| Id |
An integer indicating the ID of the application.
|
| Name |
A string indicating the name of the application.
|
| Schedule |
An object containing the inventory schedule set for the application. Schedules are shown in cron syntax.  Show schedule details.
| Off |
Turn off a previously configured schedule. |
| Interval |
A dictionary that indicates a job scheduled to run every x minutes with the specified parameter. Any interval that is selected in the UI will be converted to minutes when stored in the database.| Minutes | An integer indicating the number of minutes between each interval. |
For example, every hour: Copy"Interval": {
"Minutes": 60
}
|
| Daily |
A dictionary that indicates a job scheduled to run every day at the same time with the parameter:
| Time |
The date and time to next run the job. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g., 2023-11-19T16:23:01Z). |
For example, daily at 11:30 pm:
Copy
"Daily": {
"Time": "2023-11-25T23:30:00Z"
}
|
Note: Although the Keyfactor API Reference and Utility—Swagger—Example Value may show examples of various other schedules, only the schedules shown here—that are available in the Management Portal for this functionality—are valid for this endpoint.
|
| Cert Store Type |
An integer indicating the ID of the certificate store type, as defined in Keyfactor Command, for this application. A value of -1 indicates that the application is not associated with a certificate store type.
Note: This parameter is considered deprecated and may be removed in a future release.
|
| Certificate Stores |
An array of objects indicating the certificate store data for the certificate stores within this application. Show certificate store details.
| Agent Assigned |
A Boolean that indicates whether there is an orchestrator assigned to this certificate store (true) or not (false). |
| AgentId |
A string indicating the Keyfactor Command GUID of the orchestrator for this store. |
| Application Id |
An integer indicating the ID of the certificate store's associated certificate store application. |
| Application Name |
A string indicating the name of the certificate store's associated application. |
| Approved |
A Boolean that indicates whether a certificate store is approved (true) or not (false). If a certificate store is approved, it can be used and updated. A certificate store that has been discovered using the discover feature but not yet marked as approved will be false here. |
| CertStore Inventory JobId |
A string indicating the GUID that identifies the inventory job for the certificate store in the Keyfactor Command database. This will be null if an inventory schedule is not set for the certificate store. |
| CertStore Type |
An integer indicating the ID of the certificate store type, as defined in Keyfactor Command, for this certificate store. Built-in certificates store types are: (0-Javakeystore, 2-PEMFile, 3-F5SSLProfiles,4-IISRoots, 5-NetScaler, 6-IISPersonal, 7-F5WebServer, 8-IISRevoked, 9-F5WebServerREST, 10-F5SSLProfilesREST, 11-F5CABundlesREST, 100-AmazonWebServices, 101-FileTransferProtocol). Any custom extensions for the Keyfactor Universal Orchestrator you add will have certificate store types numbered 102+. |
| Client Machine |
A string containing the client machine name. The value for this will vary depending on the certificate store type. Typically, it is the hostname of the machine on which the store is located, but this may vary. See Adding or Modifying a Certificate Store for more information.
|
| Create If Missing |
A Boolean that indicates whether a new certificate store should be created with the information provided (true) or not (false). This option is only valid for certificate store types you have defined to support this functionality. |
| Display Name |
A string indicating the display name of the certificate store.
|
| Id |
A string indicating the GUID of the certificate store within Keyfactor Command. |
| Inventory Schedule |
An object containing the inventory schedule for this certificate store. |
| Password |
An object indicating the source for and details of the credential information Keyfactor Command will use to access the certificates in a specific certificate store (the store password). This is different from credential information Keyfactor Command uses to access a certificate store server as a whole.
Certificate stores that require credentials support up to three possible credential options:
-
Use no store password.
This option is supported for Java keystores that would normally require a password, but can be configured with the no password option (see Value, below).
-
Store the credential information in the Keyfactor secrets table.
A Keyfactor secret is a user-defined password that is encrypted and stored securely in the Keyfactor Command database.
-
Load the credential information from a PAM provider.
See Privileged Access Management (PAM) and PAM Providers for more information.
