Skip to main content
Version: 10 - TBD

VaultConfig

class resources.vault_config.VaultConfig

Base class: Resource

A configuration about a HashiCorp Vault which Cloudomation can access to fetch secrets.

Either a vault token or the AppRoles authentification method can be used.

See the corresponding Flow Api class at VaultConfig

PropertyDescriptionTypeImport/Export
approle_pathPath for AppRole authentification method (final path for this authentification method will be "/auth/[approle_path]" and must be the same path where you enabled this method on your Vault)String(length=1024)both
bundle_idReference to the bundle this record is associated with. Allowed for BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, FILE, FLOW, LDAP_CONFIG, OAUTH, OBJECT_TEMPLATE, PLUGIN, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, EXECUTION, MESSAGE, ORGANIZATION, PROCESS, PROJECT, USER, WORKSPACE. Mutually exclusive with project_idUUID(as_uuid=False)both
bundle_nameThe name of the bundle. Will look up the bundle and set bundle_id.String(length=128)neither
cacertA certificate to verify the identity of the vault. Only needed if the Vault installation uses a self-signed certificate.String(length=40960)both
commit_messageThe commit message for this change.Text()import only
created_atDateTime(timezone=True)export only
created_byUUID(as_uuid=False)export only
deleted_atDateTime(timezone=True)export only
deleted_byUUID(as_uuid=False)export only
descriptionA multiline description of what this record is and does.Text()both
engine_pathThe Vault engine to use, often secret or kv.String(length=1024)both
has_tokenBoolean()neither
idUUID(as_uuid=False)neither
is_auto_renew_enabledIf set, Engine will try to renew the token before it expires. Renewal will only succeed if the MAX_TTL of the token is not reached. Please refer to token renew for details.Boolean()both
is_bundle_readonlyBoolean()neither
is_deletedBoolean()export only
is_enabledA flag to control of the vault config is enabled.Boolean()both
is_project_readonlyBoolean()neither
is_readonlyA flag to control if the record can be modified. Allowed for BUNDLE, BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, FILE, FLOW, OAUTH, OBJECT_TEMPLATE, PLUGIN, PROJECT, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for EXECUTION, LDAP_CONFIG, MESSAGE, ORGANIZATION, PROCESS, USER, WORKSPACEBoolean()both
modified_atDateTime(timezone=True)export only
modified_byUUID(as_uuid=False)export only
nameThe name of this record. Must be unique across a workspace.String(length=128)both
organization_idUUID(as_uuid=False)export only
project_idReference to the project this record is associated with. Allowed for CONNECTOR, CUSTOM_OBJECT, EXECUTION, FILE, FLOW, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, LDAP_CONFIG, ORGANIZATION, PROCESS, PROJECT, ROLE, USER, WORKSPACE. Mutually exclusive with bundle_id.UUID(as_uuid=False)both
project_nameThe name of the project. Will look up the project and set project_id.String(length=128)neither
record_typeEnum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'EXECUTION', 'FILE', 'FLOW', 'LDAP_CONFIG', 'MESSAGE', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROCESS', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='recordtype')neither
repository_pathThe path to the storing repository, relative to GIT_REPOSITORY_SAVE_PATHString(length=256)neither
resource_typeEnum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'FILE', 'FLOW', 'LDAP_CONFIG', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='resourcetype')neither
runner_role_idFor AppRole authentification: RoleID for the runner.String(length=1024)import only
runner_role_nameFor AppRole authentification: name of a role used by a runner, with permission to retrieve secrets from vault.String(length=1024)import only
schema_versionString(length=128)both
tokenA Vault access token which is used to fetch secrets.String(length=1024)import only
vault_urlThe URL to your vault installationString(length=1024)both
worker_role_idFor AppRole authentification: RoleID of worker. Associated with a role with permission to request wrapped SecretIDs.String(length=1024)import only
worker_secret_idFor AppRole authentification: SecretID of worker.String(length=1024)import only
workspace_idUUID(as_uuid=False)export only