Conjur External Servers are used to provide information needed to connect and interact with CyberArk Conjur instances.
The Conjur External Server component inherits from the External Server
The following components have a direct aggregation relation from Conjur External Servers:
The following components have a direct aggregation relation to Conjur External Servers:
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
description | None |
conjur-server-base-uri | |
conjur-authentication-method | |
conjur-account-name | |
http-connect-timeout | |
http-response-timeout | |
trust-store-file | |
trust-store-pin | |
trust-store-type |
Description | A description for this External Server |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | The base URL needed to access the CyberArk Conjur server. The base URL should consist of the protocol ("http" or "https"), the server address (resolvable name or IP address), and the port number. For example, "https://conjur.example.com:8443/". If multiple Conjur base server URLs are configured, the specified servers will be tried in the order listed until the desired secret is obtained. |
Default Value | None |
Allowed Values | An absolute URL, or a relative URL |
Multi-Valued | Yes |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The mechanism used to authenticate to the Conjur server. |
Default Value | None |
Allowed Values | The DN of any Conjur Authentication Method. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The name of the account with which the desired secrets are associated. |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The maximum length of time to wait to obtain an HTTP connection. |
Default Value | 30 s |
Allowed Values | A duration. Lower limit is 1 milliseconds. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | The maximum length of time to wait for a response to an HTTP request. |
Default Value | 30 s |
Allowed Values | A duration. Lower limit is 1 milliseconds. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | The path to a file containing the information needed to trust the certificate presented by the Conjur servers. A trust store file may be configured if any of the Conjur server base URIs have a protocol of "https". If no trust store file is configured, then the JVM's default trust store will be used. |
Default Value | None |
Allowed Values | A filesystem path |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | The PIN needed to access the contents of the trust store. This is only required if a trust store file is required, and if that trust store requires a PIN to access its contents. |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | The store type for the specified trust store file. The value should likely be one of "JKS", "PKCS12", or "BCFKS". |
Default Value | JKS |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured External Servers:
dsconfig list-external-servers [--property {propertyName}] ...
To view the configuration for an existing External Server:
dsconfig get-external-server-prop --server-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing External Server:
dsconfig set-external-server-prop --server-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Conjur External Server:
dsconfig create-external-server --server-name {name} --type conjur --set conjur-server-base-uri:{propertyValue} --set conjur-authentication-method:{propertyValue} --set conjur-account-name:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing External Server:
dsconfig delete-external-server --server-name {name}