Docs Home
HashiCorp Vault v6.6.0 published on Thursday, Mar 13, 2025 by Pulumi
vault.pkiSecret.getBackendKey
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.Mount("pki", {
path: "pki",
type: "pki",
description: "PKI secret engine mount",
});
const key = new vault.pkisecret.SecretBackendKey("key", {
backend: pki.path,
type: "internal",
keyName: "example",
keyType: "rsa",
keyBits: 4096,
});
const example = key.keyId.apply(keyId => vault.pkiSecret.getBackendKeyOutput({
backend: keyVaultMount.path,
keyRef: keyId,
}));
import pulumi
import pulumi_vault as vault
pki = vault.Mount("pki",
path="pki",
type="pki",
description="PKI secret engine mount")
key = vault.pki_secret.SecretBackendKey("key",
backend=pki.path,
type="internal",
key_name="example",
key_type="rsa",
key_bits=4096)
example = key.key_id.apply(lambda key_id: vault.pkiSecret.get_backend_key_output(backend=key_vault_mount["path"],
key_ref=key_id))
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
Path: pulumi.String("pki"),
Type: pulumi.String("pki"),
Description: pulumi.String("PKI secret engine mount"),
})
if err != nil {
return err
}
key, err := pkisecret.NewSecretBackendKey(ctx, "key", &pkisecret.SecretBackendKeyArgs{
Backend: pki.Path,
Type: pulumi.String("internal"),
KeyName: pulumi.String("example"),
KeyType: pulumi.String("rsa"),
KeyBits: pulumi.Int(4096),
})
if err != nil {
return err
}
_ = key.KeyId.ApplyT(func(keyId string) (pkisecret.GetBackendKeyResult, error) {
return pkisecret.GetBackendKeyResult(interface{}(pkisecret.GetBackendKeyOutput(ctx, pkisecret.GetBackendKeyOutputArgs{
Backend: keyVaultMount.Path,
KeyRef: keyId,
}, nil))), nil
}).(pkisecret.GetBackendKeyResultOutput)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var pki = new Vault.Mount("pki", new()
{
Path = "pki",
Type = "pki",
Description = "PKI secret engine mount",
});
var key = new Vault.PkiSecret.SecretBackendKey("key", new()
{
Backend = pki.Path,
Type = "internal",
KeyName = "example",
KeyType = "rsa",
KeyBits = 4096,
});
var example = Vault.PkiSecret.GetBackendKey.Invoke(new()
{
Backend = keyVaultMount.Path,
KeyRef = key.KeyId,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.pkiSecret.SecretBackendKey;
import com.pulumi.vault.pkiSecret.SecretBackendKeyArgs;
import com.pulumi.vault.pkiSecret.PkiSecretFunctions;
import com.pulumi.vault.pkiSecret.inputs.GetBackendKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pki = new Mount("pki", MountArgs.builder()
.path("pki")
.type("pki")
.description("PKI secret engine mount")
.build());
var key = new SecretBackendKey("key", SecretBackendKeyArgs.builder()
.backend(pki.path())
.type("internal")
.keyName("example")
.keyType("rsa")
.keyBits("4096")
.build());
final var example = PkiSecretFunctions.getBackendKey(GetBackendKeyArgs.builder()
.backend(keyVaultMount.path())
.keyRef(key.keyId())
.build());
}
}
resources:
pki:
type: vault:Mount
properties:
path: pki
type: pki
description: PKI secret engine mount
key:
type: vault:pkiSecret:SecretBackendKey
properties:
backend: ${pki.path}
type: internal
keyName: example
keyType: rsa
keyBits: '4096'
variables:
example:
fn::invoke:
function: vault:pkiSecret:getBackendKey
arguments:
backend: ${keyVaultMount.path}
keyRef: ${key.keyId}
Using getBackendKey
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getBackendKey(args: GetBackendKeyArgs, opts?: InvokeOptions): Promise<GetBackendKeyResult>
function getBackendKeyOutput(args: GetBackendKeyOutputArgs, opts?: InvokeOptions): Output<GetBackendKeyResult>def get_backend_key(backend: Optional[str] = None,
key_ref: Optional[str] = None,
namespace: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetBackendKeyResult
def get_backend_key_output(backend: Optional[pulumi.Input[str]] = None,
key_ref: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetBackendKeyResult]func GetBackendKey(ctx *Context, args *GetBackendKeyArgs, opts ...InvokeOption) (*GetBackendKeyResult, error)
func GetBackendKeyOutput(ctx *Context, args *GetBackendKeyOutputArgs, opts ...InvokeOption) GetBackendKeyResultOutput> Note: This function is named GetBackendKey in the Go SDK.
public static class GetBackendKey
{
public static Task<GetBackendKeyResult> InvokeAsync(GetBackendKeyArgs args, InvokeOptions? opts = null)
public static Output<GetBackendKeyResult> Invoke(GetBackendKeyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetBackendKeyResult> getBackendKey(GetBackendKeyArgs args, InvokeOptions options)
public static Output<GetBackendKeyResult> getBackendKey(GetBackendKeyArgs args, InvokeOptions options)
fn::invoke:
function: vault:pkiSecret/getBackendKey:getBackendKey
arguments:
# arguments dictionaryThe following arguments are supported:
- Backend
string
This property is required. 
Changes to this property will trigger replacement. - The path to the PKI secret backend to
read the key from, with no leading or trailing
/s. - Key
Ref stringThis property is required. Changes to this property will trigger replacement. - Reference to an existing key.
- Namespace
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- Backend
string
This property is required. Changes to this property will trigger replacement. - The path to the PKI secret backend to
read the key from, with no leading or trailing
/s. - Key
Ref stringThis property is required. Changes to this property will trigger replacement. - Reference to an existing key.
- Namespace
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend
String
This property is required. Changes to this property will trigger replacement. - The path to the PKI secret backend to
read the key from, with no leading or trailing
/s. - key
Ref StringThis property is required. Changes to this property will trigger replacement. - Reference to an existing key.
- namespace
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend
string
This property is required. Changes to this property will trigger replacement. - The path to the PKI secret backend to
read the key from, with no leading or trailing
/s. - key
Ref stringThis property is required. Changes to this property will trigger replacement. - Reference to an existing key.
- namespace
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend
str
This property is required. Changes to this property will trigger replacement. - The path to the PKI secret backend to
read the key from, with no leading or trailing
/s. - key_
ref strThis property is required. Changes to this property will trigger replacement. - Reference to an existing key.
- namespace
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend
String
This property is required. Changes to this property will trigger replacement. - The path to the PKI secret backend to
read the key from, with no leading or trailing
/s. - key
Ref StringThis property is required. Changes to this property will trigger replacement. - Reference to an existing key.
- namespace
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.
getBackendKey Result
The following output properties are available:
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.