Docs Home
HashiCorp Vault v6.7.1 published on Friday, May 2, 2025 by Pulumi
vault.identity.getOidcPublicKeys
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const key = new vault.identity.OidcKey("key", {
name: "key",
allowedClientIds: ["*"],
rotationPeriod: 3600,
verificationTtl: 3600,
});
const app = new vault.identity.OidcClient("app", {
name: "application",
key: key.name,
redirectUris: [
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
],
idTokenTtl: 2400,
accessTokenTtl: 7200,
});
const provider = new vault.identity.OidcProvider("provider", {
name: "provider",
allowedClientIds: [test.clientId],
});
const publicKeys = vault.identity.getOidcPublicKeysOutput({
name: provider.name,
});
import pulumi
import pulumi_vault as vault
key = vault.identity.OidcKey("key",
name="key",
allowed_client_ids=["*"],
rotation_period=3600,
verification_ttl=3600)
app = vault.identity.OidcClient("app",
name="application",
key=key.name,
redirect_uris=[
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
],
id_token_ttl=2400,
access_token_ttl=7200)
provider = vault.identity.OidcProvider("provider",
name="provider",
allowed_client_ids=[test["clientId"]])
public_keys = vault.identity.get_oidc_public_keys_output(name=provider.name)
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
Name: pulumi.String("key"),
AllowedClientIds: pulumi.StringArray{
pulumi.String("*"),
},
RotationPeriod: pulumi.Int(3600),
VerificationTtl: pulumi.Int(3600),
})
if err != nil {
return err
}
_, err = identity.NewOidcClient(ctx, "app", &identity.OidcClientArgs{
Name: pulumi.String("application"),
Key: key.Name,
RedirectUris: pulumi.StringArray{
pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
pulumi.String("http://127.0.0.1:8251/callback"),
pulumi.String("http://127.0.0.1:8080/callback"),
},
IdTokenTtl: pulumi.Int(2400),
AccessTokenTtl: pulumi.Int(7200),
})
if err != nil {
return err
}
provider, err := identity.NewOidcProvider(ctx, "provider", &identity.OidcProviderArgs{
Name: pulumi.String("provider"),
AllowedClientIds: pulumi.StringArray{
test.ClientId,
},
})
if err != nil {
return err
}
_ = identity.GetOidcPublicKeysOutput(ctx, identity.GetOidcPublicKeysOutputArgs{
Name: provider.Name,
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var key = new Vault.Identity.OidcKey("key", new()
{
Name = "key",
AllowedClientIds = new[]
{
"*",
},
RotationPeriod = 3600,
VerificationTtl = 3600,
});
var app = new Vault.Identity.OidcClient("app", new()
{
Name = "application",
Key = key.Name,
RedirectUris = new[]
{
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
},
IdTokenTtl = 2400,
AccessTokenTtl = 7200,
});
var provider = new Vault.Identity.OidcProvider("provider", new()
{
Name = "provider",
AllowedClientIds = new[]
{
test.ClientId,
},
});
var publicKeys = Vault.Identity.GetOidcPublicKeys.Invoke(new()
{
Name = provider.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.identity.OidcKey;
import com.pulumi.vault.identity.OidcKeyArgs;
import com.pulumi.vault.identity.OidcClient;
import com.pulumi.vault.identity.OidcClientArgs;
import com.pulumi.vault.identity.OidcProvider;
import com.pulumi.vault.identity.OidcProviderArgs;
import com.pulumi.vault.identity.IdentityFunctions;
import com.pulumi.vault.identity.inputs.GetOidcPublicKeysArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var key = new OidcKey("key", OidcKeyArgs.builder()
.name("key")
.allowedClientIds("*")
.rotationPeriod(3600)
.verificationTtl(3600)
.build());
var app = new OidcClient("app", OidcClientArgs.builder()
.name("application")
.key(key.name())
.redirectUris(
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback")
.idTokenTtl(2400)
.accessTokenTtl(7200)
.build());
var provider = new OidcProvider("provider", OidcProviderArgs.builder()
.name("provider")
.allowedClientIds(test.clientId())
.build());
final var publicKeys = IdentityFunctions.getOidcPublicKeys(GetOidcPublicKeysArgs.builder()
.name(provider.name())
.build());
}
}
resources:
key:
type: vault:identity:OidcKey
properties:
name: key
allowedClientIds:
- '*'
rotationPeriod: 3600
verificationTtl: 3600
app:
type: vault:identity:OidcClient
properties:
name: application
key: ${key.name}
redirectUris:
- http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
- http://127.0.0.1:8251/callback
- http://127.0.0.1:8080/callback
idTokenTtl: 2400
accessTokenTtl: 7200
provider:
type: vault:identity:OidcProvider
properties:
name: provider
allowedClientIds:
- ${test.clientId}
variables:
publicKeys:
fn::invoke:
function: vault:identity:getOidcPublicKeys
arguments:
name: ${provider.name}
Using getOidcPublicKeys
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getOidcPublicKeys(args: GetOidcPublicKeysArgs, opts?: InvokeOptions): Promise<GetOidcPublicKeysResult>
function getOidcPublicKeysOutput(args: GetOidcPublicKeysOutputArgs, opts?: InvokeOptions): Output<GetOidcPublicKeysResult>def get_oidc_public_keys(name: Optional[str] = None,
namespace: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetOidcPublicKeysResult
def get_oidc_public_keys_output(name: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetOidcPublicKeysResult]func GetOidcPublicKeys(ctx *Context, args *GetOidcPublicKeysArgs, opts ...InvokeOption) (*GetOidcPublicKeysResult, error)
func GetOidcPublicKeysOutput(ctx *Context, args *GetOidcPublicKeysOutputArgs, opts ...InvokeOption) GetOidcPublicKeysResultOutput> Note: This function is named GetOidcPublicKeys in the Go SDK.
public static class GetOidcPublicKeys
{
public static Task<GetOidcPublicKeysResult> InvokeAsync(GetOidcPublicKeysArgs args, InvokeOptions? opts = null)
public static Output<GetOidcPublicKeysResult> Invoke(GetOidcPublicKeysInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetOidcPublicKeysResult> getOidcPublicKeys(GetOidcPublicKeysArgs args, InvokeOptions options)
public static Output<GetOidcPublicKeysResult> getOidcPublicKeys(GetOidcPublicKeysArgs args, InvokeOptions options)
fn::invoke:
function: vault:identity/getOidcPublicKeys:getOidcPublicKeys
arguments:
# arguments dictionaryThe following arguments are supported:
getOidcPublicKeys Result
The following output properties are available:
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.