VaultConfig
class resources.vault_config.VaultConfig
Base class: Resource
A configuration about a HashiCorp Vault which Cloudomation can access to fetch secrets.
Either a vault token or the AppRoles authentification method can be used.
See the corresponding Flow Api class at VaultConfig
| Property | Description | Type | Import/Export |
|---|---|---|---|
| approle_path | Path for AppRole authentification method (final path for this authentification method will be "/auth/[approle_path]" and must be the same path where you enabled this method on your Vault) | String(length=1024) | both |
| bundle_id | Reference to the bundle this record is associated with. Allowed for CONNECTOR, FILE, FLOW, PLUGIN, ROLE, SCHEDULER, SCHEMA, SETTING, TAG, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, EXECUTION, GIT_CONFIG, MESSAGE, OAUTH, ORGANIZATION, PROCESS, PROJECT, SCHEDULE, SYNC_CONFIG, USER, VAULT_CONFIG, WEBHOOK, WORKSPACE. Mutually exclusive with project_id | UUID() | both |
| cacert | String(length=40960) | both | |
| created_at | DateTime(timezone=True) | export only | |
| created_by | UUID() | export only | |
| deleted_at | DateTime(timezone=True) | export only | |
| deleted_by | UUID() | export only | |
| description | Text() | both | |
| engine_path | String(length=1024) | both | |
| has_token | Boolean() | neither | |
| id | UUID() | neither | |
| is_archived | Boolean() | both | |
| is_auto_renew_enabled | Boolean() | both | |
| is_bundle_readonly | Boolean() | neither | |
| is_enabled | Boolean() | both | |
| is_project_readonly | Boolean() | neither | |
| is_readonly | A flag to control if the record can be modified. Allowed for BUNDLE, BUNDLE_REPOSITORY, CONNECTOR, FILE, FLOW, GIT_CONFIG, OAUTH, PLUGIN, PROJECT, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for EXECUTION, MESSAGE, ORGANIZATION, PROCESS, USER, WORKSPACE | Boolean() | both |
| modified_at | DateTime(timezone=True) | export only | |
| modified_by | UUID() | export only | |
| name | String(length=128) | both | |
| organization_id | UUID() | export only | |
| project_id | Reference to the project this record is associated with. Allowed for CONNECTOR, EXECUTION, FILE, FLOW, GIT_CONFIG, MESSAGE, OAUTH, PLUGIN, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, ORGANIZATION, PROCESS, PROJECT, ROLE, USER, WORKSPACE. Mutually exclusive with bundle_id. | UUID() | both |
| record_type | Enum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'EXECUTION', 'FILE', 'FLOW', 'GIT_CONFIG', 'MESSAGE', 'OAUTH', 'ORGANIZATION', 'PLUGIN', 'PROCESS', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='recordtype') | neither | |
| resource_type | Enum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'FILE', 'FLOW', 'GIT_CONFIG', 'OAUTH', 'ORGANIZATION', 'PLUGIN', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='resourcetype') | neither | |
| runner_role_id | For AppRole authentification: RoleID for the runner. | String(length=1024) | import only |
| runner_role_name | For AppRole authentification: name of a role used by a runner, with permission to retrieve secrets from vault. | String(length=1024) | import only |
| schema_version | String(length=128) | neither | |
| token | String(length=1024) | import only | |
| vault_url | String(length=1024) | both | |
| worker_role_id | For AppRole authentification: RoleID of worker. Associated with a role with permission to request wrapped SecretIDs. | String(length=1024) | import only |
| worker_secret_id | For AppRole authentification: SecretID of worker. | String(length=1024) | import only |
| workspace_id | UUID() | export only |