package models
- Alphabetic
- Public
- Protected
Type Members
- trait AuthMethod extends Mount
- case class BackupKeys(nonce: String, keys: Map[String, String]) extends Product with Serializable
- case class HealthStatus(initialized: Boolean, sealed: Boolean, standby: Boolean, performanceStandby: Boolean, replicationPerformanceMode: String, replicationDrMode: String, serverTimeUtc: Int, version: String, clusterName: String, clusterId: String) extends Product with Serializable
- initialized
Whether the Vault server is Initialized.
- standby
Whether the Vault server is in Standby mode.
- replicationPerformanceMode
Verbose description of DR mode
- replicationDrMode
Verbose description of DR mode
- serverTimeUtc
Server time in Unix seconds, UTC
- version
Server Vault version
- clusterName
Server cluster name
- clusterId
Server cluster UUID
- case class InitOptions(secretShares: Int = 5, secretThreshold: Int = 3, pgpKeys: Option[Array[String]] = None, rootTokenPgpKey: Option[String] = None, recoveryShares: Option[Int] = None, recoveryThreshold: Option[Int] = None, recoveryPgpKeys: Option[Array[String]] = None, storedShares: Option[Int] = None) extends Product with Serializable
- secretShares
Specifies the number of shares to split the master key into.
- secretThreshold
Specifies the number of shares required to reconstruct the master key. This must be less than or equal secretShares. If using Vault HSM with auto-unsealing, this value must be the same as secretShares.
- pgpKeys
Specifies an array of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as secretShares.
- rootTokenPgpKey
Specifies a PGP public key used to encrypt the initial root token. The key must be base64-encoded from its original binary representation.
- recoveryShares
Specifies the number of shares to split the recovery key into.
- recoveryThreshold
Specifies the number of shares required to reconstruct the recovery key. This must be less than or equal to recoveryShares.
- recoveryPgpKeys
Specifies an array of PGP public keys used to encrypt the output recovery keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as recoveryShares.
- storedShares
Specifies the number of shares that should be encrypted by the HSM and stored for auto-unsealing. Currently must be the same as secretShares.
- case class InitResult(keys: Array[String], keysBase64: Array[String], rootToken: String) extends Product with Serializable
- case class KeyStatus(term: Int, installTime: OffsetDateTime) extends Product with Serializable
Information about the current encryption key of Vault.
Information about the current encryption key of Vault.
- term
the sequential key number
- installTime
the time that encryption key was installed
- case class LeaderStatus(haEnabled: Boolean, isSelf: Boolean, leaderAddress: Uri, leaderClusterAddress: Uri, performanceStandby: Boolean, performanceStandbyLastRemoteWal: Int) extends Product with Serializable
- case class Lease(id: String, issueTime: OffsetDateTime, expireTime: Option[OffsetDateTime], lastRenewal: Option[OffsetDateTime], renewable: Boolean, ttl: Duration = Duration.Undefined) extends Product with Serializable
- case class LeaseRenew(leaseId: String, renewable: Boolean, leaseDuration: Duration) extends Product with Serializable
- trait Mount extends AnyRef
- case class Mounted(accessor: String, uuid: UUID, type: String, description: String, config: TuneOptions, options: Map[String, String] = Map.empty, local: Boolean = false, sealWrap: Boolean = false, externalEntropyAccess: Boolean = false) extends Mount with Product with Serializable
Represents a mounted mount.
Represents a mounted mount.
- accessor
the mount point accessor.
- uuid
the uuid of the mount.
- description
human-friendly description of this mount.
- config
configuration options for this mount.
- options
mount type specific options.
- local
whether this is a local mount only. Local mounts are not replicated nor (if a secondary) removed by replication.
- sealWrap
whether this mount seal wraps causing values.
- externalEntropyAccess
whether the mount has access to Vault's external entropy source.
- case class Plugin(name: String, sha256: String, command: String, builtin: Boolean = false, args: Array[String] = Array.empty, env: Array[String] = Array.empty) extends Product with Serializable
- name
the name is what is used to look up plugins in the catalog.
- sha256
the SHA256 sum of the plugin's binary. Before a plugin is run it's SHA will be checked against this value, if they do not match the plugin can not be run.
- command
the command used to execute the plugin. This is relative to the plugin directory. e.g. "myplugin".
