Docs Home
HashiCorp Vault v6.6.0 published on Thursday, Mar 13, 2025 by Pulumi
vault.pkiSecret.getBackendConfigEst
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.Mount("pki", {
path: "pki",
type: "pki",
description: "PKI secret engine mount",
});
const estConfig = vault.pkiSecret.getBackendConfigEstOutput({
backend: pki.path,
});
import pulumi
import pulumi_vault as vault
pki = vault.Mount("pki",
path="pki",
type="pki",
description="PKI secret engine mount")
est_config = vault.pkiSecret.get_backend_config_est_output(backend=pki.path)
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
Path: pulumi.String("pki"),
Type: pulumi.String("pki"),
Description: pulumi.String("PKI secret engine mount"),
})
if err != nil {
return err
}
_ = pkisecret.GetBackendConfigEstOutput(ctx, pkisecret.GetBackendConfigEstOutputArgs{
Backend: pki.Path,
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var pki = new Vault.Mount("pki", new()
{
Path = "pki",
Type = "pki",
Description = "PKI secret engine mount",
});
var estConfig = Vault.PkiSecret.GetBackendConfigEst.Invoke(new()
{
Backend = pki.Path,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.pkiSecret.PkiSecretFunctions;
import com.pulumi.vault.pkiSecret.inputs.GetBackendConfigEstArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pki = new Mount("pki", MountArgs.builder()
.path("pki")
.type("pki")
.description("PKI secret engine mount")
.build());
final var estConfig = PkiSecretFunctions.getBackendConfigEst(GetBackendConfigEstArgs.builder()
.backend(pki.path())
.build());
}
}
resources:
pki:
type: vault:Mount
properties:
path: pki
type: pki
description: PKI secret engine mount
variables:
estConfig:
fn::invoke:
function: vault:pkiSecret:getBackendConfigEst
arguments:
backend: ${pki.path}
Using getBackendConfigEst
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getBackendConfigEst(args: GetBackendConfigEstArgs, opts?: InvokeOptions): Promise<GetBackendConfigEstResult>
function getBackendConfigEstOutput(args: GetBackendConfigEstOutputArgs, opts?: InvokeOptions): Output<GetBackendConfigEstResult>def get_backend_config_est(backend: Optional[str] = None,
namespace: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetBackendConfigEstResult
def get_backend_config_est_output(backend: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetBackendConfigEstResult]func GetBackendConfigEst(ctx *Context, args *GetBackendConfigEstArgs, opts ...InvokeOption) (*GetBackendConfigEstResult, error)
func GetBackendConfigEstOutput(ctx *Context, args *GetBackendConfigEstOutputArgs, opts ...InvokeOption) GetBackendConfigEstResultOutput> Note: This function is named GetBackendConfigEst in the Go SDK.
public static class GetBackendConfigEst
{
public static Task<GetBackendConfigEstResult> InvokeAsync(GetBackendConfigEstArgs args, InvokeOptions? opts = null)
public static Output<GetBackendConfigEstResult> Invoke(GetBackendConfigEstInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetBackendConfigEstResult> getBackendConfigEst(GetBackendConfigEstArgs args, InvokeOptions options)
public static Output<GetBackendConfigEstResult> getBackendConfigEst(GetBackendConfigEstArgs args, InvokeOptions options)
fn::invoke:
function: vault:pkiSecret/getBackendConfigEst:getBackendConfigEst
arguments:
# arguments dictionaryThe following arguments are supported:
- Backend string
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/s. - Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- Backend string
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/s. - Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend String
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/s. - namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend string
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/s. - namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend str
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/s. - namespace str
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend String
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/s. - namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
getBackendConfigEst Result
The following output properties are available:
- Audit
Fields List<string> - Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- Authenticators
List<Get
Backend Config Est Authenticator> - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- Backend string
- Default
Mount bool - If set, this mount is registered as the default
.well-known/estURL path. Only a single mount can enable this across a Vault cluster. - Default
Path stringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- Enable
Sentinel boolParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- Enabled bool
- Specifies whether EST is enabled.
- Id string
- The provider-assigned unique ID for this managed resource.
- Label
To Dictionary<string, string>Path Policy - A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- Last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- Namespace string
- Audit
Fields []string - Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- Authenticators
[]Get
Backend Config Est Authenticator - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- Backend string
- Default
Mount bool - If set, this mount is registered as the default
.well-known/estURL path. Only a single mount can enable this across a Vault cluster. - Default
Path stringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- Enable
Sentinel boolParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- Enabled bool
- Specifies whether EST is enabled.
- Id string
- The provider-assigned unique ID for this managed resource.
- Label
To map[string]stringPath Policy - A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- Last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- Namespace string
- audit
Fields List<String> - Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators
List<Get
Backend Config Est Authenticator> - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- backend String
- default
Mount Boolean - If set, this mount is registered as the default
.well-known/estURL path. Only a single mount can enable this across a Vault cluster. - default
Path StringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable
Sentinel BooleanParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled Boolean
- Specifies whether EST is enabled.
- id String
- The provider-assigned unique ID for this managed resource.
- label
To Map<String,String>Path Policy - A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- last
Updated String - A read-only timestamp representing the last time the configuration was updated.
- namespace String
- audit
Fields string[] - Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators
Get
Backend Config Est Authenticator[] - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- backend string
- default
Mount boolean - If set, this mount is registered as the default
.well-known/estURL path. Only a single mount can enable this across a Vault cluster. - default
Path stringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable
Sentinel booleanParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled boolean
- Specifies whether EST is enabled.
- id string
- The provider-assigned unique ID for this managed resource.
- label
To {[key: string]: string}Path Policy - A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- namespace string
- audit_
fields Sequence[str] - Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators
Sequence[pkisecret.
Get Backend Config Est Authenticator] - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- backend str
- default_
mount bool - If set, this mount is registered as the default
.well-known/estURL path. Only a single mount can enable this across a Vault cluster. - default_
path_ strpolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable_
sentinel_ boolparsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled bool
- Specifies whether EST is enabled.
- id str
- The provider-assigned unique ID for this managed resource.
- label_
to_ Mapping[str, str]path_ policy - A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- last_
updated str - A read-only timestamp representing the last time the configuration was updated.
- namespace str
- audit
Fields List<String> - Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators List<Property Map>
- Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- backend String
- default
Mount Boolean - If set, this mount is registered as the default
.well-known/estURL path. Only a single mount can enable this across a Vault cluster. - default
Path StringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable
Sentinel BooleanParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled Boolean
- Specifies whether EST is enabled.
- id String
- The provider-assigned unique ID for this managed resource.
- label
To Map<String>Path Policy - A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- last
Updated String - A read-only timestamp representing the last time the configuration was updated.
- namespace String
Supporting Types
GetBackendConfigEstAuthenticator
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.