-
Notifications
You must be signed in to change notification settings - Fork 0
/
default.cfg
104 lines (88 loc) · 4.51 KB
/
default.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
[hashicorp]
# The address or hostname of the Hashicorp Vault. Separate more than one
# addresses with a comma (,).
; address=<address>
# The port number of the Hashicorp Vault. Default is 8200.
; port=8200
# The authentication method to use to connect to the Hashicorp Vault. The value
# can be one of the following: ldap or userpass.
; authentication_method=<authentication_method>
# The credential type to use. The value can be one of the following: explicit or
# gateway. If you use credential type, you must also configure the username and
# password parameters. Default is gateway.
; use_credential=gateway
# The username used to authenticate to the Hashicorp Vault in case you have configured
# the use_credential parameter as explicit
; username=<username>
# The password used to authenticate to the Hashicorp Vault if you have configured
# the use_credential parameter as explicit. To use a local Credential Store to
# host this data, set the parameter to $ and read the "Store sensitive plugin data
# securely" section in the documentation.
; password=<$-or-password>
[engine-kv-v1]
# The path of the endpoint under which the user names and passwords are stored as secrets.
# For example, secrets/users. The server username is then appended to the path on-the-fly.
# This compound path points to an object that has the password or key as one of its fields.
; secrets_path=<path>
# The value field to retrieve the password secret from, unless user-defined.
# This parameter is not related to the password parameter.
# Default is password
; password_field=password
# The value field to retrieve the SSH private key secret from, unless user-defined.
# Default is key
; key_field=key
# The default secret type to retrieve. The value can be the following: password or key.
# If not set, the plugin will try to retrieve both kind of secrets.
; default_type=<secret_type>
[tls]
# To disable TLS completely, enter no as the value of this parameter.
# Default is yes
; enabled = yes
# Configure this parameter to enable client-side verification. The certificate shown
# by the server will be checked with this CA.
# If the value of this parameter is $[<trusted-ca-list-name>], the certificates are
# retrieved from the trusted CA list configured on SPS, identified by the name.
# When the certificate is inserted into the configuration file, it must be in PEM
# format and all the new lines must be indented with one whitespace. If it is a chain,
# insert the certificates right after each other.
; ca_cert = <ca-certificate-chain>
; ca_cert = $[<trusted-ca-list-name>]
# Configure this parameter to enable server-side verification. If the value of this
# parameter is $, the certificate identified by the section and option pair is retrieved
# from the configured Credential Store. When the certificate is inserted into the
# configuration file, it must be in PEM format and all the new lines must be indented
# with one whitespace. Note that encrypted keys are not supported.
; client_cert = <client-certificate-and-key>
###### Common plugin options ######
# To enable or change a parameter, uncomment its line by removing the ';'
# character and replacing the right side of '=' with the desired value.
# If the parameter has the following structure
# ; name=<value>
# then the related option is turned off until you replace '<value>'.
#
# If the parameter has the following structure
# ; name=value
# then the related option is is automatically turned on with the default value
# of 'value'.
#
# To handle sensitive data, you can use a local Credential Store to retrieve
# parameters from.
# Enter the name of the local Credential Store (Policies > Credential Store) as
# the value of the 'name' parameter in section [credential_store]. To retrieve a
# parameter from this Credential Store, type the $ character as the value of
# a parameter in this configuration file. To use the $ character as value,
# type $$ instead. For more information, read the "Store sensitive plugin data
# securely" section in the Tutorial document.
[credential_store]
# Name of the local credential store configured in SPS for hosting sensitive
# configuration data. For more information, read the "Store sensitive
# plugin data securely" section in the Tutorial document.
; name=<name-of-credential-store-policy-that-hosts-sensitive-data>
[logging]
# To configure the log level, enter one of the following values:
# 'debug', 'info', 'warning', 'error', 'critical'
; log_level=info
[https_proxy]
# To set the HTTPS proxy environment for the plugin, configure the following.
; server=<proxy-server-name-or-ip>
; port=3128