-
Notifications
You must be signed in to change notification settings - Fork 3
secret manager create
Note: This feature is available in dbvr Pro only.
dbvr secret-manager create [-hV]
[--aws.region=<string> --aws.cloudId=<string>
--aws.configurationId=<string>
--aws.configurationName=<string>
[--aws.description=<string>]
|
--cyberark.baseUrl=<string> --cyberark.account=<string>
--cyberark.username=<string> --cyberark.apiKey=<string>
--cyberark.policyBranch=<string>
--cyberark.configurationId=<string>
--cyberark.configurationName=<string>
[--cyberark.trustCertificate=<true|false>]
[--cyberark.globalConfiguration=<true|false>]
[--cyberark.description=<string>]
|
--vault.vaultUrl=<string> --vault.authType=<value>
--vault.vaultJwtProviderId=<string>
--vault.token=<string> --vault.username=<string>
--vault.password=<string>
--vault.configurationId=<string>
--vault.configurationName=<string>
[--vault.vaultRoleClaim=<string>]
[--vault.globalConfiguration=<true|false>]
[--vault.description=<string>]]
Tip: You can also use global options with this command.
Create a new secret manager configuration.
Use one of three provider-specific option groups - --aws.*, --cyberark.*, or --vault.* - to define the connection.
All required options for the chosen provider must be specified.
--aws.region=<string>
AWS region where the secrets are stored.
--aws.cloudId=<string>
AWS Cloud configuration ID used for authentication. Specifies which AWS Cloud profile to use to access the secrets.
--aws.configurationId=<string>
Unique identifier for this configuration.
--aws.configurationName=<string>
Display name for this configuration.
--aws.description=<string>
Optional description.
--cyberark.baseUrl=<string>
URL of the Conjur OSS server (for example, https://conjur.example.com).
--cyberark.account=<string>
Conjur tenant or organization account name (for example, myorg).
--cyberark.username=<string>
Conjur user ID used for authentication.
--cyberark.apiKey=<string>
API key associated with the Conjur user for authn login.
--cyberark.policyBranch=<string>
Path to the policy namespace where secrets are stored (for example, dev/app).
--cyberark.configurationId=<string>
Unique identifier for this configuration.
--cyberark.configurationName=<string>
Display name for this configuration.
--cyberark.trustCertificate=<true|false>
Trust the CyberArk server's SSL certificate without manual import. Enable this if you're using a self-signed certificate or connecting to a server whose certificate isn't trusted by default.
--cyberark.globalConfiguration=<true|false>
Apply this configuration globally across all clients.
--cyberark.description=<string>
Optional description.
--vault.vaultUrl=<string>
URL of the Vault server used to retrieve secrets.
--vault.authType=<value>
Authentication type. Accepted values: OAUTH2, TOKEN, USERNAME_PASSWORD.
--vault.vaultJwtProviderId=<string>
Path where the JWT authentication method is enabled in Vault (for example, auth/jwt/). Used when
--vault.authType=OAUTH2.
--vault.token=<string>
Authentication token required to access the Vault server. Used when --vault.authType=TOKEN.
--vault.username=<string>
Username for Vault authentication. Used when --vault.authType=USERNAME_PASSWORD.
--vault.password=<string>
Password for Vault authentication. Used when --vault.authType=USERNAME_PASSWORD.
--vault.configurationId=<string>
Unique identifier for this configuration.
--vault.configurationName=<string>
Display name for this configuration.
--vault.vaultRoleClaim=<string>
The claim in the JWT token that contains the Vault role name. If not set, the default role from the Vault provider is used.
--vault.globalConfiguration=<true|false>
Apply this configuration globally across all clients.
--vault.description=<string>
Optional description.
Create an AWS Secrets Manager configuration:
dbvr secret-manager create \
--aws.region=us-east-1 \
--aws.cloudId=my-cloud-profile \
--aws.configurationId=aws-prod \
--aws.configurationName="AWS Production" \
--aws.description="Production secrets"
Create a CyberArk configuration:
dbvr secret-manager create \
--cyberark.baseUrl=https://cyberark.example.com \
--cyberark.account=myaccount \
--cyberark.username=admin \
--cyberark.apiKey=myapikey \
--cyberark.policyBranch=Root \
--cyberark.configurationId=cyberark-prod \
--cyberark.configurationName="CyberArk Production"
Create a Vault configuration using token authentication:
dbvr secret-manager create \
--vault.vaultUrl=https://vault.example.com \
--vault.authType=TOKEN \
--vault.token=s.mytoken \
--vault.vaultJwtProviderId=my-jwt-provider \
--vault.username=vaultuser \
--vault.password=vaultpass \
--vault.configurationId=vault-prod \
--vault.configurationName="Vault Production"
For a complete walkthrough - including creating a Vault secret and using it with a datasource - see Secret provider setup example.
- Getting started
- Reference
- Commands
- Connection options
- Databases support
- Administration
- About dbvr