io.quarkus.vault.runtime.config.VaultRuntimeConfig.jdp Maven / Gradle / Ivy
#
#Wed Oct 30 08:26:21 CET 2019
io.quarkus.vault.runtime.config.VaultRuntimeConfig.readTimeout=Request timeout on Vault.
io.quarkus.vault.runtime.config.VaultRuntimeConfig.url=Vault server url.\n\nExample\: https\://localhost\:8200
io.quarkus.vault.runtime.config.VaultRuntimeConfig.kvSecretEngineMountPath=Kv secret engine path.\n
\nsee https\://www.vaultproject.io/docs/secrets/kv/index.html
io.quarkus.vault.runtime.config.VaultRuntimeConfig.authentication=Authentication type when logging in to get a Vault client token.\n
\nPossible values are\:\n
\n- kubernetes\: Kubernetes authentication as defined in https\://www.vaultproject.io/api/auth/kubernetes/index.html
\n- userpass\: user/password authentication as defined in https\://www.vaultproject.io/api/auth/userpass/index.html
\n- app-role\: role/secret authentication as defined in https\://www.vaultproject.io/api/auth/approle/index.html
\n
\nThe actual type is determined automatically based on sub-properties quarkus.vault.authentication.*
io.quarkus.vault.runtime.config.VaultRuntimeConfig.logConfidentialityLevel=Used to hide confidential infos, for logging in particular.\nPossible values are\:\n\n\nlow\: display all secrets.\n
\n\nmedium\: display only usernames and lease ids (ie\: passwords and tokens are masked).\n
\n\nhigh\: hide lease ids and dynamic credentials username.\n
\n
io.quarkus.vault.runtime.config.VaultRuntimeConfig.secretConfigKvPath=Vault path in kv store, where all properties will be available as MP config.
io.quarkus.vault.runtime.config.VaultRuntimeConfig.kvSecretEngineVersion=Kv secret engine version.\n\nsee https\://www.vaultproject.io/docs/secrets/kv/index.html
io.quarkus.vault.runtime.config.VaultRuntimeConfig.credentialsProvider=List of named credentials providers, such as\: quarkus.vault.credentials-provider.foo.kv-path\=mypath\n
\nThis defines a credentials provider 'foo' returning key 'password' from vault path 'mypath'.\nOnce defined, this provider can be used in credentials consumers, such as the Agroal connection pool.\n
\nExample\: quarkus.datasource.credentials-provider\=foo
io.quarkus.vault.runtime.config.VaultRuntimeConfig.tls=Tls config
io.quarkus.vault.runtime.config.VaultRuntimeConfig.renewGracePeriod=Renew grace period duration.\n
\nThis value if used to extend a lease before it expires its ttl, or recreate a new lease before the current\nlease reaches its max_ttl.\nBy default Vault leaseDuration is equal to 7 days (ie\: 168h or 604800s).\nIf a connection pool maxLifetime is set, it is reasonable to set the renewGracePeriod to be greater\nthan the maxLifetime, so that we are sure we get a chance to renew leases before we reach the ttl.\nIn any case you need to make sure there will be attempts to fetch secrets within the renewGracePeriod,\nbecause that is when the renewals will happen. This particularly important for db dynamic secrets\nbecause if the lease reaches its ttl or max_ttl, the password of the db user will become invalid and\nit will be not longer possible to log in.\nThis value should also be smaller than the ttl, otherwise that would mean that we would try to recreate\nleases all the time.
io.quarkus.vault.runtime.config.VaultRuntimeConfig.connectTimeout=Timeout to establish a connection with Vault.
io.quarkus.vault.runtime.config.VaultRuntimeConfig.secretConfigCachePeriod=Vault config source cache period.\n
\nProperties fetched from vault as MP config will be kept in a cache, and will not be fetched from vault\nagain until the expiration of that period.\nThis property is ignored if secret-config-kv-path is not set.