1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. consul
  5. SecretBackendRole
HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

vault.consul.SecretBackendRole

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

    Manages a Consul secrets role for a Consul secrets engine in Vault. Consul secret backends can then issue Consul tokens.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const test = new vault.consul.SecretBackend("test", {
        path: "consul",
        description: "Manages the Consul backend",
        address: "127.0.0.1:8500",
        token: "4240861b-ce3d-8530-115a-521ff070dd29",
    });
    const example = new vault.consul.SecretBackendRole("example", {
        name: "test-role",
        backend: test.path,
        consulPolicies: ["example-policy"],
    });
    
    import pulumi
    import pulumi_vault as vault
    
    test = vault.consul.SecretBackend("test",
        path="consul",
        description="Manages the Consul backend",
        address="127.0.0.1:8500",
        token="4240861b-ce3d-8530-115a-521ff070dd29")
    example = vault.consul.SecretBackendRole("example",
        name="test-role",
        backend=test.path,
        consul_policies=["example-policy"])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/consul"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		test, err := consul.NewSecretBackend(ctx, "test", &consul.SecretBackendArgs{
    			Path:        pulumi.String("consul"),
    			Description: pulumi.String("Manages the Consul backend"),
    			Address:     pulumi.String("127.0.0.1:8500"),
    			Token:       pulumi.String("4240861b-ce3d-8530-115a-521ff070dd29"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = consul.NewSecretBackendRole(ctx, "example", &consul.SecretBackendRoleArgs{
    			Name:    pulumi.String("test-role"),
    			Backend: test.Path,
    			ConsulPolicies: pulumi.StringArray{
    				pulumi.String("example-policy"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var test = new Vault.Consul.SecretBackend("test", new()
        {
            Path = "consul",
            Description = "Manages the Consul backend",
            Address = "127.0.0.1:8500",
            Token = "4240861b-ce3d-8530-115a-521ff070dd29",
        });
    
        var example = new Vault.Consul.SecretBackendRole("example", new()
        {
            Name = "test-role",
            Backend = test.Path,
            ConsulPolicies = new[]
            {
                "example-policy",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.consul.SecretBackend;
    import com.pulumi.vault.consul.SecretBackendArgs;
    import com.pulumi.vault.consul.SecretBackendRole;
    import com.pulumi.vault.consul.SecretBackendRoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new SecretBackend("test", SecretBackendArgs.builder()
                .path("consul")
                .description("Manages the Consul backend")
                .address("127.0.0.1:8500")
                .token("4240861b-ce3d-8530-115a-521ff070dd29")
                .build());
    
            var example = new SecretBackendRole("example", SecretBackendRoleArgs.builder()
                .name("test-role")
                .backend(test.path())
                .consulPolicies("example-policy")
                .build());
    
        }
    }
    
    resources:
      test:
        type: vault:consul:SecretBackend
        properties:
          path: consul
          description: Manages the Consul backend
          address: 127.0.0.1:8500
          token: 4240861b-ce3d-8530-115a-521ff070dd29
      example:
        type: vault:consul:SecretBackendRole
        properties:
          name: test-role
          backend: ${test.path}
          consulPolicies:
            - example-policy
    

    Note About Required Arguments

    At least one of the four arguments consul_policies, consul_roles, service_identities, or node_identities is required for a token. If desired, any combination of the four arguments up-to and including all four, is valid.

    Create SecretBackendRole Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new SecretBackendRole(name: string, args?: SecretBackendRoleArgs, opts?: CustomResourceOptions);
    @overload
    def SecretBackendRole(resource_name: str,
                          args: Optional[SecretBackendRoleArgs] = None,
                          opts: Optional[ResourceOptions] = None)
    
    @overload
    def SecretBackendRole(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          backend: Optional[str] = None,
                          consul_namespace: Optional[str] = None,
                          consul_policies: Optional[Sequence[str]] = None,
                          consul_roles: Optional[Sequence[str]] = None,
                          local: Optional[bool] = None,
                          max_ttl: Optional[int] = None,
                          name: Optional[str] = None,
                          namespace: Optional[str] = None,
                          node_identities: Optional[Sequence[str]] = None,
                          partition: Optional[str] = None,
                          policies: Optional[Sequence[str]] = None,
                          service_identities: Optional[Sequence[str]] = None,
                          ttl: Optional[int] = None)
    func NewSecretBackendRole(ctx *Context, name string, args *SecretBackendRoleArgs, opts ...ResourceOption) (*SecretBackendRole, error)
    public SecretBackendRole(string name, SecretBackendRoleArgs? args = null, CustomResourceOptions? opts = null)
    public SecretBackendRole(String name, SecretBackendRoleArgs args)
    public SecretBackendRole(String name, SecretBackendRoleArgs args, CustomResourceOptions options)
    
