secret-manager update
Note
This feature is available in dbvr Pro only.
Synopsis¶
dbvr secret-manager update [-hV]
[--aws.region=<string> --aws.cloudId=<string>
--aws.configurationName=<string>
[--aws.description=<string>]
|
--cyberark.baseUrl=<string> --cyberark.account=<string>
--cyberark.username=<string> --cyberark.apiKey=<string>
--cyberark.policyBranch=<string>
--cyberark.configurationName=<string>
[--cyberark.trustCertificate=<true|false>]
[--cyberark.globalConfiguration=<true|false>]
[--cyberark.description=<string>]
|
--vault.vaultUrl=<string> --vault.authType=<value>
--vault.vaultJwtProviderId=<string>
--vault.token=<string> --vault.username=<string>
--vault.password=<string>
--vault.configurationName=<string>
[--vault.vaultRoleClaim=<string>]
[--vault.globalConfiguration=<true|false>]
[--vault.description=<string>]]
<configurationId>
Tip
You can also use global options with this command.
Description¶
Update an existing secret manager configuration.
Use one of three provider-specific option groups - --aws.*, --cyberark.*, or --vault.* - to update connection
settings. All required options for the chosen provider must be specified.
Tip
Run secret-manager view <id> before updating to see the current configuration.
Required argument¶
Specify the secret manager configuration ID. The value must match an existing configuration.
Tip
Run secret-manager list to see available configurations and their IDs.
AWS Secrets Manager options¶
--aws.region¶
AWS region where the secrets are stored.
--aws.cloudId¶
AWS Cloud configuration ID used for authentication. Specifies which AWS Cloud profile to use to access the secrets.
--aws.configurationName¶
Display name for this configuration.
--aws.description¶
Optional description.
CyberArk options¶
--cyberark.baseUrl¶
URL of the Conjur OSS server (for example, https://conjur.example.com).
--cyberark.account¶
Conjur tenant or organization account name (for example, myorg).
--cyberark.username¶
Conjur user ID used for authentication.
--cyberark.apiKey¶
API key associated with the Conjur user for authn login.
--cyberark.policyBranch¶
Path to the policy namespace where secrets are stored (for example, dev/app).
--cyberark.configurationName¶
Display name for this configuration.
--cyberark.trustCertificate¶
Trust the CyberArk server's SSL certificate without manual import. Enable this if you're using a self-signed certificate or connecting to a server whose certificate isn't trusted by default.
--cyberark.globalConfiguration¶
Apply this configuration globally across all clients.
--cyberark.description¶
Optional description.
Vault options¶
--vault.vaultUrl¶
URL of the Vault server used to retrieve secrets.
--vault.authType¶
Authentication type. Accepted values: OAUTH2, TOKEN, USERNAME_PASSWORD.
--vault.vaultJwtProviderId¶
Path where the JWT authentication method is enabled in Vault (for example, auth/jwt/). Used when
--vault.authType=OAUTH2.
--vault.token¶
Authentication token required to access the Vault server. Used when --vault.authType=TOKEN.
--vault.username¶
Username for Vault authentication. Used when --vault.authType=USERNAME_PASSWORD.
--vault.password¶
Password for Vault authentication. Used when --vault.authType=USERNAME_PASSWORD.
--vault.configurationName¶
Display name for this configuration.
--vault.vaultRoleClaim¶
The claim in the JWT token that contains the Vault role name. If not set, the default role from the Vault provider is used.
--vault.globalConfiguration¶
Apply this configuration globally across all clients.
--vault.description¶
Optional description.
Example¶
Update the region and description of an AWS configuration:
dbvr secret-manager update aws-prod \
--aws.region=eu-west-1 \
--aws.cloudId=my-cloud-profile \
--aws.configurationName="AWS Production" \
--aws.description="Production secrets - EU region"
Info
For a complete walkthrough - including creating a Vault secret and using it with a datasource - see Secret provider setup example.