Conjur External Server

Conjur External Servers are used to provide information needed to connect and interact with CyberArk Conjur instances.

Parent Component Relations from This Component Relations to This Component Properties dsconfig Usage

Parent Component

The Conjur External Server component inherits from the External Server

Relations from This Component

The following components have a direct aggregation relation from Conjur External Servers:

Relations to This Component

The following components have a direct aggregation relation to Conjur External Servers:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 conjur-server-base-uri
 conjur-authentication-method
 conjur-account-name
 http-connect-timeout
 http-response-timeout
 trust-store-file
 trust-store-pin
 trust-store-type

Basic Properties

description

Description
A description for this External Server
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

conjur-server-base-uri

Description
The base URL needed to access the CyberArk Conjur server. The base URL should consist of the protocol ("http" or "https"), the server address (resolvable name or IP address), and the port number. For example, "https://conjur.example.com:8443/". If multiple Conjur base server URLs are configured, the specified servers will be tried in the order listed until the desired secret is obtained.
Default Value
None
Allowed Values
An absolute URL, or a relative URL
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

conjur-authentication-method

Description
The mechanism used to authenticate to the Conjur server.
Default Value
None
Allowed Values
The DN of any Conjur Authentication Method.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

conjur-account-name

Description
The name of the account with which the desired secrets are associated.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

http-connect-timeout

Description
The maximum length of time to wait to obtain an HTTP connection.
Default Value
30 s
Allowed Values
A duration. Lower limit is 1 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

http-response-timeout

Description
The maximum length of time to wait for a response to an HTTP request.
Default Value
30 s
Allowed Values
A duration. Lower limit is 1 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

trust-store-file

Description
The path to a file containing the information needed to trust the certificate presented by the Conjur servers. A trust store file may be configured if any of the Conjur server base URIs have a protocol of "https". If no trust store file is configured, then the JVM's default trust store will be used.
Default Value
None
Allowed Values
A filesystem path
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

trust-store-pin

Description
The PIN needed to access the contents of the trust store. This is only required if a trust store file is required, and if that trust store requires a PIN to access its contents.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

trust-store-type

Description
The store type for the specified trust store file. The value should likely be one of "JKS", "PKCS12", or "BCFKS".
Default Value
JKS
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured External Servers:

dsconfig list-external-servers
     [--property {propertyName}] ...

To view the configuration for an existing External Server:

dsconfig get-external-server-prop
     --server-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing External Server:

dsconfig set-external-server-prop
     --server-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Conjur External Server:

dsconfig create-external-server
     --server-name {name}
     --type conjur
     --set conjur-server-base-uri:{propertyValue}
     --set conjur-authentication-method:{propertyValue}
     --set conjur-account-name:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing External Server:

dsconfig delete-external-server
     --server-name {name}