Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
GCE Auth Method Resource
Create AuthMethodGcp Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthMethodGcp(name: string, args: AuthMethodGcpArgs, opts?: CustomResourceOptions);@overload
def AuthMethodGcp(resource_name: str,
args: AuthMethodGcpArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthMethodGcp(resource_name: str,
opts: Optional[ResourceOptions] = None,
type: Optional[str] = None,
bound_zones: Optional[Sequence[str]] = None,
description: Optional[str] = None,
audit_logs_claims: Optional[Sequence[str]] = None,
auth_method_gcp_id: Optional[str] = None,
bound_ips: Optional[Sequence[str]] = None,
bound_labels: Optional[Sequence[str]] = None,
bound_projects: Optional[Sequence[str]] = None,
bound_regions: Optional[Sequence[str]] = None,
bound_service_accounts: Optional[Sequence[str]] = None,
access_expires: Optional[float] = None,
audience: Optional[str] = None,
expiration_event_ins: Optional[Sequence[str]] = None,
delete_protection: Optional[str] = None,
force_sub_claims: Optional[bool] = None,
gw_bound_ips: Optional[Sequence[str]] = None,
jwt_ttl: Optional[float] = None,
name: Optional[str] = None,
product_types: Optional[Sequence[str]] = None,
service_account_creds_data: Optional[str] = None,
allowed_client_types: Optional[Sequence[str]] = None,
unique_identifier: Optional[str] = None)func NewAuthMethodGcp(ctx *Context, name string, args AuthMethodGcpArgs, opts ...ResourceOption) (*AuthMethodGcp, error)public AuthMethodGcp(string name, AuthMethodGcpArgs args, CustomResourceOptions? opts = null)
public AuthMethodGcp(String name, AuthMethodGcpArgs args)
public AuthMethodGcp(String name, AuthMethodGcpArgs args, CustomResourceOptions options)
type: akeyless:AuthMethodGcp
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthMethodGcpArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthMethodGcpArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthMethodGcpArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthMethodGcpArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthMethodGcpArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var authMethodGcpResource = new Akeyless.AuthMethodGcp("authMethodGcpResource", new()
{
Type = "string",
BoundZones = new[]
{
"string",
},
Description = "string",
AuditLogsClaims = new[]
{
"string",
},
AuthMethodGcpId = "string",
BoundIps = new[]
{
"string",
},
BoundLabels = new[]
{
"string",
},
BoundProjects = new[]
{
"string",
},
BoundRegions = new[]
{
"string",
},
BoundServiceAccounts = new[]
{
"string",
},
AccessExpires = 0,
Audience = "string",
ExpirationEventIns = new[]
{
"string",
},
DeleteProtection = "string",
ForceSubClaims = false,
GwBoundIps = new[]
{
"string",
},
JwtTtl = 0,
Name = "string",
ProductTypes = new[]
{
"string",
},
ServiceAccountCredsData = "string",
AllowedClientTypes = new[]
{
"string",
},
UniqueIdentifier = "string",
});
example, err := akeyless.NewAuthMethodGcp(ctx, "authMethodGcpResource", &akeyless.AuthMethodGcpArgs{
Type: pulumi.String("string"),
BoundZones: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
AuditLogsClaims: pulumi.StringArray{
pulumi.String("string"),
},
AuthMethodGcpId: pulumi.String("string"),
BoundIps: pulumi.StringArray{
pulumi.String("string"),
},
BoundLabels: pulumi.StringArray{
pulumi.String("string"),
},
BoundProjects: pulumi.StringArray{
pulumi.String("string"),
},
BoundRegions: pulumi.StringArray{
pulumi.String("string"),
},
BoundServiceAccounts: pulumi.StringArray{
pulumi.String("string"),
},
AccessExpires: pulumi.Float64(0),
Audience: pulumi.String("string"),
ExpirationEventIns: pulumi.StringArray{
pulumi.String("string"),
},
DeleteProtection: pulumi.String("string"),
ForceSubClaims: pulumi.Bool(false),
GwBoundIps: pulumi.StringArray{
pulumi.String("string"),
},
JwtTtl: pulumi.Float64(0),
Name: pulumi.String("string"),
ProductTypes: pulumi.StringArray{
pulumi.String("string"),
},
ServiceAccountCredsData: pulumi.String("string"),
AllowedClientTypes: pulumi.StringArray{
pulumi.String("string"),
},
UniqueIdentifier: pulumi.String("string"),
})
var authMethodGcpResource = new AuthMethodGcp("authMethodGcpResource", AuthMethodGcpArgs.builder()
.type("string")
.boundZones("string")
.description("string")
.auditLogsClaims("string")
.authMethodGcpId("string")
.boundIps("string")
.boundLabels("string")
.boundProjects("string")
.boundRegions("string")
.boundServiceAccounts("string")
.accessExpires(0.0)
.audience("string")
.expirationEventIns("string")
.deleteProtection("string")
.forceSubClaims(false)
.gwBoundIps("string")
.jwtTtl(0.0)
.name("string")
.productTypes("string")
.serviceAccountCredsData("string")
.allowedClientTypes("string")
.uniqueIdentifier("string")
.build());
auth_method_gcp_resource = akeyless.AuthMethodGcp("authMethodGcpResource",
type="string",
bound_zones=["string"],
description="string",
audit_logs_claims=["string"],
auth_method_gcp_id="string",
bound_ips=["string"],
bound_labels=["string"],
bound_projects=["string"],
bound_regions=["string"],
bound_service_accounts=["string"],
access_expires=float(0),
audience="string",
expiration_event_ins=["string"],
delete_protection="string",
force_sub_claims=False,
gw_bound_ips=["string"],
jwt_ttl=float(0),
name="string",
product_types=["string"],
service_account_creds_data="string",
allowed_client_types=["string"],
unique_identifier="string")
const authMethodGcpResource = new akeyless.AuthMethodGcp("authMethodGcpResource", {
type: "string",
boundZones: ["string"],
description: "string",
auditLogsClaims: ["string"],
authMethodGcpId: "string",
boundIps: ["string"],
boundLabels: ["string"],
boundProjects: ["string"],
boundRegions: ["string"],
boundServiceAccounts: ["string"],
accessExpires: 0,
audience: "string",
expirationEventIns: ["string"],
deleteProtection: "string",
forceSubClaims: false,
gwBoundIps: ["string"],
jwtTtl: 0,
name: "string",
productTypes: ["string"],
serviceAccountCredsData: "string",
allowedClientTypes: ["string"],
uniqueIdentifier: "string",
});
type: akeyless:AuthMethodGcp
properties:
accessExpires: 0
allowedClientTypes:
- string
audience: string
auditLogsClaims:
- string
authMethodGcpId: string
boundIps:
- string
boundLabels:
- string
boundProjects:
- string
boundRegions:
- string
boundServiceAccounts:
- string
boundZones:
- string
deleteProtection: string
description: string
expirationEventIns:
- string
forceSubClaims: false
gwBoundIps:
- string
jwtTtl: 0
name: string
productTypes:
- string
serviceAccountCredsData: string
type: string
uniqueIdentifier: string
AuthMethodGcp Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthMethodGcp resource accepts the following input properties:
- Type string
- Type of the GCP Access Rules
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Allowed
Client List<string>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audience string
- The audience to verify in the JWT received by the client
- Audit
Logs List<string>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringGcp Id - The ID of this resource.
- Bound
Ips List<string> - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Labels List<string> - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- Bound
Projects List<string> - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- Bound
Regions List<string> - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- Bound
Service List<string>Accounts - List of service accounts the service account must be part of in order to be authenticated.
- Bound
Zones List<string> - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Auth Method description
- Expiration
Event List<string>Ins - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - if true: enforce role-association must include sub claims
- Gw
Bound List<string>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- Jwt
Ttl double - Jwt TTL
- Name string
- Auth Method name
- Product
Types List<string> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Service
Account stringCreds Data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- Unique
Identifier string - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
- Type string
- Type of the GCP Access Rules
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Allowed
Client []stringTypes - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audience string
- The audience to verify in the JWT received by the client
- Audit
Logs []stringClaims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringGcp Id - The ID of this resource.
- Bound
Ips []string - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Labels []string - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- Bound
Projects []string - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- Bound
Regions []string - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- Bound
Service []stringAccounts - List of service accounts the service account must be part of in order to be authenticated.
- Bound
Zones []string - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Auth Method description
- Expiration
Event []stringIns - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - if true: enforce role-association must include sub claims
- Gw
Bound []stringIps - A CIDR whitelist with the GW IPs that the access is restricted to
- Jwt
Ttl float64 - Jwt TTL
- Name string
- Auth Method name
- Product
Types []string - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Service
Account stringCreds Data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- Unique
Identifier string - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
- type String
- Type of the GCP Access Rules
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client List<String>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience String
- The audience to verify in the JWT received by the client
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringGcp Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels List<String> - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- bound
Projects List<String> - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- bound
Regions List<String> - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- bound
Service List<String>Accounts - List of service accounts the service account must be part of in order to be authenticated.
- bound
Zones List<String> - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - if true: enforce role-association must include sub claims
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl Double - Jwt TTL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- service
Account StringCreds Data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- unique
Identifier String - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
- type string
- Type of the GCP Access Rules
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client string[]Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience string
- The audience to verify in the JWT received by the client
- audit
Logs string[]Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method stringGcp Id - The ID of this resource.
- bound
Ips string[] - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels string[] - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- bound
Projects string[] - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- bound
Regions string[] - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- bound
Service string[]Accounts - List of service accounts the service account must be part of in order to be authenticated.
- bound
Zones string[] - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- delete
Protection string - Protection from accidental deletion of this object [true/false]
- description string
- Auth Method description
- expiration
Event string[]Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub booleanClaims - if true: enforce role-association must include sub claims
- gw
Bound string[]Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl number - Jwt TTL
- name string
- Auth Method name
- product
Types string[] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- service
Account stringCreds Data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- unique
Identifier string - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
- type str
- Type of the GCP Access Rules
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed_
client_ Sequence[str]types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience str
- The audience to verify in the JWT received by the client
- audit_
logs_ Sequence[str]claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth_
method_ strgcp_ id - The ID of this resource.
- bound_
ips Sequence[str] - A CIDR whitelist with the IPs that the access is restricted to
- bound_
labels Sequence[str] - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- bound_
projects Sequence[str] - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- bound_
regions Sequence[str] - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- bound_
service_ Sequence[str]accounts - List of service accounts the service account must be part of in order to be authenticated.
- bound_
zones Sequence[str] - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- delete_
protection str - Protection from accidental deletion of this object [true/false]
- description str
- Auth Method description
- expiration_
event_ Sequence[str]ins - How many days before the expiration of the auth method would you like to be notified.
- force_
sub_ boolclaims - if true: enforce role-association must include sub claims
- gw_
bound_ Sequence[str]ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt_
ttl float - Jwt TTL
- name str
- Auth Method name
- product_
types Sequence[str] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- service_
account_ strcreds_ data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- unique_
identifier str - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
- type String
- Type of the GCP Access Rules
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client List<String>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience String
- The audience to verify in the JWT received by the client
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringGcp Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels List<String> - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- bound
Projects List<String> - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- bound
Regions List<String> - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- bound
Service List<String>Accounts - List of service accounts the service account must be part of in order to be authenticated.
- bound
Zones List<String> - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - if true: enforce role-association must include sub claims
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl Number - Jwt TTL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- service
Account StringCreds Data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- unique
Identifier String - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthMethodGcp resource produces the following output properties:
Look up Existing AuthMethodGcp Resource
Get an existing AuthMethodGcp resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthMethodGcpState, opts?: CustomResourceOptions): AuthMethodGcp@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_expires: Optional[float] = None,
access_id: Optional[str] = None,
allowed_client_types: Optional[Sequence[str]] = None,
audience: Optional[str] = None,
audit_logs_claims: Optional[Sequence[str]] = None,
auth_method_gcp_id: Optional[str] = None,
bound_ips: Optional[Sequence[str]] = None,
bound_labels: Optional[Sequence[str]] = None,
bound_projects: Optional[Sequence[str]] = None,
bound_regions: Optional[Sequence[str]] = None,
bound_service_accounts: Optional[Sequence[str]] = None,
bound_zones: Optional[Sequence[str]] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
expiration_event_ins: Optional[Sequence[str]] = None,
force_sub_claims: Optional[bool] = None,
gw_bound_ips: Optional[Sequence[str]] = None,
jwt_ttl: Optional[float] = None,
name: Optional[str] = None,
product_types: Optional[Sequence[str]] = None,
service_account_creds_data: Optional[str] = None,
type: Optional[str] = None,
unique_identifier: Optional[str] = None) -> AuthMethodGcpfunc GetAuthMethodGcp(ctx *Context, name string, id IDInput, state *AuthMethodGcpState, opts ...ResourceOption) (*AuthMethodGcp, error)public static AuthMethodGcp Get(string name, Input<string> id, AuthMethodGcpState? state, CustomResourceOptions? opts = null)public static AuthMethodGcp get(String name, Output<String> id, AuthMethodGcpState state, CustomResourceOptions options)resources: _: type: akeyless:AuthMethodGcp get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Allowed
Client List<string>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audience string
- The audience to verify in the JWT received by the client
- Audit
Logs List<string>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringGcp Id - The ID of this resource.
- Bound
Ips List<string> - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Labels List<string> - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- Bound
Projects List<string> - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- Bound
Regions List<string> - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- Bound
Service List<string>Accounts - List of service accounts the service account must be part of in order to be authenticated.
- Bound
Zones List<string> - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Auth Method description
- Expiration
Event List<string>Ins - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - if true: enforce role-association must include sub claims
- Gw
Bound List<string>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- Jwt
Ttl double - Jwt TTL
- Name string
- Auth Method name
- Product
Types List<string> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Service
Account stringCreds Data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- Type string
- Type of the GCP Access Rules
- Unique
Identifier string - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Allowed
Client []stringTypes - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audience string
- The audience to verify in the JWT received by the client
- Audit
Logs []stringClaims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringGcp Id - The ID of this resource.
- Bound
Ips []string - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Labels []string - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- Bound
Projects []string - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- Bound
Regions []string - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- Bound
Service []stringAccounts - List of service accounts the service account must be part of in order to be authenticated.
- Bound
Zones []string - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Auth Method description
- Expiration
Event []stringIns - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - if true: enforce role-association must include sub claims
- Gw
Bound []stringIps - A CIDR whitelist with the GW IPs that the access is restricted to
- Jwt
Ttl float64 - Jwt TTL
- Name string
- Auth Method name
- Product
Types []string - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Service
Account stringCreds Data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- Type string
- Type of the GCP Access Rules
- Unique
Identifier string - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- allowed
Client List<String>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience String
- The audience to verify in the JWT received by the client
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringGcp Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels List<String> - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- bound
Projects List<String> - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- bound
Regions List<String> - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- bound
Service List<String>Accounts - List of service accounts the service account must be part of in order to be authenticated.
- bound
Zones List<String> - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - if true: enforce role-association must include sub claims
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl Double - Jwt TTL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- service
Account StringCreds Data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- type String
- Type of the GCP Access Rules
- unique
Identifier String - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id string - Auth Method access ID
- allowed
Client string[]Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience string
- The audience to verify in the JWT received by the client
- audit
Logs string[]Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method stringGcp Id - The ID of this resource.
- bound
Ips string[] - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels string[] - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- bound
Projects string[] - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- bound
Regions string[] - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- bound
Service string[]Accounts - List of service accounts the service account must be part of in order to be authenticated.
- bound
Zones string[] - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- delete
Protection string - Protection from accidental deletion of this object [true/false]
- description string
- Auth Method description
- expiration
Event string[]Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub booleanClaims - if true: enforce role-association must include sub claims
- gw
Bound string[]Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl number - Jwt TTL
- name string
- Auth Method name
- product
Types string[] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- service
Account stringCreds Data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- type string
- Type of the GCP Access Rules
- unique
Identifier string - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access_
id str - Auth Method access ID
- allowed_
client_ Sequence[str]types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience str
- The audience to verify in the JWT received by the client
- audit_
logs_ Sequence[str]claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth_
method_ strgcp_ id - The ID of this resource.
- bound_
ips Sequence[str] - A CIDR whitelist with the IPs that the access is restricted to
- bound_
labels Sequence[str] - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- bound_
projects Sequence[str] - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- bound_
regions Sequence[str] - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- bound_
service_ Sequence[str]accounts - List of service accounts the service account must be part of in order to be authenticated.
- bound_
zones Sequence[str] - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- delete_
protection str - Protection from accidental deletion of this object [true/false]
- description str
- Auth Method description
- expiration_
event_ Sequence[str]ins - How many days before the expiration of the auth method would you like to be notified.
- force_
sub_ boolclaims - if true: enforce role-association must include sub claims
- gw_
bound_ Sequence[str]ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt_
ttl float - Jwt TTL
- name str
- Auth Method name
- product_
types Sequence[str] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- service_
account_ strcreds_ data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- type str
- Type of the GCP Access Rules
- unique_
identifier str - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- allowed
Client List<String>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audience String
- The audience to verify in the JWT received by the client
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringGcp Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels List<String> - A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....
- bound
Projects List<String> - === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.
- bound
Regions List<String> - List of regions that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.
- bound
Service List<String>Accounts - List of service accounts the service account must be part of in order to be authenticated.
- bound
Zones List<String> - === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If boundinstancegroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - if true: enforce role-association must include sub claims
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- jwt
Ttl Number - Jwt TTL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- service
Account StringCreds Data - ServiceAccount credentials data instead of giving a file path, base64 encoded
- type String
- Type of the GCP Access Rules
- unique
Identifier String - A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.
Package Details
- Repository
- akeyless akeyless-community/terraform-provider-akeyless
- License
- Notes
- This Pulumi package is based on the
akeylessTerraform Provider.
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
