diff --git a/docs/AuthEnableMethodRequest.md b/docs/AuthEnableMethodRequest.md
index 20854bb6..4ca0759c 100644
--- a/docs/AuthEnableMethodRequest.md
+++ b/docs/AuthEnableMethodRequest.md
@@ -10,7 +10,7 @@ Name | Type | Description | Notes
**Local** | **bool** | Mark the mount as a local mount, which is not replicated and is unaffected by replication. | [optional] [default to false]
**Options** | **Object** | The options to pass into the backend. Should be a json object with string keys and values. | [optional]
**PluginName** | **string** | Name of the auth plugin to use based from the name in the plugin catalog. | [optional]
-**PluginVersion** | **string** | The semantic version of the plugin to use. | [optional]
+**PluginVersion** | **string** | The semantic version of the plugin to use, or image tag if oci_image is provided. | [optional]
**SealWrap** | **bool** | Whether to turn on seal wrapping for the mount. | [optional] [default to false]
**Type** | **string** | The type of the backend. Example: \"userpass\" | [optional]
diff --git a/docs/AuthTuneConfigurationParametersRequest.md b/docs/AuthTuneConfigurationParametersRequest.md
index 530746c5..1f6d78ea 100644
--- a/docs/AuthTuneConfigurationParametersRequest.md
+++ b/docs/AuthTuneConfigurationParametersRequest.md
@@ -13,7 +13,7 @@ Name | Type | Description | Notes
**MaxLeaseTtl** | **string** | The max lease TTL for this mount. | [optional]
**Options** | **Object** | The options to pass into the backend. Should be a json object with string keys and values. | [optional]
**PassthroughRequestHeaders** | **List<string>** | A list of headers to whitelist and pass from the request to the plugin. | [optional]
-**PluginVersion** | **string** | The semantic version of the plugin to use. | [optional]
+**PluginVersion** | **string** | The semantic version of the plugin to use, or image tag if oci_image is provided. | [optional]
**TokenType** | **string** | The type of token to issue (service or batch). | [optional]
**UserLockoutConfig** | **Object** | The user lockout configuration to pass into the backend. Should be a json object with string keys and values. | [optional]
diff --git a/docs/AwsConfigureClientRequest.md b/docs/AwsConfigureClientRequest.md
index 286eb808..60537363 100644
--- a/docs/AwsConfigureClientRequest.md
+++ b/docs/AwsConfigureClientRequest.md
@@ -13,6 +13,7 @@ Name | Type | Description | Notes
**SecretKey** | **string** | AWS Secret Access Key for the account used to make AWS API requests. | [optional] [default to ""]
**StsEndpoint** | **string** | URL to override the default generated endpoint for making AWS STS API calls. | [optional] [default to ""]
**StsRegion** | **string** | The region ID for the sts_endpoint, if set. | [optional] [default to ""]
+**UseStsRegionFromClient** | **bool** | Uses the STS region from client requests for making AWS STS API calls. | [optional] [default to false]
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/AwsLoginRequest.md b/docs/AwsLoginRequest.md
index 9dc1e44a..d8e61cbf 100644
--- a/docs/AwsLoginRequest.md
+++ b/docs/AwsLoginRequest.md
@@ -4,7 +4,7 @@
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
-**IamHttpRequestMethod** | **string** | HTTP method to use for the AWS request when auth_type is iam. This must match what has been signed in the presigned request. Currently, POST is the only supported value | [optional]
+**IamHttpRequestMethod** | **string** | HTTP method to use for the AWS request when auth_type is iam. This must match what has been signed in the presigned request. | [optional]
**IamRequestBody** | **string** | Base64-encoded request body when auth_type is iam. This must match the request body included in the signature. | [optional]
**IamRequestHeaders** | **string** | Key/value pairs of headers for use in the sts:GetCallerIdentity HTTP requests headers when auth_type is iam. Can be either a Base64-encoded, JSON-serialized string, or a JSON object of key/value pairs. This must at a minimum include the headers over which AWS has included a signature. | [optional]
**IamRequestUrl** | **string** | Base64-encoded full URL against which to make the AWS request when using iam auth_type. | [optional]
diff --git a/docs/DatabaseWriteStaticRoleRequest.md b/docs/DatabaseWriteStaticRoleRequest.md
index cd85dd03..3a80c85f 100644
