {
return Optional.ofNullable(this.name);
}
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
*/
@Import(name="namespace")
private @Nullable Output namespace;
/**
* @return The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
*/
public Optional> namespace() {
return Optional.ofNullable(this.namespace);
}
/**
* Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
* * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
*
*/
@Import(name="type")
private @Nullable Output type;
/**
* @return Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
* * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
*
*/
public Optional> type() {
return Optional.ofNullable(this.type);
}
private SecretBackendKeyArgs() {}
private SecretBackendKeyArgs(SecretBackendKeyArgs $) {
this.allowPlaintextBackup = $.allowPlaintextBackup;
this.autoRotatePeriod = $.autoRotatePeriod;
this.backend = $.backend;
this.convergentEncryption = $.convergentEncryption;
this.deletionAllowed = $.deletionAllowed;
this.derived = $.derived;
this.exportable = $.exportable;
this.keySize = $.keySize;
this.minDecryptionVersion = $.minDecryptionVersion;
this.minEncryptionVersion = $.minEncryptionVersion;
this.name = $.name;
this.namespace = $.namespace;
this.type = $.type;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(SecretBackendKeyArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private SecretBackendKeyArgs $;
public Builder() {
$ = new SecretBackendKeyArgs();
}
public Builder(SecretBackendKeyArgs defaults) {
$ = new SecretBackendKeyArgs(Objects.requireNonNull(defaults));
}
/**
* @param allowPlaintextBackup Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
* * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
*
* @return builder
*
*/
public Builder allowPlaintextBackup(@Nullable Output allowPlaintextBackup) {
$.allowPlaintextBackup = allowPlaintextBackup;
return this;
}
/**
* @param allowPlaintextBackup Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
* * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
*
* @return builder
*
*/
public Builder allowPlaintextBackup(Boolean allowPlaintextBackup) {
return allowPlaintextBackup(Output.of(allowPlaintextBackup));
}
/**
* @param autoRotatePeriod Amount of seconds the key should live before being automatically rotated.
* A value of 0 disables automatic rotation for the key.
*
* @return builder
*
*/
public Builder autoRotatePeriod(@Nullable Output autoRotatePeriod) {
$.autoRotatePeriod = autoRotatePeriod;
return this;
}
/**
* @param autoRotatePeriod Amount of seconds the key should live before being automatically rotated.
* A value of 0 disables automatic rotation for the key.
*
* @return builder
*
*/
public Builder autoRotatePeriod(Integer autoRotatePeriod) {
return autoRotatePeriod(Output.of(autoRotatePeriod));
}
/**
* @param backend The path the transit secret backend is mounted at, with no leading or trailing `/`s.
*
* @return builder
*
*/
public Builder backend(Output backend) {
$.backend = backend;
return this;
}
/**
* @param backend The path the transit secret backend is mounted at, with no leading or trailing `/`s.
*
* @return builder
*
*/
public Builder backend(String backend) {
return backend(Output.of(backend));
}
/**
* @param convergentEncryption Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
*
* @return builder
*
*/
public Builder convergentEncryption(@Nullable Output convergentEncryption) {
$.convergentEncryption = convergentEncryption;
return this;
}
/**
* @param convergentEncryption Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
*
* @return builder
*
*/
public Builder convergentEncryption(Boolean convergentEncryption) {
return convergentEncryption(Output.of(convergentEncryption));
}
/**
* @param deletionAllowed Specifies if the key is allowed to be deleted.
*
* @return builder
*
*/
public Builder deletionAllowed(@Nullable Output deletionAllowed) {
$.deletionAllowed = deletionAllowed;
return this;
}
/**
* @param deletionAllowed Specifies if the key is allowed to be deleted.
*
* @return builder
*
*/
public Builder deletionAllowed(Boolean deletionAllowed) {
return deletionAllowed(Output.of(deletionAllowed));
}
/**
* @param derived Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
*
* @return builder
*
*/
public Builder derived(@Nullable Output derived) {
$.derived = derived;
return this;
}
/**
* @param derived Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
*
* @return builder
*
*/
public Builder derived(Boolean derived) {
return derived(Output.of(derived));
}
/**
* @param exportable Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
*
* @return builder
*
*/
public Builder exportable(@Nullable Output exportable) {
$.exportable = exportable;
return this;
}
/**
* @param exportable Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
*
* @return builder
*
*/
public Builder exportable(Boolean exportable) {
return exportable(Output.of(exportable));
}
/**
* @param keySize The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
*
* @return builder
*
*/
public Builder keySize(@Nullable Output keySize) {
$.keySize = keySize;
return this;
}
/**
* @param keySize The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
*
* @return builder
*
*/
public Builder keySize(Integer keySize) {
return keySize(Output.of(keySize));
}
/**
* @param minDecryptionVersion Minimum key version to use for decryption.
*
* @return builder
*
*/
public Builder minDecryptionVersion(@Nullable Output minDecryptionVersion) {
$.minDecryptionVersion = minDecryptionVersion;
return this;
}
/**
* @param minDecryptionVersion Minimum key version to use for decryption.
*
* @return builder
*
*/
public Builder minDecryptionVersion(Integer minDecryptionVersion) {
return minDecryptionVersion(Output.of(minDecryptionVersion));
}
/**
* @param minEncryptionVersion Minimum key version to use for encryption
*
* @return builder
*
*/
public Builder minEncryptionVersion(@Nullable Output minEncryptionVersion) {
$.minEncryptionVersion = minEncryptionVersion;
return this;
}
/**
* @param minEncryptionVersion Minimum key version to use for encryption
*
* @return builder
*
*/
public Builder minEncryptionVersion(Integer minEncryptionVersion) {
return minEncryptionVersion(Output.of(minEncryptionVersion));
}
/**
* @param name The name to identify this key within the backend. Must be unique within the backend.
*
* @return builder
*
*/
public Builder name(@Nullable Output name) {
$.name = name;
return this;
}
/**
* @param name The name to identify this key within the backend. Must be unique within the backend.
*
* @return builder
*
*/
public Builder name(String name) {
return name(Output.of(name));
}
/**
* @param namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
* @return builder
*
*/
public Builder namespace(@Nullable Output namespace) {
$.namespace = namespace;
return this;
}
/**
* @param namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
* @return builder
*
*/
public Builder namespace(String namespace) {
return namespace(Output.of(namespace));
}
/**
* @param type Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
* * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
*
* @return builder
*
*/
public Builder type(@Nullable Output type) {
$.type = type;
return this;
}
/**
* @param type Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
* * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
*
* @return builder
*
*/
public Builder type(String type) {
return type(Output.of(type));
}
public SecretBackendKeyArgs build() {
if ($.backend == null) {
throw new MissingRequiredPropertyException("SecretBackendKeyArgs", "backend");
}
return $;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy