Ping Identity Data Sync Server - Vault Passphrase Provider

Data Sync Server Documentation Index
Configuration Reference Home

Vault Passphrase Provider

Vault Passphrase Provider provide a mechanism for reading a passphrase from a HashiCorp Vault instance.

↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage

Parent Component

The Vault Passphrase Provider component inherits from the Passphrase Provider

Relations from This Component

The following components have a direct aggregation relation from Vault Passphrase Providers:

Vault External Server

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ vault-external-server
↓ vault-secret-path
↓ vault-secret-field-name
↓ max-cache-duration

Basic Properties

description

Description	A description for this Passphrase Provider
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether this Passphrase Provider is enabled for use in the server.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

vault-external-server

Description	An external server definition with information needed to connect and authenticate to the Vault instance containing the passphrase.
Default Value	None
Allowed Values	The DN of any Vault External Server.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

vault-secret-path (Read-Only)

Description	The path to the desired secret in the Vault service. This will be appended to the value of the base-url property for the associated Vault external server.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

vault-secret-field-name (Read-Only)

Description	The name of the field in the Vault secret record that contains the passphrase to use to generate the encryption key.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

max-cache-duration

Description	The maximum length of time that the passphrase provider may cache the passphrase that has been read from Vault. A value of zero seconds indicates that the provider should always attempt to read the passphrase from Vault.
Default Value	60s
Allowed Values	A duration. Lower limit is 0 milliseconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Passphrase Providers:

dsconfig list-passphrase-providers
     [--property {propertyName}] ...

To view the configuration for an existing Passphrase Provider:

dsconfig get-passphrase-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Passphrase Provider:

dsconfig set-passphrase-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Vault Passphrase Provider:

dsconfig create-passphrase-provider
     --provider-name {name}
     --type vault
     --set enabled:{propertyValue}
     --set vault-external-server:{propertyValue}
     --set vault-secret-path:{propertyValue}
     --set vault-secret-field-name:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Passphrase Provider:

dsconfig delete-passphrase-provider
     --provider-name {name}