-
Notifications
You must be signed in to change notification settings - Fork 0
/
default.cfg.plugin
67 lines (55 loc) · 2.96 KB
/
default.cfg.plugin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
[hashicorp]
# The address or hostname of the Hashicorp Vault. Separate more than one
# addresses with a comma (,).
; address=<address>
# The port number of the Hashicorp Vault. Default is 8200.
; port=8200
# The authentication method to use to connect to the Hashicorp Vault. The value
# can be one of the following: ldap or userpass.
; authentication_method=<authentication_method>
# The credential type to use. The value can be one of the following: explicit or
# gateway. If you use credential type, you must also configure the username and
# password parameters. Default is gateway.
; use_credential=gateway
# The username used to authenticate to the Hashicorp Vault if you have configured
# the use_credential parameter as explicit
; username=<username>
# The password used to authenticate to the Hashicorp Vault if you have configured
# the use_credential parameter as explicit. To use a local Credential Store to
# host this data, set the parameter to $ and read the "Store sensitive plugin data
# securely" section in the documentation.
; password=<$-or-password>
[engine-kv-v1]
# The path of the endpoint under which the user names and passwords are stored as secrets.
# For example, secrets/users. The server username is then appended to the path on-the-fly.
# This compound path points to an object that has the password or key as one of its fields.
; secrets_path=<path>
# The value field to retrieve the password secret from, unless user-defined.
# This parameter is not related to the password parameter.
# Default is password
; password_field=password
# The value field to retrieve the SSH private key secret from, unless user-defined.
# Default is key
; key_field=key
# The default secret type to retrieve. The value can be the following: password or key.
# If not set, the plugin will try to retrieve both kind of secrets.
; default_type=<secret_type>
[tls]
# To disable TLS completely, enter no as the value of this parameter.
# Default is yes
; enabled = yes
# Configure this parameter to enable client-side verification. The certificate shown
# by the server will be checked with this CA.
# If the value of this parameter is $[<trusted-ca-list-name>], the certificates are
# retrieved from the trusted CA list configured on SPS, identified by the name.
# When the certificate is inserted into the configuration file, it must be in PEM
# format and all the new lines must be indented with one whitespace. If it is a chain,
# insert the certificates right after each other.
; ca_cert = <ca-certificate-chain>
; ca_cert = $[<trusted-ca-list-name>]
# Configure this parameter to enable server-side verification. If the value of this
# parameter is $, the certificate identified by the section and option pair is retrieved
# from the configured Credential Store. When the certificate is inserted into the
# configuration file, it must be in PEM format and all the new lines must be indented
# with one whitespace. Note that encrypted keys are not supported.
; client_cert = <client-certificate-and-key>