Skip to main content
Version: 10 - TBD

VaultConfig

class flow_api.vault_config.VaultConfig(select=None, cls=None, init=None, by='name', allow_normal=True, allow_deleted=False, approle_path=[class 'flow_api.system.NotSet'], bundle_id=[class 'flow_api.system.NotSet'], bundle_name=[class 'flow_api.system.NotSet'], cacert=[class 'flow_api.system.NotSet'], commit_message=[class 'flow_api.system.NotSet'], description=[class 'flow_api.system.NotSet'], engine_path=[class 'flow_api.system.NotSet'], is_auto_renew_enabled=[class 'flow_api.system.NotSet'], is_enabled=[class 'flow_api.system.NotSet'], is_readonly=[class 'flow_api.system.NotSet'], name=[class 'flow_api.system.NotSet'], project_id=[class 'flow_api.system.NotSet'], project_name=[class 'flow_api.system.NotSet'], runner_role_id=[class 'flow_api.system.NotSet'], runner_role_name=[class 'flow_api.system.NotSet'], token=[class 'flow_api.system.NotSet'], vault_url=[class 'flow_api.system.NotSet'], worker_role_id=[class 'flow_api.system.NotSet'], worker_secret_id=[class 'flow_api.system.NotSet'], debug=False)

Base class: Resource

A configuration about a HashiCorp Vault which Cloudomation can access to fetch secrets.

Either a vault token or the AppRoles authentification method can be used.

See the corresponding Resources class at VaultConfig

Parameters

NameTypeDescription
allow_deletedbool
allow_normalbool
approle_pathtyping.Union[ flow_api.system.NotSet, str, NoneType ]Path for AppRole authentification method (final path for this authentification method will be "/auth/<approle_path>" and must be the same path where you enabled this method on your Vault)
bundle_idtyping.Union[ flow_api.system.NotSet, str, NoneType ]Reference to the bundle this record is associated with. Allowed for BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, FILE, FLOW, LDAP_CONFIG, OAUTH, OBJECT_TEMPLATE, PLUGIN, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, EXECUTION, MESSAGE, ORGANIZATION, PROCESS, PROJECT, USER, WORKSPACE. Mutually exclusive with project_id
bundle_nametyping.Union[ flow_api.system.NotSet, str, NoneType ]The name of the bundle. Will look up the bundle and set bundle_id.
bystr
cacerttyping.Union[ flow_api.system.NotSet, str, NoneType ]A certificate to verify the identity of the vault. Only needed if the Vault installation uses a self-signed certificate.
clstyping.Union[ type, NoneType ]
commit_messagetyping.Union[ flow_api.system.NotSet, str, NoneType ]The commit message for this change.
debugboolif set, the content of the data being written will be logged.
descriptiontyping.Union[ flow_api.system.NotSet, str, NoneType ]A multiline description of what this record is and does.
engine_pathtyping.Union[ flow_api.system.NotSet, str ]The Vault engine to use, often secret or kv.
inittyping.Union[ dict, NoneType ]
is_auto_renew_enabledtyping.Union[ flow_api.system.NotSet, bool ]If set, Engine will try to renew the token before it expires. Renewal will only succeed if the MAX_TTL of the token is not reached. Please refer to token renew for details.
is_enabledtyping.Union[ flow_api.system.NotSet, bool ]A flag to control of the vault config is enabled.
is_readonlytyping.Union[ flow_api.system.NotSet, bool ]A flag to control if the record can be modified. Allowed for BUNDLE, BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, FILE, FLOW, OAUTH, OBJECT_TEMPLATE, PLUGIN, PROJECT, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for EXECUTION, LDAP_CONFIG, MESSAGE, ORGANIZATION, PROCESS, USER, WORKSPACE
nametyping.Union[ flow_api.system.NotSet, str ]The name of this record. Must be unique across a workspace.
project_idtyping.Union[ flow_api.system.NotSet, str, NoneType ]Reference to the project this record is associated with. Allowed for CONNECTOR, CUSTOM_OBJECT, EXECUTION, FILE, FLOW, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, LDAP_CONFIG, ORGANIZATION, PROCESS, PROJECT, ROLE, USER, WORKSPACE. Mutually exclusive with bundle_id.
project_nametyping.Union[ flow_api.system.NotSet, str, NoneType ]The name of the project. Will look up the project and set project_id.
runner_role_idtyping.Union[ flow_api.system.NotSet, str, NoneType ]For AppRole authentification: RoleID for the runner.
runner_role_nametyping.Union[ flow_api.system.NotSet, str, NoneType ]For AppRole authentification: name of a role used by a runner, with permission to retrieve secrets from vault.
selecttyping.Union[ str, NoneType ]
tokentyping.Union[ flow_api.system.NotSet, str, NoneType ]A Vault access token which is used to fetch secrets.
vault_urltyping.Union[ flow_api.system.NotSet, str, NoneType ]The URL to your vault installation
worker_role_idtyping.Union[ flow_api.system.NotSet, str, NoneType ]For AppRole authentification: RoleID of worker. Associated with a role with permission to request wrapped SecretIDs.
worker_secret_idtyping.Union[ flow_api.system.NotSet, str, NoneType ]For AppRole authentification: SecretID of worker.

Constants

RESOURCE = vault_config

Methods

add_record_tag

add_record_user

add_resource_wrapper

add_tag

bundle

clone

created_by_identity

delete

deleted_by_identity

exists

export

get

get_dict

get_identity_created_by

get_identity_deleted_by

get_identity_modified_by

get_logs

get_tags

modified_by_identity

organization

project

record_log_list

record_tag_list

record_user_list

remove_tag

resource_wrapper_list

restore

save

workspace

write_secret