Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
App Role Vault Authentication Methods authenticate to Vault with a role ID and secret ID, which can be exchanged for an access token.
The App Role Vault Authentication Method component inherits from the Vault Authentication Method
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| vault-role-id | |
| vault-secret-id | |
| login-mechanism-name |
| Description | A description for this Vault Authentication Method |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The role ID for the AppRole to authenticate. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The secret ID for the AppRole to authenticate. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The name used when enabling the desired AppRole authentication mechanism in the Vault server. This should be the portion of the request URI path needed ot authenticate to a Vault instance with the desired AppRole mechanism. It should be the portion of the path between "/v1/sys/auth/" and "/login". For example, in the request URI "http://vault.example.com:8200/v1/sys/auth/approle/login", the mechanism name is "approle". |
| Default Value | approle |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Vault Authentication Methods:
dsconfig list-vault-authentication-methods
[--property {propertyName}] ...
To view the configuration for an existing Vault Authentication Method:
dsconfig get-vault-authentication-method-prop
--method-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Vault Authentication Method:
dsconfig set-vault-authentication-method-prop
--method-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new App Role Vault Authentication Method:
dsconfig create-vault-authentication-method
--method-name {name}
--type app-role
--set vault-role-id:{propertyValue}
--set vault-secret-id:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Vault Authentication Method:
dsconfig delete-vault-authentication-method
--method-name {name}