Vault External Server

Vault External Servers are used to provide information needed to connect and interact with HashiCorp Vault instances.

Parent Component Relations from This Component Relations to This Component Properties dsconfig Usage

Parent Component

The Vault External Server component inherits from the External Server

Relations from This Component

The following components have a direct aggregation relation from Vault External Servers:

Relations to This Component

The following components have a direct aggregation relation to Vault External Servers:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 vault-server-base-uri
 vault-authentication-method
 http-connect-timeout
 http-response-timeout
 trust-store-file
 trust-store-pin
 trust-store-type

Basic Properties

description

Description
A description for this External Server
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

vault-server-base-uri

Description
The base URL needed to access the Vault server. The base URL should consist of the protocol ("http" or "https"), the server address (resolvable name or IP address), and the port number. For example, "https://vault.example.com:8200/". If multiple vault base server URLs are configured, the specified Vault servers will be tried in the order listed until the desired secret is obtained.
Default Value
None
Allowed Values
An absolute URL, or a relative URL
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

vault-authentication-method

Description
The mechanism used to authenticate to the Vault server.
Default Value
None
Allowed Values
The DN of any Vault Authentication Method.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

http-connect-timeout

Description
The maximum length of time to wait to obtain an HTTP connection.
Default Value
30 s
Allowed Values
A duration. Lower limit is 1 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

http-response-timeout

Description
The maximum length of time to wait for a response to an HTTP request.
Default Value
30 s
Allowed Values
A duration. Lower limit is 1 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

trust-store-file

Description
The path to a file containing the information needed to trust the certificate presented by the Vault servers. A trust store file may be configured if any of the Vault server base URIs have a protocol of "https". If no trust store file is configured, then the JVM's default trust store will be used.
Default Value
None
Allowed Values
A filesystem path
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

trust-store-pin

Description
The passphrase needed to access the contents of the trust store. This is only required if a trust store file is required, and if that trust store requires a PIN to access its contents.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

trust-store-type

Description
The store type for the specified trust store file. The value should likely be one of "JKS", "PKCS12", or "BCFKS".
Default Value
JKS
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured External Servers:

dsconfig list-external-servers
     [--property {propertyName}] ...

To view the configuration for an existing External Server:

dsconfig get-external-server-prop
     --server-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing External Server:

dsconfig set-external-server-prop
     --server-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Vault External Server:

dsconfig create-external-server
     --server-name {name}
     --type vault
     --set vault-server-base-uri:{propertyValue}
     --set vault-authentication-method:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing External Server:

dsconfig delete-external-server
     --server-name {name}