    type: vault:consul:SecretBackendRole
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SecretBackendRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecretBackendRoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecretBackendRoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecretBackendRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecretBackendRoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var vaultSecretBackendRoleResource = new Vault.Consul.SecretBackendRole("vaultSecretBackendRoleResource", new()
    {
        Backend = "string",
        ConsulNamespace = "string",
        ConsulPolicies = new[]
        {
            "string",
        },
        ConsulRoles = new[]
        {
            "string",
        },
        Local = false,
        MaxTtl = 0,
        Name = "string",
        Namespace = "string",
        NodeIdentities = new[]
        {
            "string",
        },
        Partition = "string",
        Policies = new[]
        {
            "string",
        },
        ServiceIdentities = new[]
        {
            "string",
        },
        Ttl = 0,
    });
    
    example, err := consul.NewSecretBackendRole(ctx, "vaultSecretBackendRoleResource", &consul.SecretBackendRoleArgs{
    	Backend:         pulumi.String("string"),
    	ConsulNamespace: pulumi.String("string"),
    	ConsulPolicies: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ConsulRoles: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Local:     pulumi.Bool(false),
    	MaxTtl:    pulumi.Int(0),
    	Name:      pulumi.String("string"),
    	Namespace: pulumi.String("string"),
    	NodeIdentities: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Partition: pulumi.String("string"),
    	Policies: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ServiceIdentities: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Ttl: pulumi.Int(0),
    })
    
    var vaultSecretBackendRoleResource = new SecretBackendRole("vaultSecretBackendRoleResource", SecretBackendRoleArgs.builder()
        .backend("string")
        .consulNamespace("string")
        .consulPolicies("string")
        .consulRoles("string")
        .local(false)
        .maxTtl(0)
        .name("string")
        .namespace("string")
        .nodeIdentities("string")
        .partition("string")
        .policies("string")
        .serviceIdentities("string")
        .ttl(0)
        .build());
    
    vault_secret_backend_role_resource = vault.consul.SecretBackendRole("vaultSecretBackendRoleResource",
        backend="string",
        consul_namespace="string",
        consul_policies=["string"],
        consul_roles=["string"],
        local=False,
        max_ttl=0,
        name="string",
        namespace="string",
        node_identities=["string"],
        partition="string",
        policies=["string"],
        service_identities=["string"],
        ttl=0)
    
    const vaultSecretBackendRoleResource = new vault.consul.SecretBackendRole("vaultSecretBackendRoleResource", {
        backend: "string",
        consulNamespace: "string",
        consulPolicies: ["string"],
        consulRoles: ["string"],
        local: false,
        maxTtl: 0,
        name: "string",
        namespace: "string",
        nodeIdentities: ["string"],
        partition: "string",
        policies: ["string"],
        serviceIdentities: ["string"],
        ttl: 0,
    });
    
    type: vault:consul:SecretBackendRole
    properties:
        backend: string
        consulNamespace: string
        consulPolicies:
            - string
        consulRoles:
            - string
        local: false
        maxTtl: 0
        name: string
        namespace: string
        nodeIdentities:
            - string
        partition: string
        policies:
            - string
        serviceIdentities:
            - string
        ttl: 0
    

    SecretBackendRole Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SecretBackendRole resource accepts the following input properties:

    Backend string
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    ConsulNamespace string
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    ConsulPolicies List<string>
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    ConsulRoles List<string>
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    Local bool
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    MaxTtl int
    Maximum TTL for leases associated with this role, in seconds.
    Name string
    The name of the Consul secrets engine role to create.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    NodeIdentities List<string>
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    Partition string
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    Policies List<string>
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    ServiceIdentities List<string>
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    Ttl int
    Specifies the TTL for this role.
    Backend string
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    ConsulNamespace string
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    ConsulPolicies []string
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    ConsulRoles []string
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    Local bool
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    MaxTtl int
    Maximum TTL for leases associated with this role, in seconds.
    Name string
    The name of the Consul secrets engine role to create.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    NodeIdentities []string
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    Partition string
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    Policies []string
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    ServiceIdentities []string
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    Ttl int
    Specifies the TTL for this role.
    backend String
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    consulNamespace String
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    consulPolicies List<String>
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    consulRoles List<String>
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    local Boolean
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    maxTtl Integer
    Maximum TTL for leases associated with this role, in seconds.
    name String
    The name of the Consul secrets engine role to create.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    nodeIdentities List<String>
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    partition String
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    policies List<String>
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    serviceIdentities List<String>
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    ttl Integer
    Specifies the TTL for this role.
    backend string
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    consulNamespace string
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    consulPolicies string[]
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    consulRoles string[]
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    local boolean
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    maxTtl number
    Maximum TTL for leases associated with this role, in seconds.
    name string
    The name of the Consul secrets engine role to create.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    nodeIdentities string[]
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    partition string
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    policies string[]
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    serviceIdentities string[]
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    ttl number
    Specifies the TTL for this role.
    backend str
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    consul_namespace str
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    consul_policies Sequence[str]
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    consul_roles Sequence[str]
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    local bool
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    max_ttl int
    Maximum TTL for leases associated with this role, in seconds.
    name str
    The name of the Consul secrets engine role to create.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    node_identities Sequence[str]
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    partition str
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    policies Sequence[str]
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    service_identities Sequence[str]
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    ttl int
    Specifies the TTL for this role.
    backend String
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    consulNamespace String
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    consulPolicies List<String>
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    consulRoles List<String>
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    local Boolean
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    maxTtl Number
    Maximum TTL for leases associated with this role, in seconds.
    name String
    The name of the Consul secrets engine role to create.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    nodeIdentities List<String>
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    partition String
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    policies List<String>
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    serviceIdentities List<String>
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    ttl Number
    Specifies the TTL for this role.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecretBackendRole resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing SecretBackendRole Resource

