mfsecretshashicorp Vault を構成するには、secrets.cfg ファイルを編集して、プロバイダー名、TLS 接続の詳細、認証資格情報、およびシークレット エンジンの詳細の値を含めます。
次に、mfsecretshashicorp Vault プロバイダーの構成ファイルの例を示します。構成ファイルの構造の詳細については、「Vault プロバイダー」を参照してください。
[global] default provider=hashicorpvault [hashicorpvault] provider name=mfsecretshashicorp ### Connection Details ### # The location of the Hashicorp server to connect to host=127.0.0.0 port=8200 # The certificate authority to validate the server's certificates against # This is required as MfSecretsApi only supports TLS connection ca_path=C:/certs/ca_collection.pem ### Optional TLS Client Verification ### client_cert=C:/certs/client_cert.pem client_key=C:/certs/client_key.pem client_password=key_password # The format that the certificate and key are given in # Supported formats are PEM and DER. Defaults to PEM if nothing is given client_cert_type=PEM client_key_type=PEM ### Optional Connection Settings ### # The timeout in seconds for a single attempt at *connecting* to a Hashicorp server via HTTPS # Default: 20 seconds # Negative values will become the maximum possible timeout time # Zero values will become the default value # If this is not set, the default value is used connection_timeout_seconds=20 # The maximum number of *retries* to attempt # Will stop retrying when this or max_total_connection_time_seconds is exceeded # Default: 1 # Negative values will retry infinitely # If this is not set, the default value is used max_retry_count=1 # The maximum length of time in seconds to attempt to resolve a HTTPS transaction (retries and all) # Will stop retrying when this or max_retry_count is exceeded # Default: 60 seconds # Negative values indicate no limit # If this is not set, the default value is used max_total_connection_time_seconds=60 # Turn on verbose transport layer debugging (optional) # WARNING: This will print out HTTP headers and bodies which could contain sensitive data such as passwords # Note: this should not be turned on unless asked to do so by the Micro Focus support team transport_debugging=true ### Hashicorp server settings ### # These options must correspond with the options set up on the Hashicorp server being connected to # Supported secrets engines: 'kv1', and 'kv2' secrets_engine_type=kv2 # The location the secrets engine of the desired type has been enabled on the Hashicorp server secrets_engine_path=kv2 # The desired method of authentication. Supported: 'approle', 'tls', and 'userpass' auth_type=approle # The location the authenticator of the desired type has been enabled on the Hashicorp server auth_path=approle ### Authentication Credentials ### # These will change based on auth_type, see each auth_type's docs for what is required role_id=db02de05-fa39-4855-059b-67221c5c2f63 secret_id=6a174c20-f6de-a53c-74d2-6018fcceff64