Skip to main content

A Pulumi package for creating and managing HashiCorp Vault cloud resources.

Project description

Build Status

Hashicorp Vault Resource Provider

The Vault resource provider for Pulumi lets you manage Vault resources in your cloud programs. To use this package, please install the Pulumi CLI first.

Installing

This package is available in many languages in the standard packaging formats.

Node.js (Java/TypeScript)

To use from JavaScript or TypeScript in Node.js, install using either npm:

$ npm install @pulumi/vault

or yarn:

$ yarn add @pulumi/vault

Python

To use from Python, install using pip:

$ pip install pulumi_vault

Go

To use from Go, use go get to grab the latest version of the library

$ go get github.com/pulumi/pulumi-vault/sdk/v6

.NET

To use from .NET, install using dotnet add package:

$ dotnet add package Pulumi.Vault

Configuration

The following configuration points are available:

  • vault:address - (Required) Origin URL of the Vault server. This is a URL with a scheme, a hostname and a port but with no path. May be set via the VAULT_ADDR environment variable.
  • vault:token - (Required) Vault token that will be used by the provider to authenticate. May be set via the VAULT_TOKEN environment variable. If none is otherwise supplied, the provider will attempt to read it from ~/.vault-token (where the vault command stores its current token). The provider will issue itself a new token that is a child of the one given, with a short TTL to limit the exposure of any requested secrets. Note that the given token must have the update capability on the auth/token/create path in Vault in order to create child tokens.
  • vault:tokenName - (Optional) Token name to use for creating the Vault child token. May be set via the VAULT_TOKEN_NAME environment variable.
  • vault:ca_cert_file - (Optional) Path to a file on local disk that will be used to validate the certificate presented by the Vault server. May be set via the VAULT_CACERT environment variable.
  • vault:ca_cert_dir - (Optional) Path to a directory on local disk that contains one or more certificate files that will be used to validate the certificate presented by the Vault server. May be set via the VAULT_CAPATH environment variable.
  • vault:client_auth - (Optional) A configuration block, described below, that provides credentials used by the provider to authenticate with the Vault server. At present there is little reason to set this, because the provider does not support the TLS certificate authentication mechanism.
    • vault:cert_file - (Required) Path to a file on local disk that contains the PEM-encoded certificate to present to the server.
    • vault:key_file - (Required) Path to a file on local disk that contains the PEM-encoded private key for which the authentication certificate was issued.
  • vault:skip_tls_verify - (Optional) Set this to true to disable verification of the Vault server's TLS certificate. This is strongly discouraged except in prototype or development environments, since it exposes the possibility that the provider can be tricked into writing secrets to a server controlled by an intruder. May be set via the VAULT_SKIP_VERIFY environment variable.
  • vault:max_lease_ttl_seconds - (Optional) Used as the duration for the intermediate Vault token the provider issues itself, which in turn limits the duration of secret leases issued by Vault. Defaults to 20 minutes and may be set via the TERRAFORM_VAULT_MAX_TTL environment variable. See the section above on Using Vault credentials in the provider configuration for the implications of this setting.
  • vault:max_retries - (Optional) Used as the maximum number of retries when a 5xx error code is encountered. Defaults to 2 retries and may be set via the VAULT_MAX_RETRIES environment variable.
  • vault:namespace - (Optional) Set the namespace to use. May be set via the VAULT_NAMESPACE environment variable. Available only for Vault Enterprise.

Reference

For further information, please visit the Vault provider docs or for detailed reference documentation, please visit the API docs.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pulumi_vault-7.11.0a1783151212.tar.gz (695.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pulumi_vault-7.11.0a1783151212-py3-none-any.whl (954.8 kB view details)

Uploaded Python 3

File details

Details for the file pulumi_vault-7.11.0a1783151212.tar.gz.

File metadata

  • Download URL: pulumi_vault-7.11.0a1783151212.tar.gz
  • Upload date:
  • Size: 695.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.8

File hashes

Hashes for pulumi_vault-7.11.0a1783151212.tar.gz
Algorithm Hash digest
SHA256 0018da364d5667dce8771b11295d3bf5f97c81b3c3bff14b78e5cbac06ff40bc
MD5 ddac20c1de1d482916da329abe83ded5
BLAKE2b-256 b6d4ae3c7a8f40232e6b6fab4de3e0ecdcce5fb2ef1f1e260949cd50b2ca4d8b

See more details on using hashes here.

File details

Details for the file pulumi_vault-7.11.0a1783151212-py3-none-any.whl.

File metadata

File hashes

Hashes for pulumi_vault-7.11.0a1783151212-py3-none-any.whl
Algorithm Hash digest
SHA256 01d8e8835efe67f7044ec64ce5f855adfc78a9985995ef89603e8fe140f900d1
MD5 501ee63c5d2cb7dbb5cabfaee030bc7e
BLAKE2b-256 d91abf48bf3c1bfa66d1a42cc67d1e84c3d3c441f87bd55c2bf72013feee62c2

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page