/dynamic-secret-create-ping

post https://api.akeyless.io/dynamic-secret-create-ping

Body Params

delete_protection

string

Protection from accidental deletion of this object [true/false]

description

string

Description of the object

json

boolean

Defaults to false

Set output format to JSON

name

string

required

Dynamic secret name

ping-administrative-port

string

Defaults to 9999

Ping Federate administrative port

ping-atm-id

string

Set a specific Access Token Management (ATM) instance for the created OAuth Client by providing the ATM Id. If no explicit value is given, the default pingfederate server ATM will be set.

ping-authorization-port

string

Defaults to 9031

Ping Federate authorization port

ping-cert-subject-dn

string

The subject DN of the client certificate. If no explicit value is given, the producer will create CA certificate and matched client certificate and return it as value. Used in conjunction with ping-issuer-dn (relevant for CLIENT_TLS_CERTIFICATE authentication method)

ping-client-authentication-type

string

Defaults to CLIENT_SECRET

OAuth Client Authentication Type [CLIENT_SECRET, PRIVATE_KEY_JWT, CLIENT_TLS_CERTIFICATE]

ping-enforce-replay-prevention

string

Defaults to false

Determines whether PingFederate requires a unique signed JWT from the client for each action (relevant for PRIVATE_KEY_JWT authentication method) [true/false]

ping-grant-types

array of strings

List of OAuth client grant types [IMPLICIT, AUTHORIZATION_CODE, CLIENT_CREDENTIALS, TOKEN_EXCHANGE, REFRESH_TOKEN, ASSERTION_GRANTS, PASSWORD, RESOURCE_OWNER_CREDENTIALS]. If no explicit value is given, AUTHORIZATION_CODE will be selected as default.

ping-grant-types

ping-issuer-dn

string

Issuer DN of trusted CA certificate that imported into Ping Federate server. You may select "Trust Any" to trust all the existing issuers in Ping Federate server. Used in conjunction with ping-cert-subject-dn (relevant for CLIENT_TLS_CERTIFICATE authentication method)

ping-jwks

string

Base64-encoded JSON Web Key Set (JWKS). If no explicit value is given, the producer will create JWKs and matched signed JWT (Sign Algo: RS256) and return it as value (relevant for PRIVATE_KEY_JWT authentication method)

ping-jwks-url

string

The URL of the JSON Web Key Set (JWKS). If no explicit value is given, the producer will create JWKs and matched signed JWT and return it as value (relevant for PRIVATE_KEY_JWT authentication method)

ping-password

string

Ping Federate privileged user password

ping-privileged-user

string

Ping Federate privileged user

ping-redirect-uris

array of strings

List of URIs to which the OAuth authorization server may redirect the resource owner's user agent after authorization is obtained. At least one redirection URI is required for the AUTHORIZATION_CODE and IMPLICIT grant types.

ping-redirect-uris

ping-restricted-scopes

array of strings

Limit the OAuth client to specific scopes list

ping-restricted-scopes

ping-signing-algo

string

The signing algorithm that the client must use to sign its request objects [RS256,RS384,RS512,ES256,ES384,ES512,PS256,PS384,PS512] If no explicit value is given, the client can use any of the supported signing algorithms (relevant for PRIVATE_KEY_JWT authentication method)

ping-url

string

Ping URL

producer-encryption-key-name

string

Dynamic producer encryption key

tags

array of strings

Add tags attached to this object

tags

target-name

string

Target name

token

string

Authentication token (see /auth and /configure)

uid-token

string

The universal identity token, Required only for universal_identity authentication

user-ttl

string

Defaults to 60m

The time from dynamic secret creation to expiration.

Responses

Response body

object

dynamic_secret_details

object

access_token_manager_id

string

acl_rules

array of strings

acl_rules

active

boolean

admin_name

string

admin_pwd

string

admin_rotation_interval_days

int64

administrative_port

string

artifactory_admin_apikey

string

artifactory_admin_username

string

artifactory_base_url

string

artifactory_token_audience

string

artifactory_token_scope

string

authorization_port

string

aws_access_key_id

string

aws_access_mode

string

aws_region

string

aws_role_arns

string

aws_secret_access_key

string

aws_session_tags

string

aws_session_token

string

aws_transitive_tag_keys

string

aws_user_console_access

boolean

aws_user_groups

string

aws_user_policies

string

aws_user_programmatic_access

boolean

azure_app_object_id

string

azure_client_id

string

azure_client_secret

string

azure_fixed_user_name_sub_claim_key

string

azure_fixed_user_only

boolean

azure_resource_group_name

string

azure_resource_name

string

azure_subscription_id

string

azure_tenant_id

string

azure_user_groups_obj_id

string

azure_user_portal_access

boolean

azure_user_programmatic_access

boolean

azure_user_roles_template_id

string

azure_username

string

cassandra_creation_statements

string

chef_organizations

string

chef_server_access_mode

string

chef_server_host_name

string

chef_server_key

string

chef_server_port

string

chef_server_url

string

chef_server_username

string

chef_skip_ssl

boolean

client_authentication_type

string

cloud_service_provider

string

cluster_mode

boolean

connection_type

string

create_sync_url

string

db_client_id

string

db_client_secret

string

db_host_name

string

db_isolation_level

string

db_max_idle_conns

string

db_max_open_conns

string

db_name

string

db_port

string

db_private_key

string

(Optional) Private Key in PEM format

db_private_key_passphrase

string

db_pwd

string

db_server_certificates

string

(Optional) DBServerCertificates defines the set of root certificate authorities
that clients use when verifying server certificates.
If DBServerCertificates is empty, TLS uses the host's root CA set.

db_server_name

string

(Optional) ServerName is used to verify the hostname on the returned
certificates unless InsecureSkipVerify is given. It is also included
in the client's handshake to support virtual hosting unless it is
an IP address.

db_tenant_id

string

db_user_name

string

delete_protection

boolean

dynamic_secret_id

int64

dynamic_secret_key

string

dynamic_secret_name

string

dynamic_secret_type

string

eks_access_key_id

string

eks_assume_role

string

eks_cluster_ca_certificate

string

eks_cluster_endpoint

string

eks_cluster_name

string

eks_region

string

eks_secret_access_key

string

enable_admin_rotation

boolean

enforce_replay_prevention

boolean

relevant for PRIVATE_KEY_JWT client authentication type

expiration_date

date-time

externally_provided_user

string

failure_message

string

fixed_user_only

string

gcp_key_algo

string

gcp_role_bindings

object

gcp_service_account_email

string

GCPServiceAccountEmail overrides the deprecated field from the target

gcp_service_account_key

string

gcp_service_account_key_base64

string

gcp_service_account_key_id

string

gcp_service_account_type

string

gcp_tmp_service_account_name

string

gcp_token_lifetime

string

gcp_token_scope

string

gcp_token_type

string

github_app_id

int64

github_app_private_key

string

github_base_url

string

github_installation_id

int64

github_installation_token_permissions

object

Has additional fields

github_installation_token_repositories

array of strings

github_installation_token_repositories

github_installation_token_repositories_ids

array of int64s

github_installation_token_repositories_ids

github_organization_name

string

github_repository_path

string

gitlab_access_token

string

gitlab_access_type

string

gitlab_certificate

string

gitlab_group_name

string

gitlab_project_name

string

gitlab_role

string

gitlab_token_scope

array of strings

gitlab_token_scope

gitlab_url

string

gke_cluster_ca_certificate

string

gke_cluster_endpoint

string

gke_cluster_name

string

gke_service_account_key

string

gke_service_account_name

string

google_workspace_access_mode

string

google_workspace_admin_name

string

google_workspace_fixed_user_name_sub_claim_key

string

google_workspace_group_name

string

google_workspace_group_role

string

google_workspace_role_name

string

google_workspace_role_scope

string

grant_types

array of strings

grant_types

groups

string

hanadb_creation_statements

string

hanadb_revocation_statements

string

host_name

string

host_port

string

implementation_type

string

is_fixed_user

string

issuer

string

relevant for CLIENT_TLS_CERTIFICATE client authentication type

item_targets_assoc

array of objects

item_targets_assoc

object

assoc_id

string

attributes

object

Has additional fields

target_id

int64

target_name

string

target_type

string

jwks

string

jwks_url

string

k8s_allowed_namespaces

string

comma-separated list of allowed namespaces. Can hold just * which signifies that any namespace is allowed

k8s_auth_type

string

k8s_bearer_token

string

k8s_client_cert_data

string

For K8s Client certificates authentication

k8s_client_key_data

string

k8s_cluster_ca_certificate

string

k8s_cluster_endpoint

string

k8s_cluster_name

string

k8s_dynamic_mode

boolean

when native k8s is in dynamic mode, user can define allowed namespaces,
K8sServiceAccount doesn't exist from the start and will only be created at time of getting dynamic secret value
By default dynamic mode is false and producer behaves like it did before

k8s_multiple_doc_yaml_temp_definition

array of uint8s

Yaml definition for creation of temporary objects. Field that can hold multiple docs from which following will be extracted:
ServiceAccount, Role/ClusterRole and RoleBinding/ClusterRoleBinding. If ServiceAccount not specified - it will be generated automatically

k8s_multiple_doc_yaml_temp_definition

k8s_namespace

string

k8s_role_name

string

Name of the pre-existing Role or ClusterRole to bind a generated service account to.

k8s_role_type

string

k8s_service_account

string

last_admin_rotation

int64

ldap_audience

string

ldap_bind_dn

string

ldap_bind_password

string

ldap_certificate

string

ldap_fixed_user_name_sub_claim_key

string

ldap_fixed_user_type

string

ldap_group_dn

string

ldap_token_expiration

string

ldap_url

string

ldap_user_attr

string

ldap_user_dn

string

metadata

string

mongodb_atlas_api_private_key

string

mongodb_atlas_api_public_key

string

mongodb_atlas_project_id

string

mongodb atlas fields

mongodb_custom_data

string

mongodb_db_name

string

common fields

mongodb_default_auth_db

string

mongodb_host_port

string

mongodb_is_atlas

boolean

mongodb_password

string

mongodb_roles

string

common fields

mongodb_uri_connection

string

mongodb fields

mongodb_uri_options

string

mongodb_username

string

mssql_creation_statements

string

mssql_revocation_statements

string

mysql_creation_statements

string

mysql_revocation_statements

string

oracle_creation_statements

string

oracle_revocation_statements

string

oracle_wallet_details

object

password

string

password_length

int64

password_policy

string

payload

string

ping_url

string

postgres_creation_statements

string

postgres_revocation_statements

string

privileged_user

string

rabbitmq_server_password

string

rabbitmq_server_uri

string

rabbitmq_server_user

string

rabbitmq_user_conf_permission

string

rabbitmq_user_read_permission

string

rabbitmq_user_tags

string

rabbitmq_user_vhost

string

rabbitmq_user_write_permission

string

rdp_fixed_user_name_sub_claim_key

string

redirect_uris

array of strings

redirect_uris

redshift_creation_statements

string

restricted_scopes

array of strings

restricted_scopes

revoke_sync_url

string

rotate_sync_url

string

scopes

array of strings

scopes

secure_remote_access_details

object

session_extension_warn_interval_min

int64

sf_account

string

sf_user_role

string

generated users info

sf_warehouse_name

string

should_stop

string

TODO delete this after migration

signing_algorithm

string

ssl_connection_certificate

string

(Optional) SSLConnectionCertificate defines the certificate for SSL connection. Must be base64 certificate loaded by UI using file loader field

ssl_connection_mode

boolean

(Optional) SSLConnectionMode defines if SSL mode will be used to connect to DB

subject_dn

string

tags

array of strings

tags

timeout_seconds

int64

use_gw_cloud_identity

boolean

use_gw_service_account

boolean

user_name

string

user_password

string

user_principal_name

string

user_ttl

string

username_length

int64

username_policy

string

venafi_allow_subdomains

boolean

venafi_allowed_domains

array of strings

venafi_allowed_domains

venafi_api_key

string

venafi_auto_generated_folder

string

venafi_base_url

string

venafi_root_first_in_chain

boolean

venafi_sign_using_akeyless_pki

boolean

venafi_signer_key_name

string

venafi_store_private_key

boolean

venafi_tpp_access_token

string

venafi_tpp_client_id

string

venafi_tpp_password

string

Deprecated: VenafiAccessToken and VenafiRefreshToken should be used instead

venafi_tpp_refresh_token

string

venafi_tpp_username

string

Deprecated: VenafiAccessToken and VenafiRefreshToken should be used instead

venafi_use_tpp

boolean

venafi_zone

string

warn_before_user_expiration_min

int64

Language


xxxxxxxxxx
14
1
curl --request POST \
2
     --url https://api.akeyless.io/dynamic-secret-create-ping \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json' \
5
     --data '
6
{
7
  "json": false,
8
  "ping-administrative-port": "9999",
9
  "ping-authorization-port": "9031",
10
  "ping-client-authentication-type": "CLIENT_SECRET",
11
  "ping-enforce-replay-prevention": "false",
12
  "user-ttl": "60m"
13
}
14
'

Click Try It! to start a request and see the response here! Or choose an example:

application/json

201dynamicSecretCreatePingResponse wraps response body.

defaulterrorResponse wraps any error to return it as a JSON object with one "error" field.