Ping Identity Data Governance Server - App Role Vault Authentication Method

Data Governance Server Documentation Index
Configuration Reference Home

App Role Vault Authentication Method

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

App Role Vault Authentication Methods authenticate to Vault with a role ID and secret ID, which can be exchanged for an access token.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The App Role Vault Authentication Method component inherits from the Vault Authentication Method

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ vault-role-id
↓ vault-secret-id
↓ login-mechanism-name

Basic Properties

description

Description	A description for this Vault Authentication Method
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

vault-role-id

Description	The role ID for the AppRole to authenticate.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

vault-secret-id

Description	The secret ID for the AppRole to authenticate.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

Description	The name used when enabling the desired AppRole authentication mechanism in the Vault server. This should be the portion of the request URI path needed ot authenticate to a Vault instance with the desired AppRole mechanism. It should be the portion of the path between "/v1/sys/auth/" and "/login". For example, in the request URI "http://vault.example.com:8200/v1/sys/auth/approle/login", the mechanism name is "approle".
Default Value	approle
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Vault Authentication Methods:

dsconfig list-vault-authentication-methods
     [--property {propertyName}] ...

To view the configuration for an existing Vault Authentication Method:

dsconfig get-vault-authentication-method-prop
     --method-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Vault Authentication Method:

dsconfig set-vault-authentication-method-prop
     --method-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new App Role Vault Authentication Method:

dsconfig create-vault-authentication-method
     --method-name {name}
     --type app-role
     --set vault-role-id:{propertyValue}
     --set vault-secret-id:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Vault Authentication Method:

dsconfig delete-vault-authentication-method
     --method-name {name}