Conjur Passphrase Provider

Conjur Passphrase Provider provide a mechanism for reading a passphrase from a CyberArk Conjur instance.

Parent Component Relations from This Component Properties dsconfig Usage

Parent Component

The Conjur Passphrase Provider component inherits from the Passphrase Provider

Relations from This Component

The following components have a direct aggregation relation from Conjur Passphrase Providers:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 conjur-external-server
 conjur-secret-relative-path
 max-cache-duration

Basic Properties

description

Description
A description for this Passphrase Provider
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether this Passphrase Provider is enabled for use in the server.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

conjur-external-server

Description
An external server definition with information needed to connect and authenticate to the Conjur instance containing the passphrase.
Default Value
None
Allowed Values
The DN of any Conjur External Server.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

conjur-secret-relative-path (Read-Only)

Description
The portion of the path that follows the account name in the URI needed to obtain the desired secret. Any special characters in the path must be URL-encoded. For example, if the full URI used to retrieve the secret is https://conjur.example.com:8443/secrets/myAccount/variable/MyApp%2FmySecret then the conjur-secret-path value should be "variable/MyApp%2FmySecret".
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

max-cache-duration

Description
The maximum length of time that the passphrase provider may cache the passphrase that has been read from Conjur. A value of zero seconds indicates that the provider should always attempt to read the passphrase from Conjur.
Default Value
60s
Allowed Values
A duration. Lower limit is 0 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Passphrase Providers:

dsconfig list-passphrase-providers
     [--property {propertyName}] ...

To view the configuration for an existing Passphrase Provider:

dsconfig get-passphrase-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Passphrase Provider:

dsconfig set-passphrase-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Conjur Passphrase Provider:

dsconfig create-passphrase-provider
     --provider-name {name}
     --type conjur
     --set enabled:{propertyValue}
     --set conjur-external-server:{propertyValue}
     --set conjur-secret-relative-path:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Passphrase Provider:

dsconfig delete-passphrase-provider
     --provider-name {name}