Show password details.
| HasValue |
A Boolean indicating the password has a value set (true) or not (false). |
| Instance Guid |
A string indicating the Keyfactor Command reference GUID for the secret provider. If you are using a secret provider with a GUID ID, this will be used. This value is automatically set by Keyfactor Command. |
| InstanceId |
An integer indicating the Keyfactor Command reference ID for the secret provider. If you are using a secret provider with an integer ID, this will be used. This value is automatically set by Keyfactor Command. |
| IsManaged |
A Boolean indicating whether the credentials for the store are managed by a PAM provider (true) or stored in the Keyfactor secrets table (false). This value is automatically set by Keyfactor Command. |
|
Provider Type Parameter Values
|
An array of objects containing the values for the PAM provider types specified by ProviderTypeParams. Show PAM provider type parameter value details.
| Id |
An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter. |
| Instance Guid |
A string indicating the Keyfactor Command reference GUID for the PAM provider. If you are attaching to something with a GUID ID, this will be used. |
| Instance Id |
An integer indicating the Keyfactor Command reference ID for the PAM provider. If you are attaching to something with an integer Id, this will be used. |
| Provider |
An object containing information about the provider. Show PAM provider details.
| Area |
An integer indicating the area of Keyfactor Command the provider is used for. PAM providers generally have a value of 1, indicating they are used for certificate stores. |
| Id |
An integer indicating the Keyfactor Command reference ID for the PAM provider. |
| Name |
A string indicating the internal name for the PAM provider. |
| Provider Type |
An array of objects containing details about the provider type for the provider, including:
| Id |
A string indicating the Keyfactor Command reference GUID for the provider type. |
| Name |
A string that indicates the name of the provider type. |
|
Provider Type Params
|
An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records.
See below instance of ProviderTypeParam for details.
|
|
|
Provider Type Param Values
|
An array of objects containing the values for the provider types specified by ProviderTypeParams. See the previous level of ProviderTypeParamValues for details. |
| Remote |
A Boolean indicating whether the Remote Provider checkbox is checked when adding a new PAM provider (true), or not (false). See PAM Provider Configuration in Keyfactor Command. |
| Secured Area Id |
An integer indicating the Keyfactor Command reference ID for the certificate store container the PAM provider is associated with, if any.
This is considered deprecated and may be removed in a future release.
|
|
|
Provider Type Param
|
An array of objects that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records. Show PAM provider type parameter details.
| Data Type |
An integer indicating the data type for the parameter. Possible values are:
|
| Display Name |
A string indicating the display name for the PAM provider type parameter. For parameters with an InstanceLevel of false, this name appears on the PAM provider dialog for the parameter when a user creates a new PAM provider. For parameters with an InstanceLevel of true, this name appears on the Server dialog for the parameter when a user creates a new PAM provider. |
| Id |
An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter. |
| Instance Level |
A Boolean that sets whether the parameter is used to define the underlying PAM provider (false) or a field that needs to be set to a value when configuring a certificate store to use the PAM provider (true).
For an example, see GET PAM Providers.
|
| Name |
A string indicating the internal name for the PAM provider type parameter. |
| Provider Type |
An object containing details for the provider type.
|
Id
|
A string indicating the Keyfactor Command reference GUID for the PAM provider type parameter.
|
| Name |
A string indicating the internal name for the PAM provider type parameter.
|
| Provider Type Params |
Unused field |
|
|
| Value |
A string indicating the value set for the parameter (e.g., the name of the CyberArk folder where the protected object that stores the username or password resides). |
|
| ProviderId |
An integer indicating the Keyfactor Command reference ID for the PAM provider.
|
| RemoteProviderName |
A string indicating the name of the remote PAM provider, if applicable. |
| Secret Type Guid |
A string indicating the Keyfactor Command reference GUID for the type of credentials. This value is automatically set by Keyfactor Command. |
| Secret Value |
A string—submitted as an object—indicating a password to be stored as a Keyfactor secret.
