2017-03-09 02:47:35 +00:00
|
|
|
|
---
|
2020-01-18 00:18:09 +00:00
|
|
|
|
layout: api
|
|
|
|
|
page_title: RabbitMQ - Secrets Engines - HTTP API
|
|
|
|
|
description: This is the API documentation for the Vault RabbitMQ secrets engine.
|
2017-03-09 02:47:35 +00:00
|
|
|
|
---
|
|
|
|
|
|
2017-09-20 20:05:00 +00:00
|
|
|
|
# RabbitMQ Secrets Engine (API)
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
2017-09-20 20:05:00 +00:00
|
|
|
|
This is the API documentation for the Vault RabbitMQ secrets engine. For general
|
|
|
|
|
information about the usage and operation of the RabbitMQ secrets engine, please
|
2020-01-22 20:05:41 +00:00
|
|
|
|
see the [RabbitMQ documentation](/docs/secrets/rabbitmq).
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
2017-09-20 20:05:00 +00:00
|
|
|
|
This documentation assumes the RabbitMQ secrets engine is enabled at the
|
|
|
|
|
`/rabbitmq` path in Vault. Since it is possible to enable secrets engines at any
|
|
|
|
|
location, please update your API calls accordingly.
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
## Configure Connection
|
|
|
|
|
|
|
|
|
|
This endpoint configures the connection string used to communicate with
|
|
|
|
|
RabbitMQ.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
| Method | Path |
|
|
|
|
|
| :----- | :---------------------------- |
|
|
|
|
|
| `POST` | `/rabbitmq/config/connection` |
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
### Parameters
|
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
- `connection_uri` `(string: <required>)` – Specifies the RabbitMQ connection URI.
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
- `username` `(string: <required>)` – Specifies the RabbitMQ management administrator username.
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
- `password` `(string: <required>)` – Specifies the RabbitMQ management administrator password.
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
- `verify_connection` `(bool: true)` – Specifies whether to verify connection URI, username, and password.
|
|
|
|
|
|
|
|
|
|
- `password_policy` `(string: "")` - Specifies a [password policy](/docs/concepts/password-policies) to
|
|
|
|
|
use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set.
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
### Sample Payload
|
|
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
|
|
|
|
"connection_uri": "https://...",
|
|
|
|
|
"username": "user",
|
2020-06-11 22:08:20 +00:00
|
|
|
|
"password": "password",
|
|
|
|
|
"password_policy": "rabbitmq_policy"
|
2017-03-09 02:47:35 +00:00
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Sample Request
|
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
<Tabs>
|
|
|
|
|
<Tab heading="cURL">
|
|
|
|
|
|
2020-05-21 17:18:17 +00:00
|
|
|
|
```shell-session
|
2017-03-09 02:47:35 +00:00
|
|
|
|
$ curl \
|
|
|
|
|
--header "X-Vault-Token: ..." \
|
|
|
|
|
--request POST \
|
|
|
|
|
--data @payload.json \
|
2018-03-23 15:41:51 +00:00
|
|
|
|
http://127.0.0.1:8200/v1/rabbitmq/config/connection
|
2017-03-09 02:47:35 +00:00
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
<Tab heading="CLI">
|
|
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
|
$ vault write rabbitmq/config/connection \
|
|
|
|
|
connection_uri="http://localhost:8080" \
|
|
|
|
|
username="user" \
|
|
|
|
|
password="password" \
|
|
|
|
|
password_policy="rabbitmq_policy"
|
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
</Tabs>
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
## Configure Lease
|
|
|
|
|
|
2017-08-15 18:00:40 +00:00
|
|
|
|
This endpoint configures the lease settings for generated credentials.
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
| Method | Path |
|
|
|
|
|
| :----- | :----------------------- |
|
|
|
|
|
| `POST` | `/rabbitmq/config/lease` |
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
### Parameters
|
|
|
|
|
|
|
|
|
|
- `ttl` `(int: 0)` – Specifies the lease ttl provided in seconds.
|
|
|
|
|
|
|
|
|
|
- `max_ttl` `(int: 0)` – Specifies the maximum ttl provided in seconds.
|
|
|
|
|
|
|
|
|
|
### Sample Payload
|
|
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
|
|
|
|
"ttl": 1800,
|
|
|
|
|
"max_ttl": 3600
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Sample Request
|
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
<Tabs>
|
|
|
|
|
<Tab heading="cURL">
|
|
|
|
|
|
2020-05-21 17:18:17 +00:00
|
|
|
|
```shell-session
|
2017-03-09 02:47:35 +00:00
|
|
|
|
$ curl \
|
|
|
|
|
--header "X-Vault-Token: ..." \
|
|
|
|
|
--request POST \
|
|
|
|
|
--data @payload.json \
|
2018-03-23 15:41:51 +00:00
|
|
|
|
http://127.0.0.1:8200/v1/rabbitmq/config/lease
|
2017-03-09 02:47:35 +00:00
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
<Tab heading="CLI">
|
|
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
|
$ vault write rabbitmq/config/lease \
|
|
|
|
|
ttl=1800 \
|
|
|
|
|
max_ttl=3600
|
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
</Tabs>
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
## Create Role
|
|
|
|
|
|
|
|
|
|
This endpoint creates or updates the role definition.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
| Method | Path |
|
|
|
|
|
| :----- | :---------------------- |
|
|
|
|
|
| `POST` | `/rabbitmq/roles/:name` |
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
### Parameters
|
|
|
|
|
|
|
|
|
|
- `name` `(string: <required>)` – Specifies the name of the role to create. This
|
|
|
|
|
is specified as part of the URL.
|
|
|
|
|
|
|
|
|
|
- `tags` `(string: "")` – Specifies a comma-separated RabbitMQ management tags.
|
|
|
|
|
|
2019-02-27 22:19:54 +00:00
|
|
|
|
- `vhosts` `(string: "")` – Specifies a map of virtual hosts to
|
2017-03-09 02:47:35 +00:00
|
|
|
|
permissions.
|
|
|
|
|
|
2019-10-30 21:19:49 +00:00
|
|
|
|
- `vhost_topics` `(string: "")` – Specifies a map of virtual hosts and exchanges
|
|
|
|
|
to topic permissions. This option requires RabbitMQ 3.7.0 or later.
|
|
|
|
|
|
2017-03-09 02:47:35 +00:00
|
|
|
|
### Sample Payload
|
|
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
|
|
|
|
"tags": "tag1,tag2",
|
2019-10-30 21:19:49 +00:00
|
|
|
|
"vhosts": "{\"/\": {\"configure\":\".*\", \"write\":\".*\", \"read\": \".*\"}}",
|
|
|
|
|
"vhost_topics": "{\"/\": {\"amq.topic\": {\"write\":\".*\", \"read\": \".*\"}}}"
|
2017-03-09 02:47:35 +00:00
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Sample Request
|
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
<Tabs>
|
|
|
|
|
<Tab heading="cURL">
|
|
|
|
|
|
2020-05-21 17:18:17 +00:00
|
|
|
|
```shell-session
|
2017-03-09 02:47:35 +00:00
|
|
|
|
$ curl \
|
|
|
|
|
--header "X-Vault-Token: ..." \
|
|
|
|
|
--request POST \
|
|
|
|
|
--data @payload.json \
|
2018-03-23 15:41:51 +00:00
|
|
|
|
http://127.0.0.1:8200/v1/rabbitmq/roles/my-role
|
2017-03-09 02:47:35 +00:00
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
<Tab heading="CLI">
|
|
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
|
$ vault write rabbitmq/roles/my-role \
|
|
|
|
|
tags="tag1,tag2" \
|
|
|
|
|
vhosts="..." \
|
|
|
|
|
vhost_topics="..."
|
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
</Tabs>
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
## Read Role
|
|
|
|
|
|
|
|
|
|
This endpoint queries the role definition.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
| Method | Path |
|
|
|
|
|
| :----- | :---------------------- |
|
|
|
|
|
| `GET` | `/rabbitmq/roles/:name` |
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
### Parameters
|
|
|
|
|
|
|
|
|
|
- `name` `(string: <required>)` – Specifies the name of the role to read. This
|
|
|
|
|
is specified as part of the URL.
|
|
|
|
|
|
|
|
|
|
### Sample Request
|
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
<Tabs>
|
|
|
|
|
<Tab heading="cURL">
|
|
|
|
|
|
2020-05-21 17:18:17 +00:00
|
|
|
|
```shell-session
|
2017-03-09 02:47:35 +00:00
|
|
|
|
$ curl \
|
|
|
|
|
--header "X-Vault-Token: ..." \
|
2018-03-23 15:41:51 +00:00
|
|
|
|
http://127.0.0.1:8200/v1/rabbitmq/roles/my-role
|
2017-03-09 02:47:35 +00:00
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
<Tab heading="CLI">
|
|
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
|
$ vault read rabbitmq/roles/my-role
|
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
</Tabs>
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
### Sample Response
|
|
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
|
|
|
|
"data": {
|
|
|
|
|
"tags": "",
|
2019-10-30 21:19:49 +00:00
|
|
|
|
"vhosts": "{\"/\": {\"configure\":\".*\", \"write\":\".*\", \"read\": \".*\"}}",
|
|
|
|
|
"vhost_topics": "{\"/\": {\"amq.topic\": {\"write\":\".*\", \"read\": \".*\"}}}"
|
2017-03-09 02:47:35 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Delete Role
|
|
|
|
|
|
|
|
|
|
This endpoint deletes the role definition.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
| Method | Path |
|
|
|
|
|
| :------- | :---------------------- |
|
|
|
|
|
| `DELETE` | `/rabbitmq/roles/:name` |
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
### Parameters
|
|
|
|
|
|
|
|
|
|
- `name` `(string: <required>)` – Specifies the name of the role to delete. This
|
|
|
|
|
is specified as part of the URL.
|
|
|
|
|
|
|
|
|
|
### Sample Request
|
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
<Tabs>
|
|
|
|
|
<Tab heading="cURL">
|
|
|
|
|
|
2020-05-21 17:18:17 +00:00
|
|
|
|
```shell-session
|
2017-03-09 02:47:35 +00:00
|
|
|
|
$ curl \
|
|
|
|
|
--header "X-Vault-Token: ..." \
|
|
|
|
|
--request DELETE \
|
2018-03-23 15:41:51 +00:00
|
|
|
|
http://127.0.0.1:8200/v1/rabbitmq/roles/my-role
|
2017-03-09 02:47:35 +00:00
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
<Tab heading="CLI">
|
|
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
|
vault delete rabbitmq/roles/my-role
|
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
</Tabs>
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
## Generate Credentials
|
|
|
|
|
|
|
|
|
|
This endpoint generates a new set of dynamic credentials based on the named
|
|
|
|
|
role.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
| Method | Path |
|
|
|
|
|
| :----- | :---------------------- |
|
|
|
|
|
| `GET` | `/rabbitmq/creds/:name` |
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
### Parameters
|
|
|
|
|
|
|
|
|
|
- `name` `(string: <required>)` – Specifies the name of the role to create
|
|
|
|
|
credentials against. This is specified as part of the URL.
|
|
|
|
|
|
|
|
|
|
### Sample Request
|
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
<Tabs>
|
|
|
|
|
<Tab heading="cURL">
|
|
|
|
|
|
2020-05-21 17:18:17 +00:00
|
|
|
|
```shell-session
|
2017-03-09 02:47:35 +00:00
|
|
|
|
$ curl \
|
|
|
|
|
--header "X-Vault-Token: ..." \
|
2018-03-23 15:41:51 +00:00
|
|
|
|
http://127.0.0.1:8200/v1/rabbitmq/creds/my-role
|
2017-03-09 02:47:35 +00:00
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
<Tab heading="CLI">
|
|
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
|
$ vault read rabbitmq/creds/my-role
|
|
|
|
|
```
|
2020-12-17 21:53:33 +00:00
|
|
|
|
|
2020-06-11 22:08:20 +00:00
|
|
|
|
</Tab>
|
|
|
|
|
</Tabs>
|
2017-03-09 02:47:35 +00:00
|
|
|
|
|
|
|
|
|
### Sample Response
|
|
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
|
|
|
|
"data": {
|
|
|
|
|
"username": "root-4b95bf47-281d-dcb5-8a60-9594f8056092",
|
|
|
|
|
"password": "e1b6c159-ca63-4c6a-3886-6639eae06c30"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
```
|