    Get an existing SecretBackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecretBackendRoleState, opts?: CustomResourceOptions): SecretBackendRole
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            backend: Optional[str] = None,
            consul_namespace: Optional[str] = None,
            consul_policies: Optional[Sequence[str]] = None,
            consul_roles: Optional[Sequence[str]] = None,
            local: Optional[bool] = None,
            max_ttl: Optional[int] = None,
            name: Optional[str] = None,
            namespace: Optional[str] = None,
            node_identities: Optional[Sequence[str]] = None,
            partition: Optional[str] = None,
            policies: Optional[Sequence[str]] = None,
            service_identities: Optional[Sequence[str]] = None,
            ttl: Optional[int] = None) -> SecretBackendRole
    func GetSecretBackendRole(ctx *Context, name string, id IDInput, state *SecretBackendRoleState, opts ...ResourceOption) (*SecretBackendRole, error)
    public static SecretBackendRole Get(string name, Input<string> id, SecretBackendRoleState? state, CustomResourceOptions? opts = null)
    public static SecretBackendRole get(String name, Output<String> id, SecretBackendRoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Backend string
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    ConsulNamespace string
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    ConsulPolicies List<string>
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    ConsulRoles List<string>
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    Local bool
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    MaxTtl int
    Maximum TTL for leases associated with this role, in seconds.
    Name string
    The name of the Consul secrets engine role to create.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    NodeIdentities List<string>
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    Partition string
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    Policies List<string>
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    ServiceIdentities List<string>
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    Ttl int
    Specifies the TTL for this role.
    Backend string
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    ConsulNamespace string
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    ConsulPolicies []string
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    ConsulRoles []string
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    Local bool
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    MaxTtl int
    Maximum TTL for leases associated with this role, in seconds.
    Name string
    The name of the Consul secrets engine role to create.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    NodeIdentities []string
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    Partition string
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    Policies []string
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    ServiceIdentities []string
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    Ttl int
    Specifies the TTL for this role.
    backend String
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    consulNamespace String
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    consulPolicies List<String>
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    consulRoles List<String>
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    local Boolean
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    maxTtl Integer
    Maximum TTL for leases associated with this role, in seconds.
    name String
    The name of the Consul secrets engine role to create.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    nodeIdentities List<String>
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    partition String
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    policies List<String>
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    serviceIdentities List<String>
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    ttl Integer
    Specifies the TTL for this role.
    backend string
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    consulNamespace string
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    consulPolicies string[]
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    consulRoles string[]
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    local boolean
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    maxTtl number
    Maximum TTL for leases associated with this role, in seconds.
    name string
    The name of the Consul secrets engine role to create.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    nodeIdentities string[]
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    partition string
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    policies string[]
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    serviceIdentities string[]
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    ttl number
    Specifies the TTL for this role.
    backend str
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    consul_namespace str
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    consul_policies Sequence[str]
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    consul_roles Sequence[str]
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    local bool
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    max_ttl int
    Maximum TTL for leases associated with this role, in seconds.
    name str
    The name of the Consul secrets engine role to create.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    node_identities Sequence[str]
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    partition str
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    policies Sequence[str]
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    service_identities Sequence[str]
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    ttl int
    Specifies the TTL for this role.
    backend String
    The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
    consulNamespace String
    The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
    consulPolicies List<String>
    SEE NOTE The list of Consul ACL policies to associate with these roles.
    consulRoles List<String>
    SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
    local Boolean
    Indicates that the token should not be replicated globally and instead be local to the current datacenter.
    maxTtl Number
    Maximum TTL for leases associated with this role, in seconds.
    name String
    The name of the Consul secrets engine role to create.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    nodeIdentities List<String>
    SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
    partition String
    The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".
    policies List<String>
    The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.
    serviceIdentities List<String>
    SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.
    ttl Number
    Specifies the TTL for this role.

    Import

    Consul secret backend roles can be imported using the backend, /roles/, and the name e.g.

    $ pulumi import vault:consul/secretBackendRole:SecretBackendRole example consul/roles/my-role
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi