Parameter |
Choices/Defaults |
Comments |
authtype
-
|
Choices:
- token
- userpass
- github
- ldap
- approle
Default:
"token or environment variable `VAULT_AUTHTYPE`"
|
authentication type
|
aws_header
-
|
Default:
"to environment variable `VAULT_AWS_HEADER`"
|
X-Vault-AWS-IAM-Server-ID Header value to prevent replay attacks.
|
ca_cert
-
|
Default:
"to environment variable `VAULT_CACERT`"
|
Path to a PEM-encoded CA cert file to use to verify the Vault server TLS certificate
|
ca_path
-
|
Default:
"to environment variable `VAULT_CAPATH`"
|
Path to a directory of PEM-encoded CA cert files to verify the Vault server TLS certificate. If ca_cert is specified, its value will take precedence
|
client_cert
-
|
Default:
"to environment variable `VAULT_CLIENT_CERT`"
|
Path to a PEM-encoded client certificate for TLS authentication to the Vault server
|
client_key
-
|
Default:
"to environment variable `VAULT_CLIENT_KEY`"
|
Path to an unencrypted PEM-encoded private key matching the client certificate
|
common_name
-
|
|
Specifies the requested CN for the certificate. If the CN is allowed by role policy, it will be issued.
|
csr
-
|
|
Specifies the PEM-encoded CSR.
|
extra_params
dictionary
|
|
Extra parameters depending on the type.
|
login_mount_point
-
|
Default:
"value of authtype or environment varialbe `VAULT_LOGIN_MOUNT_POINT`"
|
authentication mount point
|
mount_point
-
|
Default:
"pki"
|
location where secrets engine is mounted. also known as path
|
namespace
-
|
Default:
"to environment variable VAULT_NAMESPACE"
|
namespace for vault
|
password
-
|
Default:
"to environment variable `VAULT_PASSWORD`"
|
password to login to vault.
|
role
-
|
|
Specifies the name of the role to create.
For *verbatim* type if set, the following parameters from the role will have effect: `ttl`, `max_ttl`, `generate_lease`, and `no_store`.
|
token
-
|
Default:
"to environment variable `VAULT_TOKEN`"
|
token for vault
|
type
string
|
Choices:
certificate ←
- intermediate
- verbatim
|
Sign a new certificate with `certificate` based upon the provided CSR and the supplied parameters, subject to the restrictions contained in the role named in the endpoint. The issuing CA certificate is returned as well, so that only the root CA need be in a client's trust store.
Use `intermediate` to configure CA certificate to issue a certificate with appropriate values for acting as an intermediate CA. Distribution points use the values set via config/urls. Values set in the CSR are ignored unless use_csr_values is set to true, in which case the values from the CSR are used verbatim.
Use `verbatim` to sign a new certificate based upon the provided CSR. Values are taken verbatim from the CSR; the only restriction is that this endpoint will refuse to issue an intermediate CA certificate (use `intermediate` type for that functionality.)
|
url
-
|
Default:
"to environment variable `VAULT_ADDR`"
|
url for vault
|
username
-
|
Default:
"to environment variable `VAULT_USER`"
|
username to login to vault.
|
verify
-
|
Default:
"to environment variable `VAULT_SKIP_VERIFY`"
|
If set, do not verify presented TLS certificate before communicating with Vault server. Setting this variable is not recommended except during testing
|