CredentialProviderV2DTO

type stringrequired

Possible values: [aembit-access-token, apikey, aws-sts-oidc, azure-entra-federation, gcp-identity-federation, gitlab-managed-account, oauth-authorization-code, oauth-client-credential, signed-jwt, username-password, vaultClientToken]

aembit-access-token

audienceyour_tenant_id.api.aembit.iorequired

Audience for the access token

Possible values: non-empty

roleIduuidrequired

Aembit Role Id

lifetimeInSecondsint32required

Access token lifetime (in seconds)

apikey

apiKeystringrequired

API Key

Possible values: non-empty

aws-sts-oidc

awsIAMRoleArnstringrequired

Amazon Resource Name(ARN) for AWS IAM Role

Possible values: non-empty

lifetimeint32nullable

Access token lifetime (in seconds)

azure-entra-federation

audiencestringrequired

Audience for the access token

Possible values: non-empty

subjectstringrequired

Subject for the access token

Possible values: non-empty

scopestringrequired

Scope for the access token

Possible values: non-empty

azureTenantstringrequired

Azure tenant ID

Possible values: non-empty

clientIdstringrequired

Azure client ID

Possible values: non-empty

gcp-identity-federation

audiencestringrequired

Audience for the access token

Possible values: non-empty

serviceAccountEmailemailrequired

Service account email

Possible values: non-empty

lifetimeint32nullable

Access token lifetime (in seconds)

gitlab-managed-account

groupIdsstringnullable

Comma separated list of GitLab Group Identifiers or Paths

projectIdsstringnullable

Comma separated list of GitLab Project Identifiers or Paths

accessLevelint32required

Access level code to use while assigning Managed Service Account to a group or a project

lifetimeInSecondsint32required

Lifetime (in seconds) of a Personal Access Token of the Managed Service Account

scopestringrequired

A space separated list of scopes to be specified when requesting a Personal Access Token of a Managed Service Account

Possible values: non-empty

userIdint32

GitLab user ID of the Managed Service Account.

usernamestringnullable

GitLab username of the Managed Service Account.

tokenSensitiveDataIduuid

tokenIdstringnullable

tokenExpirationdate-timenullable

Expiration timestamp of the Personal Access Token of the Managed Service Account.

lastOperationTimestampdate-timenullable

Timestamp of the latest operation performed with the Personal Access Token of the Managed Service Account.

statusstringnullable

Status of the Personal Access Token of the Managed Service Account.

errorMessagestringnullable

Contains an error message related to the last unsuccessful operation using the Personal Access Token of the Managed Service Account.

credentialProviderIntegrationExternalIduuid

ID of the Credential Provider Integration with which this Managed GitLab Account Credential Provider is associated

oauth-authorization-code

clientIDstringrequired

OAuth Client ID

Possible values: non-empty

clientSecretstringnullable

OAuth Client Secret

scopestringnullable

OAuth Scopes

customParameters object[]nullable

Custom Claims that are added to the Access Token

Array [

keystringnullable

valuestringnullable

valueTypestringnullable

]

oAuthUrlstringrequired

OAuth well-known metadata endpoint

Possible values: non-empty

authorizationUrlstringrequired

OAuth Authorization URL for handling authorization requests

Possible values: non-empty

tokenUrlstringrequired

OAuth Token URL for handling token requests

Possible values: non-empty

isPkceRequiredboolean

Indicates if Proof Key for Code Exchange (PKCE) protocol flow must be used

callBackUrlstringnullable

The callback URL where the Authorization Server sends the Authorization Code

userAuthorizationUrlstringnullable

Authorization URL to be used for authorization of the Credential Provider by a privileged user

statestringnullable

State parameter to maintain state between the authorization request and callback

oauth-client-credential

clientIDstringrequired

OAuth Client ID

Possible values: non-empty

clientSecretstringnullable

OAuth Client Secret

scopestringnullable

OAuth Scopes

customParameters object[]nullable

Custom Claims that are added to the Access Token

Array [

keystringnullable

valuestringnullable

valueTypestringnullable

]

urlstringrequired

OAuth Token URL for handling token requests

Possible values: non-empty

credentialStylestringnullable

Defines how credential would be transmitted. Accepted value: 'postBody', 'authHeader'

signed-jwt

tokenConfigurationstringrequired

Token configuration type. Accepted value: 'snowflake'

Possible values: non-empty

lifetimeint32required

Access token lifetime (in seconds)

algorithmTypestringrequired

Token signing algorithm. Accepted value: 'RS256'

Possible values: non-empty

issuerSnowflake_Account_Name.Snowflake_Username.SHA256:{sha256(publicKey)}required

Issuer of the access token

Possible values: non-empty

subjectSnowflake_Account_Name.Snowflake_Usernamerequired

Subject of the access token

Possible values: non-empty

keyContentstringnullable

privateKeystringnullable

username-password

usernamestringrequired

Username

Possible values: non-empty

passwordstringrequired

Password. Set to null on updates if not wish to change it

Possible values: non-empty

vaultClientToken

issuerhttps://your_tenant_id.id.aembit.iorequired

Issuer of the Access Token

Possible values: non-empty

subjectstringrequired

Subject of the Access Token

Possible values: non-empty

subjectTypestringnullable

Subject type, Accepted values: 'literal', 'dynamic'

lifetimeint32required

Access Token(used for authentication against vault OIDC provider) Lifetime in seconds

customClaimNames object[]nullable

Custom Claims that are added to the Access Token

Array [

keystringnullable

valuestringnullable

valueTypestringnullable

]

vaultHoststringrequired

Vault host

Possible values: non-empty

tlsboolean

Tls enabled/disabled when connecting to the vault instance

portint32required

Port number for connecting to the vault instance

Possible values: >= 1 and <= 65535

authenticationPathstringrequired

Vault authentication path

Possible values: non-empty

namespacestringnullable

Namespace to be used when connecting to the vault instance

rolestringnullable

User role to be used when connecting to the vault instance

forwardingConfigstringnullable

Forwarding configuration for the vault request. Accepted values: '', 'conditional', 'unconditional'

privateNetworkAccessboolean

Specifies whether the Vault instance is accessible over a private network

externalIduuid

namestringrequired

Name of the Entity

Possible values: non-empty and <= 128 characters

descriptionstringnullable

Description of the Entity

isActivebooleanrequired

True/False value that determines if this entity is Active or Disabled

tags object[]nullable

Array [

keystringrequired

Tag Key

Possible values: non-empty

valuestringrequired

Tag Key Value

Possible values: non-empty

]

createdAtdate-time

modifiedAtdate-timenullable

createdBystringnullable

modifiedBystringnullable

resourceSetuuidrequired

ID of the Resource Set in which this Access Entity exists

lifetimeTimeSpanSecondsint32

lifetimeExpirationdate-timenullable

accessPolicyCountint32

Access Policies associated with this Credential Provider

CredentialProviderV2DTO

{
  "type": "string",
  "externalId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "string",
  "description": "string",
  "isActive": true,
  "tags": [
    {
      "key": "string",
      "value": "string"
    }
  ],
  "createdAt": "2024-07-29T15:51:28.071Z",
  "modifiedAt": "2024-07-29T15:51:28.071Z",
  "createdBy": "string",
  "modifiedBy": "string",
  "resourceSet": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "lifetimeTimeSpanSeconds": 0,
  "lifetimeExpiration": "2024-07-29T15:51:28.071Z",
  "accessPolicyCount": 0
}