com.pulumi.vault.kv.kotlin.SecretV2Args.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.kv.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import com.pulumi.vault.kv.SecretV2Args.builder
import com.pulumi.vault.kv.kotlin.inputs.SecretV2CustomMetadataArgs
import com.pulumi.vault.kv.kotlin.inputs.SecretV2CustomMetadataArgsBuilder
import kotlin.Any
import kotlin.Boolean
import kotlin.Int
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Writes a KV-V2 secret to a given path in Vault.
* For more information on Vault's KV-V2 secret backend
* [see here](https://www.vaultproject.io/docs/secrets/kv/kv-v2).
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const kvv2 = new vault.Mount("kvv2", {
* path: "kvv2",
* type: "kv",
* options: {
* version: "2",
* },
* description: "KV Version 2 secret engine mount",
* });
* const example = new vault.kv.SecretV2("example", {
* mount: kvv2.path,
* name: "secret",
* cas: 1,
* deleteAllVersions: true,
* dataJson: JSON.stringify({
* zip: "zap",
* foo: "bar",
* }),
* customMetadata: {
* maxVersions: 5,
* data: {
* foo: "[email protected]",
* bar: "12345",
* },
* },
* });
* ```
* ```python
* import pulumi
* import json
* import pulumi_vault as vault
* kvv2 = vault.Mount("kvv2",
* path="kvv2",
* type="kv",
* options={
* "version": "2",
* },
* description="KV Version 2 secret engine mount")
* example = vault.kv.SecretV2("example",
* mount=kvv2.path,
* name="secret",
* cas=1,
* delete_all_versions=True,
* data_json=json.dumps({
* "zip": "zap",
* "foo": "bar",
* }),
* custom_metadata=vault.kv.SecretV2CustomMetadataArgs(
* max_versions=5,
* data={
* "foo": "[email protected]",
* "bar": "12345",
* },
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using System.Text.Json;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var kvv2 = new Vault.Mount("kvv2", new()
* {
* Path = "kvv2",
* Type = "kv",
* Options =
* {
* { "version", "2" },
* },
* Description = "KV Version 2 secret engine mount",
* });
* var example = new Vault.Kv.SecretV2("example", new()
* {
* Mount = kvv2.Path,
* Name = "secret",
* Cas = 1,
* DeleteAllVersions = true,
* DataJson = JsonSerializer.Serialize(new Dictionary
* {
* ["zip"] = "zap",
* ["foo"] = "bar",
* }),
* CustomMetadata = new Vault.kv.Inputs.SecretV2CustomMetadataArgs
* {
* MaxVersions = 5,
* Data =
* {
* { "foo", "[email protected]" },
* { "bar", "12345" },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "encoding/json"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kv"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{
* Path: pulumi.String("kvv2"),
* Type: pulumi.String("kv"),
* Options: pulumi.Map{
* "version": pulumi.Any("2"),
* },
* Description: pulumi.String("KV Version 2 secret engine mount"),
* })
* if err != nil {
* return err
* }
* tmpJSON0, err := json.Marshal(map[string]interface{}{
* "zip": "zap",
* "foo": "bar",
* })
* if err != nil {
* return err
* }
* json0 := string(tmpJSON0)
* _, err = kv.NewSecretV2(ctx, "example", &kv.SecretV2Args{
* Mount: kvv2.Path,
* Name: pulumi.String("secret"),
* Cas: pulumi.Int(1),
* DeleteAllVersions: pulumi.Bool(true),
* DataJson: pulumi.String(json0),
* CustomMetadata: &kv.SecretV2CustomMetadataArgs{
* MaxVersions: pulumi.Int(5),
* Data: pulumi.Map{
* "foo": pulumi.Any("[email protected]"),
* "bar": pulumi.Any("12345"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.Mount;
* import com.pulumi.vault.MountArgs;
* import com.pulumi.vault.kv.SecretV2;
* import com.pulumi.vault.kv.SecretV2Args;
* import com.pulumi.vault.kv.inputs.SecretV2CustomMetadataArgs;
* import static com.pulumi.codegen.internal.Serialization.*;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var kvv2 = new Mount("kvv2", MountArgs.builder()
* .path("kvv2")
* .type("kv")
* .options(Map.of("version", "2"))
* .description("KV Version 2 secret engine mount")
* .build());
* var example = new SecretV2("example", SecretV2Args.builder()
* .mount(kvv2.path())
* .name("secret")
* .cas(1)
* .deleteAllVersions(true)
* .dataJson(serializeJson(
* jsonObject(
* jsonProperty("zip", "zap"),
* jsonProperty("foo", "bar")
* )))
* .customMetadata(SecretV2CustomMetadataArgs.builder()
* .maxVersions(5)
* .data(Map.ofEntries(
* Map.entry("foo", "[email protected]"),
* Map.entry("bar", "12345")
* ))
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* kvv2:
* type: vault:Mount
* properties:
* path: kvv2
* type: kv
* options:
* version: '2'
* description: KV Version 2 secret engine mount
* example:
* type: vault:kv:SecretV2
* properties:
* mount: ${kvv2.path}
* name: secret
* cas: 1
* deleteAllVersions: true
* dataJson:
* fn::toJSON:
* zip: zap
* foo: bar
* customMetadata:
* maxVersions: 5
* data:
* foo: [email protected]
* bar: '12345'
* ```
*
* ## Required Vault Capabilities
* Use of this resource requires the `create` or `update` capability
* (depending on whether the resource already exists) on the given path,
* the `delete` capability if the resource is removed from configuration,
* and the `read` capability for drift detection (by default).
* ### Custom Metadata Configuration Options
* * `max_versions` - (Optional) The number of versions to keep per key.
* * `cas_required` - (Optional) If true, all keys will require the cas
* parameter to be set on all write requests.
* * `delete_version_after` - (Optional) If set, specifies the length of time before
* a version is deleted. Accepts duration in integer seconds.
* * `data` - (Optional) A string to string map describing the secret.
* ## Import
* KV-V2 secrets can be imported using the `path`, e.g.
* ```sh
* $ pulumi import vault:kv/secretV2:SecretV2 example kvv2/data/secret
* ```
* @property cas This flag is required if `cas_required` is set to true
* on either the secret or the engine's config. In order for a
* write operation to be successful, cas must be set to the current version
* of the secret.
* @property customMetadata A nested block that allows configuring metadata for the
* KV secret. Refer to the
* Configuration Options for more info.
* @property dataJson JSON-encoded string that will be
* written as the secret data at the given path.
* @property deleteAllVersions If set to true, permanently deletes all
* versions for the specified key.
* @property disableRead If set to true, disables reading secret from Vault;
* note: drift won't be detected.
* @property mount Path where KV-V2 engine is mounted.
* @property name Full name of the secret. For a nested secret
* the name is the nested path excluding the mount and data
* prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
* the name is `foo/bar/baz`.
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
* @property options An object that holds option settings.
*/
public data class SecretV2Args(
public val cas: Output? = null,
public val customMetadata: Output? = null,
public val dataJson: Output? = null,
public val deleteAllVersions: Output? = null,
public val disableRead: Output? = null,
public val mount: Output? = null,
public val name: Output? = null,
public val namespace: Output? = null,
public val options: Output>? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.kv.SecretV2Args =
com.pulumi.vault.kv.SecretV2Args.builder()
.cas(cas?.applyValue({ args0 -> args0 }))
.customMetadata(customMetadata?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.dataJson(dataJson?.applyValue({ args0 -> args0 }))
.deleteAllVersions(deleteAllVersions?.applyValue({ args0 -> args0 }))
.disableRead(disableRead?.applyValue({ args0 -> args0 }))
.mount(mount?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.namespace(namespace?.applyValue({ args0 -> args0 }))
.options(
options?.applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}),
).build()
}
/**
* Builder for [SecretV2Args].
*/
@PulumiTagMarker
public class SecretV2ArgsBuilder internal constructor() {
private var cas: Output? = null
private var customMetadata: Output? = null
private var dataJson: Output? = null
private var deleteAllVersions: Output? = null
private var disableRead: Output? = null
private var mount: Output? = null
private var name: Output? = null
private var namespace: Output? = null
private var options: Output>? = null
/**
* @param value This flag is required if `cas_required` is set to true
* on either the secret or the engine's config. In order for a
* write operation to be successful, cas must be set to the current version
* of the secret.
*/
@JvmName("lpivmbfbksxafsyu")
public suspend fun cas(`value`: Output) {
this.cas = value
}
/**
* @param value A nested block that allows configuring metadata for the
* KV secret. Refer to the
* Configuration Options for more info.
*/
@JvmName("oegwhxuurpcloswo")
public suspend fun customMetadata(`value`: Output) {
this.customMetadata = value
}
/**
* @param value JSON-encoded string that will be
* written as the secret data at the given path.
*/
@JvmName("jevssmgfssvnyabh")
public suspend fun dataJson(`value`: Output) {
this.dataJson = value
}
/**
* @param value If set to true, permanently deletes all
* versions for the specified key.
*/
@JvmName("uyscecudeirgyvgk")
public suspend fun deleteAllVersions(`value`: Output) {
this.deleteAllVersions = value
}
/**
* @param value If set to true, disables reading secret from Vault;
* note: drift won't be detected.
*/
@JvmName("rpmwmfjppawabrbi")
public suspend fun disableRead(`value`: Output) {
this.disableRead = value
}
/**
* @param value Path where KV-V2 engine is mounted.
*/
@JvmName("vqugrldpvwrpnrow")
public suspend fun mount(`value`: Output) {
this.mount = value
}
/**
* @param value Full name of the secret. For a nested secret
* the name is the nested path excluding the mount and data
* prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
* the name is `foo/bar/baz`.
*/
@JvmName("ipinlhgtkqrhofmg")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("adsvyegvwrklcytt")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value An object that holds option settings.
*/
@JvmName("nyiwdpqtspggbdan")
public suspend fun options(`value`: Output>) {
this.options = value
}
/**
* @param value This flag is required if `cas_required` is set to true
* on either the secret or the engine's config. In order for a
* write operation to be successful, cas must be set to the current version
* of the secret.
*/
@JvmName("mwcxgugicscthtyl")
public suspend fun cas(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.cas = mapped
}
/**
* @param value A nested block that allows configuring metadata for the
* KV secret. Refer to the
* Configuration Options for more info.
*/
@JvmName("gemccxdefdfyvffk")
public suspend fun customMetadata(`value`: SecretV2CustomMetadataArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.customMetadata = mapped
}
/**
* @param argument A nested block that allows configuring metadata for the
* KV secret. Refer to the
* Configuration Options for more info.
*/
@JvmName("nbshphrgpcrqytcy")
public suspend fun customMetadata(argument: suspend SecretV2CustomMetadataArgsBuilder.() -> Unit) {
val toBeMapped = SecretV2CustomMetadataArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.customMetadata = mapped
}
/**
* @param value JSON-encoded string that will be
* written as the secret data at the given path.
*/
@JvmName("nowdwwxbkjgehafr")
public suspend fun dataJson(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.dataJson = mapped
}
/**
* @param value If set to true, permanently deletes all
* versions for the specified key.
*/
@JvmName("ocpbfednxbqsphji")
public suspend fun deleteAllVersions(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.deleteAllVersions = mapped
}
/**
* @param value If set to true, disables reading secret from Vault;
* note: drift won't be detected.
*/
@JvmName("gqgondbufjfijctg")
public suspend fun disableRead(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.disableRead = mapped
}
/**
* @param value Path where KV-V2 engine is mounted.
*/
@JvmName("pqewkaapwguagbag")
public suspend fun mount(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.mount = mapped
}
/**
* @param value Full name of the secret. For a nested secret
* the name is the nested path excluding the mount and data
* prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
* the name is `foo/bar/baz`.
*/
@JvmName("bswpferbaygwymoa")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("dnguuujllpcdyamf")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value An object that holds option settings.
*/
@JvmName("scxeggmwdomofgem")
public suspend fun options(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.options = mapped
}
/**
* @param values An object that holds option settings.
*/
@JvmName("vdhvvjixfsgqgabu")
public fun options(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.options = mapped
}
internal fun build(): SecretV2Args = SecretV2Args(
cas = cas,
customMetadata = customMetadata,
dataJson = dataJson,
deleteAllVersions = deleteAllVersions,
disableRead = disableRead,
mount = mount,
name = name,
namespace = namespace,
options = options,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy