Skip to content

Latest commit

 

History

History
142 lines (90 loc) · 3.44 KB

REFERENCE.md

File metadata and controls

142 lines (90 loc) · 3.44 KB
Raw

Reference

Table of Contents

Resource types

  • credential: Manages Credential Manager credentials on Windows systems.

Functions

Resource types

credential

Manages Credential Manager credentials on Windows systems.

Properties

The following properties are available in the credential type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

username

The identity used to authenticate to the Conjur instance

value

The API key matching the Conjur identity

Parameters

The following parameters are available in the credential type.

provider

The specific backend to use for this credential resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

target

Conjur URL

Functions

conjur::secret

Type: Ruby 4.x API

Function to retrieve a Conjur secret

Examples

Agent-based identity invocation
Deferred(conjur::secret, ['production/postgres/password'])
Server-based identity invocation
$sslcert = @("EOT")
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
|-EOT

$dbpass = Deferred(conjur::secret, ['production/postgres/password', {
  appliance_url => "https://my.conjur.org",
  account => "myaccount",
  authn_login => "host/myhost",
  authn_api_key => Sensitive("2z9mndg1950gcx1mcrs6w18bwnp028dqkmc34vj8gh2p500ny1qk8n"),
  ssl_certificate => $sslcert
}])

conjur::secret(String $variable_id, Optional[Hash] $options)

Function to retrieve a Conjur secret

Returns: Sensitive Value of the Conjur variable.

Examples
Agent-based identity invocation
Deferred(conjur::secret, ['production/postgres/password'])
Server-based identity invocation
$sslcert = @("EOT")
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
|-EOT

$dbpass = Deferred(conjur::secret, ['production/postgres/password', {
  appliance_url => "https://my.conjur.org",
  account => "myaccount",
  authn_login => "host/myhost",
  authn_api_key => Sensitive("2z9mndg1950gcx1mcrs6w18bwnp028dqkmc34vj8gh2p500ny1qk8n"),
  ssl_certificate => $sslcert
}])
variable_id

Data type: String

Conjur variable ID that you want the value of.

options

Data type: Optional[Hash]

Optional parameter specifying server identity overrides The following keys are supported in the options hash:

  • appliance_url: The URL of the Conjur instance.
  • account: Name of the Conjur account that contains this variable.
  • authn_login: The identity you are using to authenticate to the Conjur instance.
  • authn_api_key: The API key of the identity you are using to authenticate with (must be Sensitive type).
  • cert_file: The absolute path to CA certificate chain for the Conjur instance on the agent. This variable overrides ssl_certificate.
  • ssl_certificate: The raw PEM-encoded x509 CA certificate chain for the Conjur instance. Overwritten by the contents read from cert_file when it is present.
  • version: Conjur API version, defaults to 5.