HashiCorp Vault v6.7.1, May 2 25

HashiCorp Vault v6.7.1 published on Friday, May 2, 2025 by Pulumi

vault.kmip.SecretRole

Explore with Pulumi AI

HashiCorp Vault v6.7.1 published on Friday, May 2, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const _default = new vault.kmip.SecretBackend("default", {
    path: "kmip",
    description: "Vault KMIP backend",
});
const dev = new vault.kmip.SecretScope("dev", {
    path: _default.path,
    scope: "dev",
    force: true,
});
const admin = new vault.kmip.SecretRole("admin", {
    path: dev.path,
    scope: dev.scope,
    role: "admin",
    tlsClientKeyType: "ec",
    tlsClientKeyBits: 256,
    operationActivate: true,
    operationGet: true,
    operationGetAttributes: true,
    operationCreate: true,
    operationDestroy: true,
});

import pulumi
import pulumi_vault as vault

default = vault.kmip.SecretBackend("default",
    path="kmip",
    description="Vault KMIP backend")
dev = vault.kmip.SecretScope("dev",
    path=default.path,
    scope="dev",
    force=True)
admin = vault.kmip.SecretRole("admin",
    path=dev.path,
    scope=dev.scope,
    role="admin",
    tls_client_key_type="ec",
    tls_client_key_bits=256,
    operation_activate=True,
    operation_get=True,
    operation_get_attributes=True,
    operation_create=True,
    operation_destroy=True)

package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kmip"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := kmip.NewSecretBackend(ctx, "default", &kmip.SecretBackendArgs{
			Path:        pulumi.String("kmip"),
			Description: pulumi.String("Vault KMIP backend"),
		})
		if err != nil {
			return err
		}
		dev, err := kmip.NewSecretScope(ctx, "dev", &kmip.SecretScopeArgs{
			Path:  _default.Path,
			Scope: pulumi.String("dev"),
			Force: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = kmip.NewSecretRole(ctx, "admin", &kmip.SecretRoleArgs{
			Path:                   dev.Path,
			Scope:                  dev.Scope,
			Role:                   pulumi.String("admin"),
			TlsClientKeyType:       pulumi.String("ec"),
			TlsClientKeyBits:       pulumi.Int(256),
			OperationActivate:      pulumi.Bool(true),
			OperationGet:           pulumi.Bool(true),
			OperationGetAttributes: pulumi.Bool(true),
			OperationCreate:        pulumi.Bool(true),
			OperationDestroy:       pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var @default = new Vault.Kmip.SecretBackend("default", new()
    {
        Path = "kmip",
        Description = "Vault KMIP backend",
    });

    var dev = new Vault.Kmip.SecretScope("dev", new()
    {
        Path = @default.Path,
        Scope = "dev",
        Force = true,
    });

    var admin = new Vault.Kmip.SecretRole("admin", new()
    {
        Path = dev.Path,
        Scope = dev.Scope,
        Role = "admin",
        TlsClientKeyType = "ec",
        TlsClientKeyBits = 256,
        OperationActivate = true,
        OperationGet = true,
        OperationGetAttributes = true,
        OperationCreate = true,
        OperationDestroy = true,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.kmip.SecretBackend;
import com.pulumi.vault.kmip.SecretBackendArgs;
import com.pulumi.vault.kmip.SecretScope;
import com.pulumi.vault.kmip.SecretScopeArgs;
import com.pulumi.vault.kmip.SecretRole;
import com.pulumi.vault.kmip.SecretRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new SecretBackend("default", SecretBackendArgs.builder()
            .path("kmip")
            .description("Vault KMIP backend")
            .build());

        var dev = new SecretScope("dev", SecretScopeArgs.builder()
            .path(default_.path())
            .scope("dev")
            .force(true)
            .build());

        var admin = new SecretRole("admin", SecretRoleArgs.builder()
            .path(dev.path())
            .scope(dev.scope())
            .role("admin")
            .tlsClientKeyType("ec")
            .tlsClientKeyBits(256)
            .operationActivate(true)
            .operationGet(true)
            .operationGetAttributes(true)
            .operationCreate(true)
            .operationDestroy(true)
            .build());