- args
the arguments used to execute the plugin. If the arguments are provided here, the command parameter should only contain the named program. e.g. "--my_flag=1".
- env
the environment variables used during the execution of the plugin. Each entry is of the form "key=value". e.g "FOO=BAR".
- case class Policy(rules: String) extends Product with Serializable
- case class RekeyProgress(started: Boolean, nonce: String, progress: Int, required: Int, complete: Boolean, encodedToken: String, encodedRootToken: String, pgpFingerprint: String, otp: String, otpLength: Int, verificationRequired: Boolean) extends Product with Serializable
- case class RekeyVerificationProgress(nonce: String, t: Int, n: Int, progress: Int) extends Product with Serializable
- nonce
the nonce for the current rekey operation.
- t
is the threshold required for the new shares to pass verification
- n
the total number of new shares that were generated
- progress
is how many of the new unseal keys have been provided for this verification operation
- case class RootGenerationProgress(started: Boolean, nonce: String, progress: Int, required: Int, complete: Boolean, encodedToken: String, encodedRootToken: String, pgpFingerprint: String, otp: String, otpLength: Int) extends Product with Serializable
- started
whether a root generation attempt has been started.
- nonce
the nonce for the current attempt.
- progress
how many unseal keys have been provided for this generation attempt.
- required
how many unseal keys must be provided to complete the generation attempt.
- complete
whether the attempt is complete.
- encodedToken
the encoded token. The token will either be encrypted using PGP or XOR'd using the OTP.
- encodedRootToken
the encoded root token. The token will either be encrypted using PGP or XOR'd using the OTP.
- pgpFingerprint
the PGP fingerprint used to encrypt the final root token. This will be an empty string unless a PGP key is being used to encrypt the final root token.
- otp
the one-time-password (OTP) being used to encode the final root token. The OTP is a base64 string, with length of
otpLength
. The raw bytes (char codes) of the token will be XOR'd with this value before being returned as a response to the final unseal key, encoded as base64. This field will only be returned once, on the response to the start request.- otpLength
the size of the OTP.
- case class SealStatus(type: String, sealed: Boolean, secretThreshold: Int, secretShares: Int, progress: Int, version: String, nonce: String, clusterName: Option[String], clusterId: Option[String]) extends Product with Serializable
- trait SecretEngine extends Mount
- case class TuneOptions(defaultLeaseTtl: Duration, maxLeaseTtl: Duration = Duration.Zero, forceNoCache: Boolean = false, tokenType: Option[TokenType] = None, listingVisibility: Option[String] = None, auditNonHmacRequestKeys: Option[List[String]] = None, auditNonHmacResponseKeys: Option[List[String]] = None, allowedResponseHeaders: Option[List[String]] = None, passthroughRequestHeaders: Option[List[String]] = None) extends Product with Serializable
- defaultLeaseTtl
The default lease duration, specified as a string duration like "5s" or "30m".
- maxLeaseTtl
The maximum lease duration, specified as a string duration like "5s" or "30m".
- forceNoCache
Disable caching.
- tokenType
the type of tokens that should be returned by the mount. Only usable for Auth Methods.
- listingVisibility
Specifies whether to show this mount in the UI-specific listing endpoint.
- auditNonHmacRequestKeys
list of keys that will not be HMAC'd by audit devices in the request data object.
- auditNonHmacResponseKeys
list of keys that will not be HMAC'd by audit devices in the response data object.
- allowedResponseHeaders
list of headers to whitelist, allowing a plugin to include them in the response.
- passthroughRequestHeaders
list of headers to whitelist and pass from the request to the plugin.
- case class UnsealOptions(key: String, reset: Option[Boolean] = None, migrate: Option[Boolean] = None) extends Product with Serializable
Value Members
- object AuthMethod
- object BackupKeys extends Serializable
- object HealthStatus extends Serializable
- object InitOptions extends Serializable
- object InitResult extends Serializable
- object KeyStatus extends Serializable
- object LeaderStatus extends Serializable
- object Lease extends Serializable
- object LeaseRenew extends Serializable
- object Mount
- object Mounted extends Serializable
- object Plugin extends Serializable
- object Policy extends Serializable
- object RekeyProgress extends Serializable
- object RekeyVerificationProgress extends Serializable
- object RootGenerationProgress extends Serializable
- object SealStatus extends Serializable
- object SecretEngine
- object TuneOptions extends Serializable
- object UnsealOptions extends Serializable