Skip to main content
Version: 10 - Vanillekipferl

VaultConfig

class resources.vault_config.VaultConfig

Base class: Resource

A configuration about a HashiCorp Vault which Cloudomation can access to fetch secrets.

Either a vault token or userpass authentication method can be used.

See the corresponding Flow Api class at VaultConfig

PropertyDescriptionTypeImport/Export
bundle_idReference to the bundle this record is associated with. Allowed for BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, FILE, FLOW, LDAP_CONFIG, OAUTH, OBJECT_TEMPLATE, PLUGIN, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, EXECUTION, MESSAGE, ORGANIZATION, PROCESS, PROJECT, USER, WORKSPACE. Mutually exclusive with project_idUUID(as_uuid=False)both
bundle_nameThe name of the bundle. Will look up the bundle and set bundle_id.String(length=128)neither
check_hostnameIf set, the hostname of the server is checked against the CA certificate.Boolean()both
client_certA client certificate used to authenticate the SSL transport.String(length=40960)both
client_keyThe key of the client certificate used to authenticate the SSL transport.String(length=40960)import only
commit_messageThe commit message for this change.Text()import only
created_atDateTime(timezone=True)export only
created_byUUID(as_uuid=False)export only
deleted_atDateTime(timezone=True)export only
deleted_byUUID(as_uuid=False)export only
descriptionA multiline description of what this record is and does.Text()both
engine_pathThe Vault engine to use, often secret or kv.String(length=1024)both
has_client_keyBoolean()neither
has_deprecationBoolean()export only
has_passwordBoolean()neither
has_syntax_errorBoolean()export only
has_tokenBoolean()neither
idUUID(as_uuid=False)neither
is_auto_renew_enabledIf set, Engine will try to renew the token before it expires. Renewal will only succeed if the MAX_TTL of the token is not reached. Please refer to token renew for details.Boolean()both
is_bundle_readonlyBoolean()neither
is_deletedBoolean()export only
is_enabledA flag to control of the vault config is enabled.Boolean()both
is_project_readonlyBoolean()neither
is_readonlyA flag to control if the record can be modified. Allowed for BUNDLE, BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, FILE, FLOW, OAUTH, OBJECT_TEMPLATE, PLUGIN, PROJECT, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for EXECUTION, LDAP_CONFIG, MESSAGE, ORGANIZATION, PROCESS, USER, WORKSPACEBoolean()both
location_inheritanceControls the project/bundle association of a newly created record when no project_id/project_name/bundle_id/bundle_name is specified in the create request. Depending on the record type different options are available: location_inheritancerecord typesdescription -
modified_atDateTime(timezone=True)export only
modified_byUUID(as_uuid=False)export only
nameThe name of this record. Must be unique across a workspace.String(length=128)both
organization_idUUID(as_uuid=False)export only
passwordA password to authenticate. Either token, username and password, or client_cert and client_key must be set.String(length=1024)import only
project_idReference to the project this record is associated with. Allowed for CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, EXECUTION, FILE, FLOW, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, LDAP_CONFIG, ORGANIZATION, PROCESS, PROJECT, ROLE, USER, WORKSPACE. Mutually exclusive with bundle_id.UUID(as_uuid=False)both
project_nameThe name of the project. Will look up the project and set project_id.String(length=128)neither
record_typeEnum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'EXECUTION', 'FILE', 'FLOW', 'LDAP_CONFIG', 'MESSAGE', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROCESS', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='recordtype')neither
repository_pathThe path to the storing repository, relative to GIT_REPOSITORY_SAVE_PATHString(length=256)neither
resource_typeEnum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'FILE', 'FLOW', 'LDAP_CONFIG', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='resourcetype')neither
schema_versionString(length=128)both
server_caThe content of the server's CA certificates in PEM format. To be used for self-signed certificates.String(length=40960)both
tokenA Vault access token to authenticate. Either token, username and password, or client_cert and client_key must be set.String(length=1024)import only
usernameA Username to authenticate. Either token, username and password, or client_cert and client_key must be set.String(length=1024)both
vault_urlThe URL to your vault installationString(length=1024)both
verify_sslVerify the server's SSL certificate. Strongly recommended. Can be disabled if using a self-signed certificate.Boolean()both
workspace_idUUID(as_uuid=False)export only