Skip to content

Latest commit

 

History

History
142 lines (90 loc) · 3.57 KB

REFERENCE.md

File metadata and controls

142 lines (90 loc) · 3.57 KB

Reference

Table of Contents

Resource types

  • credential: Manages Credential Manager credentials on Windows systems.

Functions

Resource types

credential

Manages Credential Manager credentials on Windows systems.

Properties

The following properties are available in the credential type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

username

The identity used to authenticate to the Secrets Manager instance

value

The API key matching the Secrets Manager identity

Parameters

The following parameters are available in the credential type.

provider

The specific backend to use for this credential resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

target

Secrets Manager URL

Functions

conjur::secret

Type: Ruby 4.x API

Function to retrieve a Secrets Manager secret

Examples

Agent-based identity invocation
Deferred(conjur::secret, ['production/postgres/password'])
Server-based identity invocation
$sslcert = @("EOT")
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
|-EOT

$dbpass = Deferred(conjur::secret, ['production/postgres/password', {
  appliance_url => "https://my.conjur.org",
  account => "myaccount",
  authn_login => "host/myhost",
  authn_api_key => Sensitive("2z9mndg1950gcx1mcrs6w18bwnp028dqkmc34vj8gh2p500ny1qk8n"),
  ssl_certificate => $sslcert
}])

conjur::secret(String $variable_id, Optional[Hash] $options)

Function to retrieve a Secrets Manager secret

Returns: Sensitive Value of the Secrets Manager variable.

Examples
Agent-based identity invocation
Deferred(conjur::secret, ['production/postgres/password'])
Server-based identity invocation
$sslcert = @("EOT")
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
|-EOT

$dbpass = Deferred(conjur::secret, ['production/postgres/password', {
  appliance_url => "https://my.conjur.org",
  account => "myaccount",
  authn_login => "host/myhost",
  authn_api_key => Sensitive("2z9mndg1950gcx1mcrs6w18bwnp028dqkmc34vj8gh2p500ny1qk8n"),
  ssl_certificate => $sslcert
}])
variable_id

Data type: String

Secrets Manager variable ID that you want the value of.

options

Data type: Optional[Hash]

Optional parameter specifying server identity overrides The following keys are supported in the options hash:

  • appliance_url: The URL of the Secrets Manager instance.
  • account: Name of the Secrets Manager account that contains this variable.
  • authn_login: The identity you are using to authenticate to the Secrets Manager instance.
  • authn_api_key: The API key of the identity you are using to authenticate with (must be Sensitive type).
  • cert_file: The absolute path to CA certificate chain for the Secrets Manager instance on the agent. This variable overrides ssl_certificate.
  • ssl_certificate: The raw PEM-encoded x509 CA certificate chain for the Secrets Manager instance. Overwritten by the contents read from cert_file when it is present.
  • version: Secrets Manager API version, defaults to 5.