Metadata for credential input sources

Learn how to apply the information required for the Metadata tab of the input source.

AWS Secrets Manager Lookup

Expand
Metadata Description

AWS Secrets Manager Region (required)

Location of the region where the secrets manager is.

AWS Secret Name (required)

Give the AWS secret name that generated by the AWS access key.

Centrify Vault Credential Provider Lookup

Expand
Metadata Description

Account name (required)

Name of the system account or domain associated with Centrify Vault.

System Name

Specify the name used by the Centrify portal.

CyberArk Central Credential Provider Lookup

Expand
Metadata Description

Object Query (Required)

Lookup query for the object.

Object Query Format

Select Exact for a specific secret name, or Regexp for a secret that has a dynamically generated name.

Object Property

Specifies the name of the property to return. For example, UserName or Address other than the default of Content.

Reason

If required for the object’s policy, supply a reason for checking out the secret, as CyberArk logs those.

CyberArk Conjur Secrets Lookup

Expand
Metadata Description

Secret Identifier

The identifier for the secret.

Secret Version

Specify a version of the secret, if necessary, otherwise, leave it empty to use the latest version.

HashiVault Secret Lookup

Expand
Metadata Description

Name of Secret Backend

Specify the name of the KV backend to use. Leave it blank to use the first path segment of the Path to Secret field instead.

Path to Secret (required)

Specify the path to where the secret information is stored; for example, /path/username.

Key Name (required)

Specify the name of the key to look up the secret information.

Secret Version (V2 Only)

Specify a version if necessary, otherwise, leave it empty to use the latest version.

HashiCorp Signed SSH

Expand
Metadata Description

Unsigned Public Key (required)

Specify the public key of the certificate you want to have signed. It needs to be present in the authorized keys file of the target hosts.

Path to Secret (required)

Specify the path to where the secret information is stored; for example, /path/username.

Role Name (required)

A role is a collection of SSH settings and parameters that are stored in Hashi vault. Typically, you can specify some with different privileges or timeouts, for example. So you could have a role that is permitted to get a certificate signed for root, and other less privileged ones, for example.

Valid Principals

Specify a user (or users) other than the default, that you are requesting vault to authorize the cert for the stored key. Hashi vault has a default user for whom it signs, for example, ec2-user.

Microsoft Azure KMS

Expand
Metadata Description

Secret Name (required)

The name of the secret as it is referenced in Microsoft Azure’s Key vault app.

Secret Version

Specify a version of the secret, if necessary, otherwise, leave it empty to use the latest version.

Thycotic DevOps Secrets Vault

Expand
Metadata Description

Secret Path (required)

Specify the path to where the secret information is stored, for example, /path/username.

Thycotic Secret Server

Expand
Metadata Description

Secret ID (required)

The identifier for the secret.

Secret Field

Specify the field to be used from the secret.