theapsgroup/vault

steampipe plugin install theapsgroup/vaultsteampipe plugin install theapsgroup/vault

Table: vault_pki_role

For querying Roles in the pki engines

Examples

Get all roles in PKI mounts

select
*
from
vault_pki_role;

Obtain roles which have Code Signing capabilities

select
path,
name,
from
vault_pki_role
where
code_signing_flag = 1;

.inspect vault_pki_role

Vault PKI Roles

NameTypeDescription
allow_any_namebooleanAllow any name
allow_ip_sansbooleanAllow IP based subject alternative names
allow_localhostbooleanAllow localhost
allow_sub_domainsbooleanAllow subdomains
allowed_domainsjsonbArray of allowed domain names
allowed_other_sansjsonbArray of allowed other subject alternative names
allowed_uri_sansjsonbArray of allowed URI based subject alternative names
client_flagbooleanCan generate client based certificates
code_signing_flagbooleanCan generate code-signing based certificates
key_bitsbigintLength of key in bits
key_typetextType of key used, example 'RSA'
max_ttlbigintMaximum TTL
nametextThe PKI role
pathtextThe path (mount point) of the engine containing PKI roles
server_flagbooleanCan generate server based certificates
ttlbigintDefault TTL