Ping Identity PingAuthorize Server - Amazon Secrets Manager Passphrase Provider

PingAuthorize Server Documentation Index
Configuration Reference Home

Amazon Secrets Manager Passphrase Provider

Amazon Secrets Manager Passphrase Provider provide a mechanism for reading a passphrase from the Amazon AWS Secrets Manager service. It may only be used with string secrets (in which the Secrets Manager service returns the secret in the form of a JSON object) and not with secrets stored in a binary form.

↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage

Parent Component

The Amazon Secrets Manager Passphrase Provider component inherits from the Passphrase Provider

Relations from This Component

The following components have a direct aggregation relation from Amazon Secrets Manager Passphrase Providers:

Amazon Aws External Server

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ aws-external-server
↓ secret-id
↓ secret-field-name
↓ secret-version-id
↓ secret-version-stage
↓ max-cache-duration

Basic Properties

description

Description	A description for this Passphrase Provider
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether this Passphrase Provider is enabled for use in the server.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

aws-external-server

Description	The external server with information to use when interacting with the AWS Secrets Manager.
Default Value	None
Allowed Values	The DN of any Amazon Aws External Server.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

secret-id (Read-Only)

Description	The Amazon Resource Name (ARN) or the user-friendly name of the secret to be retrieved.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

secret-field-name (Read-Only)

Description	The name of the JSON field whose value is the passphrase that will be retrieved.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

secret-version-id (Read-Only)

Description	The unique identifier for the version of the secret to be retrieved. If this is provided, then its value will typically be in the form of a UUID. This property must not be provided if the secret-version-stage property is provided. If neither the secret-version-id property nor the secret-version-stage property is provided, then the current version of the secret will be used.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

secret-version-stage (Read-Only)

Description	The staging label for the version of the secret to be retrieved. If this is provided, then its value will typically be in the form of a UUID. This property must not be provided if the secret-version-id property is provided. If neither the secret-version-id property nor the secret-version-stage property is provided, then the current version of the secret will be used.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

max-cache-duration

Description	The maximum length of time that the passphrase provider may cache the passphrase that has been read from Vault. A value of zero seconds indicates that the provider should always attempt to read the passphrase from Vault.
Default Value	60s
Allowed Values	A duration. Lower limit is 0 milliseconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Passphrase Providers:

dsconfig list-passphrase-providers
     [--property {propertyName}] ...

To view the configuration for an existing Passphrase Provider:

dsconfig get-passphrase-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Passphrase Provider:

dsconfig set-passphrase-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Amazon Secrets Manager Passphrase Provider:

dsconfig create-passphrase-provider
     --provider-name {name}
     --type amazon-secrets-manager
     --set enabled:{propertyValue}
     --set aws-external-server:{propertyValue}
     --set secret-id:{propertyValue}
     --set secret-field-name:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Passphrase Provider:

dsconfig delete-passphrase-provider
     --provider-name {name}