Updates one key vault configuration. Ops Manager merges the fields that you send with the stored configuration and leaves the fields that you omit unchanged.
Required Roles
Requires that the API Key calling this endpoint have the
Global Owner role.
Base URL: https://{OPSMANAGER-HOST}:{PORT}/api/public/v1.0/admin
Resource
PATCH /keyVault/{KEY-VAULT-ID}
Request Path Parameters
Name | Type | Description |
|---|---|---|
KEY-VAULT-ID | string | Unique identifier of the key vault configuration to update. |
Request Query Parameters
The following query parameters are optional:
Name | Type | Necessity | Description | Default |
|---|---|---|---|---|
pretty | boolean | Optional | Flag indicating whether the response body is in a prettyprint format. |
|
envelope | boolean | Optional | Flag that indicates whether to wrap the response in an envelope. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes:
|
|
Request Body Parameters
Name | Type | Necessity | Description |
|---|---|---|---|
friendlyName | string | Optional | Human-readable label that identifies this key vault configuration. Ops Manager displays this value in the Key Vault list and in the Vault Name field. |
type | string | Optional | Key vault provider type. Ops Manager accepts only |
url | string | Optional | Address of the HashiCorp Vault server that Ops Manager connects
to, such as |
auth | object | Optional | Authentication details that Ops Manager uses to connect to HashiCorp Vault. |
auth.mechanism | string | Conditional | Authentication method that Ops Manager uses to connect to
HashiCorp Vault. Required when you update the
|
auth.secret | string | Optional | Credential that Ops Manager uses to authenticate to HashiCorp Vault. When To keep the stored credential, omit this field or send the redacted value that Ops Manager returns. Ops Manager encrypts this value at rest and redacts it in API responses. |
auth.jwtClaims | object | Conditional | Claims that Ops Manager sends when it requests a JWT login from
HashiCorp Vault. Required when |
customCertificates | array | Optional | List of custom Certificate Authority certificates that Ops Manager uses for TLS verification when it connects to the HashiCorp Vault server. |
customCertificates[n].filename | string | Conditional | Name that identifies the Certificate Authority PEM file. Required for
each entry in |
customCertificates[n].certString | string | Conditional | Contents of the Certificate Authority PEM file. Required for each entry
in |
Response
Name | Type | Description |
|---|---|---|
id | string | Unique identifier that Ops Manager generates for this key vault
configuration. Use this value as the |
friendlyName | string | Human-readable label that identifies this key vault configuration. |
type | string | Key vault provider type. Ops Manager returns |
url | string | Address of the HashiCorp Vault server that Ops Manager connects to. |
auth | object | Authentication details that Ops Manager uses to connect to HashiCorp Vault. |
auth.mechanism | string | Authentication method that Ops Manager uses to connect to HashiCorp Vault. Ops Manager returns one of the following values:
|
auth.secret | string | Credential that Ops Manager uses to authenticate to HashiCorp
Vault. Ops Manager encrypts this value at rest and returns
|
auth.jwtClaims | object | Claims that Ops Manager sends when it requests a JWT login from
HashiCorp Vault. Ops Manager returns this object only when
|
customCertificates | array | List of custom Certificate Authority certificates that Ops Manager uses for TLS verification when it connects to the HashiCorp Vault server. |
customCertificates[n].filename | string | Name that identifies the Certificate Authority PEM file. |
customCertificates[n].certString | string | Contents of the Certificate Authority PEM file. Ops Manager returns
|
links | object array | One or more links to sub-resources or related resources. All
|
Example Request
curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --include \ --request PATCH 'https://<OpsManagerHost>:<Port>/api/public/v1.0/admin/keyVault/{KEY-VAULT-ID}?pretty=true' \ --data '{ "url": "https://vault.example.com:8200/" }'
Example Response
Response Header
401 Unauthorized Content-Type: application/json;charset=ISO-8859-1 Date: {dateInUnixFormat} WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false Content-Length: {requestLengthInBytes} Connection: keep-alive
200 OK Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Connection: keep-alive Content-Length: {requestLengthInBytes} X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
Response Body
{ "id": "{KEY-VAULT-ID}", "friendlyName": "myVault", "type": "HASHI_CORP", "url": "https://vault.example.com:8200/", "auth": { "mechanism": "TOKEN", "secret": "[REDACTED]" }, "links": [ { "href": "https://<OpsManagerHost>:<Port>/api/public/v1.0/admin/keyVault/{KEY-VAULT-ID}", "rel": "self" } ] }