@dynatrace-sdk/client-credential-vault
v1.0.0
Published
[](https://www.npmjs.com/package/@dynatrace-sdk/client-credential-vault/v/1.0.0) [](https://opensource.org/licenses/Apache-2.0)
Keywords
Readme
@dynatrace-sdk/client-credential-vault
Manage credential entries of username/password, certificate, and token types, with support for external vault integrations.
To authorize, use a valid OAuth token.
Notes about compatibility:
- Operations marked as early adopter or preview may be changed in non-compatible ways, although we try to avoid this.
- We may add new enum constants without incrementing the API version; thus, clients need to handle unknown enum constants gracefully.
Installation
npm install @dynatrace-sdk/client-credential-vaultGetting help
- Visit SDK for Typescript guide in the Dynatrace Developer
- Ask a question in the Dynatrace Community
License
This SDK is distributed under the Apache License, Version 2.0, see LICENSE for more information.
API reference
Full API reference for the latest version of the SDK is also available at the Dynatrace Developer.
credentialVaultEntriesClient
import { credentialVaultEntriesClient } from '@dynatrace-sdk/client-credential-vault';createCredentialVaultEntry
Creates a new credential entry. | maturity=EARLY_ADOPTER
Required scope: credential-vault:entries:write
The body must not provide an ID. An ID is assigned automatically by the Dynatrace server.
Parameters
| Name | Type | | --- | --- | |config.body*required|Credentials|
Returns
| Return type | Status code | Description | |---|---|---| |CredentialsId|201|Success. The new credential entry has been created. The response contains the ID of the entry.|
Throws
| Error Type | Error Message | |---|---| |ErrorResponseEnvelopeError|Client side error. | Server side error.|
import { credentialVaultEntriesClient } from "@dynatrace-sdk/client-credential-vault";
const data =
await credentialVaultEntriesClient.createCredentialVaultEntry(
{
body: {
name: "...",
scopes: ["APP_ENGINE"],
type: "AWS_MONITORING_KEY_BASED",
},
},
);deleteCredentialVaultEntry
Deletes the specified credential entry. | maturity=EARLY_ADOPTER
Required scope: credential-vault:entries:admin
Provide the credential ID in the path.
Parameters
| Name | Type | Description | | --- | --- | --- | |config.entryId*required|string|The ID of the credential entry to be deleted.|
Returns
| Return type | Status code | Description | |---|---|---| |void|204|Success. The credential entry has been deleted. The response doesn't have a body.|
Throws
| Error Type | Error Message | |---|---| |ErrorResponseEnvelopeError|Client side error. | Server side error.|
import { credentialVaultEntriesClient } from "@dynatrace-sdk/client-credential-vault";
const data =
await credentialVaultEntriesClient.deleteCredentialVaultEntry(
{ entryId: "..." },
);getCredentialVaultEntry
Gets the metadata of the specified credential entry. | maturity=EARLY_ADOPTER
Required scope: credential-vault:entries:read
The credential entry itself (e.g. username/certificate and password) is not included in the response.
Parameters
| Name | Type | Description | | --- | --- | --- | |config.entryId*required|string|The ID of the required credential entry.|
Returns
| Return type | Status code | Description | |---|---|---| |CredentialsResponseElement|200|Success. The response contains the metadata of the credential entry.|
Throws
| Error Type | Error Message | |---|---| |ErrorResponseEnvelopeError|Client side error. | Server side error.|
import { credentialVaultEntriesClient } from "@dynatrace-sdk/client-credential-vault";
const data =
await credentialVaultEntriesClient.getCredentialVaultEntry(
{ entryId: "..." },
);listCredentialVaultEntries
Lists all credential entries in your environment. | maturity=EARLY_ADOPTER
Required scope: credential-vault:entries:read
The credential entry itself (username/certificate and password) is not included in the response.
Parameters
| Name | Type | Description | | --- | --- | --- | |config.name|string|Filters the result by name. Enclose the value in quotation marks to match the whole phrase. Case-insensitive.| |config.pageKey|string|The cursor for the next page of results. You can find it in the nextPageKey field of the previous response. The first page is always returned if you don't specify the page-key query parameter. When the page-key is set to obtain subsequent pages, you must omit all other query parameters. | |config.pageSize|number|The amount of credential vault entries in a single response payload. The maximal allowed page size is 500. If not set, 100 is used. | |config.scope|string|Filters the result by the specified scope.| |config.type|"AWS_MONITORING_KEY_BASED" | "AWS_MONITORING_ROLE_BASED" | "CERTIFICATE" | "SNMPV3" | "TOKEN" | "USERNAME_PASSWORD"|Filters the result by the specified credential type.| |config.user|string|Filters the result to credentials accessible to the specified user (those they own or those shared with everyone).|
Returns
| Return type | Status code | Description | |---|---|---| |CredentialsList|200|Success|
Throws
| Error Type | Error Message | |---|---| |ErrorResponseEnvelopeError|Client side error. | Server side error.|
import { credentialVaultEntriesClient } from "@dynatrace-sdk/client-credential-vault";
const data =
await credentialVaultEntriesClient.listCredentialVaultEntries();updateCredentialVaultEntry
Updates the specified credential entry. | maturity=EARLY_ADOPTER
Required scope: credential-vault:entries:admin
The body must not provide an ID. The ID should be provided in the path.
