Package com.ibm.cloud.secrets_manager_sdk.secrets_manager.v2.model

Class ConfigurationPrototype

    • Method Detail

      • configType

        public String configType()
        Gets the configType. The configuration type. Can be one of: iam_credentials_configuration, public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template, custom_credentials_configuration.
        Returns:
        the configType

      • name

        public String name()
        Gets the name. A human-readable unique name to assign to your configuration. To protect your privacy, do not use personal data, such as your name or location, as an name for your secret.
        Returns:
        the name

      • cloudInternetServicesApikey

        public String cloudInternetServicesApikey()
        Gets the cloudInternetServicesApikey. An IBM Cloud API key that can list domains in your Cloud Internet Services instance and add DNS records. To grant Secrets Manager the ability to view the Cloud Internet Services instance and all of its domains, the API key must be assigned the Reader service role on Internet Services (`internet-svcs`). In order to add DNS records you need to assign the Manager role. If you want to manage specific domains, you can assign the Manager role for this specific domain. For production environments, it is recommended that you assign the Reader access role, and then use the [IAM Policy Management API](https://cloud.ibm.com/apidocs/iam-policy-management#create-policy) to control specific domains. If an IBM Cloud API key value is empty Secrets Manager tries to access your Cloud Internet Services instance with service-to-service authorization. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-cis).
        Returns:
        the cloudInternetServicesApikey

      • cloudInternetServicesCrn

        public String cloudInternetServicesCrn()
        Gets the cloudInternetServicesCrn. A CRN that uniquely identifies an IBM Cloud resource.
        Returns:
        the cloudInternetServicesCrn

      • classicInfrastructureUsername

        public String classicInfrastructureUsername()
        Gets the classicInfrastructureUsername. The username that is associated with your classic infrastructure account. In most cases, your classic infrastructure username is your `<account_id>_<email_address>`. For more information, see the [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).
        Returns:
        the classicInfrastructureUsername

      • classicInfrastructurePassword

        public String classicInfrastructurePassword()
        Gets the classicInfrastructurePassword. Your classic infrastructure API key. For information about viewing and accessing your classic infrastructure API key, see the [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).
        Returns:
        the classicInfrastructurePassword

      • letsEncryptEnvironment

        public String letsEncryptEnvironment()
        Gets the letsEncryptEnvironment. The configuration of the Let's Encrypt CA environment.
        Returns:
        the letsEncryptEnvironment

      • letsEncryptPrivateKey

        public String letsEncryptPrivateKey()
        Gets the letsEncryptPrivateKey. The PEM-encoded private key of your Let's Encrypt account. The data must be formatted on a single line with embedded newline characters.
        Returns:
        the letsEncryptPrivateKey

      • letsEncryptPreferredChain

        public String letsEncryptPreferredChain()
        Gets the letsEncryptPreferredChain. This field supports only the chains that Let's Encrypt provides. Keep empty to use the default or supply a valid Let's Encrypt-provided value. For a list of supported chains, see: https://letsencrypt.org/certificates/.
        Returns:
        the letsEncryptPreferredChain

      • cryptoKey

        public PrivateCertificateCryptoKey cryptoKey()
        Gets the cryptoKey. The data that is associated with a cryptographic key.
        Returns:
        the cryptoKey

      • maxTtl

        public String maxTtl()
        Gets the maxTtl. The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API response, this value is returned in seconds (integer). Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
        Returns:
        the maxTtl

      • crlExpiry

        public String crlExpiry()
        Gets the crlExpiry. The time until the certificate revocation list (CRL) expires. The value can be supplied as a string representation of a duration in hours, such as `48h`. The default is 72 hours. In the API response, this value is returned in seconds (integer). **Note:** The CRL is rotated automatically before it expires.
        Returns:
        the crlExpiry

      • crlDisable

        public Boolean crlDisable()
        Gets the crlDisable. This field disables or enables certificate revocation list (CRL) building. If CRL building is disabled, a signed but zero-length CRL is returned when you're downloading the CRL. If CRL building is enabled, it rebuilds the CRL.
        Returns:
        the crlDisable

      • crlDistributionPointsEncoded

        public Boolean crlDistributionPointsEncoded()
        Gets the crlDistributionPointsEncoded. This field determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
        Returns:
        the crlDistributionPointsEncoded

      • issuingCertificatesUrlsEncoded

        public Boolean issuingCertificatesUrlsEncoded()
        Gets the issuingCertificatesUrlsEncoded. This field determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
        Returns:
        the issuingCertificatesUrlsEncoded

      • commonName

        public String commonName()
        Gets the commonName. The Common Name (CN) represents the server name that is protected by the SSL certificate.
        Returns:
        the commonName

      • altNames

        public List<String> altNames()
        Gets the altNames. With the Subject Alternative Name field, you can specify additional hostnames to be protected by a single SSL certificate.
        Returns:
        the altNames

      • ipSans

        public String ipSans()
        Gets the ipSans. The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
        Returns:
        the ipSans

      • uriSans

        public String uriSans()
        Gets the uriSans. The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
        Returns:
        the uriSans

      • otherSans

        public List<String> otherSans()
        Gets the otherSans. The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate. The alternative names must match the values that are specified in the `allowed_other_sans` field in the associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current valid type is `UTF8`.
        Returns:
        the otherSans

      • ttl

        public String ttl()
        Gets the ttl. The requested time-to-live (TTL) for certificates that are created by this CA. This field's value can't be longer than the `max_ttl` limit. The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API response, this value is returned in seconds (integer).
        Returns:
        the ttl

      • format

        public String format()
        Gets the format. The format of the returned data.
        Returns:
        the format

      • privateKeyFormat

        public String privateKeyFormat()
        Gets the privateKeyFormat. The format of the generated private key.
        Returns:
        the privateKeyFormat

      • keyType

        public String keyType()
        Gets the keyType. The type of private key to generate.
        Returns:
        the keyType

      • keyBits

        public Long keyBits()
        Gets the keyBits. The number of bits to use to generate the private key. Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
        Returns:
        the keyBits

      • maxPathLength

        public Long maxPathLength()
        Gets the maxPathLength. The maximum path length to encode in the generated certificate. `-1` means no limit. If the signing certificate has a maximum path length set, the path length is set to one less than that of the signing certificate. A limit of `0` means a literal path length of zero.
        Returns:
        the maxPathLength

      • excludeCnFromSans

        public Boolean excludeCnFromSans()
        Gets the excludeCnFromSans. This parameter controls whether the common name is excluded from Subject Alternative Names (SANs). If the common name is set to `true`, it is not included in DNS, or email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
        Returns:
        the excludeCnFromSans

      • permittedDnsDomains

        public List<String> permittedDnsDomains()
        Gets the permittedDnsDomains. The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
        Returns:
        the permittedDnsDomains

      • ou

        public List<String> ou()
        Gets the ou. The Organizational Unit (OU) values to define in the subject field of the resulting certificate.
        Returns:
        the ou

      • organization

        public List<String> organization()
        Gets the organization. The Organization (O) values to define in the subject field of the resulting certificate.
        Returns:
        the organization

      • country

        public List<String> country()
        Gets the country. The Country (C) values to define in the subject field of the resulting certificate.
        Returns:
        the country

      • locality

        public List<String> locality()
        Gets the locality. The Locality (L) values to define in the subject field of the resulting certificate.
        Returns:
        the locality

      • province

        public List<String> province()
        Gets the province. The Province (ST) values to define in the subject field of the resulting certificate.
        Returns:
        the province

      • streetAddress

        public List<String> streetAddress()
        Gets the streetAddress. The street address values to define in the subject field of the resulting certificate.
        Returns:
        the streetAddress

      • postalCode

        public List<String> postalCode()
        Gets the postalCode. The postal code values to define in the subject field of the resulting certificate.
        Returns:
        the postalCode

      • serialNumber

        public String serialNumber()
        Gets the serialNumber. The requested value for the [`serialNumber`](https://datatracker.ietf.org/doc/html/rfc4519#section-2.31) attribute that is in the certificate's distinguished name (DN). **Note:** This field is not related to the `serial_number` field that is returned in the API response. The `serial_number` field represents the certificate's randomly assigned serial number.
        Returns:
        the serialNumber

      • signingMethod

        public String signingMethod()
        Gets the signingMethod. The signing method to use with this certificate authority to generate private certificates. You can choose between internal or externally signed options. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities).
        Returns:
        the signingMethod

      • issuer

        public String issuer()
        Gets the issuer. The distinguished name that identifies the entity that signed and issued the certificate.
        Returns:
        the issuer

      • certificateAuthority

        public String certificateAuthority()
        Gets the certificateAuthority. The name of the intermediate certificate authority.
        Returns:
        the certificateAuthority

      • allowedSecretGroups

        public String allowedSecretGroups()
        Gets the allowedSecretGroups. This field scopes the creation of private certificates to only the secret groups that you specify. This field can be supplied as a comma-delimited list of secret group IDs.
        Returns:
        the allowedSecretGroups

      • allowLocalhost

        public Boolean allowLocalhost()
        Gets the allowLocalhost. This field indicates whether to allow `localhost` to be included as one of the requested common names.
        Returns:
        the allowLocalhost

      • allowedDomains

        public List<String> allowedDomains()
        Gets the allowedDomains. The domains to define for the certificate template. This property is used along with the `allow_bare_domains` and `allow_subdomains` options.
        Returns:
        the allowedDomains

      • allowedDomainsTemplate

        public Boolean allowedDomainsTemplate()
        Gets the allowedDomainsTemplate. This field indicates whether to allow the domains that are supplied in the `allowed_domains` field to contain access control list (ACL) templates.
        Returns:
        the allowedDomainsTemplate

      • allowBareDomains

        public Boolean allowBareDomains()
        Gets the allowBareDomains. This field indicates whether to allow clients to request private certificates that match the value of the actual domains on the final certificate. For example, if you specify `example.com` in the `allowed_domains` field, you grant clients the ability to request a certificate that contains the name `example.com` as one of the DNS values on the final certificate. **Important:** In some scenarios, allowing bare domains can be considered a security risk.
        Returns:
        the allowBareDomains

      • allowSubdomains

        public Boolean allowSubdomains()
        Gets the allowSubdomains. This field indicates whether to allow clients to request private certificates with common names (CN) that are subdomains of the CNs that are allowed by the other certificate template options. This includes wildcard subdomains. For example, if `allowed_domains` has a value of `example.com` and `allow_subdomains`is set to `true`, then the following subdomains are allowed: `foo.example.com`, `bar.example.com`, `*.example.com`. **Note:** This field is redundant if you use the `allow_any_name` option.
        Returns:
        the allowSubdomains

      • allowGlobDomains

        public Boolean allowGlobDomains()
        Gets the allowGlobDomains. This field indicates whether to allow glob patterns, for example, `ftp*.example.com`, in the names that are specified in the `allowed_domains` field. If set to `true`, clients are allowed to request private certificates with names that match the glob patterns.
        Returns:
        the allowGlobDomains

      • allowWildcardCertificates

        public Boolean allowWildcardCertificates()
        Gets the allowWildcardCertificates. This field indicates whether the issuance of certificates with RFC 6125 wildcards in the CN field. When set to false, this field prevents wildcards from being issued even if they can be allowed by an option `allow_glob_domains`.
        Returns:
        the allowWildcardCertificates

      • allowAnyName

        public Boolean allowAnyName()
        Gets the allowAnyName. This field indicates whether to allow clients to request a private certificate that matches any common name.
        Returns:
        the allowAnyName

      • enforceHostnames

        public Boolean enforceHostnames()
        Gets the enforceHostnames. This field indicates whether to enforce only valid hostnames for common names, DNS Subject Alternative Names, and the host section of email addresses.
        Returns:
        the enforceHostnames

      • allowIpSans

        public Boolean allowIpSans()
        Gets the allowIpSans. This field indicates whether to allow clients to request a private certificate with IP Subject Alternative Names.
        Returns:
        the allowIpSans

      • allowedUriSans

        public List<String> allowedUriSans()
        Gets the allowedUriSans. The URI Subject Alternative Names to allow for private certificates. Values can contain glob patterns, for example `spiffe://hostname/_*`.
        Returns:
        the allowedUriSans

      • allowedOtherSans

        public List<String> allowedOtherSans()
        Gets the allowedOtherSans. The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to allow for private certificates. The format for each element in the list is the same as OpenSSL: `<oid>:<type>:<value>` where the current valid type is `UTF8`. To allow any value for an OID, use `*` as its value. Alternatively, specify a single `*` to allow any `other_sans` input.
        Returns:
        the allowedOtherSans

      • serverFlag

        public Boolean serverFlag()
        Gets the serverFlag. This field indicates whether private certificates are flagged for server use.
        Returns:
        the serverFlag

      • clientFlag

        public Boolean clientFlag()
        Gets the clientFlag. This field indicates whether private certificates are flagged for client use.
        Returns:
        the clientFlag

      • codeSigningFlag

        public Boolean codeSigningFlag()
        Gets the codeSigningFlag. This field indicates whether private certificates are flagged for code signing use.
        Returns:
        the codeSigningFlag

      • emailProtectionFlag

        public Boolean emailProtectionFlag()
        Gets the emailProtectionFlag. This field indicates whether private certificates are flagged for email protection use.
        Returns:
        the emailProtectionFlag

      • keyUsage

        public List<String> keyUsage()
        Gets the keyUsage. The allowed key usage constraint to define for private certificates. You can find valid values in the [Go x509 package documentation](https://pkg.go.dev/crypto/x509#KeyUsage). Omit the `KeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.
        Returns:
        the keyUsage

      • extKeyUsage

        public List<String> extKeyUsage()
        Gets the extKeyUsage. The allowed extended key usage constraint on private certificates. You can find valid values in the [Go x509 package documentation](https://golang.org/pkg/crypto/x509/#ExtKeyUsage). Omit the `ExtKeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.
        Returns:
        the extKeyUsage

      • extKeyUsageOids

        public List<String> extKeyUsageOids()
        Gets the extKeyUsageOids. A list of extended key usage Object Identifiers (OIDs).
        Returns:
        the extKeyUsageOids

      • useCsrCommonName

        public Boolean useCsrCommonName()
        Gets the useCsrCommonName. When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the common name (CN) from a certificate signing request (CSR) instead of the CN that is included in the data of the certificate. Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names, include the `use_csr_sans` property.
        Returns:
        the useCsrCommonName

      • useCsrSans

        public Boolean useCsrSans()
        Gets the useCsrSans. When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the Subject Alternative Names (SANs) from a certificate signing request (CSR) instead of the SANs that are included in the data of the certificate. This field does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property.
        Returns:
        the useCsrSans

      • requireCn

        public Boolean requireCn()
        Gets the requireCn. This field indicates whether to require a common name to create a private certificate. By default, a common name is required to generate a certificate. To make the `common_name` field optional, set the `require_cn` option to `false`.
        Returns:
        the requireCn

      • policyIdentifiers

        public List<String> policyIdentifiers()
        Gets the policyIdentifiers. A list of policy Object Identifiers (OIDs).
        Returns:
        the policyIdentifiers

      • basicConstraintsValidForNonCa

        public Boolean basicConstraintsValidForNonCa()
        Gets the basicConstraintsValidForNonCa. This field indicates whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.
        Returns:
        the basicConstraintsValidForNonCa

      • notBeforeDuration

        public String notBeforeDuration()
        Gets the notBeforeDuration. The duration in seconds by which to backdate the `not_before` property of an issued private certificate. The value can be supplied as a string representation of a duration, such as `30s`. In the API response, this value is returned in seconds (integer).
        Returns:
        the notBeforeDuration

      • apiKey

        public String apiKey()
        Gets the apiKey. The API key that is used to set the iam_credentials engine.
        Returns:
        the apiKey

      • disabled

        public Boolean disabled()
        Gets the disabled. This parameter indicates whether the API key configuration is disabled. If it is set to `true`, the IAM credentials engine doesn't use the configured API key for credentials management.
        Returns:
        the disabled

      • apiKeyRef

        public String apiKeyRef()
        Gets the apiKeyRef. The IAM credentials secret ID that is used for setting up a custom credentials engine configuration.
        Returns:
        the apiKeyRef

      • taskTimeout

        public String taskTimeout()
        Gets the taskTimeout. Specifies the maximum allowed time for a Code Engine task to be completed. After this time elapses, the task state will changed to failed. The minimum value is 5 minutes and the maximum value is 24 hours. Default task time out is 10 minutes. The value can be either an integer that specifies the number of seconds, or the string representation of a duration, such as `10m` or `2h`.
        Returns:
        the taskTimeout