Azure Key Vault Passphrase Provider provide a mechanism for reading a passphrase from the Microsoft Azure Key Vault service.
The Azure Key Vault Passphrase Provider component inherits from the Passphrase Provider
The following components have a direct aggregation relation from Azure Key Vault Passphrase Providers:
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
description | None |
enabled | |
key-vault-uri | |
azure-authentication-method | |
http-proxy-external-server | |
secret-name | |
max-cache-duration |
Description | A description for this Passphrase Provider |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether this Passphrase Provider is enabled for use in the server. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The URI that identifies the Azure Key Vault from which the secret is to be retrieved. |
Default Value | None |
Allowed Values | An absolute URL, or a relative URL |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The mechanism used to authenticate to the Azure service. |
Default Value | None |
Allowed Values | The DN of any Azure Authentication Method. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | A reference to an HTTP proxy server that should be used for requests sent to the Azure service. |
Default Value | No HTTP proxy server will be used. |
Allowed Values | The DN of any HTTP Proxy External Server. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | The name of the secret to retrieve. |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The maximum length of time that the passphrase provider may cache the passphrase that has been read from Azure Key Vault. A value of zero seconds indicates that the provider should always attempt to read the passphrase from the Azure service. |
Default Value | 60s |
Allowed Values | A duration. Lower limit is 0 milliseconds. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Passphrase Providers:
dsconfig list-passphrase-providers [--property {propertyName}] ...
To view the configuration for an existing Passphrase Provider:
dsconfig get-passphrase-provider-prop --provider-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Passphrase Provider:
dsconfig set-passphrase-provider-prop --provider-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Azure Key Vault Passphrase Provider:
dsconfig create-passphrase-provider --provider-name {name} --type azure-key-vault --set enabled:{propertyValue} --set key-vault-uri:{propertyValue} --set azure-authentication-method:{propertyValue} --set secret-name:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing Passphrase Provider:
dsconfig delete-passphrase-provider --provider-name {name}