Package com.ibm.cloud.secrets_manager_sdk.secrets_manager.v2.model

Class Configuration

    • Method Detail

      • getConfigType

        public String getConfigType()
        Gets the configType. The configuration type. Can be one of: iam_credentials_configuration, public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template, custom_credentials_configuration.
        Returns:
        the configType

      • getName

        public String getName()
        Gets the name. The unique name of your configuration.
        Returns:
        the name

      • getSecretType

        public String getSecretType()
        Gets the secretType. The secret type. Supported types are arbitrary, imported_cert, public_cert, private_cert, iam_credentials, service_credentials, kv, and username_password.
        Returns:
        the secretType

      • getCreatedBy

        public String getCreatedBy()
        Gets the createdBy. The unique identifier that is associated with the entity that created the secret.
        Returns:
        the createdBy

      • getCreatedAt

        public Date getCreatedAt()
        Gets the createdAt. The date when the resource was created. The date format follows `RFC 3339`.
        Returns:
        the createdAt

      • getUpdatedAt

        public Date getUpdatedAt()
        Gets the updatedAt. The date when a resource was modified. The date format follows `RFC 3339`.
        Returns:
        the updatedAt

      • getLetsEncryptEnvironment

        public String getLetsEncryptEnvironment()
        Gets the letsEncryptEnvironment. The configuration of the Let's Encrypt CA environment.
        Returns:
        the letsEncryptEnvironment

      • getLetsEncryptPreferredChain

        public String getLetsEncryptPreferredChain()
        Gets the letsEncryptPreferredChain. This field supports only the chains that Let's Encrypt provides. Keep empty to use the default or supply a valid Let's Encrypt-provided value. For a list of supported chains, see: https://letsencrypt.org/certificates/.
        Returns:
        the letsEncryptPreferredChain

      • getLetsEncryptPrivateKey

        public String getLetsEncryptPrivateKey()
        Gets the letsEncryptPrivateKey. The PEM-encoded private key of your Let's Encrypt account. The data must be formatted on a single line with embedded newline characters.
        Returns:
        the letsEncryptPrivateKey

      • getCloudInternetServicesApikey

        public String getCloudInternetServicesApikey()
        Gets the cloudInternetServicesApikey. An IBM Cloud API key that can list domains in your Cloud Internet Services instance and add DNS records. To grant Secrets Manager the ability to view the Cloud Internet Services instance and all of its domains, the API key must be assigned the Reader service role on Internet Services (`internet-svcs`). In order to add DNS records you need to assign the Manager role. If you want to manage specific domains, you can assign the Manager role for this specific domain. For production environments, it is recommended that you assign the Reader access role, and then use the [IAM Policy Management API](https://cloud.ibm.com/apidocs/iam-policy-management#create-policy) to control specific domains. If an IBM Cloud API key value is empty Secrets Manager tries to access your Cloud Internet Services instance with service-to-service authorization. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-cis).
        Returns:
        the cloudInternetServicesApikey

      • getCloudInternetServicesCrn

        public String getCloudInternetServicesCrn()
        Gets the cloudInternetServicesCrn. A CRN that uniquely identifies an IBM Cloud resource.
        Returns:
        the cloudInternetServicesCrn

      • getClassicInfrastructureUsername

        public String getClassicInfrastructureUsername()
        Gets the classicInfrastructureUsername. The username that is associated with your classic infrastructure account. In most cases, your classic infrastructure username is your `<account_id>_<email_address>`. For more information, see the [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).
        Returns:
        the classicInfrastructureUsername

      • getClassicInfrastructurePassword

        public String getClassicInfrastructurePassword()
        Gets the classicInfrastructurePassword. Your classic infrastructure API key. For information about viewing and accessing your classic infrastructure API key, see the [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).
        Returns:
        the classicInfrastructurePassword

      • isDisabled

        public Boolean isDisabled()
        Gets the disabled. This parameter indicates whether the API key configuration is disabled.
        Returns:
        the disabled

      • getApiKey

        public String getApiKey()
        Gets the apiKey. An IBM Cloud API key that can create and manage service IDs. The API key must be assigned the Editor platform role on the Access Groups Service and the Operator platform role on the IAM Identity Service. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-configure-iam-engine).
        Returns:
        the apiKey

      • getCommonName

        public String getCommonName()
        Gets the commonName. The Common Name (CN) represents the server name that is protected by the SSL certificate.
        Returns:
        the commonName

      • isCrlDistributionPointsEncoded

        public Boolean isCrlDistributionPointsEncoded()
        Gets the crlDistributionPointsEncoded. This field determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
        Returns:
        the crlDistributionPointsEncoded

      • getExpirationDate

        public Date getExpirationDate()
        Gets the expirationDate. The date when the secret material expires. The date format follows the `RFC 3339` format. Supported secret types: arbitrary, imported_cert, public_cert, private_cert, iam_credentials, service_credentials, username_password, and custom_credentials.
        Returns:
        the expirationDate

      • getKeyType

        public String getKeyType()
        Gets the keyType. The type of private key to generate.
        Returns:
        the keyType

      • getKeyBits

        public Long getKeyBits()
        Gets the keyBits. The number of bits to use to generate the private key. Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
        Returns:
        the keyBits

      • getStatus

        public String getStatus()
        Gets the status. The status of the certificate authority. The status of a root certificate authority is either `configured` or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`, `signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`.
        Returns:
        the status

      • getCryptoKey

        public PrivateCertificateCryptoKey getCryptoKey()
        Gets the cryptoKey. The data that is associated with a cryptographic key.
        Returns:
        the cryptoKey

      • getMaxTtlSeconds

        public Long getMaxTtlSeconds()
        Gets the maxTtlSeconds. The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
        Returns:
        the maxTtlSeconds

      • getCrlExpirySeconds

        public Long getCrlExpirySeconds()
        Gets the crlExpirySeconds. The time until the certificate revocation list (CRL) expires, in seconds.
        Returns:
        the crlExpirySeconds

      • isCrlDisable

        public Boolean isCrlDisable()
        Gets the crlDisable. This field disables or enables certificate revocation list (CRL) building. If CRL building is disabled, a signed but zero-length CRL is returned when you're downloading the CRL. If CRL building is enabled, it rebuilds the CRL.
        Returns:
        the crlDisable

      • isIssuingCertificatesUrlsEncoded

        public Boolean isIssuingCertificatesUrlsEncoded()
        Gets the issuingCertificatesUrlsEncoded. This field determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
        Returns:
        the issuingCertificatesUrlsEncoded

      • getAltNames

        public List<String> getAltNames()
        Gets the altNames. With the Subject Alternative Name field, you can specify additional hostnames to be protected by a single SSL certificate.
        Returns:
        the altNames

      • getIpSans

        public String getIpSans()
        Gets the ipSans. The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
        Returns:
        the ipSans

      • getUriSans

        public String getUriSans()
        Gets the uriSans. The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
        Returns:
        the uriSans

      • getOtherSans

        public List<String> getOtherSans()
        Gets the otherSans. The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate. The alternative names must match the values that are specified in the `allowed_other_sans` field in the associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current valid type is `UTF8`.
        Returns:
        the otherSans

      • getTtlSeconds

        public Long getTtlSeconds()
        Gets the ttlSeconds. he requested TTL, after which the certificate expires.
        Returns:
        the ttlSeconds

      • getFormat

        public String getFormat()
        Gets the format. The format of the returned data.
        Returns:
        the format

      • getPrivateKeyFormat

        public String getPrivateKeyFormat()
        Gets the privateKeyFormat. The format of the generated private key.
        Returns:
        the privateKeyFormat

      • getMaxPathLength

        public Long getMaxPathLength()
        Gets the maxPathLength. The maximum path length to encode in the generated certificate. `-1` means no limit. If the signing certificate has a maximum path length set, the path length is set to one less than that of the signing certificate. A limit of `0` means a literal path length of zero.
        Returns:
        the maxPathLength

      • isExcludeCnFromSans

        public Boolean isExcludeCnFromSans()
        Gets the excludeCnFromSans. This parameter controls whether the common name is excluded from Subject Alternative Names (SANs). If the common name is set to `true`, it is not included in DNS, or email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
        Returns:
        the excludeCnFromSans

      • getPermittedDnsDomains

        public List<String> getPermittedDnsDomains()
        Gets the permittedDnsDomains. The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
        Returns:
        the permittedDnsDomains

      • getOu

        public List<String> getOu()
        Gets the ou. The Organizational Unit (OU) values to define in the subject field of the resulting certificate.
        Returns:
        the ou

      • getOrganization

        public List<String> getOrganization()
        Gets the organization. The Organization (O) values to define in the subject field of the resulting certificate.
        Returns:
        the organization

      • getCountry

        public List<String> getCountry()
        Gets the country. The Country (C) values to define in the subject field of the resulting certificate.
        Returns:
        the country

      • getLocality

        public List<String> getLocality()
        Gets the locality. The Locality (L) values to define in the subject field of the resulting certificate.
        Returns:
        the locality

      • getProvince

        public List<String> getProvince()
        Gets the province. The Province (ST) values to define in the subject field of the resulting certificate.
        Returns:
        the province

      • getStreetAddress

        public List<String> getStreetAddress()
        Gets the streetAddress. The street address values to define in the subject field of the resulting certificate.
        Returns:
        the streetAddress

      • getPostalCode

        public List<String> getPostalCode()
        Gets the postalCode. The postal code values to define in the subject field of the resulting certificate.
        Returns:
        the postalCode

      • getSerialNumber

        public String getSerialNumber()
        Gets the serialNumber. The unique serial number that was assigned to a certificate by the issuing certificate authority.
        Returns:
        the serialNumber

      • getData

        public PrivateCertificateCAData getData()
        Gets the data. The configuration data of your Private Certificate.
        Returns:
        the data

      • getIssuer

        public String getIssuer()
        Gets the issuer. The distinguished name that identifies the entity that signed and issued the certificate.
        Returns:
        the issuer

      • getSigningMethod

        public String getSigningMethod()
        Gets the signingMethod. The signing method to use with this certificate authority to generate private certificates. You can choose between internal or externally signed options. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities).
        Returns:
        the signingMethod

      • getCertificateAuthority

        public String getCertificateAuthority()
        Gets the certificateAuthority. The name of the intermediate certificate authority.
        Returns:
        the certificateAuthority

      • getAllowedSecretGroups

        public String getAllowedSecretGroups()
        Gets the allowedSecretGroups. This field scopes the creation of private certificates to only the secret groups that you specify. This field can be supplied as a comma-delimited list of secret group IDs.
        Returns:
        the allowedSecretGroups

      • isAllowLocalhost

        public Boolean isAllowLocalhost()
        Gets the allowLocalhost. This field indicates whether to allow `localhost` to be included as one of the requested common names.
        Returns:
        the allowLocalhost

      • getAllowedDomains

        public List<String> getAllowedDomains()
        Gets the allowedDomains. The domains to define for the certificate template. This property is used along with the `allow_bare_domains` and `allow_subdomains` options.
        Returns:
        the allowedDomains

      • isAllowedDomainsTemplate

        public Boolean isAllowedDomainsTemplate()
        Gets the allowedDomainsTemplate. This field indicates whether to allow the domains that are supplied in the `allowed_domains` field to contain access control list (ACL) templates.
        Returns:
        the allowedDomainsTemplate

      • isAllowBareDomains

        public Boolean isAllowBareDomains()
        Gets the allowBareDomains. This field indicates whether to allow clients to request private certificates that match the value of the actual domains on the final certificate. For example, if you specify `example.com` in the `allowed_domains` field, you grant clients the ability to request a certificate that contains the name `example.com` as one of the DNS values on the final certificate. **Important:** In some scenarios, allowing bare domains can be considered a security risk.
        Returns:
        the allowBareDomains

      • isAllowSubdomains

        public Boolean isAllowSubdomains()
        Gets the allowSubdomains. This field indicates whether to allow clients to request private certificates with common names (CN) that are subdomains of the CNs that are allowed by the other certificate template options. This includes wildcard subdomains. For example, if `allowed_domains` has a value of `example.com` and `allow_subdomains`is set to `true`, then the following subdomains are allowed: `foo.example.com`, `bar.example.com`, `*.example.com`. **Note:** This field is redundant if you use the `allow_any_name` option.
        Returns:
        the allowSubdomains

      • isAllowGlobDomains

        public Boolean isAllowGlobDomains()
        Gets the allowGlobDomains. This field indicates whether to allow glob patterns, for example, `ftp*.example.com`, in the names that are specified in the `allowed_domains` field. If set to `true`, clients are allowed to request private certificates with names that match the glob patterns.
        Returns:
        the allowGlobDomains

      • isAllowAnyName

        public Boolean isAllowAnyName()
        Gets the allowAnyName. This field indicates whether to allow clients to request a private certificate that matches any common name.
        Returns:
        the allowAnyName

      • isEnforceHostnames

        public Boolean isEnforceHostnames()
        Gets the enforceHostnames. This field indicates whether to enforce only valid hostnames for common names, DNS Subject Alternative Names, and the host section of email addresses.
        Returns:
        the enforceHostnames

      • isAllowIpSans

        public Boolean isAllowIpSans()
        Gets the allowIpSans. This field indicates whether to allow clients to request a private certificate with IP Subject Alternative Names.
        Returns:
        the allowIpSans

      • getAllowedUriSans

        public List<String> getAllowedUriSans()
        Gets the allowedUriSans. The URI Subject Alternative Names to allow for private certificates. Values can contain glob patterns, for example `spiffe://hostname/_*`.
        Returns:
        the allowedUriSans

      • getAllowedOtherSans

        public List<String> getAllowedOtherSans()
        Gets the allowedOtherSans. The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to allow for private certificates. The format for each element in the list is the same as OpenSSL: `<oid>:<type>:<value>` where the current valid type is `UTF8`. To allow any value for an OID, use `*` as its value. Alternatively, specify a single `*` to allow any `other_sans` input.
        Returns:
        the allowedOtherSans

      • isServerFlag

        public Boolean isServerFlag()
        Gets the serverFlag. This field indicates whether private certificates are flagged for server use.
        Returns:
        the serverFlag

      • isClientFlag

        public Boolean isClientFlag()
        Gets the clientFlag. This field indicates whether private certificates are flagged for client use.
        Returns:
        the clientFlag

      • isCodeSigningFlag

        public Boolean isCodeSigningFlag()
        Gets the codeSigningFlag. This field indicates whether private certificates are flagged for code signing use.
        Returns:
        the codeSigningFlag

      • isEmailProtectionFlag

        public Boolean isEmailProtectionFlag()
        Gets the emailProtectionFlag. This field indicates whether private certificates are flagged for email protection use.
        Returns:
        the emailProtectionFlag

      • getKeyUsage

        public List<String> getKeyUsage()
        Gets the keyUsage. The allowed key usage constraint to define for private certificates. You can find valid values in the [Go x509 package documentation](https://pkg.go.dev/crypto/x509#KeyUsage). Omit the `KeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.
        Returns:
        the keyUsage

      • getExtKeyUsage

        public List<String> getExtKeyUsage()
        Gets the extKeyUsage. The allowed extended key usage constraint on private certificates. You can find valid values in the [Go x509 package documentation](https://golang.org/pkg/crypto/x509/#ExtKeyUsage). Omit the `ExtKeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.
        Returns:
        the extKeyUsage

      • getExtKeyUsageOids

        public List<String> getExtKeyUsageOids()
        Gets the extKeyUsageOids. A list of extended key usage Object Identifiers (OIDs).
        Returns:
        the extKeyUsageOids

      • isUseCsrCommonName

        public Boolean isUseCsrCommonName()
        Gets the useCsrCommonName. When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the common name (CN) from a certificate signing request (CSR) instead of the CN that is included in the data of the certificate. Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names, include the `use_csr_sans` property.
        Returns:
        the useCsrCommonName

      • isUseCsrSans

        public Boolean isUseCsrSans()
        Gets the useCsrSans. When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the Subject Alternative Names (SANs) from a certificate signing request (CSR) instead of the SANs that are included in the data of the certificate. This field does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property.
        Returns:
        the useCsrSans

      • isRequireCn

        public Boolean isRequireCn()
        Gets the requireCn. This field indicates whether to require a common name to create a private certificate. By default, a common name is required to generate a certificate. To make the `common_name` field optional, set the `require_cn` option to `false`.
        Returns:
        the requireCn

      • getPolicyIdentifiers

        public List<String> getPolicyIdentifiers()
        Gets the policyIdentifiers. A list of policy Object Identifiers (OIDs).
        Returns:
        the policyIdentifiers

      • isBasicConstraintsValidForNonCa

        public Boolean isBasicConstraintsValidForNonCa()
        Gets the basicConstraintsValidForNonCa. This field indicates whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.
        Returns:
        the basicConstraintsValidForNonCa

      • getNotBeforeDurationSeconds

        public Long getNotBeforeDurationSeconds()
        Gets the notBeforeDurationSeconds. The duration in seconds by which to backdate the `not_before` property of an issued private certificate.
        Returns:
        the notBeforeDurationSeconds

      • getCodeEngineKeyRef

        public String getCodeEngineKeyRef()
        Gets the codeEngineKeyRef. The IAM API key used by the credentials provider to access this Secrets Manager instance.
        Returns:
        the codeEngineKeyRef

      • getApiKeyRef

        public String getApiKeyRef()
        Gets the apiKeyRef. The IAM credentials secret ID that is used for setting up a custom credentials engine configuration.
        Returns:
        the apiKeyRef

      • getSchema

        public CustomCredentialsConfigurationSchema getSchema()
        Gets the schema. The schema that defines by the Code Engine job to be used as input and output formats for this custom credentials configuration.
        Returns:
        the schema

      • getTaskTimeout

        public String getTaskTimeout()
        Gets the taskTimeout. Specifies the maximum allowed time for a Code Engine task to be completed. After this time elapses, the task state will changed to failed. The minimum value is 5 minutes and the maximum value is 24 hours. Default task time out is 10 minutes. The value can be either an integer that specifies the number of seconds, or the string representation of a duration, such as `10m` or `2h`.
        Returns:
        the taskTimeout