@itentialopensource/adapter-hashicorp_vault

{ "openapi": "3.0.2", "info": { "title": "HashiCorp Vault API", "description": "HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`.", "version": "1.5.3", "license": { "name": "Mozilla Public License 2.0", "url": "https://www.mozilla.org/en-US/MPL/2.0" } }, "paths": { "/Skywalker-kv/.*": {}, "/Skywalker-kv/config": { "description": "Configures settings for the KV store", "x-vault-createSupported": true, "get": { "summary": "Read the backend level settings.", "operationId": "getSkywalkerKvConfig", "tags": ["secrets"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Configure backend level settings that are applied to every key in the key-value store.", "operationId": "postSkywalkerKvConfig", "tags": ["secrets"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "cas_required": { "type": "boolean", "description": "If true, the backend will require the cas parameter to be set for each write" }, "delete_version_after": { "type": "integer", "description": "If set, the length of time before a version is deleted. A negative duration disables the use of delete_version_after on all keys. A zero duration clears the current setting. Accepts a Go duration format string.", "format": "seconds" }, "max_versions": { "type": "integer", "description": "The number of versions to keep for each key. Defaults to 10" } } } } } }, "responses": { "200": { "description": "OK" } } } }, "/Skywalker-kv/data/{path}": { "description": "Write, Read, and Delete data in the Key-Value Store.", "parameters": [{ "name": "path", "description": "Location of the secret.", "in": "path", "schema": { "type": "string" }, "required": true }], "x-vault-createSupported": true, "get": { "summary": "Write, Read, and Delete data in the Key-Value Store.", "operationId": "getSkywalkerKvDataPath", "tags": ["secrets"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Write, Read, and Delete data in the Key-Value Store.", "operationId": "postSkywalkerKvDataPath", "tags": ["secrets"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "data": { "type": "object", "description": "The contents of the data map will be stored and returned on read.", "format": "map" }, "options": { "type": "object", "description": "Options for writing a KV entry. Set the \"cas\" value to use a Check-And-Set operation. If not set the write will be allowed. If set to 0 a write will only be allowed if the key doesn’t exist. If the index is non-zero the write will only be allowed if the key’s current version matches the version specified in the cas parameter.", "format": "map" }, "version": { "type": "integer", "description": "If provided during a read, the value at the version number will be returned" } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Write, Read, and Delete data in the Key-Value Store.", "operationId": "deleteSkywalkerKvDataPath", "tags": ["secrets"], "responses": { "204": { "description": "empty body" } } } }, "/Skywalker-kv/delete/{path}": { "description": "Marks one or more versions as deleted in the KV store.", "parameters": [{ "name": "path", "description": "Location of the secret.", "in": "path", "schema": { "type": "string" }, "required": true }], "x-vault-createSupported": true, "post": { "summary": "Marks one or more versions as deleted in the KV store.", "operationId": "postSkywalkerKvDeletePath", "tags": ["secrets"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "versions": { "type": "array", "description": "The versions to be archived. The versioned data will not be deleted, but it will no longer be returned in normal get requests.", "items": { "type": "integer" } } } } } } }, "responses": { "200": { "description": "OK" } } } }, "/Skywalker-kv/destroy/{path}": { "description": "Permanently removes one or more versions in the KV store", "parameters": [{ "name": "path", "description": "Location of the secret.", "in": "path", "schema": { "type": "string" }, "required": true }], "x-vault-createSupported": true, "post": { "summary": "Permanently removes one or more versions in the KV store", "operationId": "postSkywalkerKvDestroyPath", "tags": ["secrets"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "versions": { "type": "array", "description": "The versions to destroy. Their data will be permanently deleted.", "items": { "type": "integer" } } } } } } }, "responses": { "200": { "description": "OK" } } } }, "/Skywalker-kv/metadata/{path}": { "description": "Configures settings for the KV store", "parameters": [{ "name": "path", "description": "Location of the secret.", "in": "path", "schema": { "type": "string" }, "required": true }], "x-vault-createSupported": true, "get": { "summary": "Configures settings for the KV store", "operationId": "getSkywalkerKvMetadataPath", "tags": ["secrets"], "parameters": [{ "name": "list", "description": "Return a list if `true`", "in": "query", "schema": { "type": "string" } }], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Configures settings for the KV store", "operationId": "postSkywalkerKvMetadataPath", "tags": ["secrets"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "cas_required": { "type": "boolean", "description": "If true the key will require the cas parameter to be set on all write requests. If false, the backend’s configuration will be used." }, "delete_version_after": { "type": "integer", "description": "The length of time before a version is deleted. If not set, the backend's configured delete_version_after is used. Cannot be