| access_token_manager_id |
str |
|
[optional] |
| acl_rules |
list[str] |
|
[optional] |
| active |
bool |
|
[optional] |
| admin_name |
str |
|
[optional] |
| admin_pwd |
str |
|
[optional] |
| admin_rotation_interval_days |
int |
|
[optional] |
| administrative_port |
str |
|
[optional] |
| artifactory_admin_apikey |
str |
|
[optional] |
| artifactory_admin_username |
str |
|
[optional] |
| artifactory_base_url |
str |
|
[optional] |
| artifactory_token_audience |
str |
|
[optional] |
| artifactory_token_scope |
str |
|
[optional] |
| authorization_port |
str |
|
[optional] |
| aws_access_key_id |
str |
|
[optional] |
| aws_access_mode |
str |
|
[optional] |
| aws_region |
str |
|
[optional] |
| aws_role_arns |
str |
|
[optional] |
| aws_secret_access_key |
str |
|
[optional] |
| aws_session_tags |
str |
|
[optional] |
| aws_session_token |
str |
|
[optional] |
| aws_transitive_tag_keys |
str |
|
[optional] |
| aws_user_console_access |
bool |
|
[optional] |
| aws_user_groups |
str |
|
[optional] |
| aws_user_policies |
str |
|
[optional] |
| aws_user_programmatic_access |
bool |
|
[optional] |
| azure_app_object_id |
str |
|
[optional] |
| azure_client_id |
str |
|
[optional] |
| azure_client_secret |
str |
|
[optional] |
| azure_fixed_user_name_sub_claim_key |
str |
|
[optional] |
| azure_fixed_user_only |
bool |
|
[optional] |
| azure_resource_group_name |
str |
|
[optional] |
| azure_resource_name |
str |
|
[optional] |
| azure_subscription_id |
str |
|
[optional] |
| azure_tenant_id |
str |
|
[optional] |
| azure_user_groups_obj_id |
str |
|
[optional] |
| azure_user_portal_access |
bool |
|
[optional] |
| azure_user_programmatic_access |
bool |
|
[optional] |
| azure_user_roles_template_id |
str |
|
[optional] |
| azure_username |
str |
|
[optional] |
| cassandra_creation_statements |
str |
|
[optional] |
| chef_organizations |
str |
|
[optional] |
| chef_server_access_mode |
str |
|
[optional] |
| chef_server_host_name |
str |
|
[optional] |
| chef_server_key |
str |
|
[optional] |
| chef_server_port |
str |
|
[optional] |
| chef_server_url |
str |
|
[optional] |
| chef_server_username |
str |
|
[optional] |
| chef_skip_ssl |
bool |
|
[optional] |
| client_authentication_type |
str |
|
[optional] |
| cloud_service_provider |
str |
|
[optional] |
| cluster_mode |
bool |
|
[optional] |
| connection_type |
str |
|
[optional] |
| create_sync_url |
str |
|
[optional] |
| db_client_id |
str |
|
[optional] |
| db_client_secret |
str |
|
[optional] |
| db_host_name |
str |
|
[optional] |
| db_isolation_level |
str |
|
[optional] |
| db_max_idle_conns |
str |
|
[optional] |
| db_max_open_conns |
str |
|
[optional] |
| db_name |
str |
|
[optional] |
| db_port |
str |
|
[optional] |
| db_private_key |
str |
(Optional) Private Key in PEM format |
[optional] |
| db_private_key_passphrase |
str |
|
[optional] |
| db_pwd |
str |
|
[optional] |
| db_server_certificates |
str |
(Optional) DBServerCertificates defines the set of root certificate authorities that clients use when verifying server certificates. If DBServerCertificates is empty, TLS uses the host's root CA set. |
[optional] |
| db_server_name |
str |
(Optional) ServerName is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address. |
[optional] |
| db_tenant_id |
str |
|
[optional] |
| db_user_name |
str |
|
[optional] |
| delete_protection |
bool |
|
[optional] |
| dynamic_secret_id |
int |
|
[optional] |
| dynamic_secret_key |
str |
|
[optional] |
| dynamic_secret_name |
str |
|
[optional] |
| dynamic_secret_type |
str |
|
[optional] |
| eks_access_key_id |
str |
|
[optional] |
| eks_assume_role |
str |
|
[optional] |
| eks_cluster_ca_certificate |
str |
|
[optional] |
| eks_cluster_endpoint |
str |
|
[optional] |
| eks_cluster_name |
str |
|
[optional] |
| eks_region |
str |
|
[optional] |
| eks_secret_access_key |
str |
|
[optional] |
| enable_admin_rotation |
bool |
|
[optional] |
| enforce_replay_prevention |
bool |
relevant for PRIVATE_KEY_JWT client authentication type |
[optional] |
| externally_provided_user |
str |
|
[optional] |
| failure_message |
str |
|
[optional] |
| fixed_user_only |
str |
|
[optional] |
| gcp_key_algo |
str |
|
[optional] |
| gcp_role_bindings |
dict(str, list[str]) |
|
[optional] |
| gcp_service_account_email |
str |
GCPServiceAccountEmail overrides the deprecated field from the target |
[optional] |
| gcp_service_account_key |
str |
|
[optional] |
| gcp_service_account_key_base64 |
str |
|
[optional] |
| gcp_service_account_key_id |
str |
|
[optional] |
| gcp_service_account_type |
str |
|
[optional] |
| gcp_tmp_service_account_name |
str |
|
[optional] |
| gcp_token_lifetime |
str |
|
[optional] |
| gcp_token_scope |
str |
|
[optional] |
| gcp_token_type |
str |
|
[optional] |
| github_app_id |
int |
|
[optional] |
| github_app_private_key |
str |
|
[optional] |
| github_base_url |
str |
|
[optional] |
| github_installation_id |
int |
|
[optional] |
| github_installation_token_permissions |
dict(str, str) |
|
[optional] |
| github_installation_token_repositories |
list[str] |
|
[optional] |
| github_installation_token_repositories_ids |
list[int] |
|
[optional] |
| github_organization_name |
str |
|
[optional] |
| github_repository_path |
str |
|
[optional] |
| gitlab_access_token |
str |
|
[optional] |
| gitlab_access_type |
str |
|
[optional] |
| gitlab_certificate |
str |
|
[optional] |
| gitlab_group_name |
str |
|
[optional] |
| gitlab_project_name |
str |
|
[optional] |
| gitlab_role |
str |
|
[optional] |
| gitlab_token_scope |
list[str] |
|
[optional] |
| gitlab_url |
str |
|
[optional] |
| gke_cluster_ca_certificate |
str |
|
[optional] |
| gke_cluster_endpoint |
str |
|
[optional] |
| gke_cluster_name |
str |
|
[optional] |
| gke_service_account_key |
str |
|
[optional] |
| gke_service_account_name |
str |
|
[optional] |
| google_workspace_access_mode |
str |
|
[optional] |
| google_workspace_admin_name |
str |
|
[optional] |
| google_workspace_group_name |
str |
|
[optional] |
| google_workspace_group_role |
str |
|
[optional] |
| google_workspace_role_name |
str |
|
[optional] |
| google_workspace_role_scope |
str |
|
[optional] |
| grant_types |
list[str] |
|
[optional] |
| groups |
str |
|
[optional] |
| hanadb_creation_statements |
str |
|
[optional] |
| hanadb_revocation_statements |
str |
|
[optional] |
| host_name |
str |
|
[optional] |
| host_port |
str |
|
[optional] |
| implementation_type |
str |
|
[optional] |
| is_fixed_user |
str |
|
[optional] |
| issuer |
str |
relevant for CLIENT_TLS_CERTIFICATE client authentication type |
[optional] |
| item_targets_assoc |
list[ItemTargetAssociation] |
|
[optional] |
| jwks |
str |
|
[optional] |
| jwks_url |
str |
|
[optional] |
| k8s_allowed_namespaces |
str |
comma-separated list of allowed namespaces. Can hold just * which signifies that any namespace is allowed |
[optional] |
| k8s_auth_type |
str |
|
[optional] |
| k8s_bearer_token |
str |
|
[optional] |
| k8s_client_cert_data |
str |
For K8s Client certificates authentication |
[optional] |
| k8s_client_key_data |
str |
|
[optional] |
| k8s_cluster_ca_certificate |
str |
|
[optional] |
| k8s_cluster_endpoint |
str |
|
[optional] |
| k8s_cluster_name |
str |
|
[optional] |
| k8s_dynamic_mode |
bool |
when native k8s is in dynamic mode, user can define allowed namespaces, K8sServiceAccount doesn't exist from the start and will only be created at time of getting dynamic secret value By default dynamic mode is false and producer behaves like it did before |
[optional] |
| k8s_multiple_doc_yaml_temp_definition |
list[int] |
Yaml definition for creation of temporary objects. Field that can hold multiple docs from which following will be extracted: ServiceAccount, Role/ClusterRole and RoleBinding/ClusterRoleBinding. If ServiceAccount not specified - it will be generated automatically |
[optional] |
| k8s_namespace |
str |
|
[optional] |
| k8s_role_name |
str |
Name of the pre-existing Role or ClusterRole to bind a generated service account to. |
[optional] |
| k8s_role_type |
str |
|
[optional] |
| k8s_service_account |
str |
|
[optional] |
| last_admin_rotation |
int |
|
[optional] |
| ldap_audience |
str |
|
[optional] |
| ldap_bind_dn |
str |
|
[optional] |
| ldap_bind_password |
str |
|
[optional] |
| ldap_certificate |
str |
|
[optional] |
| ldap_group_dn |
str |
|
[optional] |
| ldap_token_expiration |
str |
|
[optional] |
| ldap_url |
str |
|
[optional] |
| ldap_user_attr |
str |
|
[optional] |
| ldap_user_dn |
str |
|
[optional] |
| metadata |
str |
|
[optional] |
| mongodb_atlas_api_private_key |
str |
|
[optional] |
| mongodb_atlas_api_public_key |
str |
|
[optional] |
| mongodb_atlas_project_id |
str |
mongodb atlas fields |
[optional] |
| mongodb_custom_data |
str |
|
[optional] |
| mongodb_db_name |
str |
common fields |
[optional] |
| mongodb_default_auth_db |
str |
|
[optional] |
| mongodb_host_port |
str |
|
[optional] |
| mongodb_is_atlas |
bool |
|
[optional] |
| mongodb_password |
str |
|
[optional] |
| mongodb_roles |
str |
common fields |
[optional] |
| mongodb_uri_connection |
str |
mongodb fields |
[optional] |
| mongodb_uri_options |
str |
|
[optional] |
| mongodb_username |
str |
|
[optional] |
| mssql_creation_statements |
str |
|
[optional] |
| mssql_revocation_statements |
str |
|
[optional] |
| mysql_creation_statements |
str |
|
[optional] |
| mysql_revocation_statements |
str |
|
[optional] |
| oracle_creation_statements |
str |
|
[optional] |
| oracle_revocation_statements |
str |
|
[optional] |
| password |
str |
|
[optional] |
| password_length |
int |
|
[optional] |
| password_policy |
str |
|
[optional] |
| payload |
str |
|
[optional] |
| ping_url |
str |
|
[optional] |
| postgres_creation_statements |
str |
|
[optional] |
| postgres_revocation_statements |
str |
|
[optional] |
| privileged_user |
str |
|
[optional] |
| rabbitmq_server_password |
str |
|
[optional] |
| rabbitmq_server_uri |
str |
|
[optional] |
| rabbitmq_server_user |
str |
|
[optional] |
| rabbitmq_user_conf_permission |
str |
|
[optional] |
| rabbitmq_user_read_permission |
str |
|
[optional] |
| rabbitmq_user_tags |
str |
|
[optional] |
| rabbitmq_user_vhost |
str |
|
[optional] |
| rabbitmq_user_write_permission |
str |
|
[optional] |
| redirect_uris |
list[str] |
|
[optional] |
| redshift_creation_statements |
str |
|
[optional] |
| restricted_scopes |
list[str] |
|
[optional] |
| revoke_sync_url |
str |
|
[optional] |
| rotate_sync_url |
str |
|
[optional] |
| scopes |
list[str] |
|
[optional] |
| secure_remote_access_details |
SecureRemoteAccess |
|
[optional] |
| session_extension_warn_interval_min |
int |
|
[optional] |
| sf_account |
str |
|
[optional] |
| sf_user_role |
str |
generated users info |
[optional] |
| sf_warehouse_name |
str |
|
[optional] |
| should_stop |
str |
TODO delete this after migration |
[optional] |
| signing_algorithm |
str |
|
[optional] |
| ssl_connection_certificate |
str |
(Optional) SSLConnectionCertificate defines the certificate for SSL connection. Must be base64 certificate loaded by UI using file loader field |
[optional] |
| ssl_connection_mode |
bool |
(Optional) SSLConnectionMode defines if SSL mode will be used to connect to DB |
[optional] |
| subject_dn |
str |
|
[optional] |
| tags |
list[str] |
|
[optional] |
| timeout_seconds |
int |
|
[optional] |
| use_gw_cloud_identity |
bool |
|
[optional] |
| use_gw_service_account |
bool |
|
[optional] |
| user_name |
str |
|
[optional] |
| user_password |
str |
|
[optional] |
| user_principal_name |
str |
|
[optional] |
| user_ttl |
str |
|
[optional] |
| username_length |
int |
|
[optional] |
| username_policy |
str |
|
[optional] |
| venafi_allow_subdomains |
bool |
|
[optional] |
| venafi_allowed_domains |
list[str] |
|
[optional] |
| venafi_api_key |
str |
|
[optional] |
| venafi_auto_generated_folder |
str |
|
[optional] |
| venafi_base_url |
str |
|
[optional] |
| venafi_root_first_in_chain |
bool |
|
[optional] |
| venafi_sign_using_akeyless_pki |
bool |
|
[optional] |
| venafi_signer_key_name |
str |
|
[optional] |
| venafi_store_private_key |
bool |
|
[optional] |
| venafi_tpp_access_token |
str |
|
[optional] |
| venafi_tpp_client_id |
str |
|
[optional] |
| venafi_tpp_password |
str |
Deprecated: VenafiAccessToken and VenafiRefreshToken should be used instead |
[optional] |
| venafi_tpp_refresh_token |
str |
|
[optional] |
| venafi_tpp_username |
str |
Deprecated: VenafiAccessToken and VenafiRefreshToken should be used instead |
[optional] |
| venafi_use_tpp |
bool |
|
[optional] |
| venafi_zone |
str |
|
[optional] |
| warn_before_user_expiration_min |
int |
|
[optional] |