• Home
• io.quarkus
• quarkus-vault
• 1.13.0.Final
• source code
• VaultBootstrapConfig.jdp

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.quarkus.vault.runtime.config.VaultBootstrapConfig.jdp Maven / Gradle / Ivy

#
#Wed Mar 24 14:03:01 CET 2021
io.quarkus.vault.runtime.config.VaultBootstrapConfig.tls=TLS
io.quarkus.vault.runtime.config.VaultBootstrapConfig.connectTimeout=Timeout to establish a connection with Vault.
io.quarkus.vault.runtime.config.VaultBootstrapConfig.configOrdinal=Microprofile Config ordinal.\n
\nThis is provided as an alternative to the `config_ordinal` property defined by the specification, to\nmake it easier and more natural for applications to override the default ordinal.\n
\nThe default value is higher than the file system or jar ordinals, but lower than env vars.
io.quarkus.vault.runtime.config.VaultBootstrapConfig.enterprise=Vault Enterprise
io.quarkus.vault.runtime.config.VaultBootstrapConfig.readTimeout=Request timeout on Vault.
io.quarkus.vault.runtime.config.VaultBootstrapConfig.kvSecretEngineMountPath=KV secret engine path.\n
\nThis value is used when building the url path in the KV secret engine programmatic access\n(i.e. `VaultKVSecretEngine`) and the vault config source (i.e. fetching configuration properties from Vault).\n
\nFor a v2 KV secret engine (default - see `kv-secret-engine-version property`)\nthe full url is built from the expression `/v1//data/...`.\n
\nWith property `quarkus.vault.url\=https\://localhost\:8200`, the following call\n`vaultKVSecretEngine.readSecret("foo/bar")` would lead eventually to a `GET` on Vault with the following\nurl\: `https\://localhost\:8200/v1/secret/data/foo/bar`.\n
\nWith a KV secret engine v1, the url changes to\: `/v1//...`.\n
\nThe same logic is applied to the Vault config source. With `quarkus.vault.secret-config-kv-path\=config/myapp`\nThe secret properties would be fetched from Vault using a `GET` on\n`https\://localhost\:8200/v1/secret/data/config/myapp` for a KV secret engine v2 (or\n`https\://localhost\:8200/v1/secret/config/myapp` for a KV secret engine v1).\n
\nsee https\://www.vaultproject.io/docs/secrets/kv/index.html\n\n@asciidoclet
io.quarkus.vault.runtime.config.VaultBootstrapConfig.secretConfigKvPathPrefix=KV store paths configuration.
io.quarkus.vault.runtime.config.VaultBootstrapConfig.transit=Transit Engine
io.quarkus.vault.runtime.config.VaultBootstrapConfig.logConfidentialityLevel=Used to hide confidential infos, for logging in particular.\nPossible values are\:\n
\n* low\: display all secrets.\n* medium\: display only usernames and lease ids (ie\: passwords and tokens are masked).\n* high\: hide lease ids and dynamic credentials username.\n\n@asciidoclet
io.quarkus.vault.runtime.config.VaultBootstrapConfig.renewGracePeriod=Renew grace period duration.\n
\nThis value if used to extend a lease before it expires its ttl, or recreate a new lease before the current\nlease reaches its max_ttl.\nBy default Vault leaseDuration is equal to 7 days (ie\: 168h or 604800s).\nIf a connection pool maxLifetime is set, it is reasonable to set the renewGracePeriod to be greater\nthan the maxLifetime, so that we are sure we get a chance to renew leases before we reach the ttl.\nIn any case you need to make sure there will be attempts to fetch secrets within the renewGracePeriod,\nbecause that is when the renewals will happen. This is particularly important for db dynamic secrets\nbecause if the lease reaches its ttl or max_ttl, the password of the db user will become invalid and\nit will be not longer possible to log in.\nThis value should also be smaller than the ttl, otherwise that would mean that we would try to recreate\nleases all the time.\n\n@asciidoclet
io.quarkus.vault.runtime.config.VaultBootstrapConfig.credentialsProvider=List of named credentials providers, such as\: `quarkus.vault.credentials-provider.foo.kv-path\=mypath`\n
\nThis defines a credentials provider `foo` returning key `password` from vault path `mypath`.\nOnce defined, this provider can be used in credentials consumers, such as the Agroal connection pool.\n
\nExample\: `quarkus.datasource.credentials-provider\=foo`\n\n@asciidoclet
io.quarkus.vault.runtime.config.VaultBootstrapConfig.url=Vault server url.\n
\nExample\: https\://localhost\:8200\n
\nSee also the documentation for the `kv-secret-engine-mount-path` property for some insights on how\nthe full Vault url gets built.\n\n@asciidoclet
io.quarkus.vault.runtime.config.VaultBootstrapConfig.secretConfigKvPath=List of comma separated vault paths in kv store,\nwhere all properties will be available as MP config properties **as-is**, with no prefix.\n
\nFor instance, if vault contains property `foo`, it will be made available to the\nquarkus application as `@ConfigProperty(name \= "foo") String foo;`\n
\nIf 2 paths contain the same property, the last path will win.\n
\nFor instance if\n
\n* `secret/base-config` contains `foo\=bar` and\n* `secret/myapp/config` contains `foo\=myappbar`, then\n
\n`@ConfigProperty(name \= "foo") String foo` will have value `myappbar`\nwith application properties `quarkus.vault.secret-config-kv-path\=base-config,myapp/config`\n
\nSee also the documentation for the `kv-secret-engine-mount-path` property for some insights on how\nthe full Vault url gets built.\n\n@asciidoclet
io.quarkus.vault.runtime.config.VaultBootstrapConfig.secretConfigCachePeriod=Vault config source cache period.\n
\nProperties fetched from vault as MP config will be kept in a cache, and will not be fetched from vault\nagain until the expiration of that period.\nThis property is ignored if `secret-config-kv-path` is not set.\n\n@asciidoclet
io.quarkus.vault.runtime.config.VaultBootstrapConfig.authentication=Authentication
io.quarkus.vault.runtime.config.VaultBootstrapConfig.kvSecretEngineVersion=Kv secret engine version.\n
\nsee https\://www.vaultproject.io/docs/secrets/kv/index.html\n\n@asciidoclet