greater than the backend's delete_version_after. A zero duration clears the current setting. A negative duration will cause an error.", "format": "seconds" }, "max_versions": { "type": "integer", "description": "The number of versions to keep. If not set, the backend’s configured max version is used." } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Configures settings for the KV store", "operationId": "deleteSkywalkerKvMetadataPath", "tags": ["secrets"], "responses": { "204": { "description": "empty body" } } } }, "/Skywalker-kv/undelete/{path}": { "description": "Undeletes one or more versions from the KV store.", "parameters": [{ "name": "path", "description": "Location of the secret.", "in": "path", "schema": { "type": "string" }, "required": true }], "x-vault-createSupported": true, "post": { "summary": "Undeletes one or more versions from the KV store.", "operationId": "postSkywalkerKvUndeletePath", "tags": ["secrets"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "versions": { "type": "array", "description": "The versions to unarchive. The versions will be restored and their data will be returned on normal get requests.", "items": { "type": "integer" } } } } } } }, "responses": { "200": { "description": "OK" } } } }, "/auth/approle/login": { "description": "Issue a token based on the credentials supplied", "x-vault-unauthenticated": true, "post": { "summary": "Issue a token based on the credentials supplied", "operationId": "postAuthApproleLogin", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "role_id": { "type": "string", "description": "Unique identifier of the Role. Required to be supplied when the 'bind_secret_id' constraint is set." }, "secret_id": { "type": "string", "description": "SecretID belong to the App role", "default": "" } } } } } }, "responses": { "200": { "description": "OK" } } } }, "/auth/approle/role": { "description": "Lists all the roles registered with the backend.", "get": { "summary": "Lists all the roles registered with the backend.", "operationId": "getAuthApproleRole", "tags": ["auth"], "parameters": [{ "name": "list", "description": "Return a list if `true`", "in": "query", "schema": { "type": "string" } }], "responses": { "200": { "description": "OK" } } } }, "/auth/approle/role/{role_name}": { "description": "Register an role with the backend.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "x-vault-createSupported": true, "get": { "summary": "Register an role with the backend.", "operationId": "getAuthApproleRoleRole_name", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Register an role with the backend.", "operationId": "postAuthApproleRoleRole_name", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "bind_secret_id": { "type": "boolean", "description": "Impose secret_id to be presented when logging in using this role. Defaults to 'true'.", "default": true }, "bound_cidr_list": { "type": "array", "description": "Use \"secret_id_bound_cidrs\" instead.", "items": { "type": "string" }, "deprecated": true }, "local_secret_ids": { "type": "boolean", "description": "If set, the secret IDs generated using this role will be cluster local. This can only be set during role creation and once set, it can't be reset later." }, "period": { "type": "integer", "description": "Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.", "format": "seconds", "deprecated": true }, "policies": { "type": "array", "description": "Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.", "items": { "type": "string" }, "deprecated": true }, "role_id": { "type": "string", "description": "Identifier of the role. Defaults to a UUID." }, "secret_id_bound_cidrs": { "type": "array", "description": "Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation.", "items": { "type": "string" } }, "secret_id_num_uses": { "type": "integer", "description": "Number of times a SecretID can access the role, after which the SecretID will expire. Defaults to 0 meaning that the the secret_id is of unlimited use." }, "secret_id_ttl": { "type": "integer", "description": "Duration in seconds after which the issued SecretID should expire. Defaults to 0, meaning no expiration.", "format": "seconds" }, "token_bound_cidrs": { "type": "array", "description": "Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.", "items": { "type": "string" }, "x-vault-displayAttrs": { "name": "Generated Token's Bound CIDRs", "group": "Tokens" } }, "token_explicit_max_ttl": { "type": "integer", "description": "If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.", "format": "seconds", "x-vault-displayAttrs": { "name": "Generated Token's Explicit Maximum TTL", "group": "Tokens" } }, "token_max_ttl": { "type": "integer", "description": "The maximum lifetime of the generated token", "format": "seconds", "x-vault-displayAttrs": { "name": "Generated Token's Maximum TTL", "group": "Tokens" } }, "token_no_default_policy": { "type": "boolean", "description": "If true, the 'default' policy will not automatically be added to generated tokens", "x-vault-displayAttrs": { "name": "Do Not Attach 'default' Policy To Generated Tokens", "group": "Tokens" } }, "token_num_uses": { "type": "integer", "description": "The maximum number of times a token may be used, a value of zero means unlimited", "x-vault-displayAttrs": { "name": "Maximum Uses of Generated Tokens", "group": "Tokens" } }, "token_period": { "type": "integer", "description": "If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").", "format": "seconds", "x-vault-displayAttrs": { "name": "Generated Token's Period", "group": "Tokens" } }, "token_policies": { "type": "array", "description": "Comma-separated list of policies", "items": { "type": "string" }, "x-vault-displayAttrs": { "name": "Generated Token's Policies", "group": "Tokens" } }, "token_ttl": { "type": "integer", "description": "The initial ttl of the token to generate", "format": "seconds", "x-vault-displayAttrs": { "name": "Generated Token's Initial TTL", "group": "Tokens" } }, "token_type": { "type": "string", "description": "The type of token to generate, service or batch", "default": "default-service", "x-vault-displayAttrs": { "name": "Generated Token's Type", "group": "Tokens" } } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Register an role with the backend.", "operationId": "deleteAuthApproleRoleRole_name", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/bind-secret-id": { "description": "Impose secret_id to be presented during login using this role.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Impose secret_id to be presented during login using this role.", "operationId": "getAuthApproleRoleRole_nameBindSecretId", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Impose secret_id to be presented during login using this role.", "operationId": "postAuthApproleRoleRole_nameBindSecretId", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "bind_secret_id": { "type": "boolean", "description": "Impose secret_id to be presented when logging in using this role.", "default": true } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Impose secret_id to be presented during login using this role.", "operationId": "deleteAuthApproleRoleRole_nameBindSecretId", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/bound-cidr-list": { "description": "Deprecated: Comma separated list of CIDR blocks, if set, specifies blocks of IP addresses which can perform the login operation", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Deprecated: Comma separated list of CIDR blocks, if set, specifies blocks of IP\naddresses which can perform the login operation", "operationId": "getAuthApproleRoleRole_nameBoundCidrList", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Deprecated: Comma separated list of CIDR blocks, if set, specifies blocks of IP\naddresses which can perform the login operation", "operationId": "postAuthApproleRoleRole_nameBoundCidrList", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "bound_cidr_list": { "type": "array", "description": "Deprecated: Please use \"secret_id_bound_cidrs\" instead. Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation.", "items": { "type": "string" } } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Deprecated: Comma separated list of CIDR blocks, if set, specifies blocks of IP\naddresses which can perform the login operation", "operationId": "deleteAuthApproleRoleRole_nameBoundCidrList", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/custom-secret-id": { "description": "Assign a SecretID of choice against the role.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "post": { "summary": "Assign a SecretID of choice against the role.", "operationId": "postAuthApproleRoleRole_nameCustomSecretId", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "cidr_list": { "type": "array", "description": "Comma separated string or list of CIDR blocks enforcing secret IDs to be used from specific set of IP addresses. If 'bound_cidr_list' is set on the role, then the list of CIDR blocks listed here should be a subset of the CIDR blocks listed on the role.", "items": { "type": "string" } }, "metadata": { "type": "string", "description": "Metadata to be tied to the SecretID. This should be a JSON formatted string containing metadata in key value pairs." }, "secret_id": { "type": "string", "description": "SecretID to be attached to the role." }, "token_bound_cidrs": { "type": "array", "description": "Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can use the returned token. Should be a subset of the token CIDR blocks listed on the role, if any.", "items": { "type": "string" } } } } } } }, "responses": { "200": { "description": "OK" } } } }, "/auth/approle/role/{role_name}/local-secret-ids": { "description": "Enables cluster local secret IDs", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Enables cluster local secret IDs", "operationId": "getAuthApproleRoleRole_nameLocalSecretIds", "tags": ["auth"], "responses": { "200": { "description": "OK" } } } }, "/auth/approle/role/{role_name}/period": { "description": "Updates the value of 'period' on the role", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Updates the value of 'period' on the role", "operationId": "getAuthApproleRoleRole_namePeriod", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Updates the value of 'period' on the role", "operationId": "postAuthApproleRoleRole_namePeriod", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "period": { "type": "integer", "description": "Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.", "format": "seconds", "deprecated": true }, "token_period": { "type": "integer", "description": "If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").", "format": "seconds" } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Updates the value of 'period' on the role", "operationId": "deleteAuthApproleRoleRole_namePeriod", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/policies": { "description": "Policies of the role.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Policies of the role.", "operationId": "getAuthApproleRoleRole_namePolicies", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Policies of the role.", "operationId": "postAuthApproleRoleRole_namePolicies", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "policies": { "type": "array", "description": "Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.", "items": { "type": "string" }, "deprecated": true }, "token_policies": { "type": "array", "description": "Comma-separated list of policies", "items": { "type": "string" } } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Policies of the role.", "operationId": "deleteAuthApproleRoleRole_namePolicies", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/role-id": { "description": "Returns the 'role_id' of the role.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Returns the 'role_id' of the role.", "operationId": "getAuthApproleRoleRole_nameRoleId", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Returns the 'role_id' of the role.", "operationId": "postAuthApproleRoleRole_nameRoleId", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "role_id": { "type": "string", "description": "Identifier of the role. Defaults to a UUID." } } } } } }, "responses": { "200": { "description": "OK" } } } }, "/auth/approle/role/{role_name}/secret-id": { "description": "Generate a SecretID against this role.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Generate a SecretID against this role.", "operationId": "getAuthApproleRoleRole_nameSecretId", "tags": ["auth"], "parameters": [{ "name": "list", "description": "Return a list if `true`", "in": "query", "schema": { "type": "string" } }], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Generate a SecretID against this role.", "operationId": "postAuthApproleRoleRole_nameSecretId", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "cidr_list": { "type": "array", "description": "Comma separated string or list of CIDR blocks enforcing secret IDs to be used from specific set of IP addresses. If 'bound_cidr_list' is set on the role, then the list of CIDR blocks listed here should be a subset of the CIDR blocks listed on the role.", "items": { "type": "string" } }, "metadata": { "type": "string", "description": "Metadata to be tied to the SecretID. This should be a JSON formatted string containing the metadata in key value pairs." }, "token_bound_cidrs": { "type": "array", "description": "Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.", "items": { "type": "string" } } } } } } }, "responses": { "200": { "description": "OK" } } } }, "/auth/approle/role/{role_name}/secret-id-accessor/destroy": { "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "post": { "operationId": "postAuthApproleRoleRole_nameSecretIdAccessorDestroy", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "secret_id_accessor": { "type": "string", "description": "Accessor of the SecretID" } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "operationId": "deleteAuthApproleRoleRole_nameSecretIdAccessorDestroy", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/secret-id-accessor/lookup": { "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "post": { "operationId": "postAuthApproleRoleRole_nameSecretIdAccessorLookup", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "secret_id_accessor": { "type": "string", "description": "Accessor of the SecretID" } } } } } }, "responses": { "200": { "description": "OK" } } } }, "/auth/approle/role/{role_name}/secret-id-bound-cidrs": { "description": "Comma separated list of CIDR blocks, if set, specifies blocks of IP addresses which can perform the login operation", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Comma separated list of CIDR blocks, if set, specifies blocks of IP\naddresses which can perform the login operation", "operationId": "getAuthApproleRoleRole_nameSecretIdBoundCidrs", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Comma separated list of CIDR blocks, if set, specifies blocks of IP\naddresses which can perform the login operation", "operationId": "postAuthApproleRoleRole_nameSecretIdBoundCidrs", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "secret_id_bound_cidrs": { "type": "array", "description": "Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation.", "items": { "type": "string" } } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Comma separated list of CIDR blocks, if set, specifies blocks of IP\naddresses which can perform the login operation", "operationId": "deleteAuthApproleRoleRole_nameSecretIdBoundCidrs", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/secret-id-num-uses": { "description": "Use limit of the SecretID generated against the role.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Use limit of the SecretID generated against the role.", "operationId": "getAuthApproleRoleRole_nameSecretIdNumUses", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Use limit of the SecretID generated against the role.", "operationId": "postAuthApproleRoleRole_nameSecretIdNumUses", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "secret_id_num_uses": { "type": "integer", "description": "Number of times a SecretID can access the role, after which the SecretID will expire." } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Use limit of the SecretID generated against the role.", "operationId": "deleteAuthApproleRoleRole_nameSecretIdNumUses", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/secret-id-ttl": { "description": "Duration in seconds, representing the lifetime of the SecretIDs that are generated against the role using 'role/\u003crole_name\u003e/secret-id' or 'role/\u003crole_name\u003e/custom-secret-id' endpoints.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Duration in seconds, representing the lifetime of the SecretIDs\nthat are generated against the role using 'role/\u003crole_name\u003e/secret-id' or\n'role/\u003crole_name\u003e/custom-secret-id' endpoints.", "operationId": "getAuthApproleRoleRole_nameSecretIdTtl", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Duration in seconds, representing the lifetime of the SecretIDs\nthat are generated against the role using 'role/\u003crole_name\u003e/secret-id' or\n'role/\u003crole_name\u003e/custom-secret-id' endpoints.", "operationId": "postAuthApproleRoleRole_nameSecretIdTtl", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "secret_id_ttl": { "type": "integer", "description": "Duration in seconds after which the issued SecretID should expire. Defaults to 0, meaning no expiration.", "format": "seconds" } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Duration in seconds, representing the lifetime of the SecretIDs\nthat are generated against the role using 'role/\u003crole_name\u003e/secret-id' or\n'role/\u003crole_name\u003e/custom-secret-id' endpoints.", "operationId": "deleteAuthApproleRoleRole_nameSecretIdTtl", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/secret-id/destroy": { "description": "Invalidate an issued secret_id", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "post": { "summary": "Invalidate an issued secret_id", "operationId": "postAuthApproleRoleRole_nameSecretIdDestroy", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "secret_id": { "type": "string", "description": "SecretID attached to the role." } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Invalidate an issued secret_id", "operationId": "deleteAuthApproleRoleRole_nameSecretIdDestroy", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/secret-id/lookup": { "description": "Read the properties of an issued secret_id", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "post": { "summary": "Read the properties of an issued secret_id", "operationId": "postAuthApproleRoleRole_nameSecretIdLookup", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "secret_id": { "type": "string", "description": "SecretID attached to the role." } } } } } }, "responses": { "200": { "description": "OK" } } } }, "/auth/approle/role/{role_name}/token-bound-cidrs": { "description": "Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can use the returned token.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Comma separated string or list of CIDR blocks. If set, specifies the blocks of\nIP addresses which can use the returned token.", "operationId": "getAuthApproleRoleRole_nameTokenBoundCidrs", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Comma separated string or list of CIDR blocks. If set, specifies the blocks of\nIP addresses which can use the returned token.", "operationId": "postAuthApproleRoleRole_nameTokenBoundCidrs", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "token_bound_cidrs": { "type": "array", "description": "Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.", "items": { "type": "string" } } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Comma separated string or list of CIDR blocks. If set, specifies the blocks of\nIP addresses which can use the returned token.", "operationId": "deleteAuthApproleRoleRole_nameTokenBoundCidrs", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/token-max-ttl": { "description": "Duration in seconds, the maximum lifetime of the tokens issued by using the SecretIDs that were generated against this role, after which the tokens are not allowed to be renewed.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Duration in seconds, the maximum lifetime of the tokens issued by using\nthe SecretIDs that were generated against this role, after which the\ntokens are not allowed to be renewed.", "operationId": "getAuthApproleRoleRole_nameTokenMaxTtl", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Duration in seconds, the maximum lifetime of the tokens issued by using\nthe SecretIDs that were generated against this role, after which the\ntokens are not allowed to be renewed.", "operationId": "postAuthApproleRoleRole_nameTokenMaxTtl", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "token_max_ttl": { "type": "integer", "description": "The maximum lifetime of the generated token", "format": "seconds" } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Duration in seconds, the maximum lifetime of the tokens issued by using\nthe SecretIDs that were generated against this role, after which the\ntokens are not allowed to be renewed.", "operationId": "deleteAuthApproleRoleRole_nameTokenMaxTtl", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/token-num-uses": { "description": "Number of times issued tokens can be used", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Number of times issued tokens can be used", "operationId": "getAuthApproleRoleRole_nameTokenNumUses", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Number of times issued tokens can be used", "operationId": "postAuthApproleRoleRole_nameTokenNumUses", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "token_num_uses": { "type": "integer", "description": "The maximum number of times a token may be used, a value of zero means unlimited" } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Number of times issued tokens can be used", "operationId": "deleteAuthApproleRoleRole_nameTokenNumUses", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/role/{role_name}/token-ttl": { "description": "Duration in seconds, the lifetime of the token issued by using the SecretID that is generated against this role, before which the token needs to be renewed.", "parameters": [{ "name": "role_name", "description": "Name of the role.", "in": "path", "schema": { "type": "string" }, "required": true }], "get": { "summary": "Duration in seconds, the lifetime of the token issued by using the SecretID that\nis generated against this role, before which the token needs to be renewed.", "operationId": "getAuthApproleRoleRole_nameTokenTtl", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Duration in seconds, the lifetime of the token issued by using the SecretID that\nis generated against this role, before which the token needs to be renewed.", "operationId": "postAuthApproleRoleRole_nameTokenTtl", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "token_ttl": { "type": "integer", "description": "The initial ttl of the token to generate", "format": "seconds" } } } } } }, "responses": { "200": { "description": "OK" } } }, "delete": { "summary": "Duration in seconds, the lifetime of the token issued by using the SecretID that\nis generated against this role, before which the token needs to be renewed.", "operationId": "deleteAuthApproleRoleRole_nameTokenTtl", "tags": ["auth"], "responses": { "204": { "description": "empty body" } } } }, "/auth/approle/tidy/secret-id": { "description": "Trigger the clean-up of expired SecretID entries.", "post": { "summary": "Trigger the clean-up of expired SecretID entries.", "operationId": "postAuthApproleTidySecretId", "tags": ["auth"], "responses": { "200": { "description": "OK" } } } }, "/auth/ldap/config": { "description": "Configure the LDAP server to connect to, along with its options.", "x-vault-displayAttrs": { "action": "Configure" }, "get": { "summary": "Configure the LDAP server to connect to, along with its options.", "operationId": "getAuthLdapConfig", "tags": ["auth"], "responses": { "200": { "description": "OK" } } }, "post": { "summary": "Configure the LDAP server to connect to, along with its options.", "operationId": "postAuthLdapConfig", "tags": ["auth"], "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "anonymous_group_search": { "type": "boolean", "description": "Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).", "default": false, "x-vault-displayAttrs": { "name": "Anonymous group search" } }, "binddn": { "type": "string", "description": "LDAP DN for searching for the user DN (optional)", "x-vault-displayAttrs": { "name": "Name of Object to bind (binddn)" } }, "bindpass": { "type": "string", "description": "LDAP password for searching for the user DN (optional)", "x-vault-displayAttrs": { "sensitive": true } }, "case_sensitive_names": { "type": "boolean", "description": "If true, case sensitivity will be used when comparing usernames and groups for matching policies." }, "certificate": { "type": "string", "description": "CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded (optional)", "x-vault-displayAttrs": { "name": "CA certificate", "editType": "file" } }, "client_tls_cert": { "type": "string", "description": "Client certificate to provide to the LDAP server, must be x509 PEM encoded (optional)", "x-vault-displayAttrs": { "name": "Client certificate", "editType": "file" } }, "client_tls_key": { "type": "string", "description": "Client certificate key to provide to the LDAP server, must be x509 PEM encoded (optional)", "x-vault-displayAttrs": { "name": "Client key", "editType": "file" } }, "deny_null_bind": { "type": "boolean", "description": "Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true", "default": true }, "discoverdn": { "type": "boolean", "description": "Use anonymous bind to discover the bind DN of a user (optional)", "x-vault-displayAttrs": { "name": "Discover DN" } }, "groupattr": { "type": "string", "description": "LDAP attribute to follow on objects returned by \u003cgroupfilter\u003e in order to enumerate user group membership. Examples: \"cn\" or \"memberOf\", etc. Default: cn", "default": "cn", "x-vault-displayAttrs": { "name": "Group Attribute", "value": "cn" } }, "groupdn": { "type": "string", "description": "LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)", "x-vault-displayAttrs": { "name": "Group DN" } }, "groupfilter": { "type": "string", "description": "Go template for querying group membership of user (optional) The template can access the following context variables: UserDN, Username Example: (\u0026(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))", "default": "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))", "x-vault-displayAttrs": { "name": "Group Filter" } }, "insecure_tls": { "type": "boolean", "description": "Skip LDAP server SSL Certificate verification - VERY insecure (optional)", "x-vault-displayAttrs": { "name": "Insecure TLS" } }, "request_timeout": { "type": "integer", "description": "Timeout, in seconds, for the connection when making requests against the server before returning back an error.", "format": "seconds", "default": "90s" }, "starttls": { "type": "boolean", "description": "Issue a StartTLS