PUT Certificate Authority Task Queue

The PUT /CertificateAuthority/TaskQueue method is used to update the configuration for the task queue in Keyfactor CommandThis method returns HTTP 200 OK on a success with the details submitted.

Tip:  The following permissions (see Security Roles and Claims) are required to use this feature:

/certificate_authorities/modify/

Important:  If you make changes to the task queue configuration, a restart the web server services (iisreset) on the Keyfactor Command server is required to clear any cached data and complete the change.

Table 365: PUT Certificate Authority Task Queue Input Body

Name

In

Description
TaskQueueURL Body

Required. The amqp or amqps URL to the RabbitMQ instance. For example:

amqps://appsrvr12.keyexample.com

TokenURL

Body

Required in some cases. A string indicating the bearer token URL. This is the URL of the token endpoint for your identity provider instance.

This field is required if OAuth authentication is used.
ClientID Body

Required in some cases. A string indicating the client ID used to authenticate to RabbitMQ, if OAuth authentication is selected.

This field is required if OAuth authentication is used.
ClientSecret

Body

Required in some cases. An object indicating the client secret information to use for authentication along with the ClientID to make the connection to RabbitMQ, if OAuth authentication is selected.

Supported methods to store secret information are:

  • Keyfactor: Store the secret information in the Keyfactor secrets table.

    A Keyfactor secret is a user-defined username or password that is encrypted and stored securely in the Keyfactor Command database.

  • PAM Provider: Load the secret information from a PAM provider.

    See Privileged Access Management (PAM) for more information.

Value Description
Secret Value

A string containing the secret. This parameter is used when PAM is not used as the storage location.
Parameters An object indicating the parameters to supply for PAM authentication. These will vary depending on the PAM provider.
Provider

An integer indicating the ID of the PAM provider.

Use the GET /PamProviders method (see GET PAM Providers) to retrieve a list of all the PAM providers to determine the ID.

For example, an access keya secreta passworda username stored as a Keyfactor secret will look like:

Copy 
{
   "SecretValue": "AbCdEfGhIjKlMnOpQrStUvWxYz1234567890"
}
Copy 
{
   "SecretValue": "KEYEXAMPLE\\API-User"
}

A secret stored as a CyberArk PAM secret will look like (where the Provider value—1 in this example—is the Id value from GET PAM Providers and the Safe, Folder, and Object reference the information in the CyberArk safe needed for this record):

Copy 
{
   "Provider": "1",
   "Parameters":{
      "Safe":"MySafeName",
      "Folder":"MyFolderName",
      "Object":"MyObjectName"
   }
}

A secret stored as a Delinea PAM secret will look like (where the Provider value—2 in this example—is the Id value from GET PAM Providers and the SecretId and SecretFieldName contain the information created in the Delinea secret server for this purpose):

Copy 
{
   "Provider": "2",
   "Parameters":{
      "SecretId":"MyId"
      "SecretFieldName":"MyReferenceName"
   }
}

Due to its sensitive nature, this value is not returned in responses.

This field is required if OAuth authentication is used.
Scope Body A string indicating any scopes that should be included in token requests to the identity provider, if OAuth authentication is selected. If multiple scopes are desired, they should be separated by spaces.
Username

Body

Required in some cases. A string indicating the username used to authenticate to RabbitMQ, if Basic authentication is selected.

This field is required if Basic authentication is used.
Audience Body A string indicating the audience that should be included in token requests to the identity provider, if OAuth authentication is selected.
Password

Body

Required in some cases. An object indicating the password information to use for authentication along with the Username to make the connection to RabbitMQ, if Basic authentication is selected.

Supported methods to store secret information are:

  • Keyfactor: Store the secret information in the Keyfactor secrets table.

    A Keyfactor secret is a user-defined username or password that is encrypted and stored securely in the Keyfactor Command database.

  • PAM Provider: Load the secret information from a PAM provider.

    See Privileged Access Management (PAM) for more information.

Value Description
Secret Value

A string containing the secret. This parameter is used when PAM is not used as the storage location.
Parameters An object indicating the parameters to supply for PAM authentication. These will vary depending on the PAM provider.
Provider

An integer indicating the ID of the PAM provider.

Use the GET /PamProviders method (see GET PAM Providers) to retrieve a list of all the PAM providers to determine the ID.

For example, an access keya secreta passworda username stored as a Keyfactor secret will look like:

Copy 
{
   "SecretValue": "AbCdEfGhIjKlMnOpQrStUvWxYz1234567890"
}
Copy 
{
   "SecretValue": "KEYEXAMPLE\\API-User"
}

A secret stored as a CyberArk PAM secret will look like (where the Provider value—1 in this example—is the Id value from GET PAM Providers and the Safe, Folder, and Object reference the information in the CyberArk safe needed for this record):

Copy 
{
   "Provider": "1",
   "Parameters":{
      "Safe":"MySafeName",
      "Folder":"MyFolderName",
      "Object":"MyObjectName"
   }
}

A secret stored as a Delinea PAM secret will look like (where the Provider value—2 in this example—is the Id value from GET PAM Providers and the SecretId and SecretFieldName contain the information created in the Delinea secret server for this purpose):

Copy 
{
   "Provider": "2",
   "Parameters":{
      "SecretId":"MyId"
      "SecretFieldName":"MyReferenceName"
   }
}

Due to its sensitive nature, this value is not returned in responses.

