Secrets Vault API - Policy Object

The properties and attributes of an access policy.

{
	"policy_id",
	"revision",
	"created_at",
	"updated_at",
	"name",
	"desc",
	"principals": 
	[
      "ad_user" : 
      {
        "upn",
        "logon_name"
      },
      "ad_group" : 
      {
        "dn",
        "name",
      }
	],
	"role",
    "resources":
	[
      {
        "box_id",
        "secret_id" : []
      }
	]
}

Property	Description
policy_id	Unique identifier for an access policy. Type: String Source: Generated by the Secrets Vault.
revision	Revision Number. This number gets incremented whenever the policy object is modified. Type: Integer Source: Generated by the Secrets Vault.
created_at	The Date and Time that the policy was created. Type: String formatted as described in the Date Property in Secrets Vault API - Date Property Values. Source: Generated by the Secrets Vault.
updated_at	The Date and Time that the policy was last updated. Type: String formatted as described in the Date Property in Secrets Vault API - Date Property Values. Source: Generated by the Secrets Vault.
name	The name for the policy. The name can contain unicode characters, but cannot start with the '.' character. Type: String Length Constraints: Maximum length of 100 UTF-8 bytes. Source: Provided by the client. Required.
desc	The description of the policy. Can contain unicode characters. Type: String Length Constraints: Maximum length of 2048 UTF-8 bytes. Source: Provided by the client. Optional.
principals	The list of Active Directory Users and Groups who are granted access. Type: JSON Array Source: Provided by the client. Required.
ad_user/upn	The Active Directory User UPN. Type: String Source: Provided by the client for granting access to an Active Directory User. Example: "ad_user": { "upn" : "john@mycompany.com" }
ad_user/logon_name	The Active Directory User logon name. Type: String Source: Provided by the client for granting access to an Active Directory User. Example: "ad_user": { "logon_name" : "QADC\jane" }
ad_group	The Active Directory Group. The Group DN must be specified. One or more "ad_group" can be specified. Type: JSON Object Source: Provided by the client for granting access to an Active Directory Group.
ad_group/dn	The Active Directory Group DN Type: String Source: Provided by the client for granting access to an Active Directory Group. Example: "ad_group": { "dn" : "CN=VMware Admins,CN=Users,DC=qa,DC=dc,DC=hytrust,DC=com" }
ad_group/name	The name of the Active Directory Group Type: String Source: Provided by the client. Optional. Example: "ad_group": { "name" : "ESXi Host Administrators Group" }
role	The User role. Only the Vault User role is available. Type: String Value: "Vault User Role" Source: Provided by the client. Required.
resources	The list of boxes or secrets that the policy applies to. Type: JSON Array of JSON objects. Each entry in the list should have a box_id and secret_id specified. "box_id" is the box name or box ID. Use "". "" to indicate all the boxes. "secret_id" is the list of secret names or IDs. Use "*" to indicate all secrets within the box. Source: Provided by the client. Required. Example: "resources": [ { "box_id" : "ESXi Host Accounts", "secret_id" : [ "esxi-34-35.mycompany.com", "esxi-34-36.mycompany.com" ] } ]