Vault Passphrase Provider

Vault Passphrase Provider provide a mechanism for reading a passphrase from a HashiCorp Vault instance.

Parent Component Relations from This Component Properties dsconfig Usage

Parent Component

The Vault Passphrase Provider component inherits from the Passphrase Provider

Relations from This Component

The following components have a direct aggregation relation from Vault Passphrase Providers:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 vault-external-server
 vault-secret-path
 vault-secret-field-name
 max-cache-duration

Basic Properties

description

Description
A description for this Passphrase Provider
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether this Passphrase Provider is enabled for use in the server.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

vault-external-server

Description
An external server definition with information needed to connect and authenticate to the Vault instance containing the passphrase.
Default Value
None
Allowed Values
The DN of any Vault External Server.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

vault-secret-path (Read-Only)

Description
The path to the desired secret in the Vault service. This will be appended to the value of the base-url property for the associated Vault external server.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

vault-secret-field-name (Read-Only)

Description
The name of the field in the Vault secret record that contains the passphrase to use to generate the encryption key.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

max-cache-duration

Description
The maximum length of time that the passphrase provider may cache the passphrase that has been read from Vault. A value of zero seconds indicates that the provider should always attempt to read the passphrase from Vault.
Default Value
60s
Allowed Values
A duration. Lower limit is 0 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Passphrase Providers:

dsconfig list-passphrase-providers
     [--property {propertyName}] ...

To view the configuration for an existing Passphrase Provider:

dsconfig get-passphrase-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Passphrase Provider:

dsconfig set-passphrase-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Vault Passphrase Provider:

dsconfig create-passphrase-provider
     --provider-name {name}
     --type vault
     --set enabled:{propertyValue}
     --set vault-external-server:{propertyValue}
     --set vault-secret-path:{propertyValue}
     --set vault-secret-field-name:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Passphrase Provider:

dsconfig delete-passphrase-provider
     --provider-name {name}