@ibm-cloud/secrets-manager 1.0.31 → 1.0.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +7 -7
- package/secrets-manager/v1.d.ts +1260 -76
- package/secrets-manager/v1.js +188 -39
- package/secrets-manager/v1.js.map +1 -1
package/secrets-manager/v1.d.ts
CHANGED
|
@@ -25,7 +25,6 @@ import { BaseService, UserOptions } from 'ibm-cloud-sdk-core';
|
|
|
25
25
|
* See: https://cloud.ibm.com/docs/secrets-manager
|
|
26
26
|
*/
|
|
27
27
|
declare class SecretsManagerV1 extends BaseService {
|
|
28
|
-
static DEFAULT_SERVICE_URL: string;
|
|
29
28
|
static DEFAULT_SERVICE_NAME: string;
|
|
30
29
|
/*************************
|
|
31
30
|
* Factory method
|
|
@@ -57,7 +56,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
57
56
|
/**
|
|
58
57
|
* Create a secret group.
|
|
59
58
|
*
|
|
60
|
-
*
|
|
59
|
+
* Create a secret group that you can use to organize secrets and control who on your team has access to them.
|
|
61
60
|
*
|
|
62
61
|
* A successful request returns the ID value of the secret group, along with other metadata. To learn more about
|
|
63
62
|
* secret groups, check out the
|
|
@@ -73,7 +72,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
73
72
|
/**
|
|
74
73
|
* List secret groups.
|
|
75
74
|
*
|
|
76
|
-
*
|
|
75
|
+
* List the secret groups that are available in your Secrets Manager instance.
|
|
77
76
|
*
|
|
78
77
|
* @param {Object} [params] - The parameters to send to the service.
|
|
79
78
|
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
|
|
@@ -83,7 +82,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
83
82
|
/**
|
|
84
83
|
* Get a secret group.
|
|
85
84
|
*
|
|
86
|
-
*
|
|
85
|
+
* Get the metadata of an existing secret group by specifying the ID of the group.
|
|
87
86
|
*
|
|
88
87
|
* @param {Object} params - The parameters to send to the service.
|
|
89
88
|
* @param {string} params.id - The v4 UUID that uniquely identifies the secret group.
|
|
@@ -94,7 +93,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
94
93
|
/**
|
|
95
94
|
* Update a secret group.
|
|
96
95
|
*
|
|
97
|
-
*
|
|
96
|
+
* Update the metadata of an existing secret group, such as its name or description.
|
|
98
97
|
*
|
|
99
98
|
* @param {Object} params - The parameters to send to the service.
|
|
100
99
|
* @param {string} params.id - The v4 UUID that uniquely identifies the secret group.
|
|
@@ -107,7 +106,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
107
106
|
/**
|
|
108
107
|
* Delete a secret group.
|
|
109
108
|
*
|
|
110
|
-
*
|
|
109
|
+
* Delete a secret group by specifying the ID of the secret group.
|
|
111
110
|
*
|
|
112
111
|
* **Note:** To delete a secret group, it must be empty. If you need to remove a secret group that contains secrets,
|
|
113
112
|
* you must first [delete the secrets](#delete-secret) that are associated with the group.
|
|
@@ -145,7 +144,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
145
144
|
/**
|
|
146
145
|
* List secrets by type.
|
|
147
146
|
*
|
|
148
|
-
*
|
|
147
|
+
* List the secrets in your Secrets Manager instance based on the type that you specify.
|
|
149
148
|
*
|
|
150
149
|
* @param {Object} params - The parameters to send to the service.
|
|
151
150
|
* @param {string} params.secretType - The secret type.
|
|
@@ -167,7 +166,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
167
166
|
/**
|
|
168
167
|
* List all secrets.
|
|
169
168
|
*
|
|
170
|
-
*
|
|
169
|
+
* List all of the secrets in your Secrets Manager instance.
|
|
171
170
|
*
|
|
172
171
|
* @param {Object} [params] - The parameters to send to the service.
|
|
173
172
|
* @param {number} [params.limit] - The number of secrets to retrieve. By default, list operations return the first
|
|
@@ -220,7 +219,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
220
219
|
/**
|
|
221
220
|
* Invoke an action on a secret.
|
|
222
221
|
*
|
|
223
|
-
*
|
|
222
|
+
* Invoke an action on a specified secret. This method supports the following actions:
|
|
224
223
|
*
|
|
225
224
|
* - `rotate`: Replace the value of a secret.
|
|
226
225
|
* - `restore`: Restore a previous version of an `iam_credentials` secret.
|
|
@@ -239,7 +238,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
239
238
|
/**
|
|
240
239
|
* Delete a secret.
|
|
241
240
|
*
|
|
242
|
-
*
|
|
241
|
+
* Delete a secret by specifying the ID of the secret.
|
|
243
242
|
*
|
|
244
243
|
* @param {Object} params - The parameters to send to the service.
|
|
245
244
|
* @param {string} params.secretType - The secret type.
|
|
@@ -251,7 +250,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
251
250
|
/**
|
|
252
251
|
* List versions of a secret.
|
|
253
252
|
*
|
|
254
|
-
*
|
|
253
|
+
* List the versions of a secret.
|
|
255
254
|
*
|
|
256
255
|
* A successful request returns the list of the versions along with the metadata of each version.
|
|
257
256
|
*
|
|
@@ -265,7 +264,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
265
264
|
/**
|
|
266
265
|
* Get a version of a secret.
|
|
267
266
|
*
|
|
268
|
-
*
|
|
267
|
+
* Get a version of a secret by specifying the ID of the version or the alias `previous`.
|
|
269
268
|
*
|
|
270
269
|
* A successful request returns the secret data that is associated with the specified version of your secret, along
|
|
271
270
|
* with other metadata.
|
|
@@ -282,10 +281,30 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
282
281
|
* @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersion>>}
|
|
283
282
|
*/
|
|
284
283
|
getSecretVersion(params: SecretsManagerV1.GetSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersion>>;
|
|
284
|
+
/**
|
|
285
|
+
* Invoke an action on a version of a secret.
|
|
286
|
+
*
|
|
287
|
+
* Invoke an action on a specified version of a secret. This method supports the following actions:
|
|
288
|
+
*
|
|
289
|
+
* - `revoke`: Revoke a version of a private certificate.
|
|
290
|
+
*
|
|
291
|
+
* @param {Object} params - The parameters to send to the service.
|
|
292
|
+
* @param {string} params.secretType - The secret type.
|
|
293
|
+
* @param {string} params.id - The v4 UUID that uniquely identifies the secret.
|
|
294
|
+
* @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
|
|
295
|
+
* `previous` to retrieve the previous version.
|
|
296
|
+
*
|
|
297
|
+
* **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
|
|
298
|
+
* the response details.
|
|
299
|
+
* @param {string} params.action - The action to perform on the specified secret version.
|
|
300
|
+
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
|
|
301
|
+
* @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>}
|
|
302
|
+
*/
|
|
303
|
+
updateSecretVersion(params: SecretsManagerV1.UpdateSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>;
|
|
285
304
|
/**
|
|
286
305
|
* Get secret version metadata.
|
|
287
306
|
*
|
|
288
|
-
*
|
|
307
|
+
* Get the metadata of a secret version by specifying the ID of the version or the alias `previous`.
|
|
289
308
|
*
|
|
290
309
|
* A successful request returns the metadata that is associated with the specified version of your secret.
|
|
291
310
|
*
|
|
@@ -304,7 +323,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
304
323
|
/**
|
|
305
324
|
* Get secret metadata.
|
|
306
325
|
*
|
|
307
|
-
*
|
|
326
|
+
* Get the details of a secret by specifying its ID.
|
|
308
327
|
*
|
|
309
328
|
* A successful request returns only metadata about the secret, such as its name and creation date. To retrieve the
|
|
310
329
|
* value of a secret, use the [Get a secret](#get-secret) or [Get a version of a secret](#get-secret-version) methods.
|
|
@@ -319,7 +338,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
319
338
|
/**
|
|
320
339
|
* Update secret metadata.
|
|
321
340
|
*
|
|
322
|
-
*
|
|
341
|
+
* Update the metadata of a secret, such as its name or description.
|
|
323
342
|
*
|
|
324
343
|
* To update the actual contents of a secret, rotate the secret by using the [Invoke an action on a
|
|
325
344
|
* secret](#update-secret) method.
|
|
@@ -339,9 +358,9 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
339
358
|
/**
|
|
340
359
|
* Set secret policies.
|
|
341
360
|
*
|
|
342
|
-
*
|
|
343
|
-
* policy](
|
|
344
|
-
*
|
|
361
|
+
* Create or update one or more policies, such as an [automatic rotation
|
|
362
|
+
* policy](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-automatic-rotation), for the specified
|
|
363
|
+
* secret.
|
|
345
364
|
*
|
|
346
365
|
* @param {Object} params - The parameters to send to the service.
|
|
347
366
|
* @param {string} params.secretType - The secret type.
|
|
@@ -356,7 +375,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
356
375
|
/**
|
|
357
376
|
* List secret policies.
|
|
358
377
|
*
|
|
359
|
-
*
|
|
378
|
+
* List the rotation policies that are associated with a specified secret.
|
|
360
379
|
*
|
|
361
380
|
* @param {Object} params - The parameters to send to the service.
|
|
362
381
|
* @param {string} params.secretType - The secret type.
|
|
@@ -372,11 +391,11 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
372
391
|
/**
|
|
373
392
|
* Set the configuration of a secret type.
|
|
374
393
|
*
|
|
375
|
-
*
|
|
394
|
+
* Set the configuration for the specified secret type.
|
|
376
395
|
*
|
|
377
396
|
* Use this method to configure the IAM credentials (`iam_credentials`) engine for your service instance. Looking to
|
|
378
|
-
*
|
|
379
|
-
* configuration](#create_config_element) method.
|
|
397
|
+
* order or generate certificates? To configure the public certificates (`public_cert`) or private certificates
|
|
398
|
+
* (`private_cert`) engines, use the [Add a configuration](#create_config_element) method.
|
|
380
399
|
*
|
|
381
400
|
* @param {Object} params - The parameters to send to the service.
|
|
382
401
|
* @param {string} params.secretType - The secret type.
|
|
@@ -388,7 +407,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
388
407
|
/**
|
|
389
408
|
* Get the configuration of a secret type.
|
|
390
409
|
*
|
|
391
|
-
*
|
|
410
|
+
* Get the configuration that is associated with the specified secret type.
|
|
392
411
|
*
|
|
393
412
|
* @param {Object} params - The parameters to send to the service.
|
|
394
413
|
* @param {string} params.secretType - The secret type.
|
|
@@ -399,17 +418,17 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
399
418
|
/**
|
|
400
419
|
* Add a configuration.
|
|
401
420
|
*
|
|
402
|
-
*
|
|
421
|
+
* Add a configuration element to the specified secret type.
|
|
403
422
|
*
|
|
404
423
|
* Use this method to define the configurations that are required to enable the public certificates (`public_cert`)
|
|
405
|
-
*
|
|
424
|
+
* and private certificates (`private_cert`) engines.
|
|
406
425
|
*
|
|
407
426
|
* You can add multiple configurations for your instance as follows:
|
|
408
427
|
*
|
|
409
428
|
* - Up to 10 public certificate authority configurations
|
|
410
429
|
* - Up to 10 DNS provider configurations
|
|
411
|
-
* - Up to 10 private root
|
|
412
|
-
* - Up to 10 private intermediate
|
|
430
|
+
* - Up to 10 private root certificate authority configurations
|
|
431
|
+
* - Up to 10 private intermediate certificate authority configurations
|
|
413
432
|
* - Up to 10 certificate templates.
|
|
414
433
|
*
|
|
415
434
|
* @param {Object} params - The parameters to send to the service.
|
|
@@ -426,7 +445,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
426
445
|
/**
|
|
427
446
|
* List configurations.
|
|
428
447
|
*
|
|
429
|
-
*
|
|
448
|
+
* List the configuration elements that are associated with a specified secret type.
|
|
430
449
|
*
|
|
431
450
|
* @param {Object} params - The parameters to send to the service.
|
|
432
451
|
* @param {string} params.secretType - The secret type.
|
|
@@ -438,7 +457,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
438
457
|
/**
|
|
439
458
|
* Get a configuration.
|
|
440
459
|
*
|
|
441
|
-
*
|
|
460
|
+
* Get the details of a specific configuration that is associated with a secret type.
|
|
442
461
|
*
|
|
443
462
|
* @param {Object} params - The parameters to send to the service.
|
|
444
463
|
* @param {string} params.secretType - The secret type.
|
|
@@ -451,7 +470,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
451
470
|
/**
|
|
452
471
|
* Update a configuration.
|
|
453
472
|
*
|
|
454
|
-
*
|
|
473
|
+
* Update a configuration element that is associated with the specified secret type.
|
|
455
474
|
*
|
|
456
475
|
* @param {Object} params - The parameters to send to the service.
|
|
457
476
|
* @param {string} params.secretType - The secret type.
|
|
@@ -464,10 +483,31 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
464
483
|
* @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSingleConfigElement>>}
|
|
465
484
|
*/
|
|
466
485
|
updateConfigElement(params: SecretsManagerV1.UpdateConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSingleConfigElement>>;
|
|
486
|
+
/**
|
|
487
|
+
* Invoke an action on a configuration.
|
|
488
|
+
*
|
|
489
|
+
* Invoke an action on a specified configuration element. This method supports the following actions:
|
|
490
|
+
*
|
|
491
|
+
* - `sign_intermediate`: Sign an intermediate certificate authority.
|
|
492
|
+
* - `sign_csr`: Sign a certificate signing request.
|
|
493
|
+
* - `set_signed`: Set a signed intermediate certificate authority.
|
|
494
|
+
* - `revoke`: Revoke an internally signed intermediate certificate authority certificate.
|
|
495
|
+
* - `rotate_crl`: Rotate the certificate revocation list (CRL) of an intermediate certificate authority.
|
|
496
|
+
*
|
|
497
|
+
* @param {Object} params - The parameters to send to the service.
|
|
498
|
+
* @param {string} params.secretType - The secret type.
|
|
499
|
+
* @param {string} params.configElement - The configuration element on which the action is applied.
|
|
500
|
+
* @param {string} params.configName - The name of the certificate authority.
|
|
501
|
+
* @param {string} params.action - The action to perform on the specified configuration element.
|
|
502
|
+
* @param {ConfigAction} [params.config] - Properties that describe an action on a configuration element.
|
|
503
|
+
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
|
|
504
|
+
* @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ConfigElementActionResult>>}
|
|
505
|
+
*/
|
|
506
|
+
actionOnConfigElement(params: SecretsManagerV1.ActionOnConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ConfigElementActionResult>>;
|
|
467
507
|
/**
|
|
468
508
|
* Delete a configuration.
|
|
469
509
|
*
|
|
470
|
-
*
|
|
510
|
+
* Delete a configuration element from the specified secret type.
|
|
471
511
|
*
|
|
472
512
|
* @param {Object} params - The parameters to send to the service.
|
|
473
513
|
* @param {string} params.secretType - The secret type.
|
|
@@ -483,7 +523,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
483
523
|
/**
|
|
484
524
|
* Register with Event Notifications.
|
|
485
525
|
*
|
|
486
|
-
*
|
|
526
|
+
* Create a registration between a Secrets Manager instance and [Event
|
|
487
527
|
* Notifications](https://cloud.ibm.com/apidocs/event-notifications).
|
|
488
528
|
*
|
|
489
529
|
* A successful request adds Secrets Manager as a source that you can reference from your Event Notifications
|
|
@@ -504,7 +544,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
504
544
|
/**
|
|
505
545
|
* Get Event Notifications registration details.
|
|
506
546
|
*
|
|
507
|
-
*
|
|
547
|
+
* Get the details of an existing registration between a Secrets Manager instance and Event Notifications.
|
|
508
548
|
*
|
|
509
549
|
* @param {Object} [params] - The parameters to send to the service.
|
|
510
550
|
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
|
|
@@ -514,7 +554,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
514
554
|
/**
|
|
515
555
|
* Unregister from Event Notifications.
|
|
516
556
|
*
|
|
517
|
-
*
|
|
557
|
+
* Delete a registration between a Secrets Manager instance and Event Notifications.
|
|
518
558
|
*
|
|
519
559
|
* A successful request removes your Secrets Manager instance as a source in Event Notifications.
|
|
520
560
|
*
|
|
@@ -524,7 +564,7 @@ declare class SecretsManagerV1 extends BaseService {
|
|
|
524
564
|
*/
|
|
525
565
|
deleteNotificationsRegistration(params?: SecretsManagerV1.DeleteNotificationsRegistrationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
|
|
526
566
|
/**
|
|
527
|
-
* Send test event.
|
|
567
|
+
* Send a test event.
|
|
528
568
|
*
|
|
529
569
|
* Send a test event from a Secrets Manager instance to a configured [Event
|
|
530
570
|
* Notifications](https://cloud.ibm.com/apidocs/event-notifications) instance.
|
|
@@ -826,6 +866,34 @@ declare namespace SecretsManagerV1 {
|
|
|
826
866
|
KV = "kv"
|
|
827
867
|
}
|
|
828
868
|
}
|
|
869
|
+
/** Parameters for the `updateSecretVersion` operation. */
|
|
870
|
+
interface UpdateSecretVersionParams {
|
|
871
|
+
/** The secret type. */
|
|
872
|
+
secretType: UpdateSecretVersionConstants.SecretType | string;
|
|
873
|
+
/** The v4 UUID that uniquely identifies the secret. */
|
|
874
|
+
id: string;
|
|
875
|
+
/** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
|
|
876
|
+
* previous version.
|
|
877
|
+
*
|
|
878
|
+
* **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
|
|
879
|
+
* check the response details.
|
|
880
|
+
*/
|
|
881
|
+
versionId: string;
|
|
882
|
+
/** The action to perform on the specified secret version. */
|
|
883
|
+
action: UpdateSecretVersionConstants.Action | string;
|
|
884
|
+
headers?: OutgoingHttpHeaders;
|
|
885
|
+
}
|
|
886
|
+
/** Constants for the `updateSecretVersion` operation. */
|
|
887
|
+
namespace UpdateSecretVersionConstants {
|
|
888
|
+
/** The secret type. */
|
|
889
|
+
enum SecretType {
|
|
890
|
+
PRIVATE_CERT = "private_cert"
|
|
891
|
+
}
|
|
892
|
+
/** The action to perform on the specified secret version. */
|
|
893
|
+
enum Action {
|
|
894
|
+
REVOKE = "revoke"
|
|
895
|
+
}
|
|
896
|
+
}
|
|
829
897
|
/** Parameters for the `getSecretVersionMetadata` operation. */
|
|
830
898
|
interface GetSecretVersionMetadataParams {
|
|
831
899
|
/** The secret type. */
|
|
@@ -1114,6 +1182,40 @@ declare namespace SecretsManagerV1 {
|
|
|
1114
1182
|
CERTIFICATE_TEMPLATE = "certificate_template"
|
|
1115
1183
|
}
|
|
1116
1184
|
}
|
|
1185
|
+
/** Parameters for the `actionOnConfigElement` operation. */
|
|
1186
|
+
interface ActionOnConfigElementParams {
|
|
1187
|
+
/** The secret type. */
|
|
1188
|
+
secretType: ActionOnConfigElementConstants.SecretType | string;
|
|
1189
|
+
/** The configuration element on which the action is applied. */
|
|
1190
|
+
configElement: ActionOnConfigElementConstants.ConfigElement | string;
|
|
1191
|
+
/** The name of the certificate authority. */
|
|
1192
|
+
configName: string;
|
|
1193
|
+
/** The action to perform on the specified configuration element. */
|
|
1194
|
+
action: ActionOnConfigElementConstants.Action | string;
|
|
1195
|
+
/** Properties that describe an action on a configuration element. */
|
|
1196
|
+
config?: ConfigAction;
|
|
1197
|
+
headers?: OutgoingHttpHeaders;
|
|
1198
|
+
}
|
|
1199
|
+
/** Constants for the `actionOnConfigElement` operation. */
|
|
1200
|
+
namespace ActionOnConfigElementConstants {
|
|
1201
|
+
/** The secret type. */
|
|
1202
|
+
enum SecretType {
|
|
1203
|
+
PRIVATE_CERT = "private_cert"
|
|
1204
|
+
}
|
|
1205
|
+
/** The configuration element on which the action is applied. */
|
|
1206
|
+
enum ConfigElement {
|
|
1207
|
+
ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
|
|
1208
|
+
INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities"
|
|
1209
|
+
}
|
|
1210
|
+
/** The action to perform on the specified configuration element. */
|
|
1211
|
+
enum Action {
|
|
1212
|
+
SIGN_INTERMEDIATE = "sign_intermediate",
|
|
1213
|
+
SIGN_CSR = "sign_csr",
|
|
1214
|
+
SET_SIGNED = "set_signed",
|
|
1215
|
+
REVOKE = "revoke",
|
|
1216
|
+
ROTATE_CRL = "rotate_crl"
|
|
1217
|
+
}
|
|
1218
|
+
}
|
|
1117
1219
|
/** Parameters for the `deleteConfigElement` operation. */
|
|
1118
1220
|
interface DeleteConfigElementParams {
|
|
1119
1221
|
/** The secret type. */
|
|
@@ -1165,6 +1267,9 @@ declare namespace SecretsManagerV1 {
|
|
|
1165
1267
|
/*************************
|
|
1166
1268
|
* model interfaces
|
|
1167
1269
|
************************/
|
|
1270
|
+
/** The data that is associated with the secret version. The data object contains the following fields: - `certificate`: The contents of the certificate. - `private_key`: The private key that is associated with the certificate. - `intermediate`: The intermediate certificate that is associated with the certificate. */
|
|
1271
|
+
interface CertificateSecretData {
|
|
1272
|
+
}
|
|
1168
1273
|
/** The metadata that describes the resource array. */
|
|
1169
1274
|
interface CollectionMetadata {
|
|
1170
1275
|
/** The type of resources in the resource array. */
|
|
@@ -1172,6 +1277,29 @@ declare namespace SecretsManagerV1 {
|
|
|
1172
1277
|
/** The number of elements in the resource array. */
|
|
1173
1278
|
collection_total: number;
|
|
1174
1279
|
}
|
|
1280
|
+
/** Properties that describe an action on a configuration element. */
|
|
1281
|
+
interface ConfigAction {
|
|
1282
|
+
}
|
|
1283
|
+
/** The configuration to add or update. */
|
|
1284
|
+
interface ConfigElementActionData {
|
|
1285
|
+
/** The human-readable name to assign to your configuration. */
|
|
1286
|
+
name: string;
|
|
1287
|
+
/** The type of configuration. Value options differ depending on the `config_element` property that you want to
|
|
1288
|
+
* define.
|
|
1289
|
+
*/
|
|
1290
|
+
type: string;
|
|
1291
|
+
config: ConfigElementActionResultConfig;
|
|
1292
|
+
}
|
|
1293
|
+
/** Properties that describe an action on a configuration element. */
|
|
1294
|
+
interface ConfigElementActionResult {
|
|
1295
|
+
/** The metadata that describes the resource array. */
|
|
1296
|
+
metadata: CollectionMetadata;
|
|
1297
|
+
/** A collection of resources. */
|
|
1298
|
+
resources: ConfigElementActionData[];
|
|
1299
|
+
}
|
|
1300
|
+
/** ConfigElementActionResultConfig. */
|
|
1301
|
+
interface ConfigElementActionResultConfig {
|
|
1302
|
+
}
|
|
1175
1303
|
/** The configuration to add or update. */
|
|
1176
1304
|
interface ConfigElementDef {
|
|
1177
1305
|
/** The human-readable name to assign to your configuration. */
|
|
@@ -1263,6 +1391,17 @@ declare namespace SecretsManagerV1 {
|
|
|
1263
1391
|
/** A collection of resources. */
|
|
1264
1392
|
resources: ConfigElementDef[];
|
|
1265
1393
|
}
|
|
1394
|
+
/** Intermediate certificate authorities configuration. */
|
|
1395
|
+
interface IntermediateCertificateAuthoritiesConfigItem {
|
|
1396
|
+
/** The human-readable name to assign to your configuration. */
|
|
1397
|
+
name: string;
|
|
1398
|
+
/** The type of configuration. Value options differ depending on the `config_element` property that you want to
|
|
1399
|
+
* define.
|
|
1400
|
+
*/
|
|
1401
|
+
type: string;
|
|
1402
|
+
/** Intermediate certificate authority configuration. */
|
|
1403
|
+
config?: IntermediateCertificateAuthorityConfig;
|
|
1404
|
+
}
|
|
1266
1405
|
/** Issuance information that is associated with your certificate. */
|
|
1267
1406
|
interface IssuanceInfo {
|
|
1268
1407
|
/** The date the certificate was ordered. The date format follows RFC 3339. */
|
|
@@ -1309,6 +1448,17 @@ declare namespace SecretsManagerV1 {
|
|
|
1309
1448
|
/** The Cloud Resource Name (CRN) of the connected Event Notifications instance. */
|
|
1310
1449
|
event_notifications_instance_crn: string;
|
|
1311
1450
|
}
|
|
1451
|
+
/** Root certificate authorities configuration. */
|
|
1452
|
+
interface RootCertificateAuthoritiesConfigItem {
|
|
1453
|
+
/** The human-readable name to assign to your configuration. */
|
|
1454
|
+
name: string;
|
|
1455
|
+
/** The type of configuration. Value options differ depending on the `config_element` property that you want to
|
|
1456
|
+
* define.
|
|
1457
|
+
*/
|
|
1458
|
+
type: string;
|
|
1459
|
+
/** Root certificate authority configuration. */
|
|
1460
|
+
config?: RootCertificateAuthorityConfig;
|
|
1461
|
+
}
|
|
1312
1462
|
/** Rotation. */
|
|
1313
1463
|
interface Rotation {
|
|
1314
1464
|
/** Determines whether Secrets Manager rotates your certificate automatically.
|
|
@@ -1325,18 +1475,18 @@ declare namespace SecretsManagerV1 {
|
|
|
1325
1475
|
*
|
|
1326
1476
|
* If set to `true`, the service generates and stores a new private key for your rotated certificate.
|
|
1327
1477
|
*
|
|
1328
|
-
* **Note:** Use this field only for public certificates.
|
|
1478
|
+
* **Note:** Use this field only for public certificates. It is ignored for private certificates.
|
|
1329
1479
|
*/
|
|
1330
1480
|
rotate_keys?: boolean;
|
|
1331
1481
|
/** Used together with the `unit` field to specify the rotation interval. The minimum interval is one day, and
|
|
1332
1482
|
* the maximum interval is 3 years (1095 days). Required in case `auto_rotate` is set to `true`.
|
|
1333
1483
|
*
|
|
1334
|
-
* **Note:** Use this field only for private certificates
|
|
1484
|
+
* **Note:** Use this field only for private certificates. It is ignored for public certificates.
|
|
1335
1485
|
*/
|
|
1336
1486
|
interval?: number;
|
|
1337
1487
|
/** The time unit of the rotation interval.
|
|
1338
1488
|
*
|
|
1339
|
-
* **Note:** Use this field only for private certificates.
|
|
1489
|
+
* **Note:** Use this field only for private certificates. It is ignored for public certificates.
|
|
1340
1490
|
*/
|
|
1341
1491
|
unit?: string;
|
|
1342
1492
|
}
|
|
@@ -1421,11 +1571,37 @@ declare namespace SecretsManagerV1 {
|
|
|
1421
1571
|
/** SecretVersionMetadata. */
|
|
1422
1572
|
interface SecretVersionMetadata {
|
|
1423
1573
|
}
|
|
1574
|
+
/** Properties that are returned with a successful `sign` action. */
|
|
1575
|
+
interface SignActionResultData {
|
|
1576
|
+
/** The PEM-encoded certificate. */
|
|
1577
|
+
certificate?: string;
|
|
1578
|
+
/** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
|
|
1579
|
+
serial_number?: string;
|
|
1580
|
+
/** The PEM-encoded certificate of the certificate authority that signed and issued this certificate. */
|
|
1581
|
+
issuing_ca?: string;
|
|
1582
|
+
/** The chain of certificate authorities that are associated with the certificate. */
|
|
1583
|
+
ca_chain?: string[];
|
|
1584
|
+
/** The time until the certificate expires. */
|
|
1585
|
+
expiration?: number;
|
|
1586
|
+
}
|
|
1587
|
+
/** Properties that are returned with a successful `sign` action. */
|
|
1588
|
+
interface SignIntermediateActionResultData {
|
|
1589
|
+
/** The PEM-encoded certificate. */
|
|
1590
|
+
certificate?: string;
|
|
1591
|
+
/** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
|
|
1592
|
+
serial_number?: string;
|
|
1593
|
+
/** The PEM-encoded certificate of the certificate authority that signed and issued this certificate. */
|
|
1594
|
+
issuing_ca?: string;
|
|
1595
|
+
/** The chain of certificate authorities that are associated with the certificate. */
|
|
1596
|
+
ca_chain?: string[];
|
|
1597
|
+
/** The time until the certificate expires. */
|
|
1598
|
+
expiration?: number;
|
|
1599
|
+
}
|
|
1424
1600
|
/** CertificateValidity. */
|
|
1425
1601
|
interface CertificateValidity {
|
|
1426
|
-
/** The date the certificate validity period begins. */
|
|
1602
|
+
/** The date and time that the certificate validity period begins. */
|
|
1427
1603
|
not_before?: string;
|
|
1428
|
-
/** The date the certificate validity period ends. */
|
|
1604
|
+
/** The date and time that the certificate validity period ends. */
|
|
1429
1605
|
not_after?: string;
|
|
1430
1606
|
}
|
|
1431
1607
|
/** Metadata properties that describe an arbitrary secret. */
|
|
@@ -1655,8 +1831,8 @@ declare namespace SecretsManagerV1 {
|
|
|
1655
1831
|
* the certificate.
|
|
1656
1832
|
*/
|
|
1657
1833
|
algorithm?: string;
|
|
1658
|
-
/** The identifier for the cryptographic algorithm that was used to generate the public
|
|
1659
|
-
* with the certificate.
|
|
1834
|
+
/** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
|
|
1835
|
+
* are associated with the certificate.
|
|
1660
1836
|
*/
|
|
1661
1837
|
key_algorithm?: string;
|
|
1662
1838
|
/** The distinguished name that identifies the entity that signed and issued the certificate. */
|
|
@@ -1737,11 +1913,9 @@ declare namespace SecretsManagerV1 {
|
|
|
1737
1913
|
intermediate?: string;
|
|
1738
1914
|
/** The data that is associated with the secret. The data object contains the following fields:
|
|
1739
1915
|
*
|
|
1740
|
-
* `certificate`: The contents of the certificate.
|
|
1741
|
-
*
|
|
1742
|
-
* `
|
|
1743
|
-
*
|
|
1744
|
-
* `intermediate`: The intermediate certificate that is associated with the certificate.
|
|
1916
|
+
* - `certificate`: The contents of the certificate.
|
|
1917
|
+
* - `private_key`: The private key that is associated with the certificate.
|
|
1918
|
+
* - `intermediate`: The intermediate certificate that is associated with the certificate.
|
|
1745
1919
|
*/
|
|
1746
1920
|
secret_data?: JsonObject;
|
|
1747
1921
|
/** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
|
|
@@ -1750,8 +1924,8 @@ declare namespace SecretsManagerV1 {
|
|
|
1750
1924
|
* the certificate.
|
|
1751
1925
|
*/
|
|
1752
1926
|
algorithm?: string;
|
|
1753
|
-
/** The identifier for the cryptographic algorithm that was used to generate the public
|
|
1754
|
-
* with the certificate.
|
|
1927
|
+
/** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
|
|
1928
|
+
* are associated with the certificate.
|
|
1755
1929
|
*/
|
|
1756
1930
|
key_algorithm?: string;
|
|
1757
1931
|
/** The distinguished name that identifies the entity that signed and issued the certificate. */
|
|
@@ -1785,13 +1959,11 @@ declare namespace SecretsManagerV1 {
|
|
|
1785
1959
|
expiration_date?: string;
|
|
1786
1960
|
/** The data that is associated with the secret version. The data object contains the following fields:
|
|
1787
1961
|
*
|
|
1788
|
-
* `certificate`: The contents of the certificate.
|
|
1789
|
-
*
|
|
1790
|
-
* `
|
|
1791
|
-
*
|
|
1792
|
-
* `intermediate`: The intermediate certificate that is associated with the certificate.
|
|
1962
|
+
* - `certificate`: The contents of the certificate.
|
|
1963
|
+
* - `private_key`: The private key that is associated with the certificate.
|
|
1964
|
+
* - `intermediate`: The intermediate certificate that is associated with the certificate.
|
|
1793
1965
|
*/
|
|
1794
|
-
secret_data?:
|
|
1966
|
+
secret_data?: CertificateSecretData;
|
|
1795
1967
|
}
|
|
1796
1968
|
/** CertificateSecretVersionInfo. */
|
|
1797
1969
|
interface CertificateSecretVersionInfo extends SecretVersionInfo {
|
|
@@ -1835,6 +2007,171 @@ declare namespace SecretsManagerV1 {
|
|
|
1835
2007
|
expiration_date?: string;
|
|
1836
2008
|
validity?: CertificateValidity;
|
|
1837
2009
|
}
|
|
2010
|
+
/** Properties that describe a certificate template. You can use a certificate template to control the parameters that are applied to your issued private certificates. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificate-templates). */
|
|
2011
|
+
interface CertificateTemplateConfig extends ConfigElementDefConfig {
|
|
2012
|
+
/** The name of the intermediate certificate authority. */
|
|
2013
|
+
certificate_authority: string;
|
|
2014
|
+
/** Scopes the creation of private certificates to only the secret groups that you specify.
|
|
2015
|
+
*
|
|
2016
|
+
* This field can be supplied as a comma-delimited list of secret group IDs.
|
|
2017
|
+
*/
|
|
2018
|
+
allowed_secret_groups?: string;
|
|
2019
|
+
/** The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a
|
|
2020
|
+
* string representation of a duration in hours, for example '8760h'. Note that in the API response the value is
|
|
2021
|
+
* returned in seconds (integer).
|
|
2022
|
+
*
|
|
2023
|
+
* Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
|
|
2024
|
+
*/
|
|
2025
|
+
max_ttl?: any;
|
|
2026
|
+
/** The time-to-live (TTL) or lease duration to assign to a private certificate.
|
|
2027
|
+
*
|
|
2028
|
+
* The value can be supplied as a string representation of a duration, such as `12h`. Hour (`h`) is the largest
|
|
2029
|
+
* time suffix. The value can't exceed the `max_ttl` that is defined in the associated certificate template. Note
|
|
2030
|
+
* that in the API response the value is returned in seconds (integer).
|
|
2031
|
+
*/
|
|
2032
|
+
ttl?: string;
|
|
2033
|
+
/** Determines whether to allow `localhost` to be included as one of the requested common names. */
|
|
2034
|
+
allow_localhost?: boolean;
|
|
2035
|
+
/** The domains to define for the certificate template. This property is used along with the
|
|
2036
|
+
* `allow_bare_domains` and `allow_subdomains` options.
|
|
2037
|
+
*/
|
|
2038
|
+
allowed_domains?: string[];
|
|
2039
|
+
/** Determines whether to allow the domains that are supplied in the `allowed_domains` field to contain access
|
|
2040
|
+
* control list (ACL) templates.
|
|
2041
|
+
*/
|
|
2042
|
+
allowed_domains_template?: boolean;
|
|
2043
|
+
/** Determines whether to allow clients to request private certificates that match the value of the actual
|
|
2044
|
+
* domains on the final certificate.
|
|
2045
|
+
*
|
|
2046
|
+
* For example, if you specify `example.com` in the `allowed_domains` field, you grant clients the ability to
|
|
2047
|
+
* request a certificate that contains the name `example.com` as one of the DNS values on the final certificate.
|
|
2048
|
+
*
|
|
2049
|
+
* **Important:** In some scenarios, allowing bare domains can be considered a security risk.
|
|
2050
|
+
*/
|
|
2051
|
+
allow_bare_domains?: boolean;
|
|
2052
|
+
/** Determines whether to allow clients to request private certificates with common names (CN) that are
|
|
2053
|
+
* subdomains of the CNs that are allowed by the other certificate template options. This includes wildcard
|
|
2054
|
+
* subdomains.
|
|
2055
|
+
*
|
|
2056
|
+
* For example, if `allowed_domains` has a value of `example.com` and `allow_subdomains`is set to `true`, then the
|
|
2057
|
+
* following subdomains are allowed: `foo.example.com`, `bar.example.com`, `*.example.com`.
|
|
2058
|
+
*
|
|
2059
|
+
* **Note:** This field is redundant if you use the `allow_any_name` option.
|
|
2060
|
+
*/
|
|
2061
|
+
allow_subdomains?: boolean;
|
|
2062
|
+
/** Determines whether to allow glob patterns, for example, `ftp*.example.com`, in the names that are specified
|
|
2063
|
+
* in the `allowed_domains` field.
|
|
2064
|
+
*
|
|
2065
|
+
* If set to `true`, clients are allowed to request private certificates with names that match the glob patterns.
|
|
2066
|
+
*/
|
|
2067
|
+
allow_glob_domains?: boolean;
|
|
2068
|
+
/** Determines whether to allow clients to request a private certificate that matches any common name. */
|
|
2069
|
+
allow_any_name?: boolean;
|
|
2070
|
+
/** Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the
|
|
2071
|
+
* host section of email addresses.
|
|
2072
|
+
*/
|
|
2073
|
+
enforce_hostnames?: boolean;
|
|
2074
|
+
/** Determines whether to allow clients to request a private certificate with IP Subject Alternative Names. */
|
|
2075
|
+
allow_ip_sans?: boolean;
|
|
2076
|
+
/** The URI Subject Alternative Names to allow for private certificates.
|
|
2077
|
+
*
|
|
2078
|
+
* Values can contain glob patterns, for example `spiffe://hostname/_*`.
|
|
2079
|
+
*/
|
|
2080
|
+
allowed_uri_sans?: string[];
|
|
2081
|
+
/** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to allow for private
|
|
2082
|
+
* certificates.
|
|
2083
|
+
*
|
|
2084
|
+
* The format for each element in the list is the same as OpenSSL: `<oid>:<type>:<value>` where the current valid
|
|
2085
|
+
* type is `UTF8`. To allow any value for an OID, use `*` as its value. Alternatively, specify a single `*` to
|
|
2086
|
+
* allow any `other_sans` input.
|
|
2087
|
+
*/
|
|
2088
|
+
allowed_other_sans?: string[];
|
|
2089
|
+
/** Determines whether private certificates are flagged for server use. */
|
|
2090
|
+
server_flag?: boolean;
|
|
2091
|
+
/** Determines whether private certificates are flagged for client use. */
|
|
2092
|
+
client_flag?: boolean;
|
|
2093
|
+
/** Determines whether private certificates are flagged for code signing use. */
|
|
2094
|
+
code_signing_flag?: boolean;
|
|
2095
|
+
/** Determines whether private certificates are flagged for email protection use. */
|
|
2096
|
+
email_protection_flag?: boolean;
|
|
2097
|
+
/** The type of private key to generate for private certificates and the type of key that is expected for
|
|
2098
|
+
* submitted certificate signing requests (CSRs).
|
|
2099
|
+
*
|
|
2100
|
+
* Allowable values are: `rsa` and `ec`.
|
|
2101
|
+
*/
|
|
2102
|
+
key_type?: string;
|
|
2103
|
+
/** The number of bits to use when generating the private key.
|
|
2104
|
+
*
|
|
2105
|
+
* Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384 And 521. The
|
|
2106
|
+
* default for RSA keys is 2048, and the default for EC keys is 256.
|
|
2107
|
+
*/
|
|
2108
|
+
key_bits?: number;
|
|
2109
|
+
/** The allowed key usage constraint to define for private certificates.
|
|
2110
|
+
*
|
|
2111
|
+
* You can find valid values in the [Go x509 package documentation](https://pkg.go.dev/crypto/x509#KeyUsage). Omit
|
|
2112
|
+
* the `KeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this
|
|
2113
|
+
* field to an empty list.
|
|
2114
|
+
*/
|
|
2115
|
+
key_usage?: string[];
|
|
2116
|
+
/** The allowed extended key usage constraint on private certificates.
|
|
2117
|
+
*
|
|
2118
|
+
* You can find valid values in the [Go x509 package
|
|
2119
|
+
* documentation](https://golang.org/pkg/crypto/x509/#ExtKeyUsage). Omit the `ExtKeyUsage` part of the value.
|
|
2120
|
+
* Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.
|
|
2121
|
+
*/
|
|
2122
|
+
ext_key_usage?: string[];
|
|
2123
|
+
/** A list of extended key usage Object Identifiers (OIDs). */
|
|
2124
|
+
ext_key_usage_oids?: string[];
|
|
2125
|
+
/** When used with the `sign_csr` action, this field determines whether to use the common name (CN) from a
|
|
2126
|
+
* certificate signing request (CSR) instead of the CN that's included in the JSON data of the certificate.
|
|
2127
|
+
*
|
|
2128
|
+
* Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names,
|
|
2129
|
+
* include the `use_csr_sans` property.
|
|
2130
|
+
*/
|
|
2131
|
+
use_csr_common_name?: boolean;
|
|
2132
|
+
/** When used with the `sign_csr` action, this field determines whether to use the Subject Alternative Names
|
|
2133
|
+
* (SANs) from a certificate signing request (CSR) instead of the SANs that are included in the JSON data of the
|
|
2134
|
+
* certificate.
|
|
2135
|
+
*
|
|
2136
|
+
* Does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property.
|
|
2137
|
+
*/
|
|
2138
|
+
use_csr_sans?: boolean;
|
|
2139
|
+
/** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
|
|
2140
|
+
ou?: string[];
|
|
2141
|
+
/** The Organization (O) values to define in the subject field of the resulting CA certificate. */
|
|
2142
|
+
organization?: string[];
|
|
2143
|
+
/** The Country (C) values to define in the subject field of the resulting CA certificate. */
|
|
2144
|
+
country?: string[];
|
|
2145
|
+
/** The Locality (L) values to define in the subject field of the resulting CA certificate. */
|
|
2146
|
+
locality?: string[];
|
|
2147
|
+
/** The Province (ST) values to define in the subject field of the resulting CA certificate. */
|
|
2148
|
+
province?: string[];
|
|
2149
|
+
/** The Street Address values in the subject field of the resulting CA certificate. */
|
|
2150
|
+
street_address?: string[];
|
|
2151
|
+
/** The Postal Code values in the subject field of the resulting CA certificate. */
|
|
2152
|
+
postal_code?: string[];
|
|
2153
|
+
/** The serial number to assign to the generated private certificate. To assign a random serial number, you can
|
|
2154
|
+
* omit this field.
|
|
2155
|
+
*/
|
|
2156
|
+
serial_number?: string;
|
|
2157
|
+
/** Determines whether to require a common name to create a private certificate.
|
|
2158
|
+
*
|
|
2159
|
+
* By default, a common name is required to generate a certificate. To make the `common_name` field optional, set
|
|
2160
|
+
* the `require_cn` option to `false`.
|
|
2161
|
+
*/
|
|
2162
|
+
require_cn?: boolean;
|
|
2163
|
+
/** A list of policy Object Identifiers (OIDs). */
|
|
2164
|
+
policy_identifiers?: string[];
|
|
2165
|
+
/** Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for
|
|
2166
|
+
* non-CA certificates.
|
|
2167
|
+
*/
|
|
2168
|
+
basic_constraints_valid_for_non_ca?: boolean;
|
|
2169
|
+
/** The duration in seconds by which to backdate the `not_before` property of an issued private certificate. The
|
|
2170
|
+
* value can be supplied as a string representation of a duration, such as `30s`. Note that in the API response the
|
|
2171
|
+
* value is returned in seconds (integer).
|
|
2172
|
+
*/
|
|
2173
|
+
not_before_duration?: any;
|
|
2174
|
+
}
|
|
1838
2175
|
/** Properties that describe an IBM Cloud classic infrastructure (SoftLayer) configuration. */
|
|
1839
2176
|
interface ConfigElementDefConfigClassicInfrastructureConfig extends ConfigElementDefConfig {
|
|
1840
2177
|
/** The username that is associated with your classic infrastructure account.
|
|
@@ -1930,7 +2267,7 @@ declare namespace SecretsManagerV1 {
|
|
|
1930
2267
|
/** The hash value of the IBM Cloud API key that is used to create and manage service IDs. */
|
|
1931
2268
|
api_key_hash?: string;
|
|
1932
2269
|
}
|
|
1933
|
-
/** Metadata properties that describe
|
|
2270
|
+
/** Metadata properties that describe an `iam_credentials` secret. */
|
|
1934
2271
|
interface IAMCredentialsSecretMetadata extends SecretMetadata {
|
|
1935
2272
|
/** The unique ID of the secret. */
|
|
1936
2273
|
id?: string;
|
|
@@ -1977,7 +2314,9 @@ declare namespace SecretsManagerV1 {
|
|
|
1977
2314
|
last_update_date?: string;
|
|
1978
2315
|
/** The number of versions the secret has. */
|
|
1979
2316
|
versions_total?: number;
|
|
1980
|
-
/**
|
|
2317
|
+
/** The time-to-live (TTL) or lease duration that is assigned to the secret. For `iam_credentials` secrets, the
|
|
2318
|
+
* TTL defines for how long each generated API key remains valid.
|
|
2319
|
+
*/
|
|
1981
2320
|
ttl?: string;
|
|
1982
2321
|
/** Determines whether to use the same service ID and API key for future read operations on an
|
|
1983
2322
|
* `iam_credentials` secret.
|
|
@@ -2060,7 +2399,7 @@ declare namespace SecretsManagerV1 {
|
|
|
2060
2399
|
*
|
|
2061
2400
|
* Minimum duration is 1 minute. Maximum is 90 days.
|
|
2062
2401
|
*/
|
|
2063
|
-
ttl?:
|
|
2402
|
+
ttl?: string;
|
|
2064
2403
|
/** The access groups that define the capabilities of the service ID and API key that are generated for an
|
|
2065
2404
|
* `iam_credentials` secret. If you prefer to use an existing service ID that is already assigned the access
|
|
2066
2405
|
* policies that you require, you can omit this parameter and use the `service_id` field instead.
|
|
@@ -2115,11 +2454,9 @@ declare namespace SecretsManagerV1 {
|
|
|
2115
2454
|
created_by?: string;
|
|
2116
2455
|
/** The data that is associated with the secret version. The data object contains the following fields:
|
|
2117
2456
|
*
|
|
2118
|
-
* `api_key`: The API key that is generated for this secret.
|
|
2119
|
-
*
|
|
2120
|
-
* `
|
|
2121
|
-
*
|
|
2122
|
-
* `service_id`: The service ID under which the API key is created.
|
|
2457
|
+
* - `api_key`: The API key that is generated for this secret.
|
|
2458
|
+
* - `api_key_id`: The ID of the API key that is generated for this secret.
|
|
2459
|
+
* - `service_id`: The service ID under which the API key is created.
|
|
2123
2460
|
*/
|
|
2124
2461
|
secret_data?: JsonObject;
|
|
2125
2462
|
}
|
|
@@ -2155,6 +2492,120 @@ declare namespace SecretsManagerV1 {
|
|
|
2155
2492
|
*/
|
|
2156
2493
|
downloaded?: boolean;
|
|
2157
2494
|
}
|
|
2495
|
+
/** Intermediate certificate authorities configuration. */
|
|
2496
|
+
interface IntermediateCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
|
|
2497
|
+
intermediate_certificate_authorities: IntermediateCertificateAuthoritiesConfigItem[];
|
|
2498
|
+
}
|
|
2499
|
+
/** Intermediate certificate authority configuration. */
|
|
2500
|
+
interface IntermediateCertificateAuthorityConfig extends ConfigElementDefConfig {
|
|
2501
|
+
/** The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a
|
|
2502
|
+
* string representation of a duration in hours, for example '8760h'. Note that in the API response the value is
|
|
2503
|
+
* returned in seconds (integer).
|
|
2504
|
+
*
|
|
2505
|
+
* Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
|
|
2506
|
+
*/
|
|
2507
|
+
max_ttl: any;
|
|
2508
|
+
/** The signing method to use with this certificate authority to generate private certificates.
|
|
2509
|
+
*
|
|
2510
|
+
* You can choose between internal or externally signed options. For more information, see the
|
|
2511
|
+
* [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities).
|
|
2512
|
+
*/
|
|
2513
|
+
signing_method: string;
|
|
2514
|
+
/** The certificate authority that signed and issued the certificate.
|
|
2515
|
+
*
|
|
2516
|
+
* If the certificate is signed internally, the `issuer` field is required and must match the name of a certificate
|
|
2517
|
+
* authority that is configured in the Secrets Manager service instance.
|
|
2518
|
+
*/
|
|
2519
|
+
issuer?: string;
|
|
2520
|
+
/** The time until the certificate revocation list (CRL) expires. The value can be supplied as a string
|
|
2521
|
+
* representation of a duration in hours, such as `48h`. The default is 72 hours. Note that in the API response the
|
|
2522
|
+
* value is returned in seconds (integer).
|
|
2523
|
+
*/
|
|
2524
|
+
crl_expiry?: any;
|
|
2525
|
+
/** Determines whether to disable certificate revocation list (CRL) building.
|
|
2526
|
+
*
|
|
2527
|
+
* By default, each request rebuilds a CRL. To disable CRL building, set this field to `true`.
|
|
2528
|
+
*/
|
|
2529
|
+
crl_disable?: boolean;
|
|
2530
|
+
/** Determines whether to encode the certificate revocation list (CRL) distribution points in the private
|
|
2531
|
+
* certificates that are issued by a certificate authority.
|
|
2532
|
+
*/
|
|
2533
|
+
crl_distribution_points_encoded?: boolean;
|
|
2534
|
+
/** Determines whether to encode the URL of the issuing certificate in the private certificates that are issued
|
|
2535
|
+
* by a certificate authority.
|
|
2536
|
+
*/
|
|
2537
|
+
issuing_certificates_urls_encoded?: boolean;
|
|
2538
|
+
/** The fully qualified domain name or host domain name for the certificate. */
|
|
2539
|
+
common_name: string;
|
|
2540
|
+
/** The status of the certificate authority. The status of a root certificate authority is either `configured`
|
|
2541
|
+
* or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,
|
|
2542
|
+
* `signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`.
|
|
2543
|
+
*/
|
|
2544
|
+
status?: string;
|
|
2545
|
+
/** The date that the certificate expires. The date format follows RFC 3339. */
|
|
2546
|
+
expiration_date?: string;
|
|
2547
|
+
/** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
|
|
2548
|
+
*
|
|
2549
|
+
* The alternative names can be host names or email addresses.
|
|
2550
|
+
*/
|
|
2551
|
+
alt_names?: string[];
|
|
2552
|
+
/** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
2553
|
+
ip_sans?: string;
|
|
2554
|
+
/** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
2555
|
+
uri_sans?: string;
|
|
2556
|
+
/** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
|
|
2557
|
+
* certificate.
|
|
2558
|
+
*
|
|
2559
|
+
* The alternative names must match the values that are specified in the `allowed_other_sans` field in the
|
|
2560
|
+
* associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
|
|
2561
|
+
* valid type is `UTF8`.
|
|
2562
|
+
*/
|
|
2563
|
+
other_sans?: string[];
|
|
2564
|
+
/** The format of the returned data. */
|
|
2565
|
+
format?: string;
|
|
2566
|
+
/** The format of the generated private key. */
|
|
2567
|
+
private_key_format?: string;
|
|
2568
|
+
/** The type of private key to generate. */
|
|
2569
|
+
key_type?: string;
|
|
2570
|
+
/** The number of bits to use when generating the private key.
|
|
2571
|
+
*
|
|
2572
|
+
* Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384 And 521. The
|
|
2573
|
+
* default for RSA keys is 2048, and the default for EC keys is 256.
|
|
2574
|
+
*/
|
|
2575
|
+
key_bits?: number;
|
|
2576
|
+
/** Controls whether the common name is excluded from Subject Alternative Names (SANs).
|
|
2577
|
+
*
|
|
2578
|
+
* If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
|
|
2579
|
+
* useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
|
|
2580
|
+
*/
|
|
2581
|
+
exclude_cn_from_sans?: boolean;
|
|
2582
|
+
/** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
|
|
2583
|
+
ou?: string[];
|
|
2584
|
+
/** The Organization (O) values to define in the subject field of the resulting CA certificate. */
|
|
2585
|
+
organization?: string[];
|
|
2586
|
+
/** The Country (C) values to define in the subject field of the resulting CA certificate. */
|
|
2587
|
+
country?: string[];
|
|
2588
|
+
/** The Locality (L) values to define in the subject field of the resulting CA certificate. */
|
|
2589
|
+
locality?: string[];
|
|
2590
|
+
/** The Province (ST) values to define in the subject field of the resulting CA certificate. */
|
|
2591
|
+
province?: string[];
|
|
2592
|
+
/** The Street Address values in the subject field of the resulting CA certificate. */
|
|
2593
|
+
street_address?: string[];
|
|
2594
|
+
/** The Postal Code values in the subject field of the resulting CA certificate. */
|
|
2595
|
+
postal_code?: string[];
|
|
2596
|
+
/** The serial number to assign to the generated private certificate. To assign a random serial number, you can
|
|
2597
|
+
* omit this field.
|
|
2598
|
+
*/
|
|
2599
|
+
serial_number?: string;
|
|
2600
|
+
/** The data that is associated with the intermediate certificate authority. The data object contains the
|
|
2601
|
+
* following fields:
|
|
2602
|
+
*
|
|
2603
|
+
* - `csr`: The PEM-encoded certificate signing request.
|
|
2604
|
+
* - `private_key`: The private key.
|
|
2605
|
+
* - `private_key_type`: The type of private key, for example `rsa`.
|
|
2606
|
+
*/
|
|
2607
|
+
data?: JsonObject;
|
|
2608
|
+
}
|
|
2158
2609
|
/** Metadata properties that describe a key-value secret. */
|
|
2159
2610
|
interface KvSecretMetadata extends SecretMetadata {
|
|
2160
2611
|
/** The unique ID of the secret. */
|
|
@@ -2271,6 +2722,23 @@ declare namespace SecretsManagerV1 {
|
|
|
2271
2722
|
*/
|
|
2272
2723
|
secret_data?: JsonObject;
|
|
2273
2724
|
}
|
|
2725
|
+
/** The `private_cert` secret rotation policy. */
|
|
2726
|
+
interface PrivateCertPolicyRotation extends SecretPolicyRotationRotation {
|
|
2727
|
+
auto_rotate: boolean;
|
|
2728
|
+
/** The length of the secret rotation time interval. */
|
|
2729
|
+
interval?: number;
|
|
2730
|
+
/** The units for the secret rotation time interval. */
|
|
2731
|
+
unit?: string;
|
|
2732
|
+
}
|
|
2733
|
+
/** Configuration for the private certificates engine. */
|
|
2734
|
+
interface PrivateCertSecretEngineRootConfig extends GetConfigResourcesItem {
|
|
2735
|
+
/** The root certificate authority configurations that are associated with your instance. */
|
|
2736
|
+
root_certificate_authorities?: RootCertificateAuthorityConfig[];
|
|
2737
|
+
/** The intermediate certificate authority configurations that are associated with your instance. */
|
|
2738
|
+
intermdiate_certificate_authorities?: IntermediateCertificateAuthorityConfig[];
|
|
2739
|
+
/** The certificate templates that are associated with your instance. */
|
|
2740
|
+
certificate_templates?: CertificateTemplateConfig[];
|
|
2741
|
+
}
|
|
2274
2742
|
/** Metadata properties that describe a private certificate secret. */
|
|
2275
2743
|
interface PrivateCertificateSecretMetadata extends SecretMetadata {
|
|
2276
2744
|
/** The unique ID of the secret. */
|
|
@@ -2318,6 +2786,278 @@ declare namespace SecretsManagerV1 {
|
|
|
2318
2786
|
last_update_date?: string;
|
|
2319
2787
|
/** The number of versions the secret has. */
|
|
2320
2788
|
versions_total?: number;
|
|
2789
|
+
/** The name of the certificate template. */
|
|
2790
|
+
certificate_template: string;
|
|
2791
|
+
/** The intermediate certificate authority that signed this certificate. */
|
|
2792
|
+
certificate_authority?: string;
|
|
2793
|
+
/** The fully qualified domain name or host domain name for the certificate. */
|
|
2794
|
+
common_name: string;
|
|
2795
|
+
/** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
|
|
2796
|
+
*
|
|
2797
|
+
* The alternative names can be host names or email addresses.
|
|
2798
|
+
*/
|
|
2799
|
+
alt_names?: string[];
|
|
2800
|
+
/** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
2801
|
+
ip_sans?: string;
|
|
2802
|
+
/** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
2803
|
+
uri_sans?: string;
|
|
2804
|
+
/** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
|
|
2805
|
+
* certificate.
|
|
2806
|
+
*
|
|
2807
|
+
* The alternative names must match the values that are specified in the `allowed_other_sans` field in the
|
|
2808
|
+
* associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
|
|
2809
|
+
* valid type is `UTF8`.
|
|
2810
|
+
*/
|
|
2811
|
+
other_sans?: string[];
|
|
2812
|
+
/** The time-to-live (TTL) or lease duration to assign to a private certificate. The value can be supplied as a
|
|
2813
|
+
* string representation of a duration in hours, for example '12h'. The value can't exceed the `max_ttl` that is
|
|
2814
|
+
* defined in the associated certificate template.
|
|
2815
|
+
*/
|
|
2816
|
+
ttl?: string;
|
|
2817
|
+
/** The format of the returned data. */
|
|
2818
|
+
format?: string;
|
|
2819
|
+
/** The format of the generated private key. */
|
|
2820
|
+
private_key_format?: string;
|
|
2821
|
+
/** Controls whether the common name is excluded from Subject Alternative Names (SANs).
|
|
2822
|
+
*
|
|
2823
|
+
* If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
|
|
2824
|
+
* useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
|
|
2825
|
+
*/
|
|
2826
|
+
exclude_cn_from_sans?: boolean;
|
|
2827
|
+
rotation?: Rotation;
|
|
2828
|
+
/** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
|
|
2829
|
+
* the certificate.
|
|
2830
|
+
*/
|
|
2831
|
+
algorithm?: string;
|
|
2832
|
+
/** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
|
|
2833
|
+
* are associated with the certificate.
|
|
2834
|
+
*/
|
|
2835
|
+
key_algorithm?: string;
|
|
2836
|
+
/** The certificate authority that signed and issued the certificate. */
|
|
2837
|
+
issuer?: string;
|
|
2838
|
+
validity?: CertificateValidity;
|
|
2839
|
+
/** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
|
|
2840
|
+
serial_number?: string;
|
|
2841
|
+
/** The timestamp of the certificate revocation. */
|
|
2842
|
+
revocation_time?: number;
|
|
2843
|
+
/** The date and time that the certificate was revoked. The date format follows RFC 3339. */
|
|
2844
|
+
revocation_time_rfc3339?: string;
|
|
2845
|
+
}
|
|
2846
|
+
/** Properties that describe a secret. */
|
|
2847
|
+
interface PrivateCertificateSecretResource extends SecretResource {
|
|
2848
|
+
/** The v4 UUID that uniquely identifies the secret. */
|
|
2849
|
+
id?: string;
|
|
2850
|
+
/** A human-readable alias to assign to your secret.
|
|
2851
|
+
*
|
|
2852
|
+
* To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
|
|
2853
|
+
*/
|
|
2854
|
+
name: string;
|
|
2855
|
+
/** An extended description of your secret.
|
|
2856
|
+
*
|
|
2857
|
+
* To protect your privacy, do not use personal data, such as your name or location, as a description for your
|
|
2858
|
+
* secret.
|
|
2859
|
+
*/
|
|
2860
|
+
description?: string;
|
|
2861
|
+
/** The v4 UUID that uniquely identifies the secret group to assign to this secret.
|
|
2862
|
+
*
|
|
2863
|
+
* If you omit this parameter, your secret is assigned to the `default` secret group.
|
|
2864
|
+
*/
|
|
2865
|
+
secret_group_id?: string;
|
|
2866
|
+
/** Labels that you can use to filter for secrets in your instance.
|
|
2867
|
+
*
|
|
2868
|
+
* Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are
|
|
2869
|
+
* not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
|
|
2870
|
+
*
|
|
2871
|
+
* To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
|
|
2872
|
+
*/
|
|
2873
|
+
labels?: string[];
|
|
2874
|
+
/** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
|
|
2875
|
+
* Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
|
|
2876
|
+
*/
|
|
2877
|
+
state?: number;
|
|
2878
|
+
/** A text representation of the secret state. */
|
|
2879
|
+
state_description?: string;
|
|
2880
|
+
/** The secret type. */
|
|
2881
|
+
secret_type?: string;
|
|
2882
|
+
/** The Cloud Resource Name (CRN) that uniquely identifies your Secrets Manager resource. */
|
|
2883
|
+
crn?: string;
|
|
2884
|
+
/** The date the secret was created. The date format follows RFC 3339. */
|
|
2885
|
+
creation_date?: string;
|
|
2886
|
+
/** The unique identifier for the entity that created the secret. */
|
|
2887
|
+
created_by?: string;
|
|
2888
|
+
/** Updates when the actual secret is modified. The date format follows RFC 3339. */
|
|
2889
|
+
last_update_date?: string;
|
|
2890
|
+
/** The number of versions that are associated with a secret. */
|
|
2891
|
+
versions_total?: number;
|
|
2892
|
+
/** An array that contains metadata for each secret version. For more information on the metadata properties,
|
|
2893
|
+
* see [Get secret version metadata](#get-secret-version-metadata).
|
|
2894
|
+
*/
|
|
2895
|
+
versions?: JsonObject[];
|
|
2896
|
+
/** The name of the certificate template. */
|
|
2897
|
+
certificate_template: string;
|
|
2898
|
+
/** The intermediate certificate authority that signed this certificate. */
|
|
2899
|
+
certificate_authority?: string;
|
|
2900
|
+
/** The fully qualified domain name or host domain name for the certificate. */
|
|
2901
|
+
common_name: string;
|
|
2902
|
+
/** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
|
|
2903
|
+
*
|
|
2904
|
+
* The alternative names can be host names or email addresses.
|
|
2905
|
+
*/
|
|
2906
|
+
alt_names?: string[];
|
|
2907
|
+
/** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
2908
|
+
ip_sans?: string;
|
|
2909
|
+
/** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
2910
|
+
uri_sans?: string;
|
|
2911
|
+
/** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
|
|
2912
|
+
* certificate.
|
|
2913
|
+
*
|
|
2914
|
+
* The alternative names must match the values that are specified in the `allowed_other_sans` field in the
|
|
2915
|
+
* associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
|
|
2916
|
+
* valid type is `UTF8`.
|
|
2917
|
+
*/
|
|
2918
|
+
other_sans?: string[];
|
|
2919
|
+
/** The time-to-live (TTL) or lease duration to assign to a private certificate. The value can be supplied as a
|
|
2920
|
+
* string representation of a duration in hours, for example '12h'. The value can't exceed the `max_ttl` that is
|
|
2921
|
+
* defined in the associated certificate template.
|
|
2922
|
+
*/
|
|
2923
|
+
ttl?: string;
|
|
2924
|
+
/** The format of the returned data. */
|
|
2925
|
+
format?: string;
|
|
2926
|
+
/** The format of the generated private key. */
|
|
2927
|
+
private_key_format?: string;
|
|
2928
|
+
/** Controls whether the common name is excluded from Subject Alternative Names (SANs).
|
|
2929
|
+
*
|
|
2930
|
+
* If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
|
|
2931
|
+
* useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
|
|
2932
|
+
*/
|
|
2933
|
+
exclude_cn_from_sans?: boolean;
|
|
2934
|
+
rotation?: Rotation;
|
|
2935
|
+
/** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
|
|
2936
|
+
* the certificate.
|
|
2937
|
+
*/
|
|
2938
|
+
algorithm?: string;
|
|
2939
|
+
/** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
|
|
2940
|
+
* are associated with the certificate.
|
|
2941
|
+
*/
|
|
2942
|
+
key_algorithm?: string;
|
|
2943
|
+
/** The certificate authority that signed and issued the certificate. */
|
|
2944
|
+
issuer?: string;
|
|
2945
|
+
validity?: CertificateValidity;
|
|
2946
|
+
/** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
|
|
2947
|
+
serial_number?: string;
|
|
2948
|
+
/** The timestamp of the certificate revocation. */
|
|
2949
|
+
revocation_time?: number;
|
|
2950
|
+
/** The date and time that the certificate was revoked. The date format follows RFC 3339. */
|
|
2951
|
+
revocation_time_rfc3339?: string;
|
|
2952
|
+
/** The data that is associated with the secret. The data object contains the following fields:
|
|
2953
|
+
*
|
|
2954
|
+
* - `certificate`: The contents of the certificate.
|
|
2955
|
+
* - `private_key`: The private key that is associated with the certificate.
|
|
2956
|
+
* - `issuing_ca`: The certificate of the certificate authority that signed and issued this certificate.
|
|
2957
|
+
* - `ca_chain`: The chain of certificate authorities that are associated with the certificate.
|
|
2958
|
+
*/
|
|
2959
|
+
secret_data?: JsonObject;
|
|
2960
|
+
}
|
|
2961
|
+
/** PrivateCertificateSecretVersion. */
|
|
2962
|
+
interface PrivateCertificateSecretVersion extends SecretVersion {
|
|
2963
|
+
/** The v4 UUID that uniquely identifies the secret. */
|
|
2964
|
+
id?: string;
|
|
2965
|
+
/** The ID of the secret version. */
|
|
2966
|
+
version_id?: string;
|
|
2967
|
+
/** The date that the version of the secret was created. */
|
|
2968
|
+
creation_date?: string;
|
|
2969
|
+
/** The unique identifier for the entity that created the secret version. */
|
|
2970
|
+
created_by?: string;
|
|
2971
|
+
validity?: CertificateValidity;
|
|
2972
|
+
/** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
|
|
2973
|
+
serial_number?: string;
|
|
2974
|
+
/** The date that the certificate expires. The date format follows RFC 3339. */
|
|
2975
|
+
expiration_date?: string;
|
|
2976
|
+
/** The data that is associated with the secret version. The data object contains the following fields:
|
|
2977
|
+
*
|
|
2978
|
+
* - `certificate`: The contents of the certificate.
|
|
2979
|
+
* - `private_key`: The private key that is associated with the certificate.
|
|
2980
|
+
* - `intermediate`: The intermediate certificate that is associated with the certificate.
|
|
2981
|
+
*/
|
|
2982
|
+
secret_data?: CertificateSecretData;
|
|
2983
|
+
/** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
|
|
2984
|
+
* Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
|
|
2985
|
+
*/
|
|
2986
|
+
state?: number;
|
|
2987
|
+
/** A text representation of the secret state. */
|
|
2988
|
+
state_description?: string;
|
|
2989
|
+
/** The timestamp of the certificate revocation. */
|
|
2990
|
+
revocation_time?: number;
|
|
2991
|
+
/** The date and time that the certificate was revoked. The date format follows RFC 3339. */
|
|
2992
|
+
revocation_time_rfc3339?: string;
|
|
2993
|
+
/** Indicates whether the version of the secret was created by automatic rotation. */
|
|
2994
|
+
auto_rotated?: boolean;
|
|
2995
|
+
}
|
|
2996
|
+
/** PrivateCertificateSecretVersionInfo. */
|
|
2997
|
+
interface PrivateCertificateSecretVersionInfo extends SecretVersionInfo {
|
|
2998
|
+
/** The ID of the secret version. */
|
|
2999
|
+
id?: string;
|
|
3000
|
+
/** The date that the version of the secret was created. */
|
|
3001
|
+
creation_date?: string;
|
|
3002
|
+
/** The unique identifier for the entity that created the secret version. */
|
|
3003
|
+
created_by?: string;
|
|
3004
|
+
/** Indicates whether the payload for the secret version is stored and available. */
|
|
3005
|
+
payload_available?: boolean;
|
|
3006
|
+
/** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
|
|
3007
|
+
* service API.
|
|
3008
|
+
*/
|
|
3009
|
+
downloaded?: boolean;
|
|
3010
|
+
/** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
|
|
3011
|
+
serial_number?: string;
|
|
3012
|
+
/** The date that the certificate expires. The date format follows RFC 3339. */
|
|
3013
|
+
expiration_date?: string;
|
|
3014
|
+
validity?: CertificateValidity;
|
|
3015
|
+
/** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
|
|
3016
|
+
* Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
|
|
3017
|
+
*/
|
|
3018
|
+
state?: number;
|
|
3019
|
+
/** A text representation of the secret state. */
|
|
3020
|
+
state_description?: string;
|
|
3021
|
+
/** The timestamp of the certificate revocation. */
|
|
3022
|
+
revocation_time?: number;
|
|
3023
|
+
/** The date and time that the certificate was revoked. The date format follows RFC 3339. */
|
|
3024
|
+
revocation_time_rfc3339?: string;
|
|
3025
|
+
/** Indicates whether the version of the secret was created by automatic rotation. */
|
|
3026
|
+
auto_rotated?: boolean;
|
|
3027
|
+
}
|
|
3028
|
+
/** Properties that describe a secret version. */
|
|
3029
|
+
interface PrivateCertificateSecretVersionMetadata extends SecretVersionMetadata {
|
|
3030
|
+
/** The v4 UUID that uniquely identifies the secret. */
|
|
3031
|
+
id?: string;
|
|
3032
|
+
/** The ID of the secret version. */
|
|
3033
|
+
version_id?: string;
|
|
3034
|
+
/** The date that the version of the secret was created. */
|
|
3035
|
+
creation_date?: string;
|
|
3036
|
+
/** The unique identifier for the entity that created the secret version. */
|
|
3037
|
+
created_by?: string;
|
|
3038
|
+
/** Indicates whether the payload for the secret version is stored and available. */
|
|
3039
|
+
payload_available?: boolean;
|
|
3040
|
+
/** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
|
|
3041
|
+
* service API.
|
|
3042
|
+
*/
|
|
3043
|
+
downloaded?: boolean;
|
|
3044
|
+
/** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
|
|
3045
|
+
serial_number?: string;
|
|
3046
|
+
/** The date that the certificate expires. The date format follows RFC 3339. */
|
|
3047
|
+
expiration_date?: string;
|
|
3048
|
+
validity?: CertificateValidity;
|
|
3049
|
+
/** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
|
|
3050
|
+
* Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
|
|
3051
|
+
*/
|
|
3052
|
+
state?: number;
|
|
3053
|
+
/** A text representation of the secret state. */
|
|
3054
|
+
state_description?: string;
|
|
3055
|
+
/** The timestamp of the certificate revocation. */
|
|
3056
|
+
revocation_time?: number;
|
|
3057
|
+
/** The date and time that the certificate was revoked. The date format follows RFC 3339. */
|
|
3058
|
+
revocation_time_rfc3339?: string;
|
|
3059
|
+
/** Indicates whether the version of the secret was created by automatic rotation. */
|
|
3060
|
+
auto_rotated?: boolean;
|
|
2321
3061
|
}
|
|
2322
3062
|
/** Configuration for the public certificates engine. */
|
|
2323
3063
|
interface PublicCertSecretEngineRootConfig extends GetConfigResourcesItem {
|
|
@@ -2498,11 +3238,9 @@ declare namespace SecretsManagerV1 {
|
|
|
2498
3238
|
serial_number?: string;
|
|
2499
3239
|
/** The data that is associated with the secret. The data object contains the following fields:
|
|
2500
3240
|
*
|
|
2501
|
-
* `certificate`: The contents of the certificate.
|
|
2502
|
-
*
|
|
2503
|
-
* `
|
|
2504
|
-
*
|
|
2505
|
-
* `intermediate`: The intermediate certificate that is associated with the certificate.
|
|
3241
|
+
* - `certificate`: The contents of the certificate.
|
|
3242
|
+
* - `private_key`: The private key that is associated with the certificate.
|
|
3243
|
+
* - `intermediate`: The intermediate certificate that is associated with the certificate.
|
|
2506
3244
|
*/
|
|
2507
3245
|
secret_data?: JsonObject;
|
|
2508
3246
|
}
|
|
@@ -2511,6 +3249,133 @@ declare namespace SecretsManagerV1 {
|
|
|
2511
3249
|
/** The ID of the target version or the alias `previous`. */
|
|
2512
3250
|
version_id: string;
|
|
2513
3251
|
}
|
|
3252
|
+
/** A request to revoke the certificate of an internally signed intermediate certificate authority. */
|
|
3253
|
+
interface RevokeAction extends ConfigAction {
|
|
3254
|
+
/** The serial number of the certificate. */
|
|
3255
|
+
serial_number: string;
|
|
3256
|
+
}
|
|
3257
|
+
/** Properties that are returned with a successful `revoke` action. */
|
|
3258
|
+
interface RevokeActionResult extends ConfigElementActionResultConfig {
|
|
3259
|
+
/** The time until the certificate authority is revoked. */
|
|
3260
|
+
revocation_time?: number;
|
|
3261
|
+
}
|
|
3262
|
+
/** Root certificate authorities configuration. */
|
|
3263
|
+
interface RootCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
|
|
3264
|
+
root_certificate_authorities: RootCertificateAuthoritiesConfigItem[];
|
|
3265
|
+
}
|
|
3266
|
+
/** Root certificate authority configuration. */
|
|
3267
|
+
interface RootCertificateAuthorityConfig extends ConfigElementDefConfig {
|
|
3268
|
+
/** The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a
|
|
3269
|
+
* string representation of a duration in hours, for example '8760h'. Note that in the API response the value is
|
|
3270
|
+
* returned in seconds (integer).
|
|
3271
|
+
*
|
|
3272
|
+
* Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
|
|
3273
|
+
*/
|
|
3274
|
+
max_ttl: any;
|
|
3275
|
+
/** The time until the certificate revocation list (CRL) expires. The value can be supplied as a string
|
|
3276
|
+
* representation of a duration in hours, such as `48h`. The default is 72 hours. Note that in the API response the
|
|
3277
|
+
* value is returned in seconds (integer).
|
|
3278
|
+
*/
|
|
3279
|
+
crl_expiry?: any;
|
|
3280
|
+
/** Determines whether to disable certificate revocation list (CRL) building.
|
|
3281
|
+
*
|
|
3282
|
+
* By default, each request rebuilds a CRL. To disable CRL building, set this field to `true`.
|
|
3283
|
+
*/
|
|
3284
|
+
crl_disable?: boolean;
|
|
3285
|
+
/** Determines whether to encode the certificate revocation list (CRL) distribution points in the private
|
|
3286
|
+
* certificates that are issued by a certificate authority.
|
|
3287
|
+
*/
|
|
3288
|
+
crl_distribution_points_encoded?: boolean;
|
|
3289
|
+
/** Determines whether to encode the URL of the issuing certificate in the private certificates that are issued
|
|
3290
|
+
* by a certificate authority.
|
|
3291
|
+
*/
|
|
3292
|
+
issuing_certificates_urls_encoded?: boolean;
|
|
3293
|
+
/** The fully qualified domain name or host domain name for the certificate. */
|
|
3294
|
+
common_name: string;
|
|
3295
|
+
/** The status of the certificate authority. The status of a root certificate authority is either `configured`
|
|
3296
|
+
* or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,
|
|
3297
|
+
* `signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`.
|
|
3298
|
+
*/
|
|
3299
|
+
status?: string;
|
|
3300
|
+
/** The date that the certificate expires. The date format follows RFC 3339. */
|
|
3301
|
+
expiration_date?: string;
|
|
3302
|
+
/** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
|
|
3303
|
+
*
|
|
3304
|
+
* The alternative names can be host names or email addresses.
|
|
3305
|
+
*/
|
|
3306
|
+
alt_names?: string[];
|
|
3307
|
+
/** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
3308
|
+
ip_sans?: string;
|
|
3309
|
+
/** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
3310
|
+
uri_sans?: string;
|
|
3311
|
+
/** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
|
|
3312
|
+
* certificate.
|
|
3313
|
+
*
|
|
3314
|
+
* The alternative names must match the values that are specified in the `allowed_other_sans` field in the
|
|
3315
|
+
* associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
|
|
3316
|
+
* valid type is `UTF8`.
|
|
3317
|
+
*/
|
|
3318
|
+
other_sans?: string[];
|
|
3319
|
+
/** The time-to-live (TTL) or lease duration to assign to a private certificate.
|
|
3320
|
+
*
|
|
3321
|
+
* The value can be supplied as a string representation of a duration, such as `12h`. The value can't exceed the
|
|
3322
|
+
* `max_ttl` that is defined in the associated certificate template. Note that in the API response the value is
|
|
3323
|
+
* returned in seconds (integer).
|
|
3324
|
+
*/
|
|
3325
|
+
ttl?: string;
|
|
3326
|
+
/** The format of the returned data. */
|
|
3327
|
+
format?: string;
|
|
3328
|
+
/** The format of the generated private key. */
|
|
3329
|
+
private_key_format?: string;
|
|
3330
|
+
/** The type of private key to generate. */
|
|
3331
|
+
key_type?: string;
|
|
3332
|
+
/** The number of bits to use when generating the private key.
|
|
3333
|
+
*
|
|
3334
|
+
* Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384 And 521. The
|
|
3335
|
+
* default for RSA keys is 2048, and the default for EC keys is 256.
|
|
3336
|
+
*/
|
|
3337
|
+
key_bits?: number;
|
|
3338
|
+
/** The maximum path length to encode in the generated certificate. `-1` means no limit.
|
|
3339
|
+
*
|
|
3340
|
+
* If the signing certificate has a maximum path length set, the path length is set to one less than that of the
|
|
3341
|
+
* signing certificate. A limit of `0` means a literal path length of zero.
|
|
3342
|
+
*/
|
|
3343
|
+
max_path_length?: number;
|
|
3344
|
+
/** Controls whether the common name is excluded from Subject Alternative Names (SANs).
|
|
3345
|
+
*
|
|
3346
|
+
* If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
|
|
3347
|
+
* useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
|
|
3348
|
+
*/
|
|
3349
|
+
exclude_cn_from_sans?: boolean;
|
|
3350
|
+
/** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
|
|
3351
|
+
permitted_dns_domains?: string[];
|
|
3352
|
+
/** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
|
|
3353
|
+
ou?: string[];
|
|
3354
|
+
/** The Organization (O) values to define in the subject field of the resulting CA certificate. */
|
|
3355
|
+
organization?: string[];
|
|
3356
|
+
/** The Country (C) values to define in the subject field of the resulting CA certificate. */
|
|
3357
|
+
country?: string[];
|
|
3358
|
+
/** The Locality (L) values to define in the subject field of the resulting CA certificate. */
|
|
3359
|
+
locality?: string[];
|
|
3360
|
+
/** The Province (ST) values to define in the subject field of the resulting CA certificate. */
|
|
3361
|
+
province?: string[];
|
|
3362
|
+
/** The Street Address values in the subject field of the resulting CA certificate. */
|
|
3363
|
+
street_address?: string[];
|
|
3364
|
+
/** The Postal Code values in the subject field of the resulting CA certificate. */
|
|
3365
|
+
postal_code?: string[];
|
|
3366
|
+
/** The serial number to assign to the generated private certificate. To assign a random serial number, you can
|
|
3367
|
+
* omit this field.
|
|
3368
|
+
*/
|
|
3369
|
+
serial_number?: string;
|
|
3370
|
+
/** The data that is associated with the root certificate authority. The data object contains the following
|
|
3371
|
+
* fields:
|
|
3372
|
+
*
|
|
3373
|
+
* - `certificate`: The root certificate content.
|
|
3374
|
+
* - `issuing_ca`: The certificate of the certificate authority that signed and issued this certificate.
|
|
3375
|
+
* - `serial_number`: The unique serial number of the root certificate.
|
|
3376
|
+
*/
|
|
3377
|
+
data?: JsonObject;
|
|
3378
|
+
}
|
|
2514
3379
|
/** The request body of a `rotate` action. */
|
|
2515
3380
|
interface RotateArbitrarySecretBody extends SecretAction {
|
|
2516
3381
|
/** The new secret data to assign to an `arbitrary` secret. */
|
|
@@ -2525,6 +3390,9 @@ declare namespace SecretsManagerV1 {
|
|
|
2525
3390
|
/** The new intermediate certificate to associate with the certificate. */
|
|
2526
3391
|
intermediate?: string;
|
|
2527
3392
|
}
|
|
3393
|
+
/** Properties that are returned with a successful `rotate_crl` action. */
|
|
3394
|
+
interface RotateCrlActionResult extends ConfigElementActionResultConfig {
|
|
3395
|
+
}
|
|
2528
3396
|
/** The request body of a `rotate` action. */
|
|
2529
3397
|
interface RotateKvSecretBody extends SecretAction {
|
|
2530
3398
|
/** The new secret data to assign to a key-value secret. */
|
|
@@ -2542,9 +3410,9 @@ declare namespace SecretsManagerV1 {
|
|
|
2542
3410
|
}
|
|
2543
3411
|
/** The secret rotation time interval. */
|
|
2544
3412
|
interface SecretPolicyRotationRotationPolicyRotation extends SecretPolicyRotationRotation {
|
|
2545
|
-
/**
|
|
3413
|
+
/** The length of the secret rotation time interval. */
|
|
2546
3414
|
interval: number;
|
|
2547
|
-
/**
|
|
3415
|
+
/** The units for the secret rotation time interval. */
|
|
2548
3416
|
unit: string;
|
|
2549
3417
|
}
|
|
2550
3418
|
/** The `public_cert` secret rotation policy. */
|
|
@@ -2552,6 +3420,324 @@ declare namespace SecretsManagerV1 {
|
|
|
2552
3420
|
auto_rotate: boolean;
|
|
2553
3421
|
rotate_keys: boolean;
|
|
2554
3422
|
}
|
|
3423
|
+
/** A request to set a signed certificate in an intermediate certificate authority. */
|
|
3424
|
+
interface SetSignedAction extends ConfigAction {
|
|
3425
|
+
/** The PEM-encoded certificate. */
|
|
3426
|
+
certificate: string;
|
|
3427
|
+
}
|
|
3428
|
+
/** Properties that are returned with a successful `set_signed` action. */
|
|
3429
|
+
interface SetSignedActionResult extends ConfigElementActionResultConfig {
|
|
3430
|
+
}
|
|
3431
|
+
/** A request to sign a certificate signing request (CSR). */
|
|
3432
|
+
interface SignCsrAction extends ConfigAction {
|
|
3433
|
+
/** The fully qualified domain name or host domain name for the certificate. */
|
|
3434
|
+
common_name?: string;
|
|
3435
|
+
/** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
|
|
3436
|
+
*
|
|
3437
|
+
* The alternative names can be host names or email addresses.
|
|
3438
|
+
*/
|
|
3439
|
+
alt_names?: string[];
|
|
3440
|
+
/** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
3441
|
+
ip_sans?: string;
|
|
3442
|
+
/** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
3443
|
+
uri_sans?: string;
|
|
3444
|
+
/** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
|
|
3445
|
+
* certificate.
|
|
3446
|
+
*
|
|
3447
|
+
* The alternative names must match the values that are specified in the `allowed_other_sans` field in the
|
|
3448
|
+
* associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
|
|
3449
|
+
* valid type is `UTF8`.
|
|
3450
|
+
*/
|
|
3451
|
+
other_sans?: string[];
|
|
3452
|
+
/** The time-to-live (TTL) or lease duration to assign to a private certificate.
|
|
3453
|
+
*
|
|
3454
|
+
* The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
|
|
3455
|
+
* exceed the `max_ttl` that is defined in the associated certificate template.
|
|
3456
|
+
*/
|
|
3457
|
+
ttl?: string;
|
|
3458
|
+
/** The format of the returned data. */
|
|
3459
|
+
format?: string;
|
|
3460
|
+
/** The maximum path length to encode in the generated certificate. `-1` means no limit.
|
|
3461
|
+
*
|
|
3462
|
+
* If the signing certificate has a maximum path length set, the path length is set to one less than that of the
|
|
3463
|
+
* signing certificate. A limit of `0` means a literal path length of zero.
|
|
3464
|
+
*/
|
|
3465
|
+
max_path_length?: number;
|
|
3466
|
+
/** Controls whether the common name is excluded from Subject Alternative Names (SANs).
|
|
3467
|
+
*
|
|
3468
|
+
* If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
|
|
3469
|
+
* useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
|
|
3470
|
+
*/
|
|
3471
|
+
exclude_cn_from_sans?: boolean;
|
|
3472
|
+
/** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
|
|
3473
|
+
permitted_dns_domains?: string[];
|
|
3474
|
+
/** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
|
|
3475
|
+
* If set to `true`, then:
|
|
3476
|
+
*
|
|
3477
|
+
* 1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
|
|
3478
|
+
* values provided in the other parameters to this operation.
|
|
3479
|
+
*
|
|
3480
|
+
* 2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
|
|
3481
|
+
* usages used for CA certs signed by this intermediate authority.
|
|
3482
|
+
*
|
|
3483
|
+
* 3) Extensions that are requested in the CSR are copied into the issued private certificate.
|
|
3484
|
+
*/
|
|
3485
|
+
use_csr_values?: boolean;
|
|
3486
|
+
/** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
|
|
3487
|
+
ou?: string[];
|
|
3488
|
+
/** The Organization (O) values to define in the subject field of the resulting CA certificate. */
|
|
3489
|
+
organization?: string[];
|
|
3490
|
+
/** The Country (C) values to define in the subject field of the resulting CA certificate. */
|
|
3491
|
+
country?: string[];
|
|
3492
|
+
/** The Locality (L) values to define in the subject field of the resulting CA certificate. */
|
|
3493
|
+
locality?: string[];
|
|
3494
|
+
/** The Province (ST) values to define in the subject field of the resulting CA certificate. */
|
|
3495
|
+
province?: string[];
|
|
3496
|
+
/** The Street Address values in the subject field of the resulting CA certificate. */
|
|
3497
|
+
street_address?: string[];
|
|
3498
|
+
/** The Postal Code values in the subject field of the resulting CA certificate. */
|
|
3499
|
+
postal_code?: string[];
|
|
3500
|
+
/** The serial number to assign to the generated private certificate. To assign a random serial number, you can
|
|
3501
|
+
* omit this field.
|
|
3502
|
+
*/
|
|
3503
|
+
serial_number?: string;
|
|
3504
|
+
/** The PEM-encoded certificate signing request (CSR). This field is required for the `sign_csr` action. */
|
|
3505
|
+
csr: string;
|
|
3506
|
+
}
|
|
3507
|
+
/** Properties that are returned with a successful `sign_csr` action. */
|
|
3508
|
+
interface SignCsrActionResult extends ConfigElementActionResultConfig {
|
|
3509
|
+
/** The fully qualified domain name or host domain name for the certificate. */
|
|
3510
|
+
common_name?: string;
|
|
3511
|
+
/** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
|
|
3512
|
+
*
|
|
3513
|
+
* The alternative names can be host names or email addresses.
|
|
3514
|
+
*/
|
|
3515
|
+
alt_names?: string[];
|
|
3516
|
+
/** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
3517
|
+
ip_sans?: string;
|
|
3518
|
+
/** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
3519
|
+
uri_sans?: string;
|
|
3520
|
+
/** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
|
|
3521
|
+
* certificate.
|
|
3522
|
+
*
|
|
3523
|
+
* The alternative names must match the values that are specified in the `allowed_other_sans` field in the
|
|
3524
|
+
* associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
|
|
3525
|
+
* valid type is `UTF8`.
|
|
3526
|
+
*/
|
|
3527
|
+
other_sans?: string[];
|
|
3528
|
+
/** The time-to-live (TTL) or lease duration to assign to a private certificate.
|
|
3529
|
+
*
|
|
3530
|
+
* The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
|
|
3531
|
+
* exceed the `max_ttl` that is defined in the associated certificate template.
|
|
3532
|
+
*/
|
|
3533
|
+
ttl?: string;
|
|
3534
|
+
/** The format of the returned data. */
|
|
3535
|
+
format?: string;
|
|
3536
|
+
/** The maximum path length to encode in the generated certificate. `-1` means no limit.
|
|
3537
|
+
*
|
|
3538
|
+
* If the signing certificate has a maximum path length set, the path length is set to one less than that of the
|
|
3539
|
+
* signing certificate. A limit of `0` means a literal path length of zero.
|
|
3540
|
+
*/
|
|
3541
|
+
max_path_length?: number;
|
|
3542
|
+
/** Controls whether the common name is excluded from Subject Alternative Names (SANs).
|
|
3543
|
+
*
|
|
3544
|
+
* If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
|
|
3545
|
+
* useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
|
|
3546
|
+
*/
|
|
3547
|
+
exclude_cn_from_sans?: boolean;
|
|
3548
|
+
/** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
|
|
3549
|
+
permitted_dns_domains?: string[];
|
|
3550
|
+
/** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
|
|
3551
|
+
* If set to `true`, then:
|
|
3552
|
+
*
|
|
3553
|
+
* 1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
|
|
3554
|
+
* values provided in the other parameters to this operation.
|
|
3555
|
+
*
|
|
3556
|
+
* 2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
|
|
3557
|
+
* usages used for CA certs signed by this intermediate authority.
|
|
3558
|
+
*
|
|
3559
|
+
* 3) Extensions that are requested in the CSR are copied into the issued private certificate.
|
|
3560
|
+
*/
|
|
3561
|
+
use_csr_values?: boolean;
|
|
3562
|
+
/** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
|
|
3563
|
+
ou?: string[];
|
|
3564
|
+
/** The Organization (O) values to define in the subject field of the resulting CA certificate. */
|
|
3565
|
+
organization?: string[];
|
|
3566
|
+
/** The Country (C) values to define in the subject field of the resulting CA certificate. */
|
|
3567
|
+
country?: string[];
|
|
3568
|
+
/** The Locality (L) values to define in the subject field of the resulting CA certificate. */
|
|
3569
|
+
locality?: string[];
|
|
3570
|
+
/** The Province (ST) values to define in the subject field of the resulting CA certificate. */
|
|
3571
|
+
province?: string[];
|
|
3572
|
+
/** The Street Address values in the subject field of the resulting CA certificate. */
|
|
3573
|
+
street_address?: string[];
|
|
3574
|
+
/** The Postal Code values in the subject field of the resulting CA certificate. */
|
|
3575
|
+
postal_code?: string[];
|
|
3576
|
+
/** The serial number to assign to the generated private certificate. To assign a random serial number, you can
|
|
3577
|
+
* omit this field.
|
|
3578
|
+
*/
|
|
3579
|
+
serial_number?: string;
|
|
3580
|
+
/** Properties that are returned with a successful `sign` action. */
|
|
3581
|
+
data: SignActionResultData;
|
|
3582
|
+
/** The PEM-encoded certificate signing request (CSR). */
|
|
3583
|
+
csr: string;
|
|
3584
|
+
}
|
|
3585
|
+
/** A request to sign an intermediate certificate authority. */
|
|
3586
|
+
interface SignIntermediateAction extends ConfigAction {
|
|
3587
|
+
/** The fully qualified domain name or host domain name for the certificate. */
|
|
3588
|
+
common_name?: string;
|
|
3589
|
+
/** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
|
|
3590
|
+
*
|
|
3591
|
+
* The alternative names can be host names or email addresses.
|
|
3592
|
+
*/
|
|
3593
|
+
alt_names?: string[];
|
|
3594
|
+
/** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
3595
|
+
ip_sans?: string;
|
|
3596
|
+
/** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
3597
|
+
uri_sans?: string;
|
|
3598
|
+
/** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
|
|
3599
|
+
* certificate.
|
|
3600
|
+
*
|
|
3601
|
+
* The alternative names must match the values that are specified in the `allowed_other_sans` field in the
|
|
3602
|
+
* associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
|
|
3603
|
+
* valid type is `UTF8`.
|
|
3604
|
+
*/
|
|
3605
|
+
other_sans?: string[];
|
|
3606
|
+
/** The time-to-live (TTL) or lease duration to assign to a private certificate.
|
|
3607
|
+
*
|
|
3608
|
+
* The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
|
|
3609
|
+
* exceed the `max_ttl` that is defined in the associated certificate template.
|
|
3610
|
+
*/
|
|
3611
|
+
ttl?: string;
|
|
3612
|
+
/** The format of the returned data. */
|
|
3613
|
+
format?: string;
|
|
3614
|
+
/** The maximum path length to encode in the generated certificate. `-1` means no limit.
|
|
3615
|
+
*
|
|
3616
|
+
* If the signing certificate has a maximum path length set, the path length is set to one less than that of the
|
|
3617
|
+
* signing certificate. A limit of `0` means a literal path length of zero.
|
|
3618
|
+
*/
|
|
3619
|
+
max_path_length?: number;
|
|
3620
|
+
/** Controls whether the common name is excluded from Subject Alternative Names (SANs).
|
|
3621
|
+
*
|
|
3622
|
+
* If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
|
|
3623
|
+
* useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
|
|
3624
|
+
*/
|
|
3625
|
+
exclude_cn_from_sans?: boolean;
|
|
3626
|
+
/** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
|
|
3627
|
+
permitted_dns_domains?: string[];
|
|
3628
|
+
/** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
|
|
3629
|
+
* If set to `true`, then:
|
|
3630
|
+
*
|
|
3631
|
+
* 1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
|
|
3632
|
+
* values provided in the other parameters to this operation.
|
|
3633
|
+
*
|
|
3634
|
+
* 2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
|
|
3635
|
+
* usages used for CA certs signed by this intermediate authority.
|
|
3636
|
+
*
|
|
3637
|
+
* 3) Extensions that are requested in the CSR are copied into the issued private certificate.
|
|
3638
|
+
*/
|
|
3639
|
+
use_csr_values?: boolean;
|
|
3640
|
+
/** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
|
|
3641
|
+
ou?: string[];
|
|
3642
|
+
/** The Organization (O) values to define in the subject field of the resulting CA certificate. */
|
|
3643
|
+
organization?: string[];
|
|
3644
|
+
/** The Country (C) values to define in the subject field of the resulting CA certificate. */
|
|
3645
|
+
country?: string[];
|
|
3646
|
+
/** The Locality (L) values to define in the subject field of the resulting CA certificate. */
|
|
3647
|
+
locality?: string[];
|
|
3648
|
+
/** The Province (ST) values to define in the subject field of the resulting CA certificate. */
|
|
3649
|
+
province?: string[];
|
|
3650
|
+
/** The Street Address values in the subject field of the resulting CA certificate. */
|
|
3651
|
+
street_address?: string[];
|
|
3652
|
+
/** The Postal Code values in the subject field of the resulting CA certificate. */
|
|
3653
|
+
postal_code?: string[];
|
|
3654
|
+
/** The serial number to assign to the generated private certificate. To assign a random serial number, you can
|
|
3655
|
+
* omit this field.
|
|
3656
|
+
*/
|
|
3657
|
+
serial_number?: string;
|
|
3658
|
+
/** The intermediate certificate authority to be signed. The name must match one of the pre-configured
|
|
3659
|
+
* intermediate certificate authorities.
|
|
3660
|
+
*/
|
|
3661
|
+
intermediate_certificate_authority: string;
|
|
3662
|
+
}
|
|
3663
|
+
/** Properties that are returned with a successful `sign_intermediate` action. */
|
|
3664
|
+
interface SignIntermediateActionResult extends ConfigElementActionResultConfig {
|
|
3665
|
+
/** The fully qualified domain name or host domain name for the certificate. */
|
|
3666
|
+
common_name?: string;
|
|
3667
|
+
/** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
|
|
3668
|
+
*
|
|
3669
|
+
* The alternative names can be host names or email addresses.
|
|
3670
|
+
*/
|
|
3671
|
+
alt_names?: string[];
|
|
3672
|
+
/** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
3673
|
+
ip_sans?: string;
|
|
3674
|
+
/** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
|
|
3675
|
+
uri_sans?: string;
|
|
3676
|
+
/** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
|
|
3677
|
+
* certificate.
|
|
3678
|
+
*
|
|
3679
|
+
* The alternative names must match the values that are specified in the `allowed_other_sans` field in the
|
|
3680
|
+
* associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
|
|
3681
|
+
* valid type is `UTF8`.
|
|
3682
|
+
*/
|
|
3683
|
+
other_sans?: string[];
|
|
3684
|
+
/** The time-to-live (TTL) or lease duration to assign to a private certificate.
|
|
3685
|
+
*
|
|
3686
|
+
* The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
|
|
3687
|
+
* exceed the `max_ttl` that is defined in the associated certificate template.
|
|
3688
|
+
*/
|
|
3689
|
+
ttl?: string;
|
|
3690
|
+
/** The format of the returned data. */
|
|
3691
|
+
format?: string;
|
|
3692
|
+
/** The maximum path length to encode in the generated certificate. `-1` means no limit.
|
|
3693
|
+
*
|
|
3694
|
+
* If the signing certificate has a maximum path length set, the path length is set to one less than that of the
|
|
3695
|
+
* signing certificate. A limit of `0` means a literal path length of zero.
|
|
3696
|
+
*/
|
|
3697
|
+
max_path_length?: number;
|
|
3698
|
+
/** Controls whether the common name is excluded from Subject Alternative Names (SANs).
|
|
3699
|
+
*
|
|
3700
|
+
* If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
|
|
3701
|
+
* useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
|
|
3702
|
+
*/
|
|
3703
|
+
exclude_cn_from_sans?: boolean;
|
|
3704
|
+
/** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
|
|
3705
|
+
permitted_dns_domains?: string[];
|
|
3706
|
+
/** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
|
|
3707
|
+
* If set to `true`, then:
|
|
3708
|
+
*
|
|
3709
|
+
* 1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
|
|
3710
|
+
* values provided in the other parameters to this operation.
|
|
3711
|
+
*
|
|
3712
|
+
* 2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
|
|
3713
|
+
* usages used for CA certs signed by this intermediate authority.
|
|
3714
|
+
*
|
|
3715
|
+
* 3) Extensions that are requested in the CSR are copied into the issued private certificate.
|
|
3716
|
+
*/
|
|
3717
|
+
use_csr_values?: boolean;
|
|
3718
|
+
/** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
|
|
3719
|
+
ou?: string[];
|
|
3720
|
+
/** The Organization (O) values to define in the subject field of the resulting CA certificate. */
|
|
3721
|
+
organization?: string[];
|
|
3722
|
+
/** The Country (C) values to define in the subject field of the resulting CA certificate. */
|
|
3723
|
+
country?: string[];
|
|
3724
|
+
/** The Locality (L) values to define in the subject field of the resulting CA certificate. */
|
|
3725
|
+
locality?: string[];
|
|
3726
|
+
/** The Province (ST) values to define in the subject field of the resulting CA certificate. */
|
|
3727
|
+
province?: string[];
|
|
3728
|
+
/** The Street Address values in the subject field of the resulting CA certificate. */
|
|
3729
|
+
street_address?: string[];
|
|
3730
|
+
/** The Postal Code values in the subject field of the resulting CA certificate. */
|
|
3731
|
+
postal_code?: string[];
|
|
3732
|
+
/** The serial number to assign to the generated private certificate. To assign a random serial number, you can
|
|
3733
|
+
* omit this field.
|
|
3734
|
+
*/
|
|
3735
|
+
serial_number?: string;
|
|
3736
|
+
/** Properties that are returned with a successful `sign` action. */
|
|
3737
|
+
data: SignIntermediateActionResultData;
|
|
3738
|
+
/** The signed intermediate certificate authority. */
|
|
3739
|
+
intermediate_certificate_authority: string;
|
|
3740
|
+
}
|
|
2555
3741
|
/** Metadata properties that describe a username_password secret. */
|
|
2556
3742
|
interface UsernamePasswordSecretMetadata extends SecretMetadata {
|
|
2557
3743
|
/** The unique ID of the secret. */
|
|
@@ -2666,9 +3852,8 @@ declare namespace SecretsManagerV1 {
|
|
|
2666
3852
|
password?: string;
|
|
2667
3853
|
/** The data that is associated with the secret version. The data object contains the following fields:
|
|
2668
3854
|
*
|
|
2669
|
-
* `username`: The username that is associated with the secret version.
|
|
2670
|
-
*
|
|
2671
|
-
* `password`: The password that is associated with the secret version.
|
|
3855
|
+
* - `username`: The username that is associated with the secret version.
|
|
3856
|
+
* - `password`: The password that is associated with the secret version.
|
|
2672
3857
|
*/
|
|
2673
3858
|
secret_data?: JsonObject;
|
|
2674
3859
|
/** The date the secret material expires. The date format follows RFC 3339.
|
|
@@ -2702,9 +3887,8 @@ declare namespace SecretsManagerV1 {
|
|
|
2702
3887
|
auto_rotated?: boolean;
|
|
2703
3888
|
/** The data that is associated with the secret version. The data object contains the following fields:
|
|
2704
3889
|
*
|
|
2705
|
-
* `username`: The username that is associated with the secret version.
|
|
2706
|
-
*
|
|
2707
|
-
* `password`: The password that is associated with the secret version.
|
|
3890
|
+
* - `username`: The username that is associated with the secret version.
|
|
3891
|
+
* - `password`: The password that is associated with the secret version.
|
|
2708
3892
|
*/
|
|
2709
3893
|
secret_data?: JsonObject;
|
|
2710
3894
|
}
|