Tip: To set the no password option on a store, submit the password with a null value. For example: Copy"Password": {
"SecretValue": {null}
}
To set the value to a string to be stored in the Keyfactor secrets table, include the password in quotes. For example: Copy"Password": {
"SecretValue": "MyVerySecurePassword"
}
|
Note: Secret data is stored in the secrets table or a PAM provider and is not returned in responses.
|
| Properties |
A string containing additional properties for the application. Only some types of certificate stores have additional properties that are stored in this parameter. The data is stored in a series of, typically, key value pairs that define the property name and value (see GET Certificate Store Types and GET Certificate Stores for more information).
|
| Reenrollment Status |
An object that indicates whether the certificate store can use the re-enrollment function with accompanying data about the re-enrollment job. Show reenrollment status details.
| AgentId |
A string indicating the Keyfactor Command GUID of the orchestrator that can re-enroll the certificate store. |
| Custom Alias Allowed |
An integer indicating the option for a custom alias for this certificate store.
- 0—forbidden
- 1—optional
- 2—required
|
| Data |
A Boolean that indicates whether the certificate store can use the re-enrollment function (true) or not (false). |
| Entry Parameters |
An array of objects indicating unique parameters that are required when performing management jobs on a certificate store of this type. Show entry parameter details.
| Default Value |
A string containing the default value for the entry parameter. If Type is Multiple Choice, this field should contain a single value that represents the default selection from the provided list (see Options) for this entry parameter. If Type is Boolean, this field should contain true or false.
|
| Depends On |
A string containing the name of the parameter on which this parameter depends. This only applies if at least two custom parameters have been created for this certificate store type. This option is used to configure one custom parameter to display only if another custom parameter contains a value. |
| Display Name |
A string containing the full display name of the entry parameter. |
| Name |
A string containing the short name of the entry parameter. |
| Options |
A string containing a comma-separated list of multiple choice options for this entry parameter.
|
| Required When |
An object containing Boolean values indicating the circumstances under which a value is required to be provided for this entry parameter. These are:
-
HasPrivateKey: If set to true, a value must be provided for this field when configuring a management job (either add or remove) if the certificate has an associated private key in Keyfactor Command. This would be the case, for example, when doing a PFX enrollment and adding the resulting certificate to a certificate store.
-
OnAdd: If set to true, a value must be provided for this field when configuring an add certificate job.
-
OnRemove: If set to true, a value must be provided for this field when configuring a remove certificate job.
-
OnReenrollment: If set to true, a value must be provided for this field when configuring a reenrollment job.
|
| Store Type ID |
An integer identifying the certificate store type. This is the same ID referenced by the StoreType parameter, above. |
| Type |
A string containing the type of the entry parameter:
-
String
-
Bool
-
MultipleChoice
-
Secret
|
Tip: What's the difference between properties (custom fields ) and entry parameters? - Properties are about the certificate store definition itself and are static. For example, you might use a property to define the primary node name of an F5 instance. This node name is the same no matter what inventory or management jobs you do with the F5 device(s). Values for properties are entered in the certificate store record when creating or editing the certificate store record.
- Entry parameters are about the specific certificate within the certificate store. They are used to send additional information related to the certificate to the server or device that hosts the certificate store when running management jobs for that certificate store. Often this is more fluid information that isn't the same for every use of that certificate store. For example, several virtual servers with separate certificates in the same folder may exist on a NetScaler device. When replacing one certificate, updates may need to be made to only the virtual server that is using the certificate. In this case, the authorized user will be prompted to enter the virtual server name based on an entry parameter. Values for entry parameters are entered at the time a management job is initiated (e.g., adding a certificate to a certificate store).
|
| Job Properties |
An object containing the unique entry parameters defined for the certificate store type. The key is the name of the specific parameter from the certificate store type definition as returned in the JobProperties on the store type using the GET CertificateStoreTypes method and the value is the value that should be set for that parameter on a certificate in the certificate store. |
| Message |
A string indicating the reason the certificate store cannot re-enroll, if applicable. |
|
| Set New Password Allowed |
A Boolean that indicates whether the store password can be changed (true) or not (false). |
| Storepath |
A string indicating the path to the certificate store on the target. The format for this path will vary depending on the certificate store type. For example, for a Java keystore, this will be a file path (e.g., /opt/myapp/store.jks), but for an F5 device, this will be a partition name on the device (e.g., Common). SeeAdding or Modifying a Certificate Store in the for more information. |
|
) at the bottom of the Management Portal side menu.