GoogleSecretManagerSecretStoreProvider
Realm Operations
Resource path:
/realm-config/secrets/stores/GoogleSecretManagerSecretStoreProvider
Resource version: 1.0
create
Usage
am> create GoogleSecretManagerSecretStoreProvider --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "secretFormat" : { "title" : "Secret Format", "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li> <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "expiryDurationSeconds" : { "title" : "Expiry Time (seconds)", "description" : "Maximum time that AM should cache secret values before refreshing them from Google SecretManager. A longer duration may be more efficient but may take longer for new secret versions to be picked up. Thistypically only affects operations that use the \"active\" (latest) version of a secret. Operations that use previousversions of a secret will always query Secret Manager to ensure timely revocation.", "propertyOrder" : 400, "required" : true, "type" : "integer", "exampleValue" : "" }, "project" : { "title" : "Project", "description" : "The GCP project that contains the Secret Manager instance to use.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "serviceAccount" : { "title" : "GCP Service Account ID", "description" : "The ID of the GCP service account to use when connecting to Secret Manager.<br><br>GCP service accounts can be configured in the global Google Service Account service. The service account must be enabled for this realm otherwise the secret store will fail to load.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" } } }
delete
Usage
am> delete GoogleSecretManagerSecretStoreProvider --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action GoogleSecretManagerSecretStoreProvider --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action GoogleSecretManagerSecretStoreProvider --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action GoogleSecretManagerSecretStoreProvider --realm Realm --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true
filter.
Usage
am> query GoogleSecretManagerSecretStoreProvider --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read GoogleSecretManagerSecretStoreProvider --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update GoogleSecretManagerSecretStoreProvider --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "secretFormat" : { "title" : "Secret Format", "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li> <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "expiryDurationSeconds" : { "title" : "Expiry Time (seconds)", "description" : "Maximum time that AM should cache secret values before refreshing them from Google SecretManager. A longer duration may be more efficient but may take longer for new secret versions to be picked up. Thistypically only affects operations that use the \"active\" (latest) version of a secret. Operations that use previousversions of a secret will always query Secret Manager to ensure timely revocation.", "propertyOrder" : 400, "required" : true, "type" : "integer", "exampleValue" : "" }, "project" : { "title" : "Project", "description" : "The GCP project that contains the Secret Manager instance to use.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" }, "serviceAccount" : { "title" : "GCP Service Account ID", "description" : "The ID of the GCP service account to use when connecting to Secret Manager.<br><br>GCP service accounts can be configured in the global Google Service Account service. The service account must be enabled for this realm otherwise the secret store will fail to load.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" } } }
Global Operations
Resource path:
/global-config/secrets/stores/GoogleSecretManagerSecretStoreProvider
Resource version: 1.0
create
Usage
am> create GoogleSecretManagerSecretStoreProvider --global --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "secretFormat" : { "title" : "Secret Format", "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li> <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "serviceAccount" : { "title" : "GCP Service Account ID", "description" : "The ID of the GCP service account to use when connecting to Secret Manager.<br><br>GCP service accounts can be configured in the global Google Service Account service. The service account must be enabled for this realm otherwise the secret store will fail to load.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "expiryDurationSeconds" : { "title" : "Expiry Time (seconds)", "description" : "Maximum time that AM should cache secret values before refreshing them from Google SecretManager. A longer duration may be more efficient but may take longer for new secret versions to be picked up. Thistypically only affects operations that use the \"active\" (latest) version of a secret. Operations that use previousversions of a secret will always query Secret Manager to ensure timely revocation.", "propertyOrder" : 400, "required" : true, "type" : "integer", "exampleValue" : "" }, "project" : { "title" : "Project", "description" : "The GCP project that contains the Secret Manager instance to use.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" } } }
delete
Usage
am> delete GoogleSecretManagerSecretStoreProvider --global --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action GoogleSecretManagerSecretStoreProvider --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action GoogleSecretManagerSecretStoreProvider --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action GoogleSecretManagerSecretStoreProvider --global --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true
filter.
Usage
am> query GoogleSecretManagerSecretStoreProvider --global --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read GoogleSecretManagerSecretStoreProvider --global --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update GoogleSecretManagerSecretStoreProvider --global --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "secretFormat" : { "title" : "Secret Format", "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li> <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>", "propertyOrder" : 300, "required" : true, "type" : "string", "exampleValue" : "" }, "serviceAccount" : { "title" : "GCP Service Account ID", "description" : "The ID of the GCP service account to use when connecting to Secret Manager.<br><br>GCP service accounts can be configured in the global Google Service Account service. The service account must be enabled for this realm otherwise the secret store will fail to load.", "propertyOrder" : 200, "required" : true, "type" : "string", "exampleValue" : "" }, "expiryDurationSeconds" : { "title" : "Expiry Time (seconds)", "description" : "Maximum time that AM should cache secret values before refreshing them from Google SecretManager. A longer duration may be more efficient but may take longer for new secret versions to be picked up. Thistypically only affects operations that use the \"active\" (latest) version of a secret. Operations that use previousversions of a secret will always query Secret Manager to ensure timely revocation.", "propertyOrder" : 400, "required" : true, "type" : "integer", "exampleValue" : "" }, "project" : { "title" : "Project", "description" : "The GCP project that contains the Secret Manager instance to use.", "propertyOrder" : 100, "required" : true, "type" : "string", "exampleValue" : "" } } }