Ping Identity Directory Server - Azure Key Vault Passphrase Provider

Directory Server Documentation Index
Configuration Reference Home

Azure Key Vault Passphrase Provider

Azure Key Vault Passphrase Provider provide a mechanism for reading a passphrase from the Microsoft Azure Key Vault service.

↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage

Parent Component

The Azure Key Vault Passphrase Provider component inherits from the Passphrase Provider

Relations from This Component

The following components have a direct aggregation relation from Azure Key Vault Passphrase Providers:

Azure Authentication Method

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ key-vault-uri
↓ azure-authentication-method
↓ secret-name
↓ max-cache-duration

Basic Properties

description

Description	A description for this Passphrase Provider
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether this Passphrase Provider is enabled for use in the server.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

key-vault-uri

Description	The URI that identifies the Azure Key Vault from which the secret is to be retrieved.
Default Value	None
Allowed Values	An absolute URL, or a relative URL
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

azure-authentication-method

Description	The mechanism used to authenticate to the Azure service.
Default Value	None
Allowed Values	The DN of any Azure Authentication Method.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

secret-name (Read-Only)

Description	The name of the secret to retrieve.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

max-cache-duration

Description	The maximum length of time that the passphrase provider may cache the passphrase that has been read from Azure Key Vault. A value of zero seconds indicates that the provider should always attempt to read the passphrase from the Azure service.
Default Value	60s
Allowed Values	A duration. Lower limit is 0 milliseconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Passphrase Providers:

dsconfig list-passphrase-providers
     [--property {propertyName}] ...

To view the configuration for an existing Passphrase Provider:

dsconfig get-passphrase-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Passphrase Provider:

dsconfig set-passphrase-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Azure Key Vault Passphrase Provider:

dsconfig create-passphrase-provider
     --provider-name {name}
     --type azure-key-vault
     --set enabled:{propertyValue}
     --set key-vault-uri:{propertyValue}
     --set azure-authentication-method:{propertyValue}
     --set secret-name:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Passphrase Provider:

dsconfig delete-passphrase-provider
     --provider-name {name}