VaultConfig
class resources.vault_config.VaultConfig
Base class: Resource
A configuration about a HashiCorp Vault which Cloudomation can access to fetch secrets.
Either a vault token or the AppRoles authentification method can be used.
See the corresponding Flow Api class at VaultConfig
Property | Description | Type | Import/Export |
---|---|---|---|
approle_path | Path for AppRole authentification method (final path for this authentification method will be /auth/<approle_path> and must be the same path where you enabled this method on your Vault) | String(length=1024) | both |
bundle_id | Reference to the bundle this record is associated with. Allowed for BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, FILE, FLOW, LDAP_CONFIG, OAUTH, OBJECT_TEMPLATE, PLUGIN, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, EXECUTION, MESSAGE, ORGANIZATION, PROCESS, PROJECT, USER, WORKSPACE. Mutually exclusive with project_id | UUID(as_uuid=False) | both |
bundle_name | The name of the bundle. Will look up the bundle and set bundle_id. | String(length=128) | neither |
cacert | A certificate to verify the identity of the vault. Only needed if the Vault installation uses a self-signed certificate. | String(length=40960) | both |
commit_message | The commit message for this change. | Text() | import only |
created_at | DateTime(timezone=True) | export only | |
created_by | UUID(as_uuid=False) | export only | |
deleted_at | DateTime(timezone=True) | export only | |
deleted_by | UUID(as_uuid=False) | export only | |
description | A multiline description of what this record is and does. | Text() | both |
engine_path | The Vault engine to use, often secret or kv . | String(length=1024) | both |
has_token | Boolean() | neither | |
id | UUID(as_uuid=False) | neither | |
is_auto_renew_enabled | If set, Engine will try to renew the token before it expires. Renewal will only succeed if the MAX_TTL of the token is not reached. Please refer to token renew for details. | Boolean() | both |
is_bundle_readonly | Boolean() | neither | |
is_deleted | Boolean() | export only | |
is_enabled | A flag to control of the vault config is enabled. | Boolean() | both |
is_project_readonly | Boolean() | neither | |
is_readonly | A flag to control if the record can be modified. Allowed for BUNDLE, BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, FILE, FLOW, OAUTH, OBJECT_TEMPLATE, PLUGIN, PROJECT, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for EXECUTION, LDAP_CONFIG, MESSAGE, ORGANIZATION, PROCESS, USER, WORKSPACE | Boolean() | both |
modified_at | DateTime(timezone=True) | export only | |
modified_by | UUID(as_uuid=False) | export only | |
name | The name of this record. Must be unique across a workspace. | String(length=128) | both |
organization_id | UUID(as_uuid=False) | export only | |
project_id | Reference to the project this record is associated with. Allowed for CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, EXECUTION, FILE, FLOW, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, LDAP_CONFIG, ORGANIZATION, PROCESS, PROJECT, ROLE, USER, WORKSPACE. Mutually exclusive with bundle_id. | UUID(as_uuid=False) | both |
project_name | The name of the project. Will look up the project and set project_id. | String(length=128) | neither |
record_type | Enum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'EXECUTION', 'FILE', 'FLOW', 'LDAP_CONFIG', 'MESSAGE', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROCESS', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='recordtype') | neither | |
repository_path | The path to the storing repository, relative to GIT_REPOSITORY_SAVE_PATH | String(length=256) | neither |
resource_type | Enum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'FILE', 'FLOW', 'LDAP_CONFIG', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='resourcetype') | neither | |
runner_role_id | For AppRole authentification: RoleID for the runner. | String(length=1024) | import only |
runner_role_name | For AppRole authentification: name of a role used by a runner, with permission to retrieve secrets from vault. | String(length=1024) | import only |
schema_version | String(length=128) | both | |
token | A Vault access token which is used to fetch secrets. | String(length=1024) | import only |
vault_url | The URL to your vault installation | String(length=1024) | both |
worker_role_id | For AppRole authentification: RoleID of worker. Associated with a role with permission to request wrapped SecretIDs. | String(length=1024) | import only |
worker_secret_id | For AppRole authentification: SecretID of worker. | String(length=1024) | import only |
workspace_id | UUID(as_uuid=False) | export only |