    }
}

resources:
  default:
    type: vault:kmip:SecretBackend
    properties:
      path: kmip
      description: Vault KMIP backend
  dev:
    type: vault:kmip:SecretScope
    properties:
      path: ${default.path}
      scope: dev
      force: true
  admin:
    type: vault:kmip:SecretRole
    properties:
      path: ${dev.path}
      scope: ${dev.scope}
      role: admin
      tlsClientKeyType: ec
      tlsClientKeyBits: 256
      operationActivate: true
      operationGet: true
      operationGetAttributes: true
      operationCreate: true
      operationDestroy: true

Create SecretRole Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecretRole(name: string, args: SecretRoleArgs, opts?: CustomResourceOptions);

@overload
def SecretRole(resource_name: str,
               args: SecretRoleArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def SecretRole(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               path: Optional[str] = None,
               scope: Optional[str] = None,
               role: Optional[str] = None,
               operation_destroy: Optional[bool] = None,
               operation_register: Optional[bool] = None,
               namespace: Optional[str] = None,
               operation_discover_versions: Optional[bool] = None,
               operation_get: Optional[bool] = None,
               operation_get_attribute_list: Optional[bool] = None,
               operation_get_attributes: Optional[bool] = None,
               operation_locate: Optional[bool] = None,
               operation_none: Optional[bool] = None,
               operation_create: Optional[bool] = None,
               operation_rekey: Optional[bool] = None,
               operation_revoke: Optional[bool] = None,
               operation_all: Optional[bool] = None,
               operation_add_attribute: Optional[bool] = None,
               operation_activate: Optional[bool] = None,
               tls_client_key_bits: Optional[int] = None,
               tls_client_key_type: Optional[str] = None,
               tls_client_ttl: Optional[int] = None)

func NewSecretRole(ctx *Context, name string, args SecretRoleArgs, opts ...ResourceOption) (*SecretRole, error)

public SecretRole(string name, SecretRoleArgs args, CustomResourceOptions? opts = null)

public SecretRole(String name, SecretRoleArgs args)
public SecretRole(String name, SecretRoleArgs args, CustomResourceOptions options)

type: vault:kmip:SecretRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecretRoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretRoleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretRoleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretRoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretRoleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var vaultSecretRoleResource = new Vault.Kmip.SecretRole("vaultSecretRoleResource", new()
{
    Path = "string",
    Scope = "string",
    Role = "string",
    OperationDestroy = false,
    OperationRegister = false,
    Namespace = "string",
    OperationDiscoverVersions = false,
    OperationGet = false,
    OperationGetAttributeList = false,
    OperationGetAttributes = false,
    OperationLocate = false,
    OperationNone = false,
    OperationCreate = false,
    OperationRekey = false,
    OperationRevoke = false,
    OperationAll = false,
    OperationAddAttribute = false,
    OperationActivate = false,
    TlsClientKeyBits = 0,
    TlsClientKeyType = "string",
    TlsClientTtl = 0,
});

example, err := kmip.NewSecretRole(ctx, "vaultSecretRoleResource", &kmip.SecretRoleArgs{
	Path:                      pulumi.String("string"),
	Scope:                     pulumi.String("string"),
	Role:                      pulumi.String("string"),
	OperationDestroy:          pulumi.Bool(false),
	OperationRegister:         pulumi.Bool(false),
	Namespace:                 pulumi.String("string"),
	OperationDiscoverVersions: pulumi.Bool(false),
	OperationGet:              pulumi.Bool(false),
	OperationGetAttributeList: pulumi.Bool(false),
	OperationGetAttributes:    pulumi.Bool(false),
	OperationLocate:           pulumi.Bool(false),
	OperationNone:             pulumi.Bool(false),
	OperationCreate:           pulumi.Bool(false),
	OperationRekey:            pulumi.Bool(false),
	OperationRevoke:           pulumi.Bool(false),
	OperationAll:              pulumi.Bool(false),
	OperationAddAttribute:     pulumi.Bool(false),
	OperationActivate:         pulumi.Bool(false),
	TlsClientKeyBits:          pulumi.Int(0),
	TlsClientKeyType:          pulumi.String("string"),
	TlsClientTtl:              pulumi.Int(0),
})