Parameters
| Name | Type | Description | | --- | --- | --- | |config.body*required|Credentials|| |config.entryId*required|string|The ID of the credential entry to be updated.|
Returns
| Return type | Status code | Description | |---|---|---| |void|204|Success. The credential entry has been updated. The response doesn't have a body.|
Throws
| Error Type | Error Message | |---|---| |ErrorResponseEnvelopeError|Client side error. | Server side error.|
import { credentialVaultEntriesClient } from "@dynatrace-sdk/client-credential-vault";
const data =
await credentialVaultEntriesClient.updateCredentialVaultEntry(
{
entryId: "...",
body: {
name: "...",
scopes: ["APP_ENGINE"],
type: "AWS_MONITORING_KEY_BASED",
},
},
);Types
AWSKeyBasedCredentialsDto
A credentials set of the AWS_MONITORING_KEY_BASED type.
| Name | Type | Description | | --- | --- | --- | |accessKeyID*required|string|Access Key ID of the credentials set.| |allowContextlessRequests|boolean|Allow ad-hoc functions to access the credential details (requires the APP_ENGINE scope).| |allowedEntities|Array<CredentialAccessData>|The set of entities allowed to use the credential.| |awsPartition*required|"CHINA" | "DEFAULT" | "US_GOV"|AWS partition of the credential.| |description|string|A short description of the credentials set.| |id|string|The ID of the credentials set.| |name*required|string|The name of the credentials set.| |ownerAccessOnly|boolean|The credentials set is available to every user (false) or to owner only (true).| |~~scope~~DEPRECATED|"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC"|The scope of the credentials set.| |scopes*required|Array<"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC">|The set of scopes of the credentials set. Limitations: CredentialsScope.APP_ENGINE is only available on the new Dynatrace SaaS platform - it's not available on managed or non-Grail SaaS environments. | |secretKey*required|string|Secret access key of the credential.| |type*required|"AWS_MONITORING_KEY_BASED" | "AWS_MONITORING_ROLE_BASED" | "CERTIFICATE" | "PUBLIC_CERTIFICATE" | "SNMPV3" | "TOKEN" | "USERNAME_PASSWORD"|Defines the actual set of fields depending on the value. See one of the following objects: CERTIFICATE -> CertificateCredentials PUBLIC_CERTIFICATE -> PublicCertificateCredentials USERNAME_PASSWORD -> UserPasswordCredentials TOKEN -> TokenCredentials SNMPV3 -> SNMPV3Credentials AWS_MONITORING_KEY_BASED -> AWSKeyBasedCredentialsDto AWS_MONITORING_ROLE_BASED -> AWSRoleBasedCredentials |
AWSRoleBasedCredentials
A credentials set of the AWS_MONITORING_ROLE_BASED type.
| Name | Type | Description | | --- | --- | --- | |accountID*required|string|Amazon account ID of the credential.| |allowContextlessRequests|boolean|Allow ad-hoc functions to access the credential details (requires the APP_ENGINE scope).| |allowedEntities|Array<CredentialAccessData>|The set of entities allowed to use the credential.| |description|string|A short description of the credentials set.| |iamRole*required|string|The IAM role name of the credentials set.| |id|string|The ID of the credentials set.| |name*required|string|The name of the credentials set.| |ownerAccessOnly|boolean|The credentials set is available to every user (false) or to owner only (true).| |~~scope~~DEPRECATED|"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC"|The scope of the credentials set.| |scopes*required|Array<"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC">|The set of scopes of the credentials set. Limitations: CredentialsScope.APP_ENGINE is only available on the new Dynatrace SaaS platform - it's not available on managed or non-Grail SaaS environments. | |type*required|"AWS_MONITORING_KEY_BASED" | "AWS_MONITORING_ROLE_BASED" | "CERTIFICATE" | "PUBLIC_CERTIFICATE" | "SNMPV3" | "TOKEN" | "USERNAME_PASSWORD"|Defines the actual set of fields depending on the value. See one of the following objects: CERTIFICATE -> CertificateCredentials PUBLIC_CERTIFICATE -> PublicCertificateCredentials USERNAME_PASSWORD -> UserPasswordCredentials TOKEN -> TokenCredentials SNMPV3 -> SNMPV3Credentials AWS_MONITORING_KEY_BASED -> AWSKeyBasedCredentialsDto AWS_MONITORING_ROLE_BASED -> AWSRoleBasedCredentials |
AzureClientSecret
Synchronization credentials with Azure Key Vault using client secret authentication method
| Name | Type | Description | | --- | --- | --- | |clientId|string|Client (application) ID of Azure application in Azure Active Directory which has permission to access secrets in Azure Key Vault.| |clientSecret|string|Client secret generated for Azure application in Azure Active Directory used for proving identity when requesting a token used later for accessing secrets in Azure Key Vault.| |locationForSynchronizationId|string|Id of a location used by the synchronizing monitor| |passwordSecretName|string|The name of the secret saved in external vault where password is stored.| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApprole HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificate AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecret CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePassword CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationDto | |tenantId|string|Tenant (directory) ID of Azure application in Azure Active Directory which has permission to access secrets in Azure Key Vault.| |tokenSecretName|string|The name of the secret saved in external vault where token is stored.| |usernameSecretName|string|The name of the secret saved in external vault where username is stored.| |vaultUrl|string|External vault URL.|
AzureClientSecretConfig
Configuration for external vault synchronization for username and password credentials.
