Skip to main content

windmill_api/models/
vault_settings.rs

1/*
2 * Windmill API
3 *
4 * No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
5 *
6 * The version of the OpenAPI document: 1.716.0
7 * Contact: contact@windmill.dev
8 * Generated by: https://openapi-generator.tech
9 */
10
11use crate::models;
12use serde::{Deserialize, Serialize};
13
14#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
15pub struct VaultSettings {
16    /// HashiCorp Vault server address (e.g., https://vault.company.com:8200)
17    #[serde(rename = "address")]
18    pub address: String,
19    /// KV v2 secrets engine mount path (e.g., windmill)
20    #[serde(rename = "mount_path")]
21    pub mount_path: String,
22    /// Optional path prefix inserted between the KV data/metadata segment and the workspace id (e.g., \"apps/windmill\"). When set, secrets are stored at `<mount>/data/<prefix>/<workspace>/<secret>`, allowing a Vault policy scoped to exactly `<mount>/data/<prefix>/_*`.
23    #[serde(rename = "kv_secret_path_prefix", skip_serializing_if = "Option::is_none")]
24    pub kv_secret_path_prefix: Option<String>,
25    /// Vault JWT auth role name for Windmill (optional, if not provided token auth is used)
26    #[serde(rename = "jwt_role", skip_serializing_if = "Option::is_none")]
27    pub jwt_role: Option<String>,
28    /// Mount path for the JWT auth method in Vault (optional, defaults to \"jwt\"). Set this when the JWT auth method is mounted at a non-default path, e.g. via `vault auth enable -path=<mount> jwt`.
29    #[serde(rename = "jwt_mount_path", skip_serializing_if = "Option::is_none")]
30    pub jwt_mount_path: Option<String>,
31    /// Vault Enterprise namespace (optional)
32    #[serde(rename = "namespace", skip_serializing_if = "Option::is_none")]
33    pub namespace: Option<String>,
34    /// Static Vault token for testing/development (optional, if provided this is used instead of JWT authentication)
35    #[serde(rename = "token", skip_serializing_if = "Option::is_none")]
36    pub token: Option<String>,
37    /// Skip TLS certificate verification when connecting to Vault. Only use for self-signed certificates in development environments.
38    #[serde(rename = "skip_ssl_verify", skip_serializing_if = "Option::is_none")]
39    pub skip_ssl_verify: Option<bool>,
40}
41
42impl VaultSettings {
43    pub fn new(address: String, mount_path: String) -> VaultSettings {
44        VaultSettings {
45            address,
46            mount_path,
47            kv_secret_path_prefix: None,
48            jwt_role: None,
49            jwt_mount_path: None,
50            namespace: None,
51            token: None,
52            skip_ssl_verify: None,
53        }
54    }
55}
56