var vaultSecretRoleResource = new com.pulumi.vault.kmip.SecretRole("vaultSecretRoleResource", com.pulumi.vault.kmip.SecretRoleArgs.builder()
    .path("string")
    .scope("string")
    .role("string")
    .operationDestroy(false)
    .operationRegister(false)
    .namespace("string")
    .operationDiscoverVersions(false)
    .operationGet(false)
    .operationGetAttributeList(false)
    .operationGetAttributes(false)
    .operationLocate(false)
    .operationNone(false)
    .operationCreate(false)
    .operationRekey(false)
    .operationRevoke(false)
    .operationAll(false)
    .operationAddAttribute(false)
    .operationActivate(false)
    .tlsClientKeyBits(0)
    .tlsClientKeyType("string")
    .tlsClientTtl(0)
    .build());

vault_secret_role_resource = vault.kmip.SecretRole("vaultSecretRoleResource",
    path="string",
    scope="string",
    role="string",
    operation_destroy=False,
    operation_register=False,
    namespace="string",
    operation_discover_versions=False,
    operation_get=False,
    operation_get_attribute_list=False,
    operation_get_attributes=False,
    operation_locate=False,
    operation_none=False,
    operation_create=False,
    operation_rekey=False,
    operation_revoke=False,
    operation_all=False,
    operation_add_attribute=False,
    operation_activate=False,
    tls_client_key_bits=0,
    tls_client_key_type="string",
    tls_client_ttl=0)

const vaultSecretRoleResource = new vault.kmip.SecretRole("vaultSecretRoleResource", {
    path: "string",
    scope: "string",
    role: "string",
    operationDestroy: false,
    operationRegister: false,
    namespace: "string",
    operationDiscoverVersions: false,
    operationGet: false,
    operationGetAttributeList: false,
    operationGetAttributes: false,
    operationLocate: false,
    operationNone: false,
    operationCreate: false,
    operationRekey: false,
    operationRevoke: false,
    operationAll: false,
    operationAddAttribute: false,
    operationActivate: false,
    tlsClientKeyBits: 0,
    tlsClientKeyType: "string",
    tlsClientTtl: 0,
});

type: vault:kmip:SecretRole
properties:
    namespace: string
    operationActivate: false
    operationAddAttribute: false
    operationAll: false
    operationCreate: false
    operationDestroy: false
    operationDiscoverVersions: false
    operationGet: false
    operationGetAttributeList: false
    operationGetAttributes: false
    operationLocate: false
    operationNone: false
    operationRegister: false
    operationRekey: false
    operationRevoke: false
    path: string
    role: string
    scope: string
    tlsClientKeyBits: 0
    tlsClientKeyType: string
    tlsClientTtl: 0

SecretRole Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecretRole resource accepts the following input properties:

Path string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
Role string: Name of the role.
Scope string: Name of the scope.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
OperationActivate bool: Grant permission to use the KMIP Activate operation.
OperationAddAttribute bool: Grant permission to use the KMIP Add Attribute operation.
OperationAll bool: Grant all permissions to this role. May not be specified with any other operation_* params.
OperationCreate bool: Grant permission to use the KMIP Create operation.
OperationDestroy bool: Grant permission to use the KMIP Destroy operation.
OperationDiscoverVersions bool: Grant permission to use the KMIP Discover Version operation.
OperationGet bool: Grant permission to use the KMIP Get operation.
OperationGetAttributeList bool: Grant permission to use the KMIP Get Atrribute List operation.
OperationGetAttributes bool: Grant permission to use the KMIP Get Atrributes operation.
OperationLocate bool: Grant permission to use the KMIP Get Locate operation.
OperationNone bool: Remove all permissions from this role. May not be specified with any other operation_* params.
OperationRegister bool: Grant permission to use the KMIP Register operation.
OperationRekey bool: Grant permission to use the KMIP Rekey operation.
OperationRevoke bool: Grant permission to use the KMIP Revoke operation.
TlsClientKeyBits int: Client certificate key bits, valid values depend on key type.
TlsClientKeyType string: Client certificate key type, rsa or ec.
TlsClientTtl int: Client certificate TTL in seconds.