| Name | Type | Description | | --- | --- | --- | |clientId|string|| |clientSecret|string|| |credentialsUsedForExternalSynchronization|Array<string>|| |passwordSecretName|string|| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApproleConfig HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificateConfig AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecretConfig CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePasswordConfig CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationConfig | |tenantId|string|| |tokenSecretName|string|| |type|"AZURE_CERTIFICATE_MODEL" | "AZURE_CLIENT_SECRET_MODEL" | "CYBERARK_VAULT_ALLOWED_LOCATION_MODEL" | "CYBERARK_VAULT_USERNAME_PASSWORD_MODEL" | "HASHICORP_APPROLE_MODEL" | "HASHICORP_CERTIFICATE_MODEL"|| |usernameSecretName|string|| |vaultUrl|string||
CertificateCredentials
A credentials set of the CERTIFICATE type.
| Name | Type | Description | | --- | --- | --- | |allowContextlessRequests|boolean|Allow ad-hoc functions to access the credential details (requires the APP_ENGINE scope).| |allowedEntities|Array<CredentialAccessData>|The set of entities allowed to use the credential.| |certificate*required|string|String containing the certificate file bytes encoded in Base64 without carriage return.| |certificateFormat*required|"UNKNOWN" | "PEM" | "PKCS12"|The certificate format. Use PEM for PEM certificates and PKCS12 for PFX and P12 certificates.| |description|string|A short description of the credentials set.| |id|string|The ID of the credentials set.| |name*required|string|The name of the credentials set.| |ownerAccessOnly|boolean|The credentials set is available to every user (false) or to owner only (true).| |password*required|string|The password of the credential encoded in Base64. Must be empty for PEM certificates.| |~~scope~~DEPRECATED|"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC"|The scope of the credentials set.| |scopes*required|Array<"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC">|The set of scopes of the credentials set. Limitations: CredentialsScope.APP_ENGINE is only available on the new Dynatrace SaaS platform - it's not available on managed or non-Grail SaaS environments. | |type*required|"AWS_MONITORING_KEY_BASED" | "AWS_MONITORING_ROLE_BASED" | "CERTIFICATE" | "PUBLIC_CERTIFICATE" | "SNMPV3" | "TOKEN" | "USERNAME_PASSWORD"|Defines the actual set of fields depending on the value. See one of the following objects: CERTIFICATE -> CertificateCredentials PUBLIC_CERTIFICATE -> PublicCertificateCredentials USERNAME_PASSWORD -> UserPasswordCredentials TOKEN -> TokenCredentials SNMPV3 -> SNMPV3Credentials AWS_MONITORING_KEY_BASED -> AWSKeyBasedCredentialsDto AWS_MONITORING_ROLE_BASED -> AWSRoleBasedCredentials |
ConstraintViolation
Information about a single constraint violation.
| Name | Type | Description | | --- | --- | --- | |context|ConstraintViolationContext|Structured context of the constraint violation. Well known keys that can be present are: reason -> Additional reasoning behind the occurred violation. pipeline -> Pipeline related to the violation. endpoint -> Endpoint related to the violation. stage -> Stage related to the violation. processor -> Processor related to the violation. routingRule -> Routing rule related to the violation. | |message*required|string|Description of the constraint violation.|
ConstraintViolationContext
Structured context of the constraint violation. Well known keys that can be present are:
reason-> Additional reasoning behind the occurred violation.pipeline-> Pipeline related to the violation.endpoint-> Endpoint related to the violation.stage-> Stage related to the violation.processor-> Processor related to the violation.routingRule-> Routing rule related to the violation.
type: Record<string, string>
ConstraintViolationDetails
List of encountered constraint violations.
| Name | Type | Description | | --- | --- | --- | |constraintViolations*required|Array<ConstraintViolation>|List of encountered constraint violations.| |type*required|"constraintViolation"|Defines the actual set of fields depending on the value. See one of the following objects: constraintViolation -> ConstraintViolationDetails |
CredentialAccessData
The set of entities allowed to use the credential.
| Name | Type | | --- | --- | |id|string| |type|"APPLICATION" | "UNKNOWN" | "USER"|
CredentialUsageHandler
Keeps information about credential's usage.
| Name | Type | Description | | --- | --- | --- | |count|number|The number of uses.| |type|string|Type of usage.|
Credentials
A set of credentials for synthetic monitors.
The actual set of fields depends on the type of credentials. Find the list of actual objects in the description of the type field or see Credential vault API - JSON models.
| Name | Type | Description | | --- | --- | --- | |allowContextlessRequests|boolean|Allow ad-hoc functions to access the credential details (requires the APP_ENGINE scope).| |allowedEntities|Array<CredentialAccessData>|The set of entities allowed to use the credential.| |description|string|A short description of the credentials set.| |id|string|The ID of the credentials set.| |name*required|string|The name of the credentials set.| |ownerAccessOnly|boolean|The credentials set is available to every user (false) or to owner only (true).| |~~scope~~DEPRECATED|"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC"|The scope of the credentials set.| |scopes*required|Array<"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC">|The set of scopes of the credentials set. Limitations: CredentialsScope.APP_ENGINE is only available on the new Dynatrace SaaS platform - it's not available on managed or non-Grail SaaS environments. | |type*required|"AWS_MONITORING_KEY_BASED" | "AWS_MONITORING_ROLE_BASED" | "CERTIFICATE" | "PUBLIC_CERTIFICATE" | "SNMPV3" | "TOKEN" | "USERNAME_PASSWORD"|Defines the actual set of fields depending on the value. See one of the following objects: CERTIFICATE -> CertificateCredentials PUBLIC_CERTIFICATE -> PublicCertificateCredentials USERNAME_PASSWORD -> UserPasswordCredentials TOKEN -> TokenCredentials SNMPV3 -> SNMPV3Credentials AWS_MONITORING_KEY_BASED -> AWSKeyBasedCredentialsDto AWS_MONITORING_ROLE_BASED -> AWSRoleBasedCredentials |
CredentialsId
A short representation of the credentials set.
| Name | Type | Description | | --- | --- | --- | |id*required|string|The ID of the credentials set.|
CredentialsList
A list of credentials sets for Synthetic monitors.
| Name | Type | Description | | --- | --- | --- | |credentials*required|Array<CredentialsResponseElement>|A list of credentials sets for Synthetic monitors.| |nextPageKey|string|| |pageSize|number|| |totalCount|number||
CredentialsResponseElement
Metadata of the credentials set.
| Name | Type | Description | | --- | --- | --- | |allowContextlessRequests|boolean|Allow access without app context, for example, from ad hoc functions in Workflows (requires the APP_ENGINE scope).| |allowedEntities*required|Array<CredentialAccessData>|The set of entities allowed to use the credential.| |credentialUsageSummary*required|Array<CredentialUsageHandler>|The list contains summary data related to the use of credentials.| |description*required|string|A short description of the credentials set.| |externalVault|ExternalVaultConfig|Configuration for external vault synchronization for username and password credentials.| |id|string|The ID of the credentials set.| |name*required|string|The name of the credentials set.| |owner*required|string|The owner of the credential (user for which used API token was created).| |ownerAccessOnly*required|boolean|Flag indicating that this credential is visible only to the owner.| |scope|"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC"|The scope of the credentials set.| |scopes|Array<"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC">|The set of scopes of the credentials set.| |type*required|"UNKNOWN" | "AWS_MONITORING_KEY_BASED" | "AWS_MONITORING_ROLE_BASED" | "CERTIFICATE" | "PUBLIC_CERTIFICATE" | "SNMPV3" | "TOKEN" | "USERNAME_PASSWORD"|The type of the credentials set.|
CyberArkAllowedLocationConfig
Configuration for external vault synchronization for username and password credentials.
| Name | Type | Description | | --- | --- | --- | |accountName|string|| |applicationId|string|| |certificate|string|| |credentialsUsedForExternalSynchronization|Array<string>|| |folderName|string|| |passwordSecretName|string|| |safeName|string|| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApproleConfig HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificateConfig AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecretConfig CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePasswordConfig CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationConfig | |tokenSecretName|string|| |type|"AZURE_CERTIFICATE_MODEL" | "AZURE_CLIENT_SECRET_MODEL" | "CYBERARK_VAULT_ALLOWED_LOCATION_MODEL" | "CYBERARK_VAULT_USERNAME_PASSWORD_MODEL" | "HASHICORP_APPROLE_MODEL" | "HASHICORP_CERTIFICATE_MODEL"|| |usernameSecretName|string|| |vaultUrl|string||
CyberArkAllowedLocationDto
Synchronization credentials with CyberArk Vault using allowed machines (location) authentication method.
| Name | Type | Description | | --- | --- | --- | |accountName*required|string|Account name that stores the username and password to retrieve and synchronize with the Dynatrace Credential Vault: This is NOT the name of the account logged into the CyberArk Central Credential Provider.| |applicationId*required|string|Application ID connected to CyberArk Vault.| |certificate|string|[Recommended] Certificate used for authentication to CyberArk application. ID of certificate credential saved in Dynatrace CV.| |folderName|string|[Optional] Folder name where credentials in CyberArk Vault are stored. Default folder name is 'Root'.| |locationForSynchronizationId|string|Id of a location used by the synchronizing monitor| |passwordSecretName|string|The name of the secret saved in external vault where password is stored.| |safeName*required|string|Safe name connected to CyberArk Vault.| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApprole HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificate AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecret CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePassword CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationDto | |tokenSecretName|string|The name of the secret saved in external vault where token is stored.| |usernameSecretName|string|The name of the secret saved in external vault where username is stored.| |vaultUrl|string|External vault URL.|
CyberArkUsernamePassword
Synchronization credentials with CyberArk Vault using username password authentication method.
| Name | Type | Description | | --- | --- | --- | |accountName*required|string|Account name that stores the username and password to retrieve and synchronize with the Dynatrace Credential Vault: This is NOT the name of the account logged into the CyberArk Central Credential Provider.| |applicationId*required|string|Application ID connected to CyberArk Vault.| |certificate|string|[Recommended] Certificate used for authentication to CyberArk application. ID of certificate credential saved in Dynatrace CV.| |folderName|string|[Optional] Folder name where credentials in CyberArk Vault are stored. Default folder name is 'Root'.| |locationForSynchronizationId|string|Id of a location used by the synchronizing monitor| |passwordSecretName|string|The name of the secret saved in external vault where password is stored.| |safeName*required|string|Safe name connected to CyberArk Vault.| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApprole HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificate AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecret CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePassword CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationDto | |tokenSecretName|string|The name of the secret saved in external vault where token is stored.| |usernamePasswordForCPM*required|string|Dynatrace credential ID of the username-password pair used for authentication to the CyberArk Central Credential Provider| |usernameSecretName|string|The name of the secret saved in external vault where username is stored.| |vaultUrl|string|External vault URL.|
CyberArkUsernamePasswordConfig
Configuration for external vault synchronization for username and password credentials.
| Name | Type | Description | | --- | --- | --- | |accountName|string|| |applicationId|string|| |certificate|string|| |credentialsUsedForExternalSynchronization|Array<string>|| |folderName|string|| |passwordSecretName|string|| |safeName|string|| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApproleConfig HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificateConfig AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecretConfig CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePasswordConfig CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationConfig | |tokenSecretName|string|| |type|"AZURE_CERTIFICATE_MODEL" | "AZURE_CLIENT_SECRET_MODEL" | "CYBERARK_VAULT_ALLOWED_LOCATION_MODEL" | "CYBERARK_VAULT_USERNAME_PASSWORD_MODEL" | "HASHICORP_APPROLE_MODEL" | "HASHICORP_CERTIFICATE_MODEL"|| |usernamePasswordForCPM|string|| |usernameSecretName|string|| |vaultUrl|string||
ErrorResponse
Basic information of the encountered error.
| Name | Type | Description | | --- | --- | --- | |code*required|number|The returned HTTP status code.| |details|ErrorResponseDetails|Detailed information of the error.| |message*required|string|Description of the encountered error.|
ErrorResponseDetails
Detailed information of the error.
| Name | Type | Description | | --- | --- | --- | |type*required|"constraintViolation"|Defines the actual set of fields depending on the value. See one of the following objects: constraintViolation -> ConstraintViolationDetails |
ErrorResponseEnvelope
Encloses the encountered error.
| Name | Type | Description | | --- | --- | --- | |error*required|ErrorResponse|Basic information of the encountered error.|
ExternalVault
Information for synchronization credentials with external vault
| Name | Type | Description | | --- | --- | --- | |locationForSynchronizationId|string|Id of a location used by the synchronizing monitor| |passwordSecretName|string|The name of the secret saved in external vault where password is stored.| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApprole HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificate AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecret CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePassword CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationDto | |tokenSecretName|string|The name of the secret saved in external vault where token is stored.| |usernameSecretName|string|The name of the secret saved in external vault where username is stored.| |vaultUrl|string|External vault URL.|
ExternalVaultConfig
Configuration for external vault synchronization for username and password credentials.
| Name | Type | Description | | --- | --- | --- | |credentialsUsedForExternalSynchronization|Array<string>|| |passwordSecretName|string|| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApproleConfig HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificateConfig AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecretConfig CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePasswordConfig CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationConfig | |tokenSecretName|string|| |type|"AZURE_CERTIFICATE_MODEL" | "AZURE_CLIENT_SECRET_MODEL" | "CYBERARK_VAULT_ALLOWED_LOCATION_MODEL" | "CYBERARK_VAULT_USERNAME_PASSWORD_MODEL" | "HASHICORP_APPROLE_MODEL" | "HASHICORP_CERTIFICATE_MODEL"|| |usernameSecretName|string|| |vaultUrl|string||
HashicorpApprole
Synchronization credentials with HashiCorp Vault using appRole authentication method
| Name | Type | Description | | --- | --- | --- | |locationForSynchronizationId|string|Id of a location used by the synchronizing monitor| |passwordSecretName|string|The name of the secret saved in external vault where password is stored.| |pathToCredentials*required|string|Path to folder where credentials in HashiCorp Vault are stored.| |roleId*required|string|Role ID is similar to username when you want to authenticate in HashiCorp Vault using AppRole.| |secretId*required|string|Secret ID is similar to password when you want to authenticate in HashiCorp Vault using AppRole. ID of token representing secret ID saved in Dynatrace CV.| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApprole HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificate AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecret CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePassword CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationDto | |tokenSecretName|string|The name of the secret saved in external vault where token is stored.| |usernameSecretName|string|The name of the secret saved in external vault where username is stored.| |vaultNamespace*required|string|Vault namespace in HashiCorp Vault. It is an information you set as environmental variable VAULT_NAMESPACE if you are accessing HashiCorp Vault from command line.| |vaultUrl|string|External vault URL.|
HashicorpApproleConfig
Configuration for external vault synchronization for username and password credentials.
| Name | Type | Description | | --- | --- | --- | |credentialsUsedForExternalSynchronization|Array<string>|| |passwordSecretName|string|| |pathToCredentials|string|| |roleId|string|| |secretId|string|| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApproleConfig HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificateConfig AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecretConfig CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePasswordConfig CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationConfig | |tokenSecretName|string|| |type|"AZURE_CERTIFICATE_MODEL" | "AZURE_CLIENT_SECRET_MODEL" | "CYBERARK_VAULT_ALLOWED_LOCATION_MODEL" | "CYBERARK_VAULT_USERNAME_PASSWORD_MODEL" | "HASHICORP_APPROLE_MODEL" | "HASHICORP_CERTIFICATE_MODEL"|| |usernameSecretName|string|| |vaultNamespace|string|| |vaultUrl|string||
HashicorpCertificate
Synchronization credentials with HashiCorp Vault using certificate authentication method
| Name | Type | Description | | --- | --- | --- | |certificate|string|ID of certificate saved in Dynatrace CV. Using this certificate you can authenticate to your HashiCorp Vault.| |locationForSynchronizationId|string|Id of a location used by the synchronizing monitor| |passwordSecretName|string|The name of the secret saved in external vault where password is stored.| |pathToCredentials|string|Path to folder where credentials in HashiCorp Vault are stored.| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApprole HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificate AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecret CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePassword CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationDto | |tokenSecretName|string|The name of the secret saved in external vault where token is stored.| |usernameSecretName|string|The name of the secret saved in external vault where username is stored.| |vaultUrl|string|External vault URL.|
HashicorpCertificateConfig
Configuration for external vault synchronization for username and password credentials.
| Name | Type | Description | | --- | --- | --- | |certificate|string|| |credentialsUsedForExternalSynchronization|Array<string>|| |passwordSecretName|string|| |pathToCredentials|string|| |sourceAuthMethod|"AZURE_KEY_VAULT_CLIENT_SECRET" | "CYBERARK_VAULT_ALLOWED_LOCATION" | "CYBERARK_VAULT_USERNAME_PASSWORD" | "HASHICORP_VAULT_APPROLE" | "HASHICORP_VAULT_CERTIFICATE"|Defines the actual set of fields depending on the value. See one of the following objects: HASHICORP_VAULT_APPROLE -> HashicorpApproleConfig HASHICORP_VAULT_CERTIFICATE -> HashicorpCertificateConfig AZURE_KEY_VAULT_CLIENT_SECRET -> AzureClientSecretConfig CYBERARK_VAULT_USERNAME_PASSWORD -> CyberArkUsernamePasswordConfig CYBERARK_VAULT_ALLOWED_LOCATION -> CyberArkAllowedLocationConfig | |tokenSecretName|string|| |type|"AZURE_CERTIFICATE_MODEL" | "AZURE_CLIENT_SECRET_MODEL" | "CYBERARK_VAULT_ALLOWED_LOCATION_MODEL" | "CYBERARK_VAULT_USERNAME_PASSWORD_MODEL" | "HASHICORP_APPROLE_MODEL" | "HASHICORP_CERTIFICATE_MODEL"|| |usernameSecretName|string|| |vaultUrl|string||
PublicCertificateCredentials
A credentials set of the PUBLIC_CERTIFICATE type.
| Name | Type | Description | | --- | --- | --- | |allowContextlessRequests|boolean|Allow ad-hoc functions to access the credential details (requires the APP_ENGINE scope).| |allowedEntities|Array<CredentialAccessData>|The set of entities allowed to use the credential.| |certificate*required|string|The certificate in the string format.| |certificateFormat*required|"UNKNOWN" | "PEM" | "PKCS12"|The certificate format.| |description|string|A short description of the credentials set.| |id|string|The ID of the credentials set.| |name*required|string|The name of the credentials set.| |ownerAccessOnly|boolean|The credentials set is available to every user (false) or to owner only (true).| |password*required|string|The password of the credential (not supported).| |~~scope~~DEPRECATED|"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC"|The scope of the credentials set.| |scopes*required|Array<"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC">|The set of scopes of the credentials set. Limitations: CredentialsScope.APP_ENGINE is only available on the new Dynatrace SaaS platform - it's not available on managed or non-Grail SaaS environments. | |type*required|"AWS_MONITORING_KEY_BASED" | "AWS_MONITORING_ROLE_BASED" | "CERTIFICATE" | "PUBLIC_CERTIFICATE" | "SNMPV3" | "TOKEN" | "USERNAME_PASSWORD"|Defines the actual set of fields depending on the value. See one of the following objects: CERTIFICATE -> CertificateCredentials PUBLIC_CERTIFICATE -> PublicCertificateCredentials USERNAME_PASSWORD -> UserPasswordCredentials TOKEN -> TokenCredentials SNMPV3 -> SNMPV3Credentials AWS_MONITORING_KEY_BASED -> AWSKeyBasedCredentialsDto AWS_MONITORING_ROLE_BASED -> AWSRoleBasedCredentials |
SNMPV3Credentials
A credentials set of the SNMPV3 type.
| Name | Type | Description | | --- | --- | --- | |allowContextlessRequests|boolean|Allow ad-hoc functions to access the credential details (requires the APP_ENGINE scope).| |allowedEntities|Array<CredentialAccessData>|The set of entities allowed to use the credential.| |authenticationPassword|string|The authentication password in the string format (should not be empty for AUTH_PRIV and AUTH_NO_PRIV security levels)| |authenticationProtocol|"MD5" | "SHA" | "SHA224" | "SHA256" | "SHA384" | "SHA512"|The authentication protocol, supported protocols: MD5, SHA, SHA224, SHA256, SHA384, SHA512| |description|string|A short description of the credentials set.| |id|string|The ID of the credentials set.| |name*required|string|The name of the credentials set.| |ownerAccessOnly|boolean|The credentials set is available to every user (false) or to owner only (true).| |privacyPassword|string|The privacy password in the string format (should not be empty for AUTH_PRIV security level)| |privacyProtocol|"AES" | "AES192" | "AES192C" | "AES256" | "AES256C" | "DES"|The privacy protocol| |~~scope~~DEPRECATED|"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC"|The scope of the credentials set.| |scopes*required|Array<"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC">|The set of scopes of the credentials set. Limitations: CredentialsScope.APP_ENGINE is only available on the new Dynatrace SaaS platform - it's not available on managed or non-Grail SaaS environments. | |securityLevel*required|"AUTH_NO_PRIV" | "AUTH_PRIV" | "NO_AUTH_NO_PRIV"|The security level, supported levels: AUTH_PRIV, NO_AUTH_NO_PRIV, AUTH_NO_PRIV| |type*required|"AWS_MONITORING_KEY_BASED" | "AWS_MONITORING_ROLE_BASED" | "CERTIFICATE" | "PUBLIC_CERTIFICATE" | "SNMPV3" | "TOKEN" | "USERNAME_PASSWORD"|Defines the actual set of fields depending on the value. See one of the following objects: CERTIFICATE -> CertificateCredentials PUBLIC_CERTIFICATE -> PublicCertificateCredentials USERNAME_PASSWORD -> UserPasswordCredentials TOKEN -> TokenCredentials SNMPV3 -> SNMPV3Credentials AWS_MONITORING_KEY_BASED -> AWSKeyBasedCredentialsDto AWS_MONITORING_ROLE_BASED -> AWSRoleBasedCredentials | |username*required|string|User name value|
TokenCredentials
A credentials set of the TOKEN type.
| Name | Type | Description | | --- | --- | --- | |allowContextlessRequests|boolean|Allow ad-hoc functions to access the credential details (requires the APP_ENGINE scope).| |allowedEntities|Array<CredentialAccessData>|The set of entities allowed to use the credential.| |description|string|A short description of the credentials set.| |externalVault|ExternalVault|Information for synchronization credentials with external vault| |id|string|The ID of the credentials set.| |name*required|string|The name of the credentials set.| |ownerAccessOnly|boolean|The credentials set is available to every user (false) or to owner only (true).| |~~scope~~DEPRECATED|"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC"|The scope of the credentials set.| |scopes*required|Array<"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC">|The set of scopes of the credentials set. Limitations: CredentialsScope.APP_ENGINE is only available on the new Dynatrace SaaS platform - it's not available on managed or non-Grail SaaS environments. | |token|string|Token in the string format.| |type*required|"AWS_MONITORING_KEY_BASED" | "AWS_MONITORING_ROLE_BASED" | "CERTIFICATE" | "PUBLIC_CERTIFICATE" | "SNMPV3" | "TOKEN" | "USERNAME_PASSWORD"|Defines the actual set of fields depending on the value. See one of the following objects: CERTIFICATE -> CertificateCredentials PUBLIC_CERTIFICATE -> PublicCertificateCredentials USERNAME_PASSWORD -> UserPasswordCredentials TOKEN -> TokenCredentials SNMPV3 -> SNMPV3Credentials AWS_MONITORING_KEY_BASED -> AWSKeyBasedCredentialsDto AWS_MONITORING_ROLE_BASED -> AWSRoleBasedCredentials |
UserPasswordCredentials
A credentials set of the USERNAME_PASSWORD type.
| Name | Type | Description | | --- | --- | --- | |allowContextlessRequests|boolean|Allow ad-hoc functions to access the credential details (requires the APP_ENGINE scope).| |allowedEntities|Array<CredentialAccessData>|The set of entities allowed to use the credential.| |description|string|A short description of the credentials set.| |externalVault|ExternalVault|Information for synchronization credentials with external vault| |id|string|The ID of the credentials set.| |name*required|string|The name of the credentials set.| |ownerAccessOnly|boolean|The credentials set is available to every user (false) or to owner only (true).| |password|string|The password of the credential.| |~~scope~~DEPRECATED|"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC"|The scope of the credentials set.| |scopes*required|Array<"APP_ENGINE" | "EXTENSION" | "EXTENSION_AUTHENTICATION" | "SYNTHETIC">|The set of scopes of the credentials set. Limitations: CredentialsScope.APP_ENGINE is only available on the new Dynatrace SaaS platform - it's not available on managed or non-Grail SaaS environments. | |type*required|"AWS_MONITORING_KEY_BASED" | "AWS_MONITORING_ROLE_BASED" | "CERTIFICATE" | "PUBLIC_CERTIFICATE" | "SNMPV3" | "TOKEN" | "USERNAME_PASSWORD"|Defines the actual set of fields depending on the value. See one of the following objects: CERTIFICATE -> CertificateCredentials PUBLIC_CERTIFICATE -> PublicCertificateCredentials USERNAME_PASSWORD -> UserPasswordCredentials TOKEN -> TokenCredentials SNMPV3 -> SNMPV3Credentials AWS_MONITORING_KEY_BASED -> AWSKeyBasedCredentialsDto AWS_MONITORING_ROLE_BASED -> AWSRoleBasedCredentials | |user|string|The username of the credentials set.|
Enums
~~CredentialAccessDataType~~
⚠️ Deprecated Use literal values.
Enum keys
Application | Unknown | User
~~CredentialsResponseElementScope~~
⚠️ Deprecated Use literal values.
The scope of the credentials set.
Enum keys
AppEngine | Extension | ExtensionAuthentication | Synthetic
~~CredentialsResponseElementScopesItem~~
⚠️ Deprecated Use literal values.
The set of scopes of the credentials set.
Enum keys
AppEngine | Extension | ExtensionAuthentication | Synthetic
~~CredentialsResponseElementType~~
⚠️ Deprecated Use literal values.
The type of the credentials set.
Enum keys
AwsMonitoringKeyBased | AwsMonitoringRoleBased | Certificate | PublicCertificate | Snmpv3 | Token | Unknown | UsernamePassword
~~CredentialsScope~~
⚠️ Deprecated Use literal values.
The scope of the credentials set.
Enum keys
AppEngine | Extension | ExtensionAuthentication | Synthetic
~~CredentialsScopesItem~~
⚠️ Deprecated Use literal values.
The set of scopes of the credentials set.
Limitations: CredentialsScope.APP_ENGINE is only available on the new Dynatrace SaaS platform - it's not available on managed or non-Grail SaaS environments.
Enum keys
AppEngine | Extension | ExtensionAuthentication | Synthetic
~~CredentialsType~~
⚠️ Deprecated Use literal values.
Defines the actual set of fields depending on the value. See one of the following objects:
CERTIFICATE-> CertificateCredentialsPUBLIC_CERTIFICATE-> PublicCertificateCredentialsUSERNAME_PASSWORD-> UserPasswordCredentialsTOKEN-> TokenCredentialsSNMPV3-> SNMPV3Credentials- `AWS_MONITORING_K
