Amster

GoogleSecretManagerSecretStoreProvider

Realm Operations

Resource path:

/realm-config/secrets/stores/GoogleSecretManagerSecretStoreProvider

Resource version: 1.0

create

Usage

am> create GoogleSecretManagerSecretStoreProvider --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "expiryDurationSeconds" : {
      "title" : "Expiry Time (seconds)",
      "description" : "Maximum time that AM should cache secret values before refreshing them from Google SecretManager. A longer duration may be more efficient but may take longer for new secret versions to be picked up. Thistypically only affects operations that use the \"active\" (latest) version of a secret. Operations that use previousversions of a secret will always query Secret Manager to ensure timely revocation.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "integer",
      "exampleValue" : ""
    },
    "secretFormat" : {
      "title" : "Secret Format",
      "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li>  <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "project" : {
      "title" : "Project",
      "description" : "The GCP project that contains the Secret Manager instance to use.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "serviceAccount" : {
      "title" : "GCP Service Account ID",
      "description" : "The ID of the GCP service account to use when connecting to Secret Manager.<br><br>GCP service accounts can be configured in the global Google Service Account service. The service account must be enabled for this realm otherwise the secret store will fail to load.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete GoogleSecretManagerSecretStoreProvider --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action GoogleSecretManagerSecretStoreProvider --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action GoogleSecretManagerSecretStoreProvider --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action GoogleSecretManagerSecretStoreProvider --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query GoogleSecretManagerSecretStoreProvider --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read GoogleSecretManagerSecretStoreProvider --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update GoogleSecretManagerSecretStoreProvider --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "expiryDurationSeconds" : {
      "title" : "Expiry Time (seconds)",
      "description" : "Maximum time that AM should cache secret values before refreshing them from Google SecretManager. A longer duration may be more efficient but may take longer for new secret versions to be picked up. Thistypically only affects operations that use the \"active\" (latest) version of a secret. Operations that use previousversions of a secret will always query Secret Manager to ensure timely revocation.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "integer",
      "exampleValue" : ""
    },
    "secretFormat" : {
      "title" : "Secret Format",
      "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li>  <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "project" : {
      "title" : "Project",
      "description" : "The GCP project that contains the Secret Manager instance to use.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "serviceAccount" : {
      "title" : "GCP Service Account ID",
      "description" : "The ID of the GCP service account to use when connecting to Secret Manager.<br><br>GCP service accounts can be configured in the global Google Service Account service. The service account must be enabled for this realm otherwise the secret store will fail to load.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

Global Operations

Resource path:

/global-config/secrets/stores/GoogleSecretManagerSecretStoreProvider

Resource version: 1.0

create

Usage

am> create GoogleSecretManagerSecretStoreProvider --global --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "secretFormat" : {
      "title" : "Secret Format",
      "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li>  <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "expiryDurationSeconds" : {
      "title" : "Expiry Time (seconds)",
      "description" : "Maximum time that AM should cache secret values before refreshing them from Google SecretManager. A longer duration may be more efficient but may take longer for new secret versions to be picked up. Thistypically only affects operations that use the \"active\" (latest) version of a secret. Operations that use previousversions of a secret will always query Secret Manager to ensure timely revocation.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "integer",
      "exampleValue" : ""
    },
    "project" : {
      "title" : "Project",
      "description" : "The GCP project that contains the Secret Manager instance to use.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "serviceAccount" : {
      "title" : "GCP Service Account ID",
      "description" : "The ID of the GCP service account to use when connecting to Secret Manager.<br><br>GCP service accounts can be configured in the global Google Service Account service. The service account must be enabled for this realm otherwise the secret store will fail to load.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete GoogleSecretManagerSecretStoreProvider --global --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action GoogleSecretManagerSecretStoreProvider --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action GoogleSecretManagerSecretStoreProvider --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action GoogleSecretManagerSecretStoreProvider --global --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query GoogleSecretManagerSecretStoreProvider --global --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read GoogleSecretManagerSecretStoreProvider --global --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update GoogleSecretManagerSecretStoreProvider --global --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "secretFormat" : {
      "title" : "Secret Format",
      "description" : "Indicates what format is used to store the secrets in the files. The available options are: <ul> <li>Plain text: the secrets are stored as UTF-8 encoded text.</li> <li>Base64 encoded: the secrets are stored as Base64 encoded binary values.</li> <li>Encrypted text: the plain text secrets are encrypted using AM's encryption key.</li> <li>Encrypted Base64 encoded: the Base64 encoded binary values are encrypted using AM's encryption key.</li>  <li>Encrypted with Google KMS: the secrets are encrypted using Google's Key Management Service.</li> <li>PEM encoded certificate or key: the secrets are certificates, keys, or passwords, in Privacy Enhanced Mail (PEM) format, such as those produced by OpenSSL and other common tools.</li> <li>Encrypted PEM: PEM-encoded objects that are encrypted with AM's server key.</li><li>Google KMS-encrypted PEM: PEM-encoded objects that are encrypted with Google KMS.</li></ul><p>The following formats are also supported but are discouraged (use the PEM variants instead): <ul><li>Encrypted HMAC key: the Base64 encoded binary representation of the HMAC key is encrypted using AM's encryption key. Use this format when working with non generic secrets.</li> <li>Base64 encoded HMAC key: the secrets are binary HMAC keys encoded with Base64.</li> <li>Google KMS-encrypted HMAC key: the secrets are binary HMAC keys that have been encrypted with Google's Key Management Service (KMS).</li> </ul>",
      "propertyOrder" : 300,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "expiryDurationSeconds" : {
      "title" : "Expiry Time (seconds)",
      "description" : "Maximum time that AM should cache secret values before refreshing them from Google SecretManager. A longer duration may be more efficient but may take longer for new secret versions to be picked up. Thistypically only affects operations that use the \"active\" (latest) version of a secret. Operations that use previousversions of a secret will always query Secret Manager to ensure timely revocation.",
      "propertyOrder" : 400,
      "required" : true,
      "type" : "integer",
      "exampleValue" : ""
    },
    "project" : {
      "title" : "Project",
      "description" : "The GCP project that contains the Secret Manager instance to use.",
      "propertyOrder" : 100,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    },
    "serviceAccount" : {
      "title" : "GCP Service Account ID",
      "description" : "The ID of the GCP service account to use when connecting to Secret Manager.<br><br>GCP service accounts can be configured in the global Google Service Account service. The service account must be enabled for this realm otherwise the secret store will fail to load.",
      "propertyOrder" : 200,
      "required" : true,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}