GET PKI/HashiCorp/Role/{guid}

Retrieves policy information from Trust Protection Platform about a HashiCorp Vault PKI role.

Requirements

  • Permissions:  The caller must have View permission and Read permission to the role Policy object.
  • Token scope:  Certificate

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

{guid}

In the request URL, specify the GUID that uniquely identifies a HashiCorp role. To get the GUID, call POST Config/FindObjectsOfClass with these parameters:

  • Class:Policy.
  • ObjectDN: The parent folder to search.
  • Recursive1.
  • Pattern: The role name as the pattern. For example, Pattern:*role.

Returns

Response description
Name Description

HTTP 400 on Error

For invalid requests, this method returns:

Error: An error message for invalid parameters data, or syntax.

  • Invalid permissions. You do not have permission to read object.

HTTP 200 on Success

For valid requests, this method returns a HTTP 200 message and the following message body:

  • City: The City or Locality (L) field for the certificate Subject DN.
  • Country: The Country (C) field for the certificate Subject DN.
  • EnhancedKeyUsage: A set of HashiCorp comma separated values that control how the role may request a certificate.
  • FolderDN: The role assignment to a distinguished name of the Policy folder.
  • KeyAlgorithm: The HashiCorp allowable encryption algorithms for this role.
  • KeyBitSize: The HashiCorp allowable keybit strength for this role.
  • Organization: The Organization (O) field for the certificate Subject DN.
  • OrganizationalUnits: An array of department or divisions within the organization (OU) that is responsible for maintaining the certificate.
  • RoleName: The HashiCorp role name.
  • State: The State (ST) field for the certificate Subject DN.
  • WhitelistedDomains: An array of acceptable domains to use for Common Name (CN) and Domain Name Server (DNS) SANs in CSRs.

Example: List information about a HashiCorp role

Request

GET https://test.venafi.example/vedsdk/PKI/HashiCorp/Role/{a146f27d-2901-42f2-be01-541f0e640d35}
Authorization:Bearer 4MyGeneratedBearerTknz==

Response

HTTP/1.1 200 OK
{ 
   "City":"SLC",
   "Country":"US",
   "EnhancedKeyUsage":"string",
   "Error":null,
   "FolderDn":"\\VED\\Policy\\HashiCorp\\TestRole",
   "Guid":"{1951b602-ee26-4222-bd28-64f8b6f57db7}",
   "KeyAlgorithm":"EC",
   "KeyBitSize":"p512",
   "Organization":"Venafi",
   "OrganizationalUnits":[ 
      "Lab 71"
   ],
   "RoleName":"TestRole",
   "State":"UT",
   "WhitelistedDomains":[ 
      "OKdomain.com"
   ]
}