--- a/docs/DatabaseWriteStaticRoleRequest.md
+++ b/docs/DatabaseWriteStaticRoleRequest.md
@@ -7,8 +7,10 @@ Name | Type | Description | Notes
**CredentialConfig** | **Object** | The configuration for the given credential_type. | [optional]
**CredentialType** | **string** | The type of credential to manage. Options include: 'password', 'rsa_private_key'. Defaults to 'password'. | [optional] [default to "password"]
**DbName** | **string** | Name of the database this role acts on. | [optional]
-**RotationPeriod** | **string** | Period for automatic credential rotation of the given username. Not valid unless used with \"username\". | [optional]
+**RotationPeriod** | **string** | Period for automatic credential rotation of the given username. Not valid unless used with \"username\". Mutually exclusive with \"rotation_schedule.\" | [optional]
+**RotationSchedule** | **string** | Schedule for automatic credential rotation of the given username. Mutually exclusive with \"rotation_period.\" | [optional]
**RotationStatements** | **List<string>** | Specifies the database statements to be executed to rotate the accounts credentials. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter. | [optional]
+**RotationWindow** | **string** | The window of time in which rotations are allowed to occur starting from a given \"rotation_schedule\". Requires \"rotation_schedule\" to be specified | [optional]
**Username** | **string** | Name of the static user account for Vault to manage. Requires \"rotation_period\" to be specified | [optional]
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/MountsEnableSecretsEngineRequest.md b/docs/MountsEnableSecretsEngineRequest.md
index 1d4d28c4..1407b24d 100644
--- a/docs/MountsEnableSecretsEngineRequest.md
+++ b/docs/MountsEnableSecretsEngineRequest.md
@@ -10,7 +10,7 @@ Name | Type | Description | Notes
**Local** | **bool** | Mark the mount as a local mount, which is not replicated and is unaffected by replication. | [optional] [default to false]
**Options** | **Object** | The options to pass into the backend. Should be a json object with string keys and values. | [optional]
**PluginName** | **string** | Name of the plugin to mount based from the name registered in the plugin catalog. | [optional]
-**PluginVersion** | **string** | The semantic version of the plugin to use. | [optional]
+**PluginVersion** | **string** | The semantic version of the plugin to use, or image tag if oci_image is provided. | [optional]
**SealWrap** | **bool** | Whether to turn on seal wrapping for the mount. | [optional] [default to false]
**Type** | **string** | The type of the backend. Example: \"passthrough\" | [optional]
diff --git a/docs/MountsReadConfigurationResponse.md b/docs/MountsReadConfigurationResponse.md
index 211ae9b1..eb30da75 100644
--- a/docs/MountsReadConfigurationResponse.md
+++ b/docs/MountsReadConfigurationResponse.md
@@ -11,7 +11,7 @@ Name | Type | Description | Notes
**ExternalEntropyAccess** | **bool** | | [optional]
**Local** | **bool** | Mark the mount as a local mount, which is not replicated and is unaffected by replication. | [optional] [default to false]
**Options** | **Object** | The options to pass into the backend. Should be a json object with string keys and values. | [optional]
-**PluginVersion** | **string** | The semantic version of the plugin to use. | [optional]
+**PluginVersion** | **string** | The semantic version of the plugin to use, or image tag if oci_image is provided. | [optional]
**RunningPluginVersion** | **string** | | [optional]
**RunningSha256** | **string** | | [optional]
**SealWrap** | **bool** | Whether to turn on seal wrapping for the mount. | [optional] [default to false]
diff --git a/docs/MountsReadTuningInformationResponse.md b/docs/MountsReadTuningInformationResponse.md
index 8d734523..f893cdca 100644
--- a/docs/MountsReadTuningInformationResponse.md
+++ b/docs/MountsReadTuningInformationResponse.md
@@ -16,7 +16,7 @@ Name | Type | Description | Notes
**MaxLeaseTtl** | **int** | The max lease TTL for this mount. | [optional]
**Options** | **Object** | The options to pass into the backend. Should be a json object with string keys and values. | [optional]
**PassthroughRequestHeaders** | **List<string>** | | [optional]
-**PluginVersion** | **string** | The semantic version of the plugin to use. | [optional]
