Amazon Secrets Manager Passphrase Provider

Amazon Secrets Manager Passphrase Provider provide a mechanism for reading a passphrase from the Amazon AWS Secrets Manager service. It may only be used with string secrets (in which the Secrets Manager service returns the secret in the form of a JSON object) and not with secrets stored in a binary form.

Parent Component Relations from This Component Properties dsconfig Usage

Parent Component

The Amazon Secrets Manager Passphrase Provider component inherits from the Passphrase Provider

Relations from This Component

The following components have a direct aggregation relation from Amazon Secrets Manager Passphrase Providers:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 aws-external-server
 secret-id
 secret-field-name
 secret-version-id
 secret-version-stage
 max-cache-duration

Basic Properties

description

Description
A description for this Passphrase Provider
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether this Passphrase Provider is enabled for use in the server.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

aws-external-server

Description
The external server with information to use when interacting with the AWS Secrets Manager.
Default Value
None
Allowed Values
The DN of any Amazon Aws External Server.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

secret-id (Read-Only)

Description
The Amazon Resource Name (ARN) or the user-friendly name of the secret to be retrieved.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

secret-field-name (Read-Only)

Description
The name of the JSON field whose value is the passphrase that will be retrieved.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

secret-version-id (Read-Only)

Description
The unique identifier for the version of the secret to be retrieved. If this is provided, then its value will typically be in the form of a UUID. This property must not be provided if the secret-version-stage property is provided. If neither the secret-version-id property nor the secret-version-stage property is provided, then the current version of the secret will be used.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

secret-version-stage (Read-Only)

Description
The staging label for the version of the secret to be retrieved. If this is provided, then its value will typically be in the form of a UUID. This property must not be provided if the secret-version-id property is provided. If neither the secret-version-id property nor the secret-version-stage property is provided, then the current version of the secret will be used.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

max-cache-duration

Description
The maximum length of time that the passphrase provider may cache the passphrase that has been read from Vault. A value of zero seconds indicates that the provider should always attempt to read the passphrase from Vault.
Default Value
60s
Allowed Values
A duration. Lower limit is 0 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Passphrase Providers:

dsconfig list-passphrase-providers
     [--property {propertyName}] ...

To view the configuration for an existing Passphrase Provider:

dsconfig get-passphrase-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Passphrase Provider:

dsconfig set-passphrase-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Amazon Secrets Manager Passphrase Provider:

dsconfig create-passphrase-provider
     --provider-name {name}
     --type amazon-secrets-manager
     --set enabled:{propertyValue}
     --set aws-external-server:{propertyValue}
     --set secret-id:{propertyValue}
     --set secret-field-name:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Passphrase Provider:

dsconfig delete-passphrase-provider
     --provider-name {name}