From ec2bac3a81ce5a7fe46106850d73593020639896 Mon Sep 17 00:00:00 2001
From: pulumi-bot <bot@pulumi.com>
Date: Tue, 16 Jul 2024 23:58:19 +0000
Subject: [PATCH 1/2] make tfgen

---
 examples/go.mod                               |  4 ++--
 examples/go.sum                               |  8 +++----
 .../cmd/pulumi-resource-vault/schema.json     | 22 ++++++++++++-------
 provider/go.mod                               | 10 ++++-----
 provider/go.sum                               | 18 +++++++--------
 sdk/go.mod                                    |  2 +-
 sdk/go.sum                                    |  4 ++--
 7 files changed, 36 insertions(+), 32 deletions(-)

diff --git a/examples/go.mod b/examples/go.mod
index 73b7cbb1..023716ab 100644
--- a/examples/go.mod
+++ b/examples/go.mod
@@ -2,7 +2,7 @@ module github.com/pulumi/pulumi-vault/examples/v6
 
 go 1.21
 
-require github.com/pulumi/pulumi/pkg/v3 v3.121.0
+require github.com/pulumi/pulumi/pkg/v3 v3.124.0
 
 require (
 	cloud.google.com/go v0.112.1 // indirect
@@ -123,7 +123,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect
 	github.com/pulumi/esc v0.9.1 // indirect
-	github.com/pulumi/pulumi/sdk/v3 v3.121.0 // indirect
+	github.com/pulumi/pulumi/sdk/v3 v3.124.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
diff --git a/examples/go.sum b/examples/go.sum
index 0a60394a..ddb55172 100644
--- a/examples/go.sum
+++ b/examples/go.sum
@@ -342,10 +342,10 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435
 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
 github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs=
 github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c=
-github.com/pulumi/pulumi/pkg/v3 v3.121.0 h1:cLUQJYGJKfgCY0ubJo8dVwmsIm2WcgTprb9Orc/yiFg=
-github.com/pulumi/pulumi/pkg/v3 v3.121.0/go.mod h1:aaRixfKOh4DhGtuDJcI56dTPkb7oJBgRgH1aMF1FzbU=
-github.com/pulumi/pulumi/sdk/v3 v3.121.0 h1:UsnFKIVOtJN/hQKPkWHL9cZktewPVQRbNUXbXQY/qrk=
-github.com/pulumi/pulumi/sdk/v3 v3.121.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY=
+github.com/pulumi/pulumi/pkg/v3 v3.124.0 h1:JgUePx6Ga9geBJ1dku6K8GXTrsBYzXMhKIsk+cxeKo8=
+github.com/pulumi/pulumi/pkg/v3 v3.124.0/go.mod h1:/XUDPNoIikS3lcQe1HpGuKs73cO5HqBvOdxXFeC3UHM=
+github.com/pulumi/pulumi/sdk/v3 v3.124.0 h1:f9Rb2AhLSaacKTaBPbKXPCfviHxTuhEXafhT4E095Y0=
+github.com/pulumi/pulumi/sdk/v3 v3.124.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
diff --git a/provider/cmd/pulumi-resource-vault/schema.json b/provider/cmd/pulumi-resource-vault/schema.json
index f3b82335..affc650d 100644
--- a/provider/cmd/pulumi-resource-vault/schema.json
+++ b/provider/cmd/pulumi-resource-vault/schema.json
@@ -4061,13 +4061,15 @@
         "vault:index/getPolicyDocumentRuleAllowedParameter:getPolicyDocumentRuleAllowedParameter": {
             "properties": {
                 "key": {
-                    "type": "string"
+                    "type": "string",
+                    "description": "name of permitted or denied parameter.\n"
                 },
                 "values": {
                     "type": "array",
                     "items": {
                         "type": "string"
-                    }
+                    },
+                    "description": "list of values what are permitted or denied by policy rule.\n"
                 }
             },
             "type": "object",
@@ -4079,13 +4081,15 @@
         "vault:index/getPolicyDocumentRuleDeniedParameter:getPolicyDocumentRuleDeniedParameter": {
             "properties": {
                 "key": {
-                    "type": "string"
+                    "type": "string",
+                    "description": "name of permitted or denied parameter.\n"
                 },
                 "values": {
                     "type": "array",
                     "items": {
                         "type": "string"
-                    }
+                    },
+                    "description": "list of values what are permitted or denied by policy rule.\n"
                 }
             },
             "type": "object",
@@ -4494,13 +4498,15 @@
                     "type": "object",
                     "additionalProperties": {
                         "$ref": "pulumi.json#/Any"
-                    }
+                    },
+                    "description": "\"The accessor (required) and cert_role (optional) properties for cert auth backends\".\n"
                 },
                 "userpass": {
                     "type": "object",
                     "additionalProperties": {
                         "$ref": "pulumi.json#/Any"
-                    }
+                    },
+                    "description": "\"The accessor (required) property for user pass auth backends\".\n"
                 }
             },
             "type": "object"
@@ -12064,7 +12070,7 @@
             }
         },
         "vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount": {
-            "description": "Creates a Impersonated Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.\n\nEach [impersonated account](https://www.vaultproject.io/docs/secrets/gcp/index.html#impersonated-accounts) is tied to a separately managed\nService Account.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as google from \"@pulumi/google\";\nimport * as std from \"@pulumi/std\";\nimport * as vault from \"@pulumi/vault\";\n\nconst _this = new google.index.ServiceAccount(\"this\", {accountId: \"my-awesome-account\"});\nconst gcp = new vault.gcp.SecretBackend(\"gcp\", {\n    path: \"gcp\",\n    credentials: std.file({\n        input: \"credentials.json\",\n    }).then(invoke =\u003e invoke.result),\n});\nconst impersonatedAccount = new vault.gcp.SecretImpersonatedAccount(\"impersonated_account\", {\n    backend: gcp.path,\n    impersonatedAccount: \"this\",\n    serviceAccountEmail: _this.email,\n    tokenScopes: [\"https://www.googleapis.com/auth/cloud-platform\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_google as google\nimport pulumi_std as std\nimport pulumi_vault as vault\n\nthis = google.index.ServiceAccount(\"this\", account_id=my-awesome-account)\ngcp = vault.gcp.SecretBackend(\"gcp\",\n    path=\"gcp\",\n    credentials=std.file(input=\"credentials.json\").result)\nimpersonated_account = vault.gcp.SecretImpersonatedAccount(\"impersonated_account\",\n    backend=gcp.path,\n    impersonated_account=\"this\",\n    service_account_email=this[\"email\"],\n    token_scopes=[\"https://www.googleapis.com/auth/cloud-platform\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Google = Pulumi.Google;\nusing Std = Pulumi.Std;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var @this = new Google.Index.ServiceAccount(\"this\", new()\n    {\n        AccountId = \"my-awesome-account\",\n    });\n\n    var gcp = new Vault.Gcp.SecretBackend(\"gcp\", new()\n    {\n        Path = \"gcp\",\n        Credentials = Std.File.Invoke(new()\n        {\n            Input = \"credentials.json\",\n        }).Apply(invoke =\u003e invoke.Result),\n    });\n\n    var impersonatedAccount = new Vault.Gcp.SecretImpersonatedAccount(\"impersonated_account\", new()\n    {\n        Backend = gcp.Path,\n        ImpersonatedAccount = \"this\",\n        ServiceAccountEmail = @this.Email,\n        TokenScopes = new[]\n        {\n            \"https://www.googleapis.com/auth/cloud-platform\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-google/sdk/v1/go/google\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthis, err := index.NewServiceAccount(ctx, \"this\", \u0026index.ServiceAccountArgs{\n\t\t\tAccountId: \"my-awesome-account\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"credentials.json\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgcp, err := gcp.NewSecretBackend(ctx, \"gcp\", \u0026gcp.SecretBackendArgs{\n\t\t\tPath:        pulumi.String(\"gcp\"),\n\t\t\tCredentials: invokeFile.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gcp.NewSecretImpersonatedAccount(ctx, \"impersonated_account\", \u0026gcp.SecretImpersonatedAccountArgs{\n\t\t\tBackend:             gcp.Path,\n\t\t\tImpersonatedAccount: pulumi.String(\"this\"),\n\t\t\tServiceAccountEmail: this.Email,\n\t\t\tTokenScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/cloud-platform\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.google.serviceAccount;\nimport com.pulumi.google.ServiceAccountArgs;\nimport com.pulumi.vault.gcp.SecretBackend;\nimport com.pulumi.vault.gcp.SecretBackendArgs;\nimport com.pulumi.vault.gcp.SecretImpersonatedAccount;\nimport com.pulumi.vault.gcp.SecretImpersonatedAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var this_ = new ServiceAccount(\"this\", ServiceAccountArgs.builder()\n            .accountId(\"my-awesome-account\")\n            .build());\n\n        var gcp = new SecretBackend(\"gcp\", SecretBackendArgs.builder()\n            .path(\"gcp\")\n            .credentials(StdFunctions.file(FileArgs.builder()\n                .input(\"credentials.json\")\n                .build()).result())\n            .build());\n\n        var impersonatedAccount = new SecretImpersonatedAccount(\"impersonatedAccount\", SecretImpersonatedAccountArgs.builder()\n            .backend(gcp.path())\n            .impersonatedAccount(\"this\")\n            .serviceAccountEmail(this_.email())\n            .tokenScopes(\"https://www.googleapis.com/auth/cloud-platform\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  this:\n    type: google:serviceAccount\n    properties:\n      accountId: my-awesome-account\n  gcp:\n    type: vault:gcp:SecretBackend\n    properties:\n      path: gcp\n      credentials:\n        fn::invoke:\n          Function: std:file\n          Arguments:\n            input: credentials.json\n          Return: result\n  impersonatedAccount:\n    type: vault:gcp:SecretImpersonatedAccount\n    name: impersonated_account\n    properties:\n      backend: ${gcp.path}\n      impersonatedAccount: this\n      serviceAccountEmail: ${this.email}\n      tokenScopes:\n        - https://www.googleapis.com/auth/cloud-platform\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nA impersonated account can be imported using its Vault Path. For example, referencing the example above,\n\n```sh\n$ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer\n```\n",
+            "description": "Creates a Impersonated Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.\n\nEach [impersonated account](https://www.vaultproject.io/docs/secrets/gcp/index.html#impersonated-accounts) is tied to a separately managed\nService Account.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as google from \"@pulumi/google\";\nimport * as std from \"@pulumi/std\";\nimport * as vault from \"@pulumi/vault\";\n\nconst _this = new google.index.ServiceAccount(\"this\", {accountId: \"my-awesome-account\"});\nconst gcp = new vault.gcp.SecretBackend(\"gcp\", {\n    path: \"gcp\",\n    credentials: std.file({\n        input: \"credentials.json\",\n    }).then(invoke =\u003e invoke.result),\n});\nconst impersonatedAccount = new vault.gcp.SecretImpersonatedAccount(\"impersonated_account\", {\n    backend: gcp.path,\n    impersonatedAccount: \"this\",\n    serviceAccountEmail: _this.email,\n    tokenScopes: [\"https://www.googleapis.com/auth/cloud-platform\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_google as google\nimport pulumi_std as std\nimport pulumi_vault as vault\n\nthis = google.index.ServiceAccount(\"this\", account_id=my-awesome-account)\ngcp = vault.gcp.SecretBackend(\"gcp\",\n    path=\"gcp\",\n    credentials=std.file(input=\"credentials.json\").result)\nimpersonated_account = vault.gcp.SecretImpersonatedAccount(\"impersonated_account\",\n    backend=gcp.path,\n    impersonated_account=\"this\",\n    service_account_email=this[\"email\"],\n    token_scopes=[\"https://www.googleapis.com/auth/cloud-platform\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Google = Pulumi.Google;\nusing Std = Pulumi.Std;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var @this = new Google.Index.ServiceAccount(\"this\", new()\n    {\n        AccountId = \"my-awesome-account\",\n    });\n\n    var gcp = new Vault.Gcp.SecretBackend(\"gcp\", new()\n    {\n        Path = \"gcp\",\n        Credentials = Std.File.Invoke(new()\n        {\n            Input = \"credentials.json\",\n        }).Apply(invoke =\u003e invoke.Result),\n    });\n\n    var impersonatedAccount = new Vault.Gcp.SecretImpersonatedAccount(\"impersonated_account\", new()\n    {\n        Backend = gcp.Path,\n        ImpersonatedAccount = \"this\",\n        ServiceAccountEmail = @this.Email,\n        TokenScopes = new[]\n        {\n            \"https://www.googleapis.com/auth/cloud-platform\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-google/sdk/go/google\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthis, err := google.NewServiceAccount(ctx, \"this\", \u0026google.ServiceAccountArgs{\n\t\t\tAccountId: \"my-awesome-account\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"credentials.json\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgcp, err := gcp.NewSecretBackend(ctx, \"gcp\", \u0026gcp.SecretBackendArgs{\n\t\t\tPath:        pulumi.String(\"gcp\"),\n\t\t\tCredentials: invokeFile.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gcp.NewSecretImpersonatedAccount(ctx, \"impersonated_account\", \u0026gcp.SecretImpersonatedAccountArgs{\n\t\t\tBackend:             gcp.Path,\n\t\t\tImpersonatedAccount: pulumi.String(\"this\"),\n\t\t\tServiceAccountEmail: this.Email,\n\t\t\tTokenScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/cloud-platform\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.google.serviceAccount;\nimport com.pulumi.google.ServiceAccountArgs;\nimport com.pulumi.vault.gcp.SecretBackend;\nimport com.pulumi.vault.gcp.SecretBackendArgs;\nimport com.pulumi.vault.gcp.SecretImpersonatedAccount;\nimport com.pulumi.vault.gcp.SecretImpersonatedAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var this_ = new ServiceAccount(\"this\", ServiceAccountArgs.builder()\n            .accountId(\"my-awesome-account\")\n            .build());\n\n        var gcp = new SecretBackend(\"gcp\", SecretBackendArgs.builder()\n            .path(\"gcp\")\n            .credentials(StdFunctions.file(FileArgs.builder()\n                .input(\"credentials.json\")\n                .build()).result())\n            .build());\n\n        var impersonatedAccount = new SecretImpersonatedAccount(\"impersonatedAccount\", SecretImpersonatedAccountArgs.builder()\n            .backend(gcp.path())\n            .impersonatedAccount(\"this\")\n            .serviceAccountEmail(this_.email())\n            .tokenScopes(\"https://www.googleapis.com/auth/cloud-platform\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  this:\n    type: google:serviceAccount\n    properties:\n      accountId: my-awesome-account\n  gcp:\n    type: vault:gcp:SecretBackend\n    properties:\n      path: gcp\n      credentials:\n        fn::invoke:\n          Function: std:file\n          Arguments:\n            input: credentials.json\n          Return: result\n  impersonatedAccount:\n    type: vault:gcp:SecretImpersonatedAccount\n    name: impersonated_account\n    properties:\n      backend: ${gcp.path}\n      impersonatedAccount: this\n      serviceAccountEmail: ${this.email}\n      tokenScopes:\n        - https://www.googleapis.com/auth/cloud-platform\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nA impersonated account can be imported using its Vault Path. For example, referencing the example above,\n\n```sh\n$ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer\n```\n",
             "properties": {
                 "backend": {
                     "type": "string",
@@ -12320,7 +12326,7 @@
             }
         },
         "vault:gcp/secretStaticAccount:SecretStaticAccount": {
-            "description": "Creates a Static Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.\n\nEach [static account](https://www.vaultproject.io/docs/secrets/gcp/index.html#static-accounts) is tied to a separately managed\nService Account, and can have one or more [bindings](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings) associated with it.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as google from \"@pulumi/google\";\nimport * as std from \"@pulumi/std\";\nimport * as vault from \"@pulumi/vault\";\n\nconst _this = new google.index.ServiceAccount(\"this\", {accountId: \"my-awesome-account\"});\nconst gcp = new vault.gcp.SecretBackend(\"gcp\", {\n    path: \"gcp\",\n    credentials: std.file({\n        input: \"credentials.json\",\n    }).then(invoke =\u003e invoke.result),\n});\nconst staticAccount = new vault.gcp.SecretStaticAccount(\"static_account\", {\n    backend: gcp.path,\n    staticAccount: \"project_viewer\",\n    secretType: \"access_token\",\n    tokenScopes: [\"https://www.googleapis.com/auth/cloud-platform\"],\n    serviceAccountEmail: _this.email,\n    bindings: [{\n        resource: `//cloudresourcemanager.googleapis.com/projects/${_this.project}`,\n        roles: [\"roles/viewer\"],\n    }],\n});\n```\n```python\nimport pulumi\nimport pulumi_google as google\nimport pulumi_std as std\nimport pulumi_vault as vault\n\nthis = google.index.ServiceAccount(\"this\", account_id=my-awesome-account)\ngcp = vault.gcp.SecretBackend(\"gcp\",\n    path=\"gcp\",\n    credentials=std.file(input=\"credentials.json\").result)\nstatic_account = vault.gcp.SecretStaticAccount(\"static_account\",\n    backend=gcp.path,\n    static_account=\"project_viewer\",\n    secret_type=\"access_token\",\n    token_scopes=[\"https://www.googleapis.com/auth/cloud-platform\"],\n    service_account_email=this[\"email\"],\n    bindings=[vault.gcp.SecretStaticAccountBindingArgs(\n        resource=f\"//cloudresourcemanager.googleapis.com/projects/{this['project']}\",\n        roles=[\"roles/viewer\"],\n    )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Google = Pulumi.Google;\nusing Std = Pulumi.Std;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var @this = new Google.Index.ServiceAccount(\"this\", new()\n    {\n        AccountId = \"my-awesome-account\",\n    });\n\n    var gcp = new Vault.Gcp.SecretBackend(\"gcp\", new()\n    {\n        Path = \"gcp\",\n        Credentials = Std.File.Invoke(new()\n        {\n            Input = \"credentials.json\",\n        }).Apply(invoke =\u003e invoke.Result),\n    });\n\n    var staticAccount = new Vault.Gcp.SecretStaticAccount(\"static_account\", new()\n    {\n        Backend = gcp.Path,\n        StaticAccount = \"project_viewer\",\n        SecretType = \"access_token\",\n        TokenScopes = new[]\n        {\n            \"https://www.googleapis.com/auth/cloud-platform\",\n        },\n        ServiceAccountEmail = @this.Email,\n        Bindings = new[]\n        {\n            new Vault.Gcp.Inputs.SecretStaticAccountBindingArgs\n            {\n                Resource = $\"//cloudresourcemanager.googleapis.com/projects/{@this.Project}\",\n                Roles = new[]\n                {\n                    \"roles/viewer\",\n                },\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-google/sdk/v1/go/google\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthis, err := index.NewServiceAccount(ctx, \"this\", \u0026index.ServiceAccountArgs{\n\t\t\tAccountId: \"my-awesome-account\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"credentials.json\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgcp, err := gcp.NewSecretBackend(ctx, \"gcp\", \u0026gcp.SecretBackendArgs{\n\t\t\tPath:        pulumi.String(\"gcp\"),\n\t\t\tCredentials: invokeFile.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gcp.NewSecretStaticAccount(ctx, \"static_account\", \u0026gcp.SecretStaticAccountArgs{\n\t\t\tBackend:       gcp.Path,\n\t\t\tStaticAccount: pulumi.String(\"project_viewer\"),\n\t\t\tSecretType:    pulumi.String(\"access_token\"),\n\t\t\tTokenScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/cloud-platform\"),\n\t\t\t},\n\t\t\tServiceAccountEmail: this.Email,\n\t\t\tBindings: gcp.SecretStaticAccountBindingArray{\n\t\t\t\t\u0026gcp.SecretStaticAccountBindingArgs{\n\t\t\t\t\tResource: pulumi.String(fmt.Sprintf(\"//cloudresourcemanager.googleapis.com/projects/%v\", this.Project)),\n\t\t\t\t\tRoles: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"roles/viewer\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.google.serviceAccount;\nimport com.pulumi.google.ServiceAccountArgs;\nimport com.pulumi.vault.gcp.SecretBackend;\nimport com.pulumi.vault.gcp.SecretBackendArgs;\nimport com.pulumi.vault.gcp.SecretStaticAccount;\nimport com.pulumi.vault.gcp.SecretStaticAccountArgs;\nimport com.pulumi.vault.gcp.inputs.SecretStaticAccountBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var this_ = new ServiceAccount(\"this\", ServiceAccountArgs.builder()\n            .accountId(\"my-awesome-account\")\n            .build());\n\n        var gcp = new SecretBackend(\"gcp\", SecretBackendArgs.builder()\n            .path(\"gcp\")\n            .credentials(StdFunctions.file(FileArgs.builder()\n                .input(\"credentials.json\")\n                .build()).result())\n            .build());\n\n        var staticAccount = new SecretStaticAccount(\"staticAccount\", SecretStaticAccountArgs.builder()\n            .backend(gcp.path())\n            .staticAccount(\"project_viewer\")\n            .secretType(\"access_token\")\n            .tokenScopes(\"https://www.googleapis.com/auth/cloud-platform\")\n            .serviceAccountEmail(this_.email())\n            .bindings(SecretStaticAccountBindingArgs.builder()\n                .resource(String.format(\"//cloudresourcemanager.googleapis.com/projects/%s\", this_.project()))\n                .roles(\"roles/viewer\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  this:\n    type: google:serviceAccount\n    properties:\n      accountId: my-awesome-account\n  gcp:\n    type: vault:gcp:SecretBackend\n    properties:\n      path: gcp\n      credentials:\n        fn::invoke:\n          Function: std:file\n          Arguments:\n            input: credentials.json\n          Return: result\n  staticAccount:\n    type: vault:gcp:SecretStaticAccount\n    name: static_account\n    properties:\n      backend: ${gcp.path}\n      staticAccount: project_viewer\n      secretType: access_token\n      tokenScopes:\n        - https://www.googleapis.com/auth/cloud-platform\n      serviceAccountEmail: ${this.email}\n      bindings:\n        - resource: //cloudresourcemanager.googleapis.com/projects/${this.project}\n          roles:\n            - roles/viewer\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nA static account can be imported using its Vault Path. For example, referencing the example above,\n\n```sh\n$ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer\n```\n",
+            "description": "Creates a Static Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.\n\nEach [static account](https://www.vaultproject.io/docs/secrets/gcp/index.html#static-accounts) is tied to a separately managed\nService Account, and can have one or more [bindings](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings) associated with it.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as google from \"@pulumi/google\";\nimport * as std from \"@pulumi/std\";\nimport * as vault from \"@pulumi/vault\";\n\nconst _this = new google.index.ServiceAccount(\"this\", {accountId: \"my-awesome-account\"});\nconst gcp = new vault.gcp.SecretBackend(\"gcp\", {\n    path: \"gcp\",\n    credentials: std.file({\n        input: \"credentials.json\",\n    }).then(invoke =\u003e invoke.result),\n});\nconst staticAccount = new vault.gcp.SecretStaticAccount(\"static_account\", {\n    backend: gcp.path,\n    staticAccount: \"project_viewer\",\n    secretType: \"access_token\",\n    tokenScopes: [\"https://www.googleapis.com/auth/cloud-platform\"],\n    serviceAccountEmail: _this.email,\n    bindings: [{\n        resource: `//cloudresourcemanager.googleapis.com/projects/${_this.project}`,\n        roles: [\"roles/viewer\"],\n    }],\n});\n```\n```python\nimport pulumi\nimport pulumi_google as google\nimport pulumi_std as std\nimport pulumi_vault as vault\n\nthis = google.index.ServiceAccount(\"this\", account_id=my-awesome-account)\ngcp = vault.gcp.SecretBackend(\"gcp\",\n    path=\"gcp\",\n    credentials=std.file(input=\"credentials.json\").result)\nstatic_account = vault.gcp.SecretStaticAccount(\"static_account\",\n    backend=gcp.path,\n    static_account=\"project_viewer\",\n    secret_type=\"access_token\",\n    token_scopes=[\"https://www.googleapis.com/auth/cloud-platform\"],\n    service_account_email=this[\"email\"],\n    bindings=[vault.gcp.SecretStaticAccountBindingArgs(\n        resource=f\"//cloudresourcemanager.googleapis.com/projects/{this['project']}\",\n        roles=[\"roles/viewer\"],\n    )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Google = Pulumi.Google;\nusing Std = Pulumi.Std;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var @this = new Google.Index.ServiceAccount(\"this\", new()\n    {\n        AccountId = \"my-awesome-account\",\n    });\n\n    var gcp = new Vault.Gcp.SecretBackend(\"gcp\", new()\n    {\n        Path = \"gcp\",\n        Credentials = Std.File.Invoke(new()\n        {\n            Input = \"credentials.json\",\n        }).Apply(invoke =\u003e invoke.Result),\n    });\n\n    var staticAccount = new Vault.Gcp.SecretStaticAccount(\"static_account\", new()\n    {\n        Backend = gcp.Path,\n        StaticAccount = \"project_viewer\",\n        SecretType = \"access_token\",\n        TokenScopes = new[]\n        {\n            \"https://www.googleapis.com/auth/cloud-platform\",\n        },\n        ServiceAccountEmail = @this.Email,\n        Bindings = new[]\n        {\n            new Vault.Gcp.Inputs.SecretStaticAccountBindingArgs\n            {\n                Resource = $\"//cloudresourcemanager.googleapis.com/projects/{@this.Project}\",\n                Roles = new[]\n                {\n                    \"roles/viewer\",\n                },\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-google/sdk/go/google\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthis, err := google.NewServiceAccount(ctx, \"this\", \u0026google.ServiceAccountArgs{\n\t\t\tAccountId: \"my-awesome-account\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"credentials.json\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgcp, err := gcp.NewSecretBackend(ctx, \"gcp\", \u0026gcp.SecretBackendArgs{\n\t\t\tPath:        pulumi.String(\"gcp\"),\n\t\t\tCredentials: invokeFile.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gcp.NewSecretStaticAccount(ctx, \"static_account\", \u0026gcp.SecretStaticAccountArgs{\n\t\t\tBackend:       gcp.Path,\n\t\t\tStaticAccount: pulumi.String(\"project_viewer\"),\n\t\t\tSecretType:    pulumi.String(\"access_token\"),\n\t\t\tTokenScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/cloud-platform\"),\n\t\t\t},\n\t\t\tServiceAccountEmail: this.Email,\n\t\t\tBindings: gcp.SecretStaticAccountBindingArray{\n\t\t\t\t\u0026gcp.SecretStaticAccountBindingArgs{\n\t\t\t\t\tResource: pulumi.String(fmt.Sprintf(\"//cloudresourcemanager.googleapis.com/projects/%v\", this.Project)),\n\t\t\t\t\tRoles: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"roles/viewer\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.google.serviceAccount;\nimport com.pulumi.google.ServiceAccountArgs;\nimport com.pulumi.vault.gcp.SecretBackend;\nimport com.pulumi.vault.gcp.SecretBackendArgs;\nimport com.pulumi.vault.gcp.SecretStaticAccount;\nimport com.pulumi.vault.gcp.SecretStaticAccountArgs;\nimport com.pulumi.vault.gcp.inputs.SecretStaticAccountBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var this_ = new ServiceAccount(\"this\", ServiceAccountArgs.builder()\n            .accountId(\"my-awesome-account\")\n            .build());\n\n        var gcp = new SecretBackend(\"gcp\", SecretBackendArgs.builder()\n            .path(\"gcp\")\n            .credentials(StdFunctions.file(FileArgs.builder()\n                .input(\"credentials.json\")\n                .build()).result())\n            .build());\n\n        var staticAccount = new SecretStaticAccount(\"staticAccount\", SecretStaticAccountArgs.builder()\n            .backend(gcp.path())\n            .staticAccount(\"project_viewer\")\n            .secretType(\"access_token\")\n            .tokenScopes(\"https://www.googleapis.com/auth/cloud-platform\")\n            .serviceAccountEmail(this_.email())\n            .bindings(SecretStaticAccountBindingArgs.builder()\n                .resource(String.format(\"//cloudresourcemanager.googleapis.com/projects/%s\", this_.project()))\n                .roles(\"roles/viewer\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  this:\n    type: google:serviceAccount\n    properties:\n      accountId: my-awesome-account\n  gcp:\n    type: vault:gcp:SecretBackend\n    properties:\n      path: gcp\n      credentials:\n        fn::invoke:\n          Function: std:file\n          Arguments:\n            input: credentials.json\n          Return: result\n  staticAccount:\n    type: vault:gcp:SecretStaticAccount\n    name: static_account\n    properties:\n      backend: ${gcp.path}\n      staticAccount: project_viewer\n      secretType: access_token\n      tokenScopes:\n        - https://www.googleapis.com/auth/cloud-platform\n      serviceAccountEmail: ${this.email}\n      bindings:\n        - resource: //cloudresourcemanager.googleapis.com/projects/${this.project}\n          roles:\n            - roles/viewer\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nA static account can be imported using its Vault Path. For example, referencing the example above,\n\n```sh\n$ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer\n```\n",
             "properties": {
                 "backend": {
                     "type": "string",
diff --git a/provider/go.mod b/provider/go.mod
index 73a9272d..6717fbda 100644
--- a/provider/go.mod
+++ b/provider/go.mod
@@ -1,12 +1,12 @@
 module github.com/pulumi/pulumi-vault/provider/v6
 
-go 1.21.3
+go 1.21.12
 
 require (
 	github.com/hashicorp/terraform-provider-vault v0.0.0
 	github.com/pulumi/providertest v0.0.11
-	github.com/pulumi/pulumi-terraform-bridge/v3 v3.86.0
-	github.com/pulumi/pulumi/sdk/v3 v3.121.0
+	github.com/pulumi/pulumi-terraform-bridge/v3 v3.86.1-0.20240716225253-c975862f43cf
+	github.com/pulumi/pulumi/sdk/v3 v3.124.0
 	github.com/stretchr/testify v1.9.0
 )
 
@@ -221,8 +221,8 @@ require (
 	github.com/pulumi/inflector v0.1.1 // indirect
 	github.com/pulumi/pulumi-java/pkg v0.11.0 // indirect
 	github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8 // indirect
-	github.com/pulumi/pulumi-yaml v1.8.0 // indirect
-	github.com/pulumi/pulumi/pkg/v3 v3.121.0 // indirect
+	github.com/pulumi/pulumi-yaml v1.9.1 // indirect
+	github.com/pulumi/pulumi/pkg/v3 v3.124.0 // indirect
 	github.com/pulumi/schema-tools v0.1.2 // indirect
 	github.com/pulumi/terraform-diff-reader v0.0.2 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
diff --git a/provider/go.sum b/provider/go.sum
index 9be4f79a..e910c03f 100644
--- a/provider/go.sum
+++ b/provider/go.sum
@@ -2178,8 +2178,6 @@ github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM=
-github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
 github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
@@ -2859,16 +2857,16 @@ github.com/pulumi/providertest v0.0.11 h1:mg8MQ7Cq7+9XlHIkBD+aCqQO4mwAJEISngZgVd
 github.com/pulumi/providertest v0.0.11/go.mod h1:HsxjVsytcMIuNj19w1lT2W0QXY0oReXl1+h6eD2JXP8=
 github.com/pulumi/pulumi-java/pkg v0.11.0 h1:Jw9gBvyfmfOMq/EkYDm9+zGPxsDAA8jfeMpHmtZ+1oA=
 github.com/pulumi/pulumi-java/pkg v0.11.0/go.mod h1:sXAk25P47AQVQL6ilAbFmRNgZykC7og/+87ihnqzFTc=
-github.com/pulumi/pulumi-terraform-bridge/v3 v3.86.0 h1:55ydBXwbNpL+eAPExJSfL1pSDUuPNSGCU08EamVh3qg=
-github.com/pulumi/pulumi-terraform-bridge/v3 v3.86.0/go.mod h1:jyywJUc4gFP5vWOar8qSQWzSrpwht7XDrYQtVvneza4=
+github.com/pulumi/pulumi-terraform-bridge/v3 v3.86.1-0.20240716225253-c975862f43cf h1:A0DJMstsI+Ib8VGrC+jE9Nz91KZsJhGUdiE6ws8gzno=
+github.com/pulumi/pulumi-terraform-bridge/v3 v3.86.1-0.20240716225253-c975862f43cf/go.mod h1:YuSO+tedA16nS7/6YkWAEmO11/mh/Hn+hohH/SVZp58=
 github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8 h1:mav2tSitA9BPJPLLahKgepHyYsMzwaTm4cvp0dcTMYw=
 github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8/go.mod h1:qUYk2c9i/yqMGNj9/bQyXpS39BxNDSXYjVN1njnq0zY=
-github.com/pulumi/pulumi-yaml v1.8.0 h1:bhmidiCMMuzsJao5FE0UR69iF3WVKPCFrRkzjotFNn4=
-github.com/pulumi/pulumi-yaml v1.8.0/go.mod h1:pCfYHSRmdl+5dM/7eT2uDQS528YOhAhiqbn9pwRzW20=
-github.com/pulumi/pulumi/pkg/v3 v3.121.0 h1:cLUQJYGJKfgCY0ubJo8dVwmsIm2WcgTprb9Orc/yiFg=
-github.com/pulumi/pulumi/pkg/v3 v3.121.0/go.mod h1:aaRixfKOh4DhGtuDJcI56dTPkb7oJBgRgH1aMF1FzbU=
-github.com/pulumi/pulumi/sdk/v3 v3.121.0 h1:UsnFKIVOtJN/hQKPkWHL9cZktewPVQRbNUXbXQY/qrk=
-github.com/pulumi/pulumi/sdk/v3 v3.121.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY=
+github.com/pulumi/pulumi-yaml v1.9.1 h1:JPeI80M23SPactxgnCFS1casZlSr7ZhAXwSx4H55QQ4=
+github.com/pulumi/pulumi-yaml v1.9.1/go.mod h1:OH0R34yJxA5u6zjYBN4JXcWoEvfkRoOVWi6viu8buoA=
+github.com/pulumi/pulumi/pkg/v3 v3.124.0 h1:JgUePx6Ga9geBJ1dku6K8GXTrsBYzXMhKIsk+cxeKo8=
+github.com/pulumi/pulumi/pkg/v3 v3.124.0/go.mod h1:/XUDPNoIikS3lcQe1HpGuKs73cO5HqBvOdxXFeC3UHM=
+github.com/pulumi/pulumi/sdk/v3 v3.124.0 h1:f9Rb2AhLSaacKTaBPbKXPCfviHxTuhEXafhT4E095Y0=
+github.com/pulumi/pulumi/sdk/v3 v3.124.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY=
 github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQKpfZo=
 github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k=
 github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI=
diff --git a/sdk/go.mod b/sdk/go.mod
index 42feb8ff..c32ffbf9 100644
--- a/sdk/go.mod
+++ b/sdk/go.mod
@@ -4,7 +4,7 @@ go 1.21
 
 require (
 	github.com/blang/semver v3.5.1+incompatible
-	github.com/pulumi/pulumi/sdk/v3 v3.121.0
+	github.com/pulumi/pulumi/sdk/v3 v3.124.0
 )
 
 require (
diff --git a/sdk/go.sum b/sdk/go.sum
index 2c544ca5..acd4c150 100644
--- a/sdk/go.sum
+++ b/sdk/go.sum
@@ -150,8 +150,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435
 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
 github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs=
 github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c=
-github.com/pulumi/pulumi/sdk/v3 v3.121.0 h1:UsnFKIVOtJN/hQKPkWHL9cZktewPVQRbNUXbXQY/qrk=
-github.com/pulumi/pulumi/sdk/v3 v3.121.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY=
+github.com/pulumi/pulumi/sdk/v3 v3.124.0 h1:f9Rb2AhLSaacKTaBPbKXPCfviHxTuhEXafhT4E095Y0=
+github.com/pulumi/pulumi/sdk/v3 v3.124.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=

From 94081529c071f1819a269fbf72300a455367ca39 Mon Sep 17 00:00:00 2001
From: pulumi-bot <bot@pulumi.com>
Date: Wed, 17 Jul 2024 00:00:31 +0000
Subject: [PATCH 2/2] make build_sdks

---
 .../GetPolicyDocumentRuleAllowedParameter.cs  |  7 +++
 ...tPolicyDocumentRuleAllowedParameterArgs.cs |  7 +++
 .../GetPolicyDocumentRuleDeniedParameter.cs   |  7 +++
 ...etPolicyDocumentRuleDeniedParameterArgs.cs |  7 +++
 ...olicyDocumentRuleAllowedParameterResult.cs |  6 +++
 ...PolicyDocumentRuleDeniedParameterResult.cs |  6 +++
 .../BackendConfigEstAuthenticatorsArgs.cs     |  8 ++++
 .../BackendConfigEstAuthenticatorsGetArgs.cs  |  8 ++++
 .../Outputs/BackendConfigEstAuthenticators.cs |  6 +++
 sdk/go/vault/gcp/secretImpersonatedAccount.go |  4 +-
 sdk/go/vault/gcp/secretStaticAccount.go       |  4 +-
 sdk/go/vault/pkisecret/pulumiTypes.go         | 12 ++++-
 sdk/go/vault/pulumiTypes.go                   | 20 ++++++--
 ...GetPolicyDocumentRuleAllowedParameter.java | 34 ++++++++++++++
 ...olicyDocumentRuleAllowedParameterArgs.java | 46 +++++++++++++++++++
 .../GetPolicyDocumentRuleDeniedParameter.java | 34 ++++++++++++++
 ...PolicyDocumentRuleDeniedParameterArgs.java | 46 +++++++++++++++++++
 ...GetPolicyDocumentRuleAllowedParameter.java | 16 +++++++
 .../GetPolicyDocumentRuleDeniedParameter.java | 16 +++++++
 .../BackendConfigEstAuthenticatorsArgs.java   | 40 ++++++++++++++++
 .../BackendConfigEstAuthenticators.java       | 16 +++++++
 sdk/nodejs/types/input.ts                     | 30 ++++++++++++
 sdk/nodejs/types/output.ts                    | 18 ++++++++
 sdk/python/pulumi_vault/_inputs.py            | 20 ++++++++
 sdk/python/pulumi_vault/_utilities.py         |  7 ++-
 sdk/python/pulumi_vault/outputs.py            | 20 ++++++++
 sdk/python/pulumi_vault/pkisecret/_inputs.py  | 10 ++++
 sdk/python/pulumi_vault/pkisecret/outputs.py  | 10 ++++
 28 files changed, 451 insertions(+), 14 deletions(-)

diff --git a/sdk/dotnet/Inputs/GetPolicyDocumentRuleAllowedParameter.cs b/sdk/dotnet/Inputs/GetPolicyDocumentRuleAllowedParameter.cs
index 5eb8fa34..2461a9ed 100644
--- a/sdk/dotnet/Inputs/GetPolicyDocumentRuleAllowedParameter.cs
+++ b/sdk/dotnet/Inputs/GetPolicyDocumentRuleAllowedParameter.cs
@@ -12,11 +12,18 @@ namespace Pulumi.Vault.Inputs
 
     public sealed class GetPolicyDocumentRuleAllowedParameterArgs : global::Pulumi.InvokeArgs
     {
+        /// <summary>
+        /// name of permitted or denied parameter.
+        /// </summary>
         [Input("key", required: true)]
         public string Key { get; set; } = null!;
 
         [Input("values", required: true)]
         private List<string>? _values;
+
+        /// <summary>
+        /// list of values what are permitted or denied by policy rule.
+        /// </summary>
         public List<string> Values
         {
             get => _values ?? (_values = new List<string>());
diff --git a/sdk/dotnet/Inputs/GetPolicyDocumentRuleAllowedParameterArgs.cs b/sdk/dotnet/Inputs/GetPolicyDocumentRuleAllowedParameterArgs.cs
index 597ed200..8c32640a 100644
--- a/sdk/dotnet/Inputs/GetPolicyDocumentRuleAllowedParameterArgs.cs
+++ b/sdk/dotnet/Inputs/GetPolicyDocumentRuleAllowedParameterArgs.cs
@@ -12,11 +12,18 @@ namespace Pulumi.Vault.Inputs
 
     public sealed class GetPolicyDocumentRuleAllowedParameterInputArgs : global::Pulumi.ResourceArgs
     {
+        /// <summary>
+        /// name of permitted or denied parameter.
+        /// </summary>
         [Input("key", required: true)]
         public Input<string> Key { get; set; } = null!;
 
         [Input("values", required: true)]
         private InputList<string>? _values;
+
+        /// <summary>
+        /// list of values what are permitted or denied by policy rule.
+        /// </summary>
         public InputList<string> Values
         {
             get => _values ?? (_values = new InputList<string>());
diff --git a/sdk/dotnet/Inputs/GetPolicyDocumentRuleDeniedParameter.cs b/sdk/dotnet/Inputs/GetPolicyDocumentRuleDeniedParameter.cs
index 1cf0f8fc..454b2732 100644
--- a/sdk/dotnet/Inputs/GetPolicyDocumentRuleDeniedParameter.cs
+++ b/sdk/dotnet/Inputs/GetPolicyDocumentRuleDeniedParameter.cs
@@ -12,11 +12,18 @@ namespace Pulumi.Vault.Inputs
 
     public sealed class GetPolicyDocumentRuleDeniedParameterArgs : global::Pulumi.InvokeArgs
     {
+        /// <summary>
+        /// name of permitted or denied parameter.
+        /// </summary>
         [Input("key", required: true)]
         public string Key { get; set; } = null!;
 
         [Input("values", required: true)]
         private List<string>? _values;
+
+        /// <summary>
+        /// list of values what are permitted or denied by policy rule.
+        /// </summary>
         public List<string> Values
         {
             get => _values ?? (_values = new List<string>());
diff --git a/sdk/dotnet/Inputs/GetPolicyDocumentRuleDeniedParameterArgs.cs b/sdk/dotnet/Inputs/GetPolicyDocumentRuleDeniedParameterArgs.cs
index 6ef377d3..9e38e88b 100644
--- a/sdk/dotnet/Inputs/GetPolicyDocumentRuleDeniedParameterArgs.cs
+++ b/sdk/dotnet/Inputs/GetPolicyDocumentRuleDeniedParameterArgs.cs
@@ -12,11 +12,18 @@ namespace Pulumi.Vault.Inputs
 
     public sealed class GetPolicyDocumentRuleDeniedParameterInputArgs : global::Pulumi.ResourceArgs
     {
+        /// <summary>
+        /// name of permitted or denied parameter.
+        /// </summary>
         [Input("key", required: true)]
         public Input<string> Key { get; set; } = null!;
 
         [Input("values", required: true)]
         private InputList<string>? _values;
+
+        /// <summary>
+        /// list of values what are permitted or denied by policy rule.
+        /// </summary>
         public InputList<string> Values
         {
             get => _values ?? (_values = new InputList<string>());
diff --git a/sdk/dotnet/Outputs/GetPolicyDocumentRuleAllowedParameterResult.cs b/sdk/dotnet/Outputs/GetPolicyDocumentRuleAllowedParameterResult.cs
index 18e7d623..a553ada2 100644
--- a/sdk/dotnet/Outputs/GetPolicyDocumentRuleAllowedParameterResult.cs
+++ b/sdk/dotnet/Outputs/GetPolicyDocumentRuleAllowedParameterResult.cs
@@ -13,7 +13,13 @@ namespace Pulumi.Vault.Outputs
     [OutputType]
     public sealed class GetPolicyDocumentRuleAllowedParameterResult
     {
+        /// <summary>
+        /// name of permitted or denied parameter.
+        /// </summary>
         public readonly string Key;
+        /// <summary>
+        /// list of values what are permitted or denied by policy rule.
+        /// </summary>
         public readonly ImmutableArray<string> Values;
 
         [OutputConstructor]
diff --git a/sdk/dotnet/Outputs/GetPolicyDocumentRuleDeniedParameterResult.cs b/sdk/dotnet/Outputs/GetPolicyDocumentRuleDeniedParameterResult.cs
index 1a776870..792b316b 100644
--- a/sdk/dotnet/Outputs/GetPolicyDocumentRuleDeniedParameterResult.cs
+++ b/sdk/dotnet/Outputs/GetPolicyDocumentRuleDeniedParameterResult.cs
@@ -13,7 +13,13 @@ namespace Pulumi.Vault.Outputs
     [OutputType]
     public sealed class GetPolicyDocumentRuleDeniedParameterResult
     {
+        /// <summary>
+        /// name of permitted or denied parameter.
+        /// </summary>
         public readonly string Key;
+        /// <summary>
+        /// list of values what are permitted or denied by policy rule.
+        /// </summary>
         public readonly ImmutableArray<string> Values;
 
         [OutputConstructor]
diff --git a/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsArgs.cs b/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsArgs.cs
index b9eb046a..611c56bb 100644
--- a/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsArgs.cs
+++ b/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsArgs.cs
@@ -14,6 +14,10 @@ public sealed class BackendConfigEstAuthenticatorsArgs : global::Pulumi.Resource
     {
         [Input("cert")]
         private InputMap<object>? _cert;
+
+        /// <summary>
+        /// "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        /// </summary>
         public InputMap<object> Cert
         {
             get => _cert ?? (_cert = new InputMap<object>());
@@ -22,6 +26,10 @@ public InputMap<object> Cert
 
         [Input("userpass")]
         private InputMap<object>? _userpass;
+
+        /// <summary>
+        /// "The accessor (required) property for user pass auth backends".
+        /// </summary>
         public InputMap<object> Userpass
         {
             get => _userpass ?? (_userpass = new InputMap<object>());
diff --git a/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsGetArgs.cs b/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsGetArgs.cs
index 249267e2..43edacf4 100644
--- a/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsGetArgs.cs
+++ b/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsGetArgs.cs
@@ -14,6 +14,10 @@ public sealed class BackendConfigEstAuthenticatorsGetArgs : global::Pulumi.Resou
     {
         [Input("cert")]
         private InputMap<object>? _cert;
+
+        /// <summary>
+        /// "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        /// </summary>
         public InputMap<object> Cert
         {
             get => _cert ?? (_cert = new InputMap<object>());
@@ -22,6 +26,10 @@ public InputMap<object> Cert
 
         [Input("userpass")]
         private InputMap<object>? _userpass;
+
+        /// <summary>
+        /// "The accessor (required) property for user pass auth backends".
+        /// </summary>
         public InputMap<object> Userpass
         {
             get => _userpass ?? (_userpass = new InputMap<object>());
diff --git a/sdk/dotnet/PkiSecret/Outputs/BackendConfigEstAuthenticators.cs b/sdk/dotnet/PkiSecret/Outputs/BackendConfigEstAuthenticators.cs
index d355f289..70511682 100644
--- a/sdk/dotnet/PkiSecret/Outputs/BackendConfigEstAuthenticators.cs
+++ b/sdk/dotnet/PkiSecret/Outputs/BackendConfigEstAuthenticators.cs
@@ -13,7 +13,13 @@ namespace Pulumi.Vault.PkiSecret.Outputs
     [OutputType]
     public sealed class BackendConfigEstAuthenticators
     {
+        /// <summary>
+        /// "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        /// </summary>
         public readonly ImmutableDictionary<string, object>? Cert;
+        /// <summary>
+        /// "The accessor (required) property for user pass auth backends".
+        /// </summary>
         public readonly ImmutableDictionary<string, object>? Userpass;
 
         [OutputConstructor]
diff --git a/sdk/go/vault/gcp/secretImpersonatedAccount.go b/sdk/go/vault/gcp/secretImpersonatedAccount.go
index 567feecc..e8610f12 100644
--- a/sdk/go/vault/gcp/secretImpersonatedAccount.go
+++ b/sdk/go/vault/gcp/secretImpersonatedAccount.go
@@ -24,7 +24,7 @@ import (
 //
 // import (
 //
-//	"github.com/pulumi/pulumi-google/sdk/v1/go/google"
+//	"github.com/pulumi/pulumi-google/sdk/go/google"
 //	"github.com/pulumi/pulumi-std/sdk/go/std"
 //	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp"
 //	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
@@ -33,7 +33,7 @@ import (
 //
 //	func main() {
 //		pulumi.Run(func(ctx *pulumi.Context) error {
-//			this, err := index.NewServiceAccount(ctx, "this", &index.ServiceAccountArgs{
+//			this, err := google.NewServiceAccount(ctx, "this", &google.ServiceAccountArgs{
 //				AccountId: "my-awesome-account",
 //			})
 //			if err != nil {
diff --git a/sdk/go/vault/gcp/secretStaticAccount.go b/sdk/go/vault/gcp/secretStaticAccount.go
index 1dcaacc2..028f23bf 100644
--- a/sdk/go/vault/gcp/secretStaticAccount.go
+++ b/sdk/go/vault/gcp/secretStaticAccount.go
@@ -26,7 +26,7 @@ import (
 //
 //	"fmt"
 //
-//	"github.com/pulumi/pulumi-google/sdk/v1/go/google"
+//	"github.com/pulumi/pulumi-google/sdk/go/google"
 //	"github.com/pulumi/pulumi-std/sdk/go/std"
 //	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp"
 //	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
@@ -35,7 +35,7 @@ import (
 //
 //	func main() {
 //		pulumi.Run(func(ctx *pulumi.Context) error {
-//			this, err := index.NewServiceAccount(ctx, "this", &index.ServiceAccountArgs{
+//			this, err := google.NewServiceAccount(ctx, "this", &google.ServiceAccountArgs{
 //				AccountId: "my-awesome-account",
 //			})
 //			if err != nil {
diff --git a/sdk/go/vault/pkisecret/pulumiTypes.go b/sdk/go/vault/pkisecret/pulumiTypes.go
index 5cf12cfd..32533743 100644
--- a/sdk/go/vault/pkisecret/pulumiTypes.go
+++ b/sdk/go/vault/pkisecret/pulumiTypes.go
@@ -14,7 +14,9 @@ import (
 var _ = internal.GetEnvOrDefault
 
 type BackendConfigEstAuthenticators struct {
-	Cert     map[string]interface{} `pulumi:"cert"`
+	// "The accessor (required) and certRole (optional) properties for cert auth backends".
+	Cert map[string]interface{} `pulumi:"cert"`
+	// "The accessor (required) property for user pass auth backends".
 	Userpass map[string]interface{} `pulumi:"userpass"`
 }
 
@@ -30,7 +32,9 @@ type BackendConfigEstAuthenticatorsInput interface {
 }
 
 type BackendConfigEstAuthenticatorsArgs struct {
-	Cert     pulumi.MapInput `pulumi:"cert"`
+	// "The accessor (required) and certRole (optional) properties for cert auth backends".
+	Cert pulumi.MapInput `pulumi:"cert"`
+	// "The accessor (required) property for user pass auth backends".
 	Userpass pulumi.MapInput `pulumi:"userpass"`
 }
 
@@ -111,10 +115,12 @@ func (o BackendConfigEstAuthenticatorsOutput) ToBackendConfigEstAuthenticatorsPt
 	}).(BackendConfigEstAuthenticatorsPtrOutput)
 }
 
+// "The accessor (required) and certRole (optional) properties for cert auth backends".
 func (o BackendConfigEstAuthenticatorsOutput) Cert() pulumi.MapOutput {
 	return o.ApplyT(func(v BackendConfigEstAuthenticators) map[string]interface{} { return v.Cert }).(pulumi.MapOutput)
 }
 
+// "The accessor (required) property for user pass auth backends".
 func (o BackendConfigEstAuthenticatorsOutput) Userpass() pulumi.MapOutput {
 	return o.ApplyT(func(v BackendConfigEstAuthenticators) map[string]interface{} { return v.Userpass }).(pulumi.MapOutput)
 }
@@ -143,6 +149,7 @@ func (o BackendConfigEstAuthenticatorsPtrOutput) Elem() BackendConfigEstAuthenti
 	}).(BackendConfigEstAuthenticatorsOutput)
 }
 
+// "The accessor (required) and certRole (optional) properties for cert auth backends".
 func (o BackendConfigEstAuthenticatorsPtrOutput) Cert() pulumi.MapOutput {
 	return o.ApplyT(func(v *BackendConfigEstAuthenticators) map[string]interface{} {
 		if v == nil {
@@ -152,6 +159,7 @@ func (o BackendConfigEstAuthenticatorsPtrOutput) Cert() pulumi.MapOutput {
 	}).(pulumi.MapOutput)
 }
 
+// "The accessor (required) property for user pass auth backends".
 func (o BackendConfigEstAuthenticatorsPtrOutput) Userpass() pulumi.MapOutput {
 	return o.ApplyT(func(v *BackendConfigEstAuthenticators) map[string]interface{} {
 		if v == nil {
diff --git a/sdk/go/vault/pulumiTypes.go b/sdk/go/vault/pulumiTypes.go
index 3311cbeb..9fcb5729 100644
--- a/sdk/go/vault/pulumiTypes.go
+++ b/sdk/go/vault/pulumiTypes.go
@@ -3803,7 +3803,9 @@ func (o GetPolicyDocumentRuleArrayOutput) Index(i pulumi.IntInput) GetPolicyDocu
 }
 
 type GetPolicyDocumentRuleAllowedParameter struct {
-	Key    string   `pulumi:"key"`
+	// name of permitted or denied parameter.
+	Key string `pulumi:"key"`
+	// list of values what are permitted or denied by policy rule.
 	Values []string `pulumi:"values"`
 }
 
@@ -3819,7 +3821,9 @@ type GetPolicyDocumentRuleAllowedParameterInput interface {
 }
 
 type GetPolicyDocumentRuleAllowedParameterArgs struct {
-	Key    pulumi.StringInput      `pulumi:"key"`
+	// name of permitted or denied parameter.
+	Key pulumi.StringInput `pulumi:"key"`
+	// list of values what are permitted or denied by policy rule.
 	Values pulumi.StringArrayInput `pulumi:"values"`
 }
 
@@ -3874,10 +3878,12 @@ func (o GetPolicyDocumentRuleAllowedParameterOutput) ToGetPolicyDocumentRuleAllo
 	return o
 }
 
+// name of permitted or denied parameter.
 func (o GetPolicyDocumentRuleAllowedParameterOutput) Key() pulumi.StringOutput {
 	return o.ApplyT(func(v GetPolicyDocumentRuleAllowedParameter) string { return v.Key }).(pulumi.StringOutput)
 }
 
+// list of values what are permitted or denied by policy rule.
 func (o GetPolicyDocumentRuleAllowedParameterOutput) Values() pulumi.StringArrayOutput {
 	return o.ApplyT(func(v GetPolicyDocumentRuleAllowedParameter) []string { return v.Values }).(pulumi.StringArrayOutput)
 }
@@ -3903,7 +3909,9 @@ func (o GetPolicyDocumentRuleAllowedParameterArrayOutput) Index(i pulumi.IntInpu
 }
 
 type GetPolicyDocumentRuleDeniedParameter struct {
-	Key    string   `pulumi:"key"`
+	// name of permitted or denied parameter.
+	Key string `pulumi:"key"`
+	// list of values what are permitted or denied by policy rule.
 	Values []string `pulumi:"values"`
 }
 
@@ -3919,7 +3927,9 @@ type GetPolicyDocumentRuleDeniedParameterInput interface {
 }
 
 type GetPolicyDocumentRuleDeniedParameterArgs struct {
-	Key    pulumi.StringInput      `pulumi:"key"`
+	// name of permitted or denied parameter.
+	Key pulumi.StringInput `pulumi:"key"`
+	// list of values what are permitted or denied by policy rule.
 	Values pulumi.StringArrayInput `pulumi:"values"`
 }
 
@@ -3974,10 +3984,12 @@ func (o GetPolicyDocumentRuleDeniedParameterOutput) ToGetPolicyDocumentRuleDenie
 	return o
 }
 
+// name of permitted or denied parameter.
 func (o GetPolicyDocumentRuleDeniedParameterOutput) Key() pulumi.StringOutput {
 	return o.ApplyT(func(v GetPolicyDocumentRuleDeniedParameter) string { return v.Key }).(pulumi.StringOutput)
 }
 
+// list of values what are permitted or denied by policy rule.
 func (o GetPolicyDocumentRuleDeniedParameterOutput) Values() pulumi.StringArrayOutput {
 	return o.ApplyT(func(v GetPolicyDocumentRuleDeniedParameter) []string { return v.Values }).(pulumi.StringArrayOutput)
 }
diff --git a/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleAllowedParameter.java b/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleAllowedParameter.java
index a429f546..055861b0 100644
--- a/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleAllowedParameter.java
+++ b/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleAllowedParameter.java
@@ -14,16 +14,32 @@ public final class GetPolicyDocumentRuleAllowedParameter extends com.pulumi.reso
 
     public static final GetPolicyDocumentRuleAllowedParameter Empty = new GetPolicyDocumentRuleAllowedParameter();
 
+    /**
+     * name of permitted or denied parameter.
+     * 
+     */
     @Import(name="key", required=true)
     private String key;
 
+    /**
+     * @return name of permitted or denied parameter.
+     * 
+     */
     public String key() {
         return this.key;
     }
 
+    /**
+     * list of values what are permitted or denied by policy rule.
+     * 
+     */
     @Import(name="values", required=true)
     private List<String> values;
 
+    /**
+     * @return list of values what are permitted or denied by policy rule.
+     * 
+     */
     public List<String> values() {
         return this.values;
     }
@@ -53,16 +69,34 @@ public Builder(GetPolicyDocumentRuleAllowedParameter defaults) {
             $ = new GetPolicyDocumentRuleAllowedParameter(Objects.requireNonNull(defaults));
         }
 
+        /**
+         * @param key name of permitted or denied parameter.
+         * 
+         * @return builder
+         * 
+         */
         public Builder key(String key) {
             $.key = key;
             return this;
         }
 
+        /**
+         * @param values list of values what are permitted or denied by policy rule.
+         * 
+         * @return builder
+         * 
+         */
         public Builder values(List<String> values) {
             $.values = values;
             return this;
         }
 
+        /**
+         * @param values list of values what are permitted or denied by policy rule.
+         * 
+         * @return builder
+         * 
+         */
         public Builder values(String... values) {
             return values(List.of(values));
         }
diff --git a/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleAllowedParameterArgs.java b/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleAllowedParameterArgs.java
index 136a0612..b7a82a5d 100644
--- a/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleAllowedParameterArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleAllowedParameterArgs.java
@@ -15,16 +15,32 @@ public final class GetPolicyDocumentRuleAllowedParameterArgs extends com.pulumi.
 
     public static final GetPolicyDocumentRuleAllowedParameterArgs Empty = new GetPolicyDocumentRuleAllowedParameterArgs();
 
+    /**
+     * name of permitted or denied parameter.
+     * 
+     */
     @Import(name="key", required=true)
     private Output<String> key;
 
+    /**
+     * @return name of permitted or denied parameter.
+     * 
+     */
     public Output<String> key() {
         return this.key;
     }
 
+    /**
+     * list of values what are permitted or denied by policy rule.
+     * 
+     */
     @Import(name="values", required=true)
     private Output<List<String>> values;
 
+    /**
+     * @return list of values what are permitted or denied by policy rule.
+     * 
+     */
     public Output<List<String>> values() {
         return this.values;
     }
@@ -54,24 +70,54 @@ public Builder(GetPolicyDocumentRuleAllowedParameterArgs defaults) {
             $ = new GetPolicyDocumentRuleAllowedParameterArgs(Objects.requireNonNull(defaults));
         }
 
+        /**
+         * @param key name of permitted or denied parameter.
+         * 
+         * @return builder
+         * 
+         */
         public Builder key(Output<String> key) {
             $.key = key;
             return this;
         }
 
+        /**
+         * @param key name of permitted or denied parameter.
+         * 
+         * @return builder
+         * 
+         */
         public Builder key(String key) {
             return key(Output.of(key));
         }
 
+        /**
+         * @param values list of values what are permitted or denied by policy rule.
+         * 
+         * @return builder
+         * 
+         */
         public Builder values(Output<List<String>> values) {
             $.values = values;
             return this;
         }
 
+        /**
+         * @param values list of values what are permitted or denied by policy rule.
+         * 
+         * @return builder
+         * 
+         */
         public Builder values(List<String> values) {
             return values(Output.of(values));
         }
 
+        /**
+         * @param values list of values what are permitted or denied by policy rule.
+         * 
+         * @return builder
+         * 
+         */
         public Builder values(String... values) {
             return values(List.of(values));
         }
diff --git a/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleDeniedParameter.java b/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleDeniedParameter.java
index 482f8fcd..abac184d 100644
--- a/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleDeniedParameter.java
+++ b/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleDeniedParameter.java
@@ -14,16 +14,32 @@ public final class GetPolicyDocumentRuleDeniedParameter extends com.pulumi.resou
 
     public static final GetPolicyDocumentRuleDeniedParameter Empty = new GetPolicyDocumentRuleDeniedParameter();
 
+    /**
+     * name of permitted or denied parameter.
+     * 
+     */
     @Import(name="key", required=true)
     private String key;
 
+    /**
+     * @return name of permitted or denied parameter.
+     * 
+     */
     public String key() {
         return this.key;
     }
 
+    /**
+     * list of values what are permitted or denied by policy rule.
+     * 
+     */
     @Import(name="values", required=true)
     private List<String> values;
 
+    /**
+     * @return list of values what are permitted or denied by policy rule.
+     * 
+     */
     public List<String> values() {
         return this.values;
     }
@@ -53,16 +69,34 @@ public Builder(GetPolicyDocumentRuleDeniedParameter defaults) {
             $ = new GetPolicyDocumentRuleDeniedParameter(Objects.requireNonNull(defaults));
         }
 
+        /**
+         * @param key name of permitted or denied parameter.
+         * 
+         * @return builder
+         * 
+         */
         public Builder key(String key) {
             $.key = key;
             return this;
         }
 
+        /**
+         * @param values list of values what are permitted or denied by policy rule.
+         * 
+         * @return builder
+         * 
+         */
         public Builder values(List<String> values) {
             $.values = values;
             return this;
         }
 
+        /**
+         * @param values list of values what are permitted or denied by policy rule.
+         * 
+         * @return builder
+         * 
+         */
         public Builder values(String... values) {
             return values(List.of(values));
         }
diff --git a/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleDeniedParameterArgs.java b/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleDeniedParameterArgs.java
index aa8f5278..80471cc0 100644
--- a/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleDeniedParameterArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/vault/inputs/GetPolicyDocumentRuleDeniedParameterArgs.java
@@ -15,16 +15,32 @@ public final class GetPolicyDocumentRuleDeniedParameterArgs extends com.pulumi.r
 
     public static final GetPolicyDocumentRuleDeniedParameterArgs Empty = new GetPolicyDocumentRuleDeniedParameterArgs();
 
+    /**
+     * name of permitted or denied parameter.
+     * 
+     */
     @Import(name="key", required=true)
     private Output<String> key;
 
+    /**
+     * @return name of permitted or denied parameter.
+     * 
+     */
     public Output<String> key() {
         return this.key;
     }
 
+    /**
+     * list of values what are permitted or denied by policy rule.
+     * 
+     */
     @Import(name="values", required=true)
     private Output<List<String>> values;
 
+    /**
+     * @return list of values what are permitted or denied by policy rule.
+     * 
+     */
     public Output<List<String>> values() {
         return this.values;
     }
@@ -54,24 +70,54 @@ public Builder(GetPolicyDocumentRuleDeniedParameterArgs defaults) {
             $ = new GetPolicyDocumentRuleDeniedParameterArgs(Objects.requireNonNull(defaults));
         }
 
+        /**
+         * @param key name of permitted or denied parameter.
+         * 
+         * @return builder
+         * 
+         */
         public Builder key(Output<String> key) {
             $.key = key;
             return this;
         }
 
+        /**
+         * @param key name of permitted or denied parameter.
+         * 
+         * @return builder
+         * 
+         */
         public Builder key(String key) {
             return key(Output.of(key));
         }
 
+        /**
+         * @param values list of values what are permitted or denied by policy rule.
+         * 
+         * @return builder
+         * 
+         */
         public Builder values(Output<List<String>> values) {
             $.values = values;
             return this;
         }
 
+        /**
+         * @param values list of values what are permitted or denied by policy rule.
+         * 
+         * @return builder
+         * 
+         */
         public Builder values(List<String> values) {
             return values(Output.of(values));
         }
 
+        /**
+         * @param values list of values what are permitted or denied by policy rule.
+         * 
+         * @return builder
+         * 
+         */
         public Builder values(String... values) {
             return values(List.of(values));
         }
diff --git a/sdk/java/src/main/java/com/pulumi/vault/outputs/GetPolicyDocumentRuleAllowedParameter.java b/sdk/java/src/main/java/com/pulumi/vault/outputs/GetPolicyDocumentRuleAllowedParameter.java
index cf713054..a4ddcd99 100644
--- a/sdk/java/src/main/java/com/pulumi/vault/outputs/GetPolicyDocumentRuleAllowedParameter.java
+++ b/sdk/java/src/main/java/com/pulumi/vault/outputs/GetPolicyDocumentRuleAllowedParameter.java
@@ -11,13 +11,29 @@
 
 @CustomType
 public final class GetPolicyDocumentRuleAllowedParameter {
+    /**
+     * @return name of permitted or denied parameter.
+     * 
+     */
     private String key;
+    /**
+     * @return list of values what are permitted or denied by policy rule.
+     * 
+     */
     private List<String> values;
 
     private GetPolicyDocumentRuleAllowedParameter() {}
+    /**
+     * @return name of permitted or denied parameter.
+     * 
+     */
     public String key() {
         return this.key;
     }
+    /**
+     * @return list of values what are permitted or denied by policy rule.
+     * 
+     */
     public List<String> values() {
         return this.values;
     }
diff --git a/sdk/java/src/main/java/com/pulumi/vault/outputs/GetPolicyDocumentRuleDeniedParameter.java b/sdk/java/src/main/java/com/pulumi/vault/outputs/GetPolicyDocumentRuleDeniedParameter.java
index d8f03028..4f9f7609 100644
--- a/sdk/java/src/main/java/com/pulumi/vault/outputs/GetPolicyDocumentRuleDeniedParameter.java
+++ b/sdk/java/src/main/java/com/pulumi/vault/outputs/GetPolicyDocumentRuleDeniedParameter.java
@@ -11,13 +11,29 @@
 
 @CustomType
 public final class GetPolicyDocumentRuleDeniedParameter {
+    /**
+     * @return name of permitted or denied parameter.
+     * 
+     */
     private String key;
+    /**
+     * @return list of values what are permitted or denied by policy rule.
+     * 
+     */
     private List<String> values;
 
     private GetPolicyDocumentRuleDeniedParameter() {}
+    /**
+     * @return name of permitted or denied parameter.
+     * 
+     */
     public String key() {
         return this.key;
     }
+    /**
+     * @return list of values what are permitted or denied by policy rule.
+     * 
+     */
     public List<String> values() {
         return this.values;
     }
diff --git a/sdk/java/src/main/java/com/pulumi/vault/pkiSecret/inputs/BackendConfigEstAuthenticatorsArgs.java b/sdk/java/src/main/java/com/pulumi/vault/pkiSecret/inputs/BackendConfigEstAuthenticatorsArgs.java
index da860f8b..516e7f2d 100644
--- a/sdk/java/src/main/java/com/pulumi/vault/pkiSecret/inputs/BackendConfigEstAuthenticatorsArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/vault/pkiSecret/inputs/BackendConfigEstAuthenticatorsArgs.java
@@ -17,16 +17,32 @@ public final class BackendConfigEstAuthenticatorsArgs extends com.pulumi.resourc
 
     public static final BackendConfigEstAuthenticatorsArgs Empty = new BackendConfigEstAuthenticatorsArgs();
 
+    /**
+     * &#34;The accessor (required) and cert_role (optional) properties for cert auth backends&#34;.
+     * 
+     */
     @Import(name="cert")
     private @Nullable Output<Map<String,Object>> cert;
 
+    /**
+     * @return &#34;The accessor (required) and cert_role (optional) properties for cert auth backends&#34;.
+     * 
+     */
     public Optional<Output<Map<String,Object>>> cert() {
         return Optional.ofNullable(this.cert);
     }
 
+    /**
+     * &#34;The accessor (required) property for user pass auth backends&#34;.
+     * 
+     */
     @Import(name="userpass")
     private @Nullable Output<Map<String,Object>> userpass;
 
+    /**
+     * @return &#34;The accessor (required) property for user pass auth backends&#34;.
+     * 
+     */
     public Optional<Output<Map<String,Object>>> userpass() {
         return Optional.ofNullable(this.userpass);
     }
@@ -56,20 +72,44 @@ public Builder(BackendConfigEstAuthenticatorsArgs defaults) {
             $ = new BackendConfigEstAuthenticatorsArgs(Objects.requireNonNull(defaults));
         }
 
+        /**
+         * @param cert &#34;The accessor (required) and cert_role (optional) properties for cert auth backends&#34;.
+         * 
+         * @return builder
+         * 
+         */
         public Builder cert(@Nullable Output<Map<String,Object>> cert) {
             $.cert = cert;
             return this;
         }
 
+        /**
+         * @param cert &#34;The accessor (required) and cert_role (optional) properties for cert auth backends&#34;.
+         * 
+         * @return builder
+         * 
+         */
         public Builder cert(Map<String,Object> cert) {
             return cert(Output.of(cert));
         }
 
+        /**
+         * @param userpass &#34;The accessor (required) property for user pass auth backends&#34;.
+         * 
+         * @return builder
+         * 
+         */
         public Builder userpass(@Nullable Output<Map<String,Object>> userpass) {
             $.userpass = userpass;
             return this;
         }
 
+        /**
+         * @param userpass &#34;The accessor (required) property for user pass auth backends&#34;.
+         * 
+         * @return builder
+         * 
+         */
         public Builder userpass(Map<String,Object> userpass) {
             return userpass(Output.of(userpass));
         }
diff --git a/sdk/java/src/main/java/com/pulumi/vault/pkiSecret/outputs/BackendConfigEstAuthenticators.java b/sdk/java/src/main/java/com/pulumi/vault/pkiSecret/outputs/BackendConfigEstAuthenticators.java
index 11a6f6c6..01cf8f1e 100644
--- a/sdk/java/src/main/java/com/pulumi/vault/pkiSecret/outputs/BackendConfigEstAuthenticators.java
+++ b/sdk/java/src/main/java/com/pulumi/vault/pkiSecret/outputs/BackendConfigEstAuthenticators.java
@@ -12,13 +12,29 @@
 
 @CustomType
 public final class BackendConfigEstAuthenticators {
+    /**
+     * @return &#34;The accessor (required) and cert_role (optional) properties for cert auth backends&#34;.
+     * 
+     */
     private @Nullable Map<String,Object> cert;
+    /**
+     * @return &#34;The accessor (required) property for user pass auth backends&#34;.
+     * 
+     */
     private @Nullable Map<String,Object> userpass;
 
     private BackendConfigEstAuthenticators() {}
+    /**
+     * @return &#34;The accessor (required) and cert_role (optional) properties for cert auth backends&#34;.
+     * 
+     */
     public Map<String,Object> cert() {
         return this.cert == null ? Map.of() : this.cert;
     }
+    /**
+     * @return &#34;The accessor (required) property for user pass auth backends&#34;.
+     * 
+     */
     public Map<String,Object> userpass() {
         return this.userpass == null ? Map.of() : this.userpass;
     }
diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts
index def14259..98ac8b5c 100644
--- a/sdk/nodejs/types/input.ts
+++ b/sdk/nodejs/types/input.ts
@@ -121,22 +121,46 @@ export interface GetPolicyDocumentRuleArgs {
 }
 
 export interface GetPolicyDocumentRuleAllowedParameter {
+    /**
+     * name of permitted or denied parameter.
+     */
     key: string;
+    /**
+     * list of values what are permitted or denied by policy rule.
+     */
     values: string[];
 }
 
 export interface GetPolicyDocumentRuleAllowedParameterArgs {
+    /**
+     * name of permitted or denied parameter.
+     */
     key: pulumi.Input<string>;
+    /**
+     * list of values what are permitted or denied by policy rule.
+     */
     values: pulumi.Input<pulumi.Input<string>[]>;
 }
 
 export interface GetPolicyDocumentRuleDeniedParameter {
+    /**
+     * name of permitted or denied parameter.
+     */
     key: string;
+    /**
+     * list of values what are permitted or denied by policy rule.
+     */
     values: string[];
 }
 
 export interface GetPolicyDocumentRuleDeniedParameterArgs {
+    /**
+     * name of permitted or denied parameter.
+     */
     key: pulumi.Input<string>;
+    /**
+     * list of values what are permitted or denied by policy rule.
+     */
     values: pulumi.Input<pulumi.Input<string>[]>;
 }
 
@@ -2836,7 +2860,13 @@ export namespace okta {
 
 export namespace pkiSecret {
     export interface BackendConfigEstAuthenticators {
+        /**
+         * "The accessor (required) and certRole (optional) properties for cert auth backends".
+         */
         cert?: pulumi.Input<{[key: string]: any}>;
+        /**
+         * "The accessor (required) property for user pass auth backends".
+         */
         userpass?: pulumi.Input<{[key: string]: any}>;
     }
 
diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts
index 39f2ed5f..b9216c6e 100644
--- a/sdk/nodejs/types/output.ts
+++ b/sdk/nodejs/types/output.ts
@@ -86,12 +86,24 @@ export interface GetPolicyDocumentRule {
 }
 
 export interface GetPolicyDocumentRuleAllowedParameter {
+    /**
+     * name of permitted or denied parameter.
+     */
     key: string;
+    /**
+     * list of values what are permitted or denied by policy rule.
+     */
     values: string[];
 }
 
 export interface GetPolicyDocumentRuleDeniedParameter {
+    /**
+     * name of permitted or denied parameter.
+     */
     key: string;
+    /**
+     * list of values what are permitted or denied by policy rule.
+     */
     values: string[];
 }
 
@@ -2844,7 +2856,13 @@ export namespace okta {
 
 export namespace pkiSecret {
     export interface BackendConfigEstAuthenticators {
+        /**
+         * "The accessor (required) and certRole (optional) properties for cert auth backends".
+         */
         cert?: {[key: string]: any};
+        /**
+         * "The accessor (required) property for user pass auth backends".
+         */
         userpass?: {[key: string]: any};
     }
 
diff --git a/sdk/python/pulumi_vault/_inputs.py b/sdk/python/pulumi_vault/_inputs.py
index 32ed69c9..da269ce1 100644
--- a/sdk/python/pulumi_vault/_inputs.py
+++ b/sdk/python/pulumi_vault/_inputs.py
@@ -1844,12 +1844,19 @@ class GetPolicyDocumentRuleAllowedParameterArgs:
     def __init__(__self__, *,
                  key: str,
                  values: Sequence[str]):
+        """
+        :param str key: name of permitted or denied parameter.
+        :param Sequence[str] values: list of values what are permitted or denied by policy rule.
+        """
         pulumi.set(__self__, "key", key)
         pulumi.set(__self__, "values", values)
 
     @property
     @pulumi.getter
     def key(self) -> str:
+        """
+        name of permitted or denied parameter.
+        """
         return pulumi.get(self, "key")
 
     @key.setter
@@ -1859,6 +1866,9 @@ def key(self, value: str):
     @property
     @pulumi.getter
     def values(self) -> Sequence[str]:
+        """
+        list of values what are permitted or denied by policy rule.
+        """
         return pulumi.get(self, "values")
 
     @values.setter
@@ -1871,12 +1881,19 @@ class GetPolicyDocumentRuleDeniedParameterArgs:
     def __init__(__self__, *,
                  key: str,
                  values: Sequence[str]):
+        """
+        :param str key: name of permitted or denied parameter.
+        :param Sequence[str] values: list of values what are permitted or denied by policy rule.
+        """
         pulumi.set(__self__, "key", key)
         pulumi.set(__self__, "values", values)
 
     @property
     @pulumi.getter
     def key(self) -> str:
+        """
+        name of permitted or denied parameter.
+        """
         return pulumi.get(self, "key")
 
     @key.setter
@@ -1886,6 +1903,9 @@ def key(self, value: str):
     @property
     @pulumi.getter
     def values(self) -> Sequence[str]:
+        """
+        list of values what are permitted or denied by policy rule.
+        """
         return pulumi.get(self, "values")
 
     @values.setter
diff --git a/sdk/python/pulumi_vault/_utilities.py b/sdk/python/pulumi_vault/_utilities.py
index abad7b41..c92fd32f 100644
--- a/sdk/python/pulumi_vault/_utilities.py
+++ b/sdk/python/pulumi_vault/_utilities.py
@@ -100,10 +100,6 @@ def _get_semver_version():
 _version = _get_semver_version()
 _version_str = str(_version)
 
-
-def get_version():
-    return _version_str
-
 def get_resource_opts_defaults() -> pulumi.ResourceOptions:
     return pulumi.ResourceOptions(
         version=get_version(),
@@ -324,3 +320,6 @@ def deprecated_fn(*args, **kwargs):
 
 def get_plugin_download_url():
 	return None
+
+def get_version():
+     return _version_str
diff --git a/sdk/python/pulumi_vault/outputs.py b/sdk/python/pulumi_vault/outputs.py
index 2801fc8c..72824635 100644
--- a/sdk/python/pulumi_vault/outputs.py
+++ b/sdk/python/pulumi_vault/outputs.py
@@ -277,17 +277,27 @@ class GetPolicyDocumentRuleAllowedParameterResult(dict):
     def __init__(__self__, *,
                  key: str,
                  values: Sequence[str]):
+        """
+        :param str key: name of permitted or denied parameter.
+        :param Sequence[str] values: list of values what are permitted or denied by policy rule.
+        """
         pulumi.set(__self__, "key", key)
         pulumi.set(__self__, "values", values)
 
     @property
     @pulumi.getter
     def key(self) -> str:
+        """
+        name of permitted or denied parameter.
+        """
         return pulumi.get(self, "key")
 
     @property
     @pulumi.getter
     def values(self) -> Sequence[str]:
+        """
+        list of values what are permitted or denied by policy rule.
+        """
         return pulumi.get(self, "values")
 
 
@@ -296,17 +306,27 @@ class GetPolicyDocumentRuleDeniedParameterResult(dict):
     def __init__(__self__, *,
                  key: str,
                  values: Sequence[str]):
+        """
+        :param str key: name of permitted or denied parameter.
+        :param Sequence[str] values: list of values what are permitted or denied by policy rule.
+        """
         pulumi.set(__self__, "key", key)
         pulumi.set(__self__, "values", values)
 
     @property
     @pulumi.getter
     def key(self) -> str:
+        """
+        name of permitted or denied parameter.
+        """
         return pulumi.get(self, "key")
 
     @property
     @pulumi.getter
     def values(self) -> Sequence[str]:
+        """
+        list of values what are permitted or denied by policy rule.
+        """
         return pulumi.get(self, "values")
 
 
diff --git a/sdk/python/pulumi_vault/pkisecret/_inputs.py b/sdk/python/pulumi_vault/pkisecret/_inputs.py
index 865bf703..295ccc15 100644
--- a/sdk/python/pulumi_vault/pkisecret/_inputs.py
+++ b/sdk/python/pulumi_vault/pkisecret/_inputs.py
@@ -19,6 +19,10 @@ class BackendConfigEstAuthenticatorsArgs:
     def __init__(__self__, *,
                  cert: Optional[pulumi.Input[Mapping[str, Any]]] = None,
                  userpass: Optional[pulumi.Input[Mapping[str, Any]]] = None):
+        """
+        :param pulumi.Input[Mapping[str, Any]] cert: "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        :param pulumi.Input[Mapping[str, Any]] userpass: "The accessor (required) property for user pass auth backends".
+        """
         if cert is not None:
             pulumi.set(__self__, "cert", cert)
         if userpass is not None:
@@ -27,6 +31,9 @@ def __init__(__self__, *,
     @property
     @pulumi.getter
     def cert(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+        """
+        "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        """
         return pulumi.get(self, "cert")
 
     @cert.setter
@@ -36,6 +43,9 @@ def cert(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
     @property
     @pulumi.getter
     def userpass(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+        """
+        "The accessor (required) property for user pass auth backends".
+        """
         return pulumi.get(self, "userpass")
 
     @userpass.setter
diff --git a/sdk/python/pulumi_vault/pkisecret/outputs.py b/sdk/python/pulumi_vault/pkisecret/outputs.py
index da517f0a..a71c411c 100644
--- a/sdk/python/pulumi_vault/pkisecret/outputs.py
+++ b/sdk/python/pulumi_vault/pkisecret/outputs.py
@@ -20,6 +20,10 @@ class BackendConfigEstAuthenticators(dict):
     def __init__(__self__, *,
                  cert: Optional[Mapping[str, Any]] = None,
                  userpass: Optional[Mapping[str, Any]] = None):
+        """
+        :param Mapping[str, Any] cert: "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        :param Mapping[str, Any] userpass: "The accessor (required) property for user pass auth backends".
+        """
         if cert is not None:
             pulumi.set(__self__, "cert", cert)
         if userpass is not None:
@@ -28,11 +32,17 @@ def __init__(__self__, *,
     @property
     @pulumi.getter
     def cert(self) -> Optional[Mapping[str, Any]]:
+        """
+        "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        """
         return pulumi.get(self, "cert")
 
     @property
     @pulumi.getter
     def userpass(self) -> Optional[Mapping[str, Any]]:
+        """
+        "The accessor (required) property for user pass auth backends".
+        """
         return pulumi.get(self, "userpass")