VaultConfig
class resources.vault_config.VaultConfig
Base class: Resource
A configuration about a HashiCorp Vault which Cloudomation can access to fetch secrets.
Either a vault token or userpass authentication method can be used.
See the corresponding Flow Api class at VaultConfig
Property | Description | Type | Import/Export |
---|---|---|---|
bundle_id | Reference to the bundle this record is associated with. Allowed for BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, FILE, FLOW, LDAP_CONFIG, OAUTH, OBJECT_TEMPLATE, PLUGIN, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, EXECUTION, MESSAGE, ORGANIZATION, PROCESS, PROJECT, USER, WORKSPACE. Mutually exclusive with project_id | UUID(as_uuid=False) | both |
bundle_name | The name of the bundle. Will look up the bundle and set bundle_id. | String(length=128) | neither |
check_hostname | If set, the hostname of the server is checked against the CA certificate. | Boolean() | both |
client_cert | A client certificate used to authenticate the SSL transport. | String(length=40960) | both |
client_key | The key of the client certificate used to authenticate the SSL transport. | String(length=40960) | import only |
commit_message | The commit message for this change. | Text() | import only |
created_at | DateTime(timezone=True) | export only | |
created_by | UUID(as_uuid=False) | export only | |
deleted_at | DateTime(timezone=True) | export only | |
deleted_by | UUID(as_uuid=False) | export only | |
description | A multiline description of what this record is and does. | Text() | both |
engine_path | The Vault engine to use, often secret or kv . | String(length=1024) | both |
has_client_key | Boolean() | neither | |
has_deprecation | Boolean() | export only | |
has_password | Boolean() | neither | |
has_syntax_error | Boolean() | export only | |
has_token | Boolean() | neither | |
id | UUID(as_uuid=False) | neither | |
is_auto_renew_enabled | If set, Engine will try to renew the token before it expires. Renewal will only succeed if the MAX_TTL of the token is not reached. Please refer to token renew for details. | Boolean() | both |
is_bundle_readonly | Boolean() | neither | |
is_deleted | Boolean() | export only | |
is_enabled | A flag to control of the vault config is enabled. | Boolean() | both |
is_project_readonly | Boolean() | neither | |
is_readonly | A flag to control if the record can be modified. Allowed for BUNDLE, BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, FILE, FLOW, OAUTH, OBJECT_TEMPLATE, PLUGIN, PROJECT, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for EXECUTION, LDAP_CONFIG, MESSAGE, ORGANIZATION, PROCESS, USER, WORKSPACE | Boolean() | both |
location_inheritance | Controls the project/bundle association of a newly created record when no project_id /project_name /bundle_id /bundle_name is specified in the create request. Depending on the record type different options are available: location_inheritance | record types | description - |
modified_at | DateTime(timezone=True) | export only | |
modified_by | UUID(as_uuid=False) | export only | |
name | The name of this record. Must be unique across a workspace. | String(length=128) | both |
organization_id | UUID(as_uuid=False) | export only | |
password | A password to authenticate. Either token , username and password , or client_cert and client_key must be set. | String(length=1024) | import only |
project_id | Reference to the project this record is associated with. Allowed for CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, EXECUTION, FILE, FLOW, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, LDAP_CONFIG, ORGANIZATION, PROCESS, PROJECT, ROLE, USER, WORKSPACE. Mutually exclusive with bundle_id. | UUID(as_uuid=False) | both |
project_name | The name of the project. Will look up the project and set project_id. | String(length=128) | neither |
record_type | Enum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'EXECUTION', 'FILE', 'FLOW', 'LDAP_CONFIG', 'MESSAGE', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROCESS', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='recordtype') | neither | |
repository_path | The path to the storing repository, relative to GIT_REPOSITORY_SAVE_PATH | String(length=256) | neither |
resource_type | Enum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'FILE', 'FLOW', 'LDAP_CONFIG', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='resourcetype') | neither | |
schema_version | String(length=128) | both | |
server_ca | The content of the server's CA certificates in PEM format. To be used for self-signed certificates. | String(length=40960) | both |
token | A Vault access token to authenticate. Either token , username and password , or client_cert and client_key must be set. | String(length=1024) | import only |
username | A Username to authenticate. Either token , username and password , or client_cert and client_key must be set. | String(length=1024) | both |
vault_url | The URL to your vault installation | String(length=1024) | both |
verify_ssl | Verify the server's SSL certificate. Strongly recommended. Can be disabled if using a self-signed certificate. | Boolean() | both |
workspace_id | UUID(as_uuid=False) | export only |