+**PluginVersion** | **string** | The semantic version of the plugin to use, or image tag if oci_image is provided. | [optional]
**TokenType** | **string** | The type of token to issue (service or batch). | [optional]
**UserLockoutCounterResetDuration** | **long** | | [optional]
**UserLockoutDisable** | **bool** | | [optional]
diff --git a/docs/MountsTuneConfigurationParametersRequest.md b/docs/MountsTuneConfigurationParametersRequest.md
index eef3e466..9cc008d5 100644
--- a/docs/MountsTuneConfigurationParametersRequest.md
+++ b/docs/MountsTuneConfigurationParametersRequest.md
@@ -14,7 +14,7 @@ Name | Type | Description | Notes
**MaxLeaseTtl** | **string** | The max lease TTL for this mount. | [optional]
**Options** | **Object** | The options to pass into the backend. Should be a json object with string keys and values. | [optional]
**PassthroughRequestHeaders** | **List<string>** | A list of headers to whitelist and pass from the request to the plugin. | [optional]
-**PluginVersion** | **string** | The semantic version of the plugin to use. | [optional]
+**PluginVersion** | **string** | The semantic version of the plugin to use, or image tag if oci_image is provided. | [optional]
**TokenType** | **string** | The type of token to issue (service or batch). | [optional]
**UserLockoutConfig** | **Object** | The user lockout configuration to pass into the backend. Should be a json object with string keys and values. | [optional]
diff --git a/docs/PkiPatchIssuerResponse.md b/docs/PkiPatchIssuerResponse.md
index a9379c0b..faeaeaad 100644
--- a/docs/PkiPatchIssuerResponse.md
+++ b/docs/PkiPatchIssuerResponse.md
@@ -14,7 +14,7 @@ Name | Type | Description | Notes
**KeyId** | **string** | Key Id | [optional]
**LeafNotAfterBehavior** | **string** | Leaf Not After Behavior | [optional]
**ManualChain** | **List<string>** | Manual Chain | [optional]
-**OcspServers** | **List<string>** | OSCP Servers | [optional]
+**OcspServers** | **List<string>** | OCSP Servers | [optional]
**RevocationSignatureAlgorithm** | **string** | Revocation Signature Alogrithm | [optional]
**RevocationTime** | **int** | | [optional]
**RevocationTimeRfc3339** | **string** | | [optional]
diff --git a/docs/PkiReadIssuerResponse.md b/docs/PkiReadIssuerResponse.md
index 2dda8867..63e3f663 100644
--- a/docs/PkiReadIssuerResponse.md
+++ b/docs/PkiReadIssuerResponse.md
@@ -14,7 +14,7 @@ Name | Type | Description | Notes
**KeyId** | **string** | Key Id | [optional]
**LeafNotAfterBehavior** | **string** | Leaf Not After Behavior | [optional]
**ManualChain** | **List<string>** | Manual Chain | [optional]
-**OcspServers** | **List<string>** | OSCP Servers | [optional]
+**OcspServers** | **List<string>** | OCSP Servers | [optional]
**RevocationSignatureAlgorithm** | **string** | Revocation Signature Alogrithm | [optional]
**RevocationTime** | **int** | | [optional]
**RevocationTimeRfc3339** | **string** | | [optional]
diff --git a/docs/PkiWriteIssuerResponse.md b/docs/PkiWriteIssuerResponse.md
index 647e5b8f..024fa1d4 100644
--- a/docs/PkiWriteIssuerResponse.md
+++ b/docs/PkiWriteIssuerResponse.md
@@ -14,7 +14,7 @@ Name | Type | Description | Notes
**KeyId** | **string** | Key Id | [optional]
**LeafNotAfterBehavior** | **string** | Leaf Not After Behavior | [optional]
**ManualChain** | **List<string>** | Manual Chain | [optional]
-**OcspServers** | **List<string>** | OSCP Servers | [optional]
+**OcspServers** | **List<string>** | OCSP Servers | [optional]
**RevocationSignatureAlgorithm** | **string** | Revocation Signature Alogrithm | [optional]
**RevocationTime** | **int** | | [optional]
**RevocationTimeRfc3339** | **string** | | [optional]
diff --git a/docs/PluginsCatalogReadPluginConfigurationResponse.md b/docs/PluginsCatalogReadPluginConfigurationResponse.md
index 6567855e..18fc4269 100644
--- a/docs/PluginsCatalogReadPluginConfigurationResponse.md
+++ b/docs/PluginsCatalogReadPluginConfigurationResponse.md
@@ -9,8 +9,9 @@ Name | Type | Description | Notes
**Command** | **string** | The command used to start the plugin. The executable defined in this command must exist in vault's plugin directory. | [optional]
**DeprecationStatus** | **string** | | [optional]
**Name** | **string** | The name of the plugin | [optional]
-**Sha256** | **string** | The SHA256 sum of the executable used in the command field. This should be HEX encoded. | [optional]
-**_Version** | **string** | The semantic version of the plugin to use. | [optional]
+**OciImage** | **string** | The name of the OCI image to be run, without the tag or SHA256. Must already be present on the machine. | [optional]
+**Sha256** | **string** | The SHA256 sum of the executable or container to be run. This should be HEX encoded. | [optional]
+**_Version** | **string** | The semantic version of the plugin to use, or image tag if oci_image is provided. | [optional]
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/PluginsCatalogReadPluginConfigurationWithTypeResponse.md b/docs/PluginsCatalogReadPluginConfigurationWithTypeResponse.md
index 190316e1..fcb98450 100644
--- a/docs/PluginsCatalogReadPluginConfigurationWithTypeResponse.md
+++ b/docs/PluginsCatalogReadPluginConfigurationWithTypeResponse.md
@@ -9,8 +9,9 @@ Name | Type | Description | Notes
**Command** | **string** | The command used to start the plugin. The executable defined in this command must exist in vault's plugin directory. | [optional]
**DeprecationStatus** | **string** | | [optional]
**Name** | **string** | The name of the plugin | [optional]
-**Sha256** | **string** | The SHA256 sum of the executable used in the command field. This should be HEX encoded. | [optional]
-**_Version** | **string** | The semantic version of the plugin to use. | [optional]
+**OciImage** | **string** | The name of the OCI image to be run, without the tag or SHA256. Must already be present on the machine. | [optional]
+**Sha256** | **string** | The SHA256 sum of the executable or container to be run. This should be HEX encoded. | [optional]
+**_Version** | **string** | The semantic version of the plugin to use, or image tag if oci_image is provided. | [optional]
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/PluginsCatalogRegisterPluginRequest.md b/docs/PluginsCatalogRegisterPluginRequest.md
index 1abe6230..5ef74812 100644
--- a/docs/PluginsCatalogRegisterPluginRequest.md
+++ b/docs/PluginsCatalogRegisterPluginRequest.md
@@ -7,8 +7,9 @@ Name | Type | Description | Notes
**Args** | **List<string>** | The args passed to plugin command. | [optional]
**Command** | **string** | The command used to start the plugin. The executable defined in this command must exist in vault's plugin directory. | [optional]
**Env** | **List<string>** | The environment variables passed to plugin command. Each entry is of the form \"key=value\". | [optional]
-**Sha256** | **string** | The SHA256 sum of the executable used in the command field. This should be HEX encoded. | [optional]
-**_Version** | **string** | The semantic version of the plugin to use. | [optional]
+**OciImage** | **string** | The name of the OCI image to be run, without the tag or SHA256. Must already be present on the machine. | [optional]
+**Sha256** | **string** | The SHA256 sum of the executable or container to be run. This should be HEX encoded. | [optional]
+**_Version** | **string** | The semantic version of the plugin to use, or image tag if oci_image is provided. | [optional]
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/PluginsCatalogRegisterPluginWithTypeRequest.md b/docs/PluginsCatalogRegisterPluginWithTypeRequest.md
index 0fbf122f..9ebe207a 100644
--- a/docs/PluginsCatalogRegisterPluginWithTypeRequest.md
+++ b/docs/PluginsCatalogRegisterPluginWithTypeRequest.md
@@ -7,8 +7,9 @@ Name | Type | Description | Notes
**Args** | **List<string>** | The args passed to plugin command. | [optional]
**Command** | **string** | The command used to start the plugin. The executable defined in this command must exist in vault's plugin directory. | [optional]
**Env** | **List<string>** | The environment variables passed to plugin command. Each entry is of the form \"key=value\". | [optional]
-**Sha256** | **string** | The SHA256 sum of the executable used in the command field. This should be HEX encoded. | [optional]
-**_Version** | **string** | The semantic version of the plugin to use. | [optional]
+**OciImage** | **string** | The name of the OCI image to be run, without the tag or SHA256. Must already be present on the machine. | [optional]
+**Sha256** | **string** | The SHA256 sum of the executable or container to be run. This should be HEX encoded. | [optional]
+**_Version** | **string** | The semantic version of the plugin to use, or image tag if oci_image is provided. | [optional]
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/docs/PluginsRuntimesCatalogListPluginsRuntimesResponse.md b/docs/PluginsRuntimesCatalogListPluginsRuntimesResponse.md
new file mode 100644
index 00000000..122dc819
--- /dev/null
+++ b/docs/PluginsRuntimesCatalogListPluginsRuntimesResponse.md
@@ -0,0 +1,10 @@
+# Vault.Model.PluginsRuntimesCatalogListPluginsRuntimesResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Runtimes** | **List<Object>** | List of all plugin runtimes in the catalog | [optional]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/PluginsRuntimesCatalogReadPluginRuntimeConfigurationResponse.md b/docs/PluginsRuntimesCatalogReadPluginRuntimeConfigurationResponse.md
new file mode 100644
index 00000000..53678741
--- /dev/null
+++ b/docs/PluginsRuntimesCatalogReadPluginRuntimeConfigurationResponse.md
@@ -0,0 +1,15 @@
+# Vault.Model.PluginsRuntimesCatalogReadPluginRuntimeConfigurationResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CgroupParent** | **string** | Optional parent cgroup for the container | [optional]
+**CpuNanos** | **long** | The limit of runtime CPU in nanos | [optional]
+**MemoryBytes** | **long** | The limit of runtime memory in bytes | [optional]
+**Name** | **string** | The name of the plugin runtime | [optional]
+**OciRuntime** | **string** | The OCI-compatible runtime (default \"runsc\") | [optional]
+**Type** | **string** | The type of the plugin runtime | [optional]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/PluginsRuntimesCatalogRegisterPluginRuntimeRequest.md b/docs/PluginsRuntimesCatalogRegisterPluginRuntimeRequest.md
new file mode 100644
index 00000000..e97a305e
--- /dev/null
+++ b/docs/PluginsRuntimesCatalogRegisterPluginRuntimeRequest.md
@@ -0,0 +1,13 @@
+# Vault.Model.PluginsRuntimesCatalogRegisterPluginRuntimeRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CgroupParent** | **string** | Optional parent cgroup for the container | [optional]
+**CpuNanos** | **long** | The limit of runtime CPU in nanos | [optional]
+**MemoryBytes** | **long** | The limit of runtime memory in bytes | [optional]
+**OciRuntime** | **string** | The OCI-compatible runtime (default \"runsc\") | [optional]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/RateLimitQuotasReadResponse.md b/docs/RateLimitQuotasReadResponse.md
index 3df7345a..b57e2bc6 100644
--- a/docs/RateLimitQuotasReadResponse.md
+++ b/docs/RateLimitQuotasReadResponse.md
@@ -5,6 +5,7 @@
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**BlockInterval** | **int** | | [optional]
+**Inheritable** | **bool** | | [optional]
**Interval** | **int** | | [optional]
**Name** | **string** | | [optional]
**Path** | **string** | | [optional]
diff --git a/docs/RateLimitQuotasWriteRequest.md b/docs/RateLimitQuotasWriteRequest.md
index a3b0a696..a398581f 100644
--- a/docs/RateLimitQuotasWriteRequest.md
+++ b/docs/RateLimitQuotasWriteRequest.md
@@ -5,6 +5,7 @@
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**BlockInterval** | **string** | If set, when a client reaches a rate limit threshold, the client will be prohibited from any further requests until after the 'block_interval' has elapsed. | [optional]
+**Inheritable** | **bool** | Whether all child namespaces can inherit this namespace quota. | [optional]
**Interval** | **string** | The duration to enforce rate limiting for (default '1s'). | [optional]
**Path** | **string** | Path of the mount or namespace to apply the quota. A blank path configures a global quota. For example namespace1/ adds a quota to a full namespace, namespace1/auth/userpass adds a quota to userpass in namespace1. | [optional]
**Rate** | **float** | The maximum number of requests in a given interval to be allowed by the quota rule. The 'rate' must be positive. | [optional]
diff --git a/docs/SecretsApi.md b/docs/SecretsApi.md
index 3894b346..b0920bea 100644
--- a/docs/SecretsApi.md
+++ b/docs/SecretsApi.md
@@ -371,6 +371,7 @@ Method | HTTP request | Description
[**TransitEncrypt**](SecretsApi.md#transitencrypt) | **POST** /{transit_mount_path}/encrypt/{name} | Encrypt a plaintext value or a batch of plaintext blocks using a named key
[**TransitExportKey**](SecretsApi.md#transitexportkey) | **GET** /{transit_mount_path}/export/{type}/{name} | