com.pulumi.vault.transit.kotlin.SecretBackendKey.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.transit.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Any
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
/**
* Builder for [SecretBackendKey].
*/
@PulumiTagMarker
public class SecretBackendKeyResourceBuilder internal constructor() {
public var name: String? = null
public var args: SecretBackendKeyArgs = SecretBackendKeyArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend SecretBackendKeyArgsBuilder.() -> Unit) {
val builder = SecretBackendKeyArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): SecretBackendKey {
val builtJavaResource = com.pulumi.vault.transit.SecretBackendKey(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return SecretBackendKey(builtJavaResource)
}
}
/**
* Creates an Encryption Keyring on a Transit Secret Backend for Vault.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const transit = new vault.Mount("transit", {
* path: "transit",
* type: "transit",
* description: "Example description",
* defaultLeaseTtlSeconds: 3600,
* maxLeaseTtlSeconds: 86400,
* });
* const key = new vault.transit.SecretBackendKey("key", {
* backend: transit.path,
* name: "my_key",
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* transit = vault.Mount("transit",
* path="transit",
* type="transit",
* description="Example description",
* default_lease_ttl_seconds=3600,
* max_lease_ttl_seconds=86400)
* key = vault.transit.SecretBackendKey("key",
* backend=transit.path,
* name="my_key")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var transit = new Vault.Mount("transit", new()
* {
* Path = "transit",
* Type = "transit",
* Description = "Example description",
* DefaultLeaseTtlSeconds = 3600,
* MaxLeaseTtlSeconds = 86400,
* });
* var key = new Vault.Transit.SecretBackendKey("key", new()
* {
* Backend = transit.Path,
* Name = "my_key",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/transit"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* transit, err := vault.NewMount(ctx, "transit", &vault.MountArgs{
* Path: pulumi.String("transit"),
* Type: pulumi.String("transit"),
* Description: pulumi.String("Example description"),
* DefaultLeaseTtlSeconds: pulumi.Int(3600),
* MaxLeaseTtlSeconds: pulumi.Int(86400),
* })
* if err != nil {
* return err
* }
* _, err = transit.NewSecretBackendKey(ctx, "key", &transit.SecretBackendKeyArgs{
* Backend: transit.Path,
* Name: pulumi.String("my_key"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.Mount;
* import com.pulumi.vault.MountArgs;
* import com.pulumi.vault.transit.SecretBackendKey;
* import com.pulumi.vault.transit.SecretBackendKeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var transit = new Mount("transit", MountArgs.builder()
* .path("transit")
* .type("transit")
* .description("Example description")
* .defaultLeaseTtlSeconds(3600)
* .maxLeaseTtlSeconds(86400)
* .build());
* var key = new SecretBackendKey("key", SecretBackendKeyArgs.builder()
* .backend(transit.path())
* .name("my_key")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* transit:
* type: vault:Mount
* properties:
* path: transit
* type: transit
* description: Example description
* defaultLeaseTtlSeconds: 3600
* maxLeaseTtlSeconds: 86400
* key:
* type: vault:transit:SecretBackendKey
* properties:
* backend: ${transit.path}
* name: my_key
* ```
*
* ## Import
* Transit secret backend keys can be imported using the `path`, e.g.
* ```sh
* $ pulumi import vault:transit/secretBackendKey:SecretBackendKey key transit/keys/my_key
* ```
*/
public class SecretBackendKey internal constructor(
override val javaResource: com.pulumi.vault.transit.SecretBackendKey,
) : KotlinCustomResource(javaResource, SecretBackendKeyMapper) {
/**
* Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
* * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
*/
public val allowPlaintextBackup: Output?
get() = javaResource.allowPlaintextBackup().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Amount of seconds the key should live before being automatically rotated.
* A value of 0 disables automatic rotation for the key.
*/
public val autoRotatePeriod: Output
get() = javaResource.autoRotatePeriod().applyValue({ args0 -> args0 })
/**
* The path the transit secret backend is mounted at, with no leading or trailing `/`s.
*/
public val backend: Output
get() = javaResource.backend().applyValue({ args0 -> args0 })
/**
* Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
*/
public val convergentEncryption: Output?
get() = javaResource.convergentEncryption().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Specifies if the key is allowed to be deleted.
*/
public val deletionAllowed: Output?
get() = javaResource.deletionAllowed().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
*/
public val derived: Output?
get() = javaResource.derived().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
*/
public val exportable: Output?
get() = javaResource.exportable().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
*/
public val keySize: Output?
get() = javaResource.keySize().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
* * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
* * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
*/
public val keys: Output>>
get() = javaResource.keys().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
})
})
/**
* Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
*/
public val latestVersion: Output
get() = javaResource.latestVersion().applyValue({ args0 -> args0 })
/**
* Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
*/
public val minAvailableVersion: Output
get() = javaResource.minAvailableVersion().applyValue({ args0 -> args0 })
/**
* Minimum key version to use for decryption.
*/
public val minDecryptionVersion: Output?
get() = javaResource.minDecryptionVersion().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Minimum key version to use for encryption
*/
public val minEncryptionVersion: Output?
get() = javaResource.minEncryptionVersion().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The name to identify this key within the backend. Must be unique within the backend.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
public val namespace: Output?
get() = javaResource.namespace().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Whether or not the key supports decryption, based on key type.
*/
public val supportsDecryption: Output
get() = javaResource.supportsDecryption().applyValue({ args0 -> args0 })
/**
* Whether or not the key supports derivation, based on key type.
*/
public val supportsDerivation: Output
get() = javaResource.supportsDerivation().applyValue({ args0 -> args0 })
/**
* Whether or not the key supports encryption, based on key type.
*/
public val supportsEncryption: Output
get() = javaResource.supportsEncryption().applyValue({ args0 -> args0 })
/**
* Whether or not the key supports signing, based on key type.
*/
public val supportsSigning: Output
get() = javaResource.supportsSigning().applyValue({ args0 -> args0 })
/**
* Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
* * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
*/
public val type: Output?
get() = javaResource.type().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
}
public object SecretBackendKeyMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.vault.transit.SecretBackendKey::class == javaResource::class
override fun map(javaResource: Resource): SecretBackendKey = SecretBackendKey(
javaResource as
com.pulumi.vault.transit.SecretBackendKey,
)
}
/**
* @see [SecretBackendKey].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [SecretBackendKey].
*/
public suspend fun secretBackendKey(
name: String,
block: suspend SecretBackendKeyResourceBuilder.() -> Unit,
): SecretBackendKey {
val builder = SecretBackendKeyResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [SecretBackendKey].
* @param name The _unique_ name of the resulting resource.
*/
public fun secretBackendKey(name: String): SecretBackendKey {
val builder = SecretBackendKeyResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy