Skip to main content
Version: 11 - TBD

VaultConfig

class resources.vault_config.VaultConfig

Base class: Resource

A configuration about a HashiCorp Vault which Cloudomation can access to fetch secrets.

Either a vault token or userpass authentication method can be used.

See the corresponding Flow Api class at VaultConfig

PropertyDescriptionTypeImport/Export
bundle_idReference to the bundle this record is associated with. Allowed for BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, EXECUTION, FILE, FLOW, LDAP_CONFIG, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, ORGANIZATION, PROCESS, PROJECT, USER, WORKSPACE. Mutually exclusive with project_idUUID(as_uuid=False)both
bundle_nameThe name of the bundle. Will look up the bundle and set bundle_id.String(length=128)neither
check_hostnameIf set, the hostname of the server is checked against the CA certificate.Boolean()both
client_certA client certificate used to authenticate the SSL transport.String(length=40960)both
client_keyThe key of the client certificate used to authenticate the SSL transport.String(length=40960)import only
commit_messageThe commit message for this change.Text()import only
created_atDateTime(timezone=True)export only
created_byUUID(as_uuid=False)export only
deleted_atDateTime(timezone=True)export only
deleted_byUUID(as_uuid=False)export only
descriptionA multiline description of what this record is and does.Text()both
engine_pathThe Vault engine to use, often secret or kv.String(length=1024)both
has_client_keyBoolean()neither
has_deprecationBoolean()export only
has_passwordBoolean()neither
has_syntax_errorBoolean()export only
has_tokenBoolean()neither
idUUID(as_uuid=False)neither
is_auto_renew_enabledIf set, Engine will try to renew the token before it expires. Renewal will only succeed if the MAX_TTL of the token is not reached. Please refer to token renew for details.Boolean()both
is_bundle_contentA flag to control if the resource is considered bundle content. Changes in bundle content mark the bundle as modified. Updating the bundle will modify the bundle content.Boolean()both
is_bundle_readonlyBoolean()neither
is_deletedBoolean()export only
is_enabledA flag to control of the vault config is enabled.Boolean()both
is_project_readonlyBoolean()neither
is_readonlyA flag to control if the record can be modified. Allowed for BUNDLE, BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, FILE, FLOW, OAUTH, OBJECT_TEMPLATE, PLUGIN, PROJECT, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for EXECUTION, LDAP_CONFIG, MESSAGE, ORGANIZATION, PROCESS, USER, WORKSPACEBoolean()both
location_inheritanceControls the project/bundle association of a newly created record when no project_id/project_name/bundle_id/bundle_name is specified in the create request. Depending on the record type different options are available:
location_inheritance record types description
created_by all use the same location as the identity which creates the record
default all use the "Default project" where applicable or "Workspace" for record types which cannot be in a project
wrapped_resource execution use the same location as the innermost resource which is wrapped
resource execution use the same location as the resource on which the execution is based on
Notes:
  • If a project_id/project_name/bundle_id/bundle_name is specified in the request, it always takes precedence.
  • The options wrapped_resource and resource only work with executions which are based on a resource, not with ad-hoc connections or executions of type "SCRIPT". If used with ad-hoc connections or "SCRIPT" it will fall back to default.
  • If the record being created cannot be associated with the specified location, the fallback to default will be used.
  • If location_inheritance is unset, the default value used depends on the type of identity which creates the record as well as the type of record which is created. If an execution is created by any identity which is not an execution, it defaults to wrapped_resource. In all other cases it defaults to created_by.
String(length=128)neither
modified_atDateTime(timezone=True)export only
modified_byUUID(as_uuid=False)export only
nameThe name of this record. Must be unique across a workspace.String(length=128)both
organization_idUUID(as_uuid=False)export only
passwordA password to authenticate. Either token, username and password, or client_cert and client_key must be set.String(length=1024)import only
project_idReference to the project this record is associated with. Allowed for CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, EXECUTION, FILE, FLOW, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, LDAP_CONFIG, ORGANIZATION, PROCESS, PROJECT, ROLE, USER, WORKSPACE. Mutually exclusive with bundle_id.UUID(as_uuid=False)both
project_nameThe name of the project. Will look up the project and set project_id.String(length=128)neither
record_typeEnum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'EXECUTION', 'FILE', 'FLOW', 'LDAP_CONFIG', 'MESSAGE', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROCESS', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='recordtype')neither
repository_pathThe path to the storing repository, relative to GIT_REPOSITORY_SAVE_PATHString(length=256)neither
resource_typeEnum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'FILE', 'FLOW', 'LDAP_CONFIG', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='resourcetype')neither
schema_versionString(length=128)both
server_caThe content of the server's CA certificates in PEM format. To be used for self-signed certificates.String(length=40960)both
tokenA Vault access token to authenticate. Either token, username and password, or client_cert and client_key must be set.String(length=1024)import only
usernameA Username to authenticate. Either token, username and password, or client_cert and client_key must be set.String(length=1024)both
vault_urlThe URL to your vault installationString(length=1024)both
verify_sslVerify the server's SSL certificate. Strongly recommended. Can be disabled if using a self-signed certificate.Boolean()both
workspace_idUUID(as_uuid=False)export only