VaultConfig
class resources.vault_config.VaultConfig
Base class: Resource
A configuration about a HashiCorp Vault which Cloudomation can access to fetch secrets.
Either a vault token or userpass authentication method can be used.
See the corresponding Flow Api class at VaultConfig
| Property | Description | Type | Import/Export |
|---|---|---|---|
| bundle_id | Reference to the bundle this record is associated with. Allowed for BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, FILE, FLOW, LDAP_CONFIG, OAUTH, OBJECT_TEMPLATE, PLUGIN, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, EXECUTION, MESSAGE, ORGANIZATION, PROCESS, PROJECT, USER, WORKSPACE. Mutually exclusive with project_id | UUID(as_uuid=False) | both |
| bundle_name | The name of the bundle. Will look up the bundle and set bundle_id. | String(length=128) | neither |
| check_hostname | If set, the hostname of the server is checked against the CA certificate. | Boolean() | both |
| client_cert | A client certificate used to authenticate the SSL transport. | String(length=40960) | both |
| client_key | The key of the client certificate used to authenticate the SSL transport. | String(length=40960) | import only |
| commit_message | The commit message for this change. | Text() | import only |
| created_at | DateTime(timezone=True) | export only | |
| created_by | UUID(as_uuid=False) | export only | |
| deleted_at | DateTime(timezone=True) | export only | |
| deleted_by | UUID(as_uuid=False) | export only | |
| description | A multiline description of what this record is and does. | Text() | both |
| engine_path | The Vault engine to use, often secret or kv. | String(length=1024) | both |
| has_client_key | Boolean() | neither | |
| has_deprecation | Boolean() | export only | |
| has_password | Boolean() | neither | |
| has_syntax_error | Boolean() | export only | |
| has_token | Boolean() | neither | |
| id | UUID(as_uuid=False) | neither | |
| is_auto_renew_enabled | If set, Engine will try to renew the token before it expires. Renewal will only succeed if the MAX_TTL of the token is not reached. Please refer to token renew for details. | Boolean() | both |
| is_bundle_readonly | Boolean() | neither | |
| is_deleted | Boolean() | export only | |
| is_enabled | A flag to control of the vault config is enabled. | Boolean() | both |
| is_project_readonly | Boolean() | neither | |
| is_readonly | A flag to control if the record can be modified. Allowed for BUNDLE, BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, FILE, FLOW, OAUTH, OBJECT_TEMPLATE, PLUGIN, PROJECT, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for EXECUTION, LDAP_CONFIG, MESSAGE, ORGANIZATION, PROCESS, USER, WORKSPACE | Boolean() | both |
| location_inheritance | Controls the project/bundle association of a newly created record when no project_id/project_name/bundle_id/bundle_name is specified in the create request. Depending on the record type different options are available: location_inheritance | record types | description - |
| modified_at | DateTime(timezone=True) | export only | |
| modified_by | UUID(as_uuid=False) | export only | |
| name | The name of this record. Must be unique across a workspace. | String(length=128) | both |
| organization_id | UUID(as_uuid=False) | export only | |
| password | A password to authenticate. Either token, username and password, or client_cert and client_key must be set. | String(length=1024) | import only |
| project_id | Reference to the project this record is associated with. Allowed for CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, EXECUTION, FILE, FLOW, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, LDAP_CONFIG, ORGANIZATION, PROCESS, PROJECT, ROLE, USER, WORKSPACE. Mutually exclusive with bundle_id. | UUID(as_uuid=False) | both |
| project_name | The name of the project. Will look up the project and set project_id. | String(length=128) | neither |
| record_type | Enum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'EXECUTION', 'FILE', 'FLOW', 'LDAP_CONFIG', 'MESSAGE', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROCESS', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='recordtype') | neither | |
| repository_path | The path to the storing repository, relative to GIT_REPOSITORY_SAVE_PATH | String(length=256) | neither |
| resource_type | Enum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'FILE', 'FLOW', 'LDAP_CONFIG', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='resourcetype') | neither | |
| schema_version | String(length=128) | both | |
| server_ca | The content of the server's CA certificates in PEM format. To be used for self-signed certificates. | String(length=40960) | both |
| token | A Vault access token to authenticate. Either token, username and password, or client_cert and client_key must be set. | String(length=1024) | import only |
| username | A Username to authenticate. Either token, username and password, or client_cert and client_key must be set. | String(length=1024) | both |
| vault_url | The URL to your vault installation | String(length=1024) | both |
| verify_ssl | Verify the server's SSL certificate. Strongly recommended. Can be disabled if using a self-signed certificate. | Boolean() | both |
| workspace_id | UUID(as_uuid=False) | export only |