This field is required if Basic authentication is used.
AuthType Body Required. A string indicating the type of authentication used to make the connection to RabbitMQ. Supported values are Basic or OAuth.

Table 366: PUT Certificate Authority Alert Recipients CA Threshold Recipients {id} Response Body

Name

Description
TaskQueueURL

The amqp or amqps URL to the RabbitMQ instance. For example:

amqps://appsrvr12.keyexample.com

TokenURL

A string indicating the bearer token URL. This is the URL of the token endpoint for your identity provider instance.
ClientID

A string indicating the client ID used to authenticate to RabbitMQ, if OAuth authentication is selected.
ClientSecret

An object indicating the client secret information to use for authentication along with the ClientID to make the connection to RabbitMQ, if OAuth authentication is selected.

Supported methods to store secret information are:

  • Keyfactor: Store the secret information in the Keyfactor secrets table.

    A Keyfactor secret is a user-defined username or password that is encrypted and stored securely in the Keyfactor Command database.

  • PAM Provider: Load the secret information from a PAM provider.

    See Privileged Access Management (PAM) for more information.

Value Description
Secret Value

A string containing the secret. This parameter is used when PAM is not used as the storage location.
Parameters An object indicating the parameters to supply for PAM authentication. These will vary depending on the PAM provider.
Provider

An integer indicating the ID of the PAM provider.

Use the GET /PamProviders method (see GET PAM Providers) to retrieve a list of all the PAM providers to determine the ID.

For example, an access keya secreta passworda username stored as a Keyfactor secret will look like:

Copy 
{
   "SecretValue": "AbCdEfGhIjKlMnOpQrStUvWxYz1234567890"
}
Copy 
{
   "SecretValue": "KEYEXAMPLE\\API-User"
}

A secret stored as a CyberArk PAM secret will look like (where the Provider value—1 in this example—is the Id value from GET PAM Providers and the Safe, Folder, and Object reference the information in the CyberArk safe needed for this record):

Copy 
{
   "Provider": "1",
   "Parameters":{
      "Safe":"MySafeName",
      "Folder":"MyFolderName",
      "Object":"MyObjectName"
   }
}

A secret stored as a Delinea PAM secret will look like (where the Provider value—2 in this example—is the Id value from GET PAM Providers and the SecretId and SecretFieldName contain the information created in the Delinea secret server for this purpose):

Copy 
{
   "Provider": "2",
   "Parameters":{
      "SecretId":"MyId"
      "SecretFieldName":"MyReferenceName"
   }
}

Due to its sensitive nature, this value is not returned in responses.
Scope A string indicating any scopes that should be included in token requests to the identity provider, if OAuth authentication is selected. If multiple scopes are desired, they should be separated by spaces.
Username

A string indicating the username used to authenticate to RabbitMQ, if Basic authentication is selected.
Audience A string indicating the audience that should be included in token requests to the identity provider, if OAuth authentication is selected.
Password

An object indicating the password information to use for authentication along with the Username to make the connection to RabbitMQ, if Basic authentication is selected.

Supported methods to store secret information are:

  • Keyfactor: Store the secret information in the Keyfactor secrets table.

    A Keyfactor secret is a user-defined username or password that is encrypted and stored securely in the Keyfactor Command database.

  • PAM Provider: Load the secret information from a PAM provider.

    See Privileged Access Management (PAM) for more information.

Value Description
Secret Value

A string containing the secret. This parameter is used when PAM is not used as the storage location.
Parameters An object indicating the parameters to supply for PAM authentication. These will vary depending on the PAM provider.
Provider

An integer indicating the ID of the PAM provider.

Use the GET /PamProviders method (see GET PAM Providers) to retrieve a list of all the PAM providers to determine the ID.

For example, an access keya secreta passworda username stored as a Keyfactor secret will look like:

Copy 
{
   "SecretValue": "AbCdEfGhIjKlMnOpQrStUvWxYz1234567890"
}
Copy 
{
   "SecretValue": "KEYEXAMPLE\\API-User"
}

A secret stored as a CyberArk PAM secret will look like (where the Provider value—1 in this example—is the Id value from GET PAM Providers and the Safe, Folder, and Object reference the information in the CyberArk safe needed for this record):

Copy 
{
   "Provider": "1",
   "Parameters":{
      "Safe":"MySafeName",
      "Folder":"MyFolderName",
      "Object":"MyObjectName"
   }
}

A secret stored as a Delinea PAM secret will look like (where the Provider value—2 in this example—is the Id value from GET PAM Providers and the SecretId and SecretFieldName contain the information created in the Delinea secret server for this purpose):

Copy 
{
   "Provider": "2",
   "Parameters":{
      "SecretId":"MyId"
      "SecretFieldName":"MyReferenceName"
   }
}

Due to its sensitive nature, this value is not returned in responses.
AuthType A string indicating the type of authentication used to make the connection to RabbitMQ. Supported values are Basic or OAuth.
Tip:  See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflowClosed A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon () at the top of the Management Portal page next to the Log Out button.