Vault External Servers are used to provide information needed to connect and interact with HashiCorp Vault instances.
The Vault External Server component inherits from the External Server
The following components have a direct aggregation relation from Vault External Servers:
The following components have a direct aggregation relation to Vault External Servers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| vault-server-base-uri | |
| vault-authentication-method | |
| http-connect-timeout | |
| http-response-timeout | |
| trust-store-file | |
| trust-store-pin | |
| trust-store-type |
| Description | A description for this External Server |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The base URL needed to access the Vault server. The base URL should consist of the protocol ("http" or "https"), the server address (resolvable name or IP address), and the port number. For example, "https://vault.example.com:8200/". If multiple vault base server URLs are configured, the specified Vault servers will be tried in the order listed until the desired secret is obtained. |
| Default Value | None |
| Allowed Values | An absolute URL, or a relative URL |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The mechanism used to authenticate to the Vault server. |
| Default Value | None |
| Allowed Values | The DN of any Vault Authentication Method. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The maximum length of time to wait to obtain an HTTP connection. |
| Default Value | 30 s |
| Allowed Values | A duration. Lower limit is 1 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The maximum length of time to wait for a response to an HTTP request. |
| Default Value | 30 s |
| Allowed Values | A duration. Lower limit is 1 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The path to a file containing the information needed to trust the certificate presented by the Vault servers. A trust store file may be configured if any of the Vault server base URIs have a protocol of "https". If no trust store file is configured, then the JVM's default trust store will be used. |
| Default Value | None |
| Allowed Values | A filesystem path |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The passphrase needed to access the contents of the trust store. This is only required if a trust store file is required, and if that trust store requires a PIN to access its contents. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The store type for the specified trust store file. The value should likely be one of "JKS", "PKCS12", or "BCFKS". |
| Default Value | JKS |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured External Servers:
dsconfig list-external-servers
[--property {propertyName}] ...
To view the configuration for an existing External Server:
dsconfig get-external-server-prop
--server-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing External Server:
dsconfig set-external-server-prop
--server-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Vault External Server:
dsconfig create-external-server
--server-name {name}
--type vault
--set vault-server-base-uri:{propertyValue}
--set vault-authentication-method:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing External Server:
dsconfig delete-external-server
--server-name {name}