App Role Vault Authentication Method

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

App Role Vault Authentication Methods authenticate to Vault with a role ID and secret ID, which can be exchanged for an access token.

Parent Component Properties dsconfig Usage

Parent Component

The App Role Vault Authentication Method component inherits from the Vault Authentication Method

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 vault-role-id
 vault-secret-id
 login-mechanism-name

Basic Properties

description

Description
A description for this Vault Authentication Method
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

vault-role-id

Description
The role ID for the AppRole to authenticate.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

vault-secret-id

Description
The secret ID for the AppRole to authenticate.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

login-mechanism-name

Description
The name used when enabling the desired AppRole authentication mechanism in the Vault server. This should be the portion of the request URI path needed ot authenticate to a Vault instance with the desired AppRole mechanism. It should be the portion of the path between "/v1/sys/auth/" and "/login". For example, in the request URI "http://vault.example.com:8200/v1/sys/auth/approle/login", the mechanism name is "approle".
Default Value
approle
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Vault Authentication Methods:

dsconfig list-vault-authentication-methods
     [--property {propertyName}] ...

To view the configuration for an existing Vault Authentication Method:

dsconfig get-vault-authentication-method-prop
     --method-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Vault Authentication Method:

dsconfig set-vault-authentication-method-prop
     --method-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new App Role Vault Authentication Method:

dsconfig create-vault-authentication-method
     --method-name {name}
     --type app-role
     --set vault-role-id:{propertyValue}
     --set vault-secret-id:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Vault Authentication Method:

dsconfig delete-vault-authentication-method
     --method-name {name}