Path string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
Role string: Name of the role.
Scope string: Name of the scope.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
OperationActivate bool: Grant permission to use the KMIP Activate operation.
OperationAddAttribute bool: Grant permission to use the KMIP Add Attribute operation.
OperationAll bool: Grant all permissions to this role. May not be specified with any other operation_* params.
OperationCreate bool: Grant permission to use the KMIP Create operation.
OperationDestroy bool: Grant permission to use the KMIP Destroy operation.
OperationDiscoverVersions bool: Grant permission to use the KMIP Discover Version operation.
OperationGet bool: Grant permission to use the KMIP Get operation.
OperationGetAttributeList bool: Grant permission to use the KMIP Get Atrribute List operation.
OperationGetAttributes bool: Grant permission to use the KMIP Get Atrributes operation.
OperationLocate bool: Grant permission to use the KMIP Get Locate operation.
OperationNone bool: Remove all permissions from this role. May not be specified with any other operation_* params.
OperationRegister bool: Grant permission to use the KMIP Register operation.
OperationRekey bool: Grant permission to use the KMIP Rekey operation.
OperationRevoke bool: Grant permission to use the KMIP Revoke operation.
TlsClientKeyBits int: Client certificate key bits, valid values depend on key type.
TlsClientKeyType string: Client certificate key type, rsa or ec.
TlsClientTtl int: Client certificate TTL in seconds.

path String: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
role String: Name of the role.
scope String: Name of the scope.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
operationActivate Boolean: Grant permission to use the KMIP Activate operation.
operationAddAttribute Boolean: Grant permission to use the KMIP Add Attribute operation.
operationAll Boolean: Grant all permissions to this role. May not be specified with any other operation_* params.
operationCreate Boolean: Grant permission to use the KMIP Create operation.
operationDestroy Boolean: Grant permission to use the KMIP Destroy operation.
operationDiscoverVersions Boolean: Grant permission to use the KMIP Discover Version operation.
operationGet Boolean: Grant permission to use the KMIP Get operation.
operationGetAttributeList Boolean: Grant permission to use the KMIP Get Atrribute List operation.
operationGetAttributes Boolean: Grant permission to use the KMIP Get Atrributes operation.
operationLocate Boolean: Grant permission to use the KMIP Get Locate operation.
operationNone Boolean: Remove all permissions from this role. May not be specified with any other operation_* params.
operationRegister Boolean: Grant permission to use the KMIP Register operation.
operationRekey Boolean: Grant permission to use the KMIP Rekey operation.
operationRevoke Boolean: Grant permission to use the KMIP Revoke operation.
tlsClientKeyBits Integer: Client certificate key bits, valid values depend on key type.
tlsClientKeyType String: Client certificate key type, rsa or ec.
tlsClientTtl Integer: Client certificate TTL in seconds.

path string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
role string: Name of the role.
scope string: Name of the scope.
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
operationActivate boolean: Grant permission to use the KMIP Activate operation.
operationAddAttribute boolean: Grant permission to use the KMIP Add Attribute operation.
operationAll boolean: Grant all permissions to this role. May not be specified with any other operation_* params.
operationCreate boolean: Grant permission to use the KMIP Create operation.
operationDestroy boolean: Grant permission to use the KMIP Destroy operation.
operationDiscoverVersions boolean: Grant permission to use the KMIP Discover Version operation.
operationGet boolean: Grant permission to use the KMIP Get operation.
operationGetAttributeList boolean: Grant permission to use the KMIP Get Atrribute List operation.
operationGetAttributes boolean: Grant permission to use the KMIP Get Atrributes operation.
operationLocate boolean: Grant permission to use the KMIP Get Locate operation.
operationNone boolean: Remove all permissions from this role. May not be specified with any other operation_* params.
operationRegister boolean: Grant permission to use the KMIP Register operation.
operationRekey boolean: Grant permission to use the KMIP Rekey operation.
operationRevoke boolean: Grant permission to use the KMIP Revoke operation.
tlsClientKeyBits number: Client certificate key bits, valid values depend on key type.
tlsClientKeyType string: Client certificate key type, rsa or ec.
tlsClientTtl number: Client certificate TTL in seconds.

path str: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
role str: Name of the role.
scope str: Name of the scope.
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
operation_activate bool: Grant permission to use the KMIP Activate operation.
operation_add_attribute bool: Grant permission to use the KMIP Add Attribute operation.
operation_all bool: Grant all permissions to this role. May not be specified with any other operation_* params.
operation_create bool: Grant permission to use the KMIP Create operation.
operation_destroy bool: Grant permission to use the KMIP Destroy operation.
operation_discover_versions bool: Grant permission to use the KMIP Discover Version operation.
operation_get bool: Grant permission to use the KMIP Get operation.
operation_get_attribute_list bool: Grant permission to use the KMIP Get Atrribute List operation.
operation_get_attributes bool: Grant permission to use the KMIP Get Atrributes operation.
operation_locate bool: Grant permission to use the KMIP Get Locate operation.
operation_none bool: Remove all permissions from this role. May not be specified with any other operation_* params.
operation_register bool: Grant permission to use the KMIP Register operation.
operation_rekey bool: Grant permission to use the KMIP Rekey operation.
operation_revoke bool: Grant permission to use the KMIP Revoke operation.
tls_client_key_bits int: Client certificate key bits, valid values depend on key type.
tls_client_key_type str: Client certificate key type, rsa or ec.
tls_client_ttl int: Client certificate TTL in seconds.

path String: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
role String: Name of the role.
scope String: Name of the scope.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
operationActivate Boolean: Grant permission to use the KMIP Activate operation.
operationAddAttribute Boolean: Grant permission to use the KMIP Add Attribute operation.
operationAll Boolean: Grant all permissions to this role. May not be specified with any other operation_* params.
operationCreate Boolean: Grant permission to use the KMIP Create operation.
operationDestroy Boolean: Grant permission to use the KMIP Destroy operation.
operationDiscoverVersions Boolean: Grant permission to use the KMIP Discover Version operation.
operationGet Boolean: Grant permission to use the KMIP Get operation.
operationGetAttributeList Boolean: Grant permission to use the KMIP Get Atrribute List operation.
operationGetAttributes Boolean: Grant permission to use the KMIP Get Atrributes operation.
operationLocate Boolean: Grant permission to use the KMIP Get Locate operation.
operationNone Boolean: Remove all permissions from this role. May not be specified with any other operation_* params.
operationRegister Boolean: Grant permission to use the KMIP Register operation.
operationRekey Boolean: Grant permission to use the KMIP Rekey operation.
operationRevoke Boolean: Grant permission to use the KMIP Revoke operation.
tlsClientKeyBits Number: Client certificate key bits, valid values depend on key type.
tlsClientKeyType String: Client certificate key type, rsa or ec.
tlsClientTtl Number: Client certificate TTL in seconds.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecretRole resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SecretRole Resource

Get an existing SecretRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretRoleState, opts?: CustomResourceOptions): SecretRole

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        namespace: Optional[str] = None,
        operation_activate: Optional[bool] = None,
        operation_add_attribute: Optional[bool] = None,
        operation_all: Optional[bool] = None,
        operation_create: Optional[bool] = None,
        operation_destroy: Optional[bool] = None,
        operation_discover_versions: Optional[bool] = None,
        operation_get: Optional[bool] = None,
        operation_get_attribute_list: Optional[bool] = None,
        operation_get_attributes: Optional[bool] = None,
        operation_locate: Optional[bool] = None,
        operation_none: Optional[bool] = None,
        operation_register: Optional[bool] = None,
        operation_rekey: Optional[bool] = None,
        operation_revoke: Optional[bool] = None,
        path: Optional[str] = None,
        role: Optional[str] = None,
        scope: Optional[str] = None,
        tls_client_key_bits: Optional[int] = None,
        tls_client_key_type: Optional[str] = None,
        tls_client_ttl: Optional[int] = None) -> SecretRole

func GetSecretRole(ctx *Context, name string, id IDInput, state *SecretRoleState, opts ...ResourceOption) (*SecretRole, error)

public static SecretRole Get(string name, Input<string> id, SecretRoleState? state, CustomResourceOptions? opts = null)

public static SecretRole get(String name, Output<String> id, SecretRoleState state, CustomResourceOptions options)

resources:  _:    type: vault:kmip:SecretRole    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
OperationActivate bool: Grant permission to use the KMIP Activate operation.
OperationAddAttribute bool: Grant permission to use the KMIP Add Attribute operation.
OperationAll bool: Grant all permissions to this role. May not be specified with any other operation_* params.
OperationCreate bool: Grant permission to use the KMIP Create operation.
OperationDestroy bool: Grant permission to use the KMIP Destroy operation.
OperationDiscoverVersions bool: Grant permission to use the KMIP Discover Version operation.
OperationGet bool: Grant permission to use the KMIP Get operation.
OperationGetAttributeList bool: Grant permission to use the KMIP Get Atrribute List operation.
OperationGetAttributes bool: Grant permission to use the KMIP Get Atrributes operation.
OperationLocate bool: Grant permission to use the KMIP Get Locate operation.
OperationNone bool: Remove all permissions from this role. May not be specified with any other operation_* params.
OperationRegister bool: Grant permission to use the KMIP Register operation.
OperationRekey bool: Grant permission to use the KMIP Rekey operation.
OperationRevoke bool: Grant permission to use the KMIP Revoke operation.
Path string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
Role string: Name of the role.
Scope string: Name of the scope.
TlsClientKeyBits int: Client certificate key bits, valid values depend on key type.
TlsClientKeyType string: Client certificate key type, rsa or ec.
TlsClientTtl int: Client certificate TTL in seconds.

Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
OperationActivate bool: Grant permission to use the KMIP Activate operation.
OperationAddAttribute bool: Grant permission to use the KMIP Add Attribute operation.
OperationAll bool: Grant all permissions to this role. May not be specified with any other operation_* params.
OperationCreate bool: Grant permission to use the KMIP Create operation.
OperationDestroy bool: Grant permission to use the KMIP Destroy operation.
OperationDiscoverVersions bool: Grant permission to use the KMIP Discover Version operation.
OperationGet bool: Grant permission to use the KMIP Get operation.
OperationGetAttributeList bool: Grant permission to use the KMIP Get Atrribute List operation.
OperationGetAttributes bool: Grant permission to use the KMIP Get Atrributes operation.
OperationLocate bool: Grant permission to use the KMIP Get Locate operation.
OperationNone bool: Remove all permissions from this role. May not be specified with any other operation_* params.
OperationRegister bool: Grant permission to use the KMIP Register operation.
OperationRekey bool: Grant permission to use the KMIP Rekey operation.
OperationRevoke bool: Grant permission to use the KMIP Revoke operation.
Path string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
Role string: Name of the role.
Scope string: Name of the scope.
TlsClientKeyBits int: Client certificate key bits, valid values depend on key type.
TlsClientKeyType string: Client certificate key type, rsa or ec.
TlsClientTtl int: Client certificate TTL in seconds.

namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
operationActivate Boolean: Grant permission to use the KMIP Activate operation.
operationAddAttribute Boolean: Grant permission to use the KMIP Add Attribute operation.
operationAll Boolean: Grant all permissions to this role. May not be specified with any other operation_* params.
operationCreate Boolean: Grant permission to use the KMIP Create operation.
operationDestroy Boolean: Grant permission to use the KMIP Destroy operation.
operationDiscoverVersions Boolean: Grant permission to use the KMIP Discover Version operation.
operationGet Boolean: Grant permission to use the KMIP Get operation.
operationGetAttributeList Boolean: Grant permission to use the KMIP Get Atrribute List operation.
operationGetAttributes Boolean: Grant permission to use the KMIP Get Atrributes operation.
operationLocate Boolean: Grant permission to use the KMIP Get Locate operation.
operationNone Boolean: Remove all permissions from this role. May not be specified with any other operation_* params.
operationRegister Boolean: Grant permission to use the KMIP Register operation.
operationRekey Boolean: Grant permission to use the KMIP Rekey operation.
operationRevoke Boolean: Grant permission to use the KMIP Revoke operation.
path String: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
role String: Name of the role.
scope String: Name of the scope.
tlsClientKeyBits Integer: Client certificate key bits, valid values depend on key type.
tlsClientKeyType String: Client certificate key type, rsa or ec.
tlsClientTtl Integer: Client certificate TTL in seconds.

namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
operationActivate boolean: Grant permission to use the KMIP Activate operation.
operationAddAttribute boolean: Grant permission to use the KMIP Add Attribute operation.
operationAll boolean: Grant all permissions to this role. May not be specified with any other operation_* params.
operationCreate boolean: Grant permission to use the KMIP Create operation.
operationDestroy boolean: Grant permission to use the KMIP Destroy operation.
operationDiscoverVersions boolean: Grant permission to use the KMIP Discover Version operation.
operationGet boolean: Grant permission to use the KMIP Get operation.
operationGetAttributeList boolean: Grant permission to use the KMIP Get Atrribute List operation.
operationGetAttributes boolean: Grant permission to use the KMIP Get Atrributes operation.
operationLocate boolean: Grant permission to use the KMIP Get Locate operation.
operationNone boolean: Remove all permissions from this role. May not be specified with any other operation_* params.
operationRegister boolean: Grant permission to use the KMIP Register operation.
operationRekey boolean: Grant permission to use the KMIP Rekey operation.
operationRevoke boolean: Grant permission to use the KMIP Revoke operation.
path string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
role string: Name of the role.
scope string: Name of the scope.
tlsClientKeyBits number: Client certificate key bits, valid values depend on key type.
tlsClientKeyType string: Client certificate key type, rsa or ec.
tlsClientTtl number: Client certificate TTL in seconds.

namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
operation_activate bool: Grant permission to use the KMIP Activate operation.
operation_add_attribute bool: Grant permission to use the KMIP Add Attribute operation.
operation_all bool: Grant all permissions to this role. May not be specified with any other operation_* params.
operation_create bool: Grant permission to use the KMIP Create operation.
operation_destroy bool: Grant permission to use the KMIP Destroy operation.
operation_discover_versions bool: Grant permission to use the KMIP Discover Version operation.
operation_get bool: Grant permission to use the KMIP Get operation.
operation_get_attribute_list bool: Grant permission to use the KMIP Get Atrribute List operation.
operation_get_attributes bool: Grant permission to use the KMIP Get Atrributes operation.
operation_locate bool: Grant permission to use the KMIP Get Locate operation.
operation_none bool: Remove all permissions from this role. May not be specified with any other operation_* params.
operation_register bool: Grant permission to use the KMIP Register operation.
operation_rekey bool: Grant permission to use the KMIP Rekey operation.
operation_revoke bool: Grant permission to use the KMIP Revoke operation.
path str: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
role str: Name of the role.
scope str: Name of the scope.
tls_client_key_bits int: Client certificate key bits, valid values depend on key type.
tls_client_key_type str: Client certificate key type, rsa or ec.
tls_client_ttl int: Client certificate TTL in seconds.

namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
operationActivate Boolean: Grant permission to use the KMIP Activate operation.
operationAddAttribute Boolean: Grant permission to use the KMIP Add Attribute operation.
operationAll Boolean: Grant all permissions to this role. May not be specified with any other operation_* params.
operationCreate Boolean: Grant permission to use the KMIP Create operation.
operationDestroy Boolean: Grant permission to use the KMIP Destroy operation.
operationDiscoverVersions Boolean: Grant permission to use the KMIP Discover Version operation.
operationGet Boolean: Grant permission to use the KMIP Get operation.
operationGetAttributeList Boolean: Grant permission to use the KMIP Get Atrribute List operation.
operationGetAttributes Boolean: Grant permission to use the KMIP Get Atrributes operation.
operationLocate Boolean: Grant permission to use the KMIP Get Locate operation.
operationNone Boolean: Remove all permissions from this role. May not be specified with any other operation_* params.
operationRegister Boolean: Grant permission to use the KMIP Register operation.
operationRekey Boolean: Grant permission to use the KMIP Rekey operation.
operationRevoke Boolean: Grant permission to use the KMIP Revoke operation.
path String: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to kmip.
role String: Name of the role.
scope String: Name of the scope.
tlsClientKeyBits Number: Client certificate key bits, valid values depend on key type.
tlsClientKeyType String: Client certificate key type, rsa or ec.
tlsClientTtl Number: Client certificate TTL in seconds.

Import

KMIP Secret role can be imported using the path, e.g.

$ pulumi import vault:kmip/secretRole:SecretRole admin kmip

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

HashiCorp Vault v6.7.1 published on Friday, May 2, 2025 by Pulumi

pulumi/pulumi-vault

vault.kmip.SecretRole

On this page

On this page

Example Usage

Create SecretRole Resource

Constructor syntax

Parameters

Constructor example

SecretRole Resource Properties

Inputs

Outputs

Look up Existing SecretRole Resource

Import

Package Details

On this page

On this page