Additional Info
Requires Mule Enterprise License |
Yes |
Requires Entitlement |
No |
Mule Version |
3.8.0 or higher |
Configs
Vault Simple Connection Config
<vault:vault-simple-connection-config>
Connection Management
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
name |
The name of this configuration. With this name can be later referenced. |
x |
||
token |
The token used for authenticating the client accessing the secret. |
x |
||
address |
URL string with the remote server location. |
x |
Vault SSL Connection Config
<vault:vault-ssl-connection-config>
Connection Management
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
name |
The name of this configuration. With this name can be later referenced. |
x |
||
token |
The token used for authenticating the client accessing the secret. |
x |
||
address |
URL string with the remote server location. |
x |
||
trustStoreResource |
File path containing a TrustStore (.jks) with the server certificate |
x |
||
verifySSL |
boolean |
Specifies if the connection is verified during initial configuration. |
x |
Processors
Key Value Secrets Engine - Read a Secret
<vault:read>
Basic read operation to retrieve a secret. A single secret key can map to multiple name-value pairs, which can be retrieved from the response object.
XML Sample
<vault:read config-ref="Vault_SSL_Connection_Config" secret="secret/test" doc:name="Read Secret"/>Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
secretPath |
The Vault key value from which to read (e.g. |
x |
Key Value Secrets Engine - Create or Update Secret
<vault:write>
Basic operation to store secrets. Multiple name value pairs can be stored under the same secret key.
XML Sample
<vault:write config-ref="Vault_SSL_Connection_Config" secret="secret/test" doc:name="Write Secret">
<vault:data ref="#[payload]"/>
</vault:write>Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
secretPath |
Specifies the path of the secrets to create/update. |
x |
||
secret |
The Vault key value to which to write (e.g. |
#[payload] |
|
Key Value Secrets Engine - List of Keys
<vault:list>
Retrieve a list of keys corresponding to key/value pairs at a given Vault path.
Key values ending with a trailing-slash characters are sub-paths. Running
a subsequent list() call, using the original path appended
with this key, will retrieve all secret keys stored at that sub-path.
This method returns only the secret keys, not values. To retrieve the
actual stored value for a key, use read() with the key
appended onto the original base path.
XML Sample
<vault:list config-ref="Vault_SSL_Connection_Config" secret="secret" doc:name="List Vault"/>Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
secretPath |
The Vault key value at which to look for secrets (e.g. |
|
Key Value Secrets Engine - Delete a secret
<vault:delete>
Deletes the key/value pair located at the provided path.
If the path represents a sub-path, then all of its contents must be deleted prior to deleting the empty sub-path itself.
XML Sample
<vault:delete config-ref="Vault_SSL_Connection_Config" secret="secret/test" doc:name="Delete Test Vault"/>Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
secretPath |
The Vault key value to delete (e.g. |
x |
Userpass Auth Method - Read user.
<vault:read-user>
Read user.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
username |
the username |
x |
Userpass Auth Method - Delete user.
<vault:delete-user>
Delete user.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
username |
the username |
x |
Userpass Auth Method - Update Password on user.
<vault:update-password-on-user>
Update password on user.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
username |
the username |
x |
||
password |
the password |
x |
Userpass Auth Method - Update Policies on user.
<vault:update-policies-on-user>
Update policies on user.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
username |
the username |
x |
||
policies |
the policies |
x |
Database Secrets Engine - Configure Connection
<vault:configure-database-connection>
Configures the connection string used to communicate with the desired database.
More information regarding database plugin can be found in Vault documentation.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
databaseName |
Specifies the name for this database connection. This is specified as part of the URL. |
x |
||
databasePluginName |
Specifies the name of the plugin to use for this connection. |
x |
||
connectionURL |
URL String with the database endpoint. Use Format "{user}:{password}@{protocol}({ip_address})/}. Example: |
x |
||
allowedRoles |
Array or comma separated string of the roles allowed to use this connection. Defaults to empty (no roles), if contains a "*" any role can use this connection. |
|
||
verifyConnection |
boolean |
Specifies if the connection is verified during initial configuration. Defaults to true. |
true |
|
Database Secrets Engine - Read Connection
<vault:read-database-connection>
Returns the configuration settings for a connection.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
databaseName |
Specifies the name for this database connection. This is specified as part of the URL. |
x |
Database Secrets Engine - Delete Connection
<vault:delete-database-connection>
Deletes a connection to a database.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
databaseName |
Specifies the name for this database connection. This is specified as part of the URL. |
x |
Database Secrets Engine - Reset Connection
<vault:reset-database-connection>
closes a connection and it's underlying plugin and restarts it with the configuration stored in the barrier.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
databaseName |
Specifies the name for this database connection. This is specified as part of the URL. |
x |
Database Secrets Engine - Create Role
<vault:create-database-role>
Creates or updates a role definition.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
databaseName |
Specifies the name for this database connection. This is specified as part of the URL. |
x |
||
roleName |
Specifies the name of the role to create. |
x |
||
defaultTTL |
Specifies the TTL for the leases associated with this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to system/backend default TTL time. |
|
||
maxTTL |
Specifies the maximum TTL for the leases associated with this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to system/backend default TTL time. |
|
Database Secrets Engine - Read Role
<vault:read-database-role>
Returns the role definition
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
Specifies the name of the role to read. |
x |
Database Secrets Engine - List Roles
<vault:list-database-roles>
Returns the list of roles.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
Database Secrets Engine - List Connections Names
<vault:list-database-connections-names>
Returns the list of database connections names.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
Database Secrets Engine - Delete Role
<vault:delete-database-role>
Delete a role.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
Specifies the name of the role to delete. |
x |
Database Secrets Engine - Generate Credentials
<vault:generate-database-credentials>
Generates a new set of dynamic credentials based on the named role.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
Specifies the name of the role to assign credentials. |
x |
Userpass Auth Method - Create or Upadate an user.
<vault:create-update-user-userpass-auth-backend>
Creation of a userpass user from a Username & Password backend.
CREATE AN USER WITH USERNAME AND PASSWORD SHOULD NOT BE USED IN PRODUCTION! This feature is made available to facilitate development or testing environments, where you might be using a self-signed cert that will not pass verification.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
username |
The username used for authentication. |
x |
||
password |
The password used for authentication. |
x |
||
policies |
If set to empty string, only the default policy will be applicable to the user. |
|
||
ttl |
Specifies the time to live for this user. |
|
||
maxTtl |
Specifies the time to live for this user. |
|
Userpass Auth Method - Login
<vault:userpass-login>
Login with the username and password.
AUTHENTICATION WITH USER AND PASSWORD SHOULD NOT BE USED IN PRODUCTION! This feature is made available to facilitate development or testing environments, where you might be using a self-signed cert that will not pass verification.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
username |
Specifies the username to login in. |
x |
||
password |
Specifies the password to login in. |
x |
Userpass Auth Method - List of userpass users
<vault:userpass-list>
List available userpass users.
AUTHENTICATION WITH USER AND PASSWORD SHOULD NOT BE USED IN PRODUCTION! This feature is made available to facilitate development or testing environments, where you might be using a self-signed cert that will not pass verification.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
Key Value Secrets Engine - Read using Client Token
<vault:read-with-client-token>
Basic read operation to retrieve a secret using a token that relies on another token, or in a user and password. A single secret key can map to multiple name-value pairs, which can be retrieved from the response object.
AUTHENTICATION WITH USER AND PASSWORD SHOULD NOT BE USED IN PRODUCTION! This feature is made available to facilitate development or testing environments, where you might be using a self-signed cert that will not pass verification.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
clientToken |
the authentication token |
x |
||
secretPath |
The Vault key value from which to read (e.g. |
x |
Key Value Secrets Engine - Write using Client Token
<vault:write-with-client-token>
Basic operation to store secrets using a token that relies on another token, or in a user and password. Multiple name value pairs can be stored under the same secret key.
AUTHENTICATION WITH USER AND PASSWORD SHOULD NOT BE USED IN PRODUCTION! This feature is made available to facilitate development or testing environments, where you might be using a self-signed cert that will not pass verification.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
clientToken |
the authentication token |
x |
||
secretPath |
The Vault key value to which to write (e.g. |
x |
||
data |
Secret name and value pairs to store under this Vault key (can be |
#[payload] |
|
Key Value Secrets Engine - List of secrets using Client Token
<vault:list-with-client-token>
Retrieve a list of keys corresponding to key/value pairs at a given Vault path using a token that relies on another token, or in a user and password.
AUTHENTICATION WITH USER AND PASSWORD SHOULD NOT BE USED IN PRODUCTION! This feature is made available to facilitate development or testing environments, where you might be using a self-signed cert that will not pass verification.
Key values ending with a trailing-slash characters are sub-paths. Running
a subsequent list() call, using the original path appended
with this key, will retrieve all secret keys stored at that sub-path.
This method returns only the secret keys, not values. To retrieve the
actual stored value for a key, use read() with the key
appended onto the original base path.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
clientToken |
the authentication token |
x |
||
secretPath |
The Vault key value at which to look for secrets (e.g. |
x |
AWS Secrets Engine - Create/Update Role with ARN attributes
<vault:create-update-role-arn-aws-secrets-engine>
Creates or updates the role with the given name. If a role with the name does not exist, it will be created. If the role exists, it will be updated with the new attributes.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
Specifies the name of the role to create. This is part of the request URL. |
x |
||
arn |
(required unless policy provided) using the full ARN reference to the desired existing policyan existing AWS policy as String. |
#[payload] |
|
Key Value Secrets Engine - Delete using Client Token
<vault:delete-with-client-token>
Deletes the key/value pair located at the provided path using a token that relies on another token, or in a user and password.
AUTHENTICATION WITH USER AND PASSWORD SHOULD NOT BE USED IN PRODUCTION! This feature is made available to facilitate development or testing environments, where you might be using a self-signed cert that will not pass verification.
If the path represents a sub-path, then all of its contents must be deleted prior to deleting the empty sub-path itself.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
clientToken |
the authentication token |
x |
||
secretPath |
The Vault key value to delete (e.g. |
x |
Identity Secrets Engine - Entity - Create a Entity
<vault:create-entity>
Creates a new entity.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
data |
the data |
x |
Identity Secrets Engine - Entity - Read Entity by ID
<vault:read-entity-by-id>
Reads an entity by id of the entity.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the id |
x |
Identity Secrets Engine - Entity - Update Entity by ID
<vault:update-entity-by-id>
Updates an entity by id.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the id |
x |
||
data |
the data |
x |
Identity Secrets Engine - Entity - Delete Entity by ID
<vault:delete-entity-by-id>
Deletes an entity by id.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the id |
x |
Identity Secrets Engine - Entity - List Entities by ID
<vault:list-entities-by-id>
Returns a list of available entities by their identifiers.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
RabbitMQ Secrets Engine - Configure Connection
<vault:configure-connection-rabbit-mq-secrets-engine>
This method configures the connection string used to communicate with RabbitMQ.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
connectionUri |
the connection URI. |
x |
||
username |
Specifies the connection username. |
x |
||
password |
Specifies the connection password. |
x |
||
verifyConnection |
boolean |
Specifies if verify the connection. |
true |
|
Identity Secrets Engine - Entity Alias - Create a Entity Alias
<vault:create-entity-aliases>
Creates a new entity aliases.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
data |
the data |
x |
RabbitMQ Secrets Engine - Configure Lease
<vault:configure-lease-rabbit-mq-secrets-engine>
This method configures the lease settings for generated credentials.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
ttl |
int |
the data for time to live. |
0 |
|
maxTtl |
int |
the max time to live. |
0 |
|
Identity Secrets Engine - Entity Alias - Read Entity Alias by ID
<vault:read-entity-aliases-by-id>
Reads an existing entity aliases by its identifier.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the id |
x |
RabbitMQ Secrets Engine - Create Role
<vault:create-role-rabbit-mq-secrets-engine>
This method creates or updates the role definition.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
the role name |
x |
||
tags |
Specifies a comma-separated RabbitMQ management tags. |
|
||
vhost |
Specifies a map of virtual hosts to permissions. |
|
Identity Secrets Engine - Entity Alias - Update Entity Alias by ID
<vault:update-entity-aliases-by-id>
Updates an entity aliases by its identifier.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the id |
x |
||
data |
the data |
#[payload] |
|
RabbitMQ Secrets Engine - Delete Role
<vault:delete-role-mq-secrets-engine>
Deletes a RabbitMQ Role.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
Specifies the role to be deleted. |
x |
Identity Secrets Engine - Entity Alias - Delete Entity Alias by ID
<vault:delete-entity-aliases-by-id>
Deletes an entity aliases by id.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the id |
x |
RabbitMQ Secrets Engine - Generate Credentials for a rol
<vault:generate-credentials>
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
x |
Identity Secrets Engine - Entity Alias - List Entity Alias by ID
<vault:list-entity-aliases-by-id>
Returns a list entity aliases by their ids.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
RabbitMQ Secrets Engine - Read Role
<vault:read-role-mq-secrets-engine>
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
x |
AWS Secrets Engine - Configure Root IAM Credentials
<vault:configure-root-iam-aws-secrets-engine>
Configures the root IAM credentials to communicate with AWS. There are multiple ways to pass root IAM credentials to the Vault server, specified below with the highest precedence first. If credentials already exist, this will overwrite them.
At present, this endpoint does not confirm that the provided AWS credentials are valid AWS credentials with proper permissions.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
maxRetries |
int |
Specifies the max number of retries. |
-1 |
|
accessKey |
Specifies the AWS access key ID. |
x |
||
secretKey |
Specifies the AWS secret access key. |
x |
||
region |
Specifies the AWS region. If not set it will use the AWS_REGION env var, AWS_DEFAULT_REGION env var, or us-east-1 in that order. |
|
||
iamEndpoint |
Specifies the iam endpoint. |
|
||
stsEndpoint |
Specifies the sts endpoint. |
|
Identity Secrets Engine - Group - Create a Group
<vault:create-group>
Creates a new group.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
data |
the data |
#[payload] |
|
AWS Secrets Engine - Configure Lease
<vault:configure-lease-aws-secrets-engine>
Configures lease settings for the AWS secret backend. It is optional, as there are default values for lease and lease_max.
.Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
lease |
Specifies the lease value provided as a string duration with time suffix. "h" (hour) is the largest suffix. |
x |
||
leaseMax |
Specifies the maximum lease value provided as a string duration with time suffix. "h" (hour) is the largest suffix. |
x |
Identity Secrets Engine - Group - Read Group by ID
<vault:read-group-by-id>
Reads group by its identifier.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the id |
x |
Identity Secrets Engine - Group - Update Group by ID
<vault:update-group-by-id>
Updates a group by its identifier.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the id |
x |
||
data |
the data |
#[payload] |
|
AWS Secrets Engine - Read Lease
<vault:read-lease-aws-secrets-engine>
Returns the current lease settings for the AWS secret backend.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
Identity Secrets Engine - Group - Delete Group by ID
<vault:delete-group-by-id>
Deletes a group by its identifier.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the id |
x |
Identity Secrets Engine - Group - List Group by ID
<vault:list-groups-by-id>
Returns a list of groups by their identifier.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
AWS Secrets Engine - Create/Update Role with Policy attributes
<vault:create-update-role-policy-aws-secrets-engine>
Creates or updates the role with the given name. If a role with the name does not exist, it will be created. If the role exists, it will be updated with the new attributes.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
Specifies the name of the role to create. This is part of the request URL. |
x |
||
policy |
(required unless arn provided) Specifies the IAM policy in JSON format. |
x |
Identity Secrets Engine - Group Alias - Create a Group Alias
<vault:create-group-alias>
Creates a new group alias.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
data |
the alias parameter |
#[payload] |
|
AWS Secrets Engine - Read Role
<vault:read-role-aws-secrets-engine>
Queries an existing role by the given name. If the role does not exist, a 404 is returned.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
Specifies the name of the role to read. This is part of the request URL. |
x |
Identity Secrets Engine - Group Alias - Read Group Alias by ID
<vault:read-group-alias-by-id>
Reads a group alias by its identifier.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the identifier |
x |
Identity Secrets Engine - Group Alias - Delete Group Alias by ID
<vault:delete-group-alias-by-id>
Deletes group alias by its identifier.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
id |
the identifier |
x |
AWS Secrets Engine - List of Roles
<vault:get-roles-aws-secrets-engine>
Lists all existing roles in the backend.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
Identity Secrets Engine - Group Alias - List Group Alias by ID
<vault:list-group-aliases-by-id>
Returns a List of group aliases by their identifiers.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
Identity Secrets Engine - Lookup a Entity
<vault:lookup-entity>
Lookup entity queries the entity based on the given criteria. The criteria can be name, id, alias_id, or a combination of alias_name and alias_mount_accessor.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
criteria |
the criteria to filter with |
x |
||
value |
the value for the criteria to filter. |
x |
AWS Secrets Engine - Delete Role
<vault:delete-role-aws-secrets-engine>
Deletes an existing role by the given name. If the role does not exist, a 404 is returned.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
Specifies the name of the role to delete. This is part of the request URL. |
x |
Identity Secrets Engine - Lookup a Group
<vault:lookup-group>
Lookup group queries the group based on the given criteria. The criteria can be name, id, alias_id, or a combination of alias_name and alias_mount_accessor.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
criteria |
the criteria to look up for a group. |
x |
||
value |
for the criteria. |
x |
AWS Secrets Engine - Generate Role IAM Credentials
<vault:generate-role-iam-credentials-aws-secrets-engine>
This method generates dynamic IAM credentials based on the named role. This role must be created before queried.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
the role name |
x |
AWS Secrets Engine - Generate Role IAM Credentials with STS
<vault:generate-role-iam-credentials-sts-aws-secrets-engine>
This method generates a dynamic IAM credential with an STS token based on the named role.
Attributes
| Name | Java Type | Description | Default Value | Required |
|---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
roleName |
Specifies the name of the role against which to create this STS credential. |
x |
||
ttl |
Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. AWS documentation excerpt: The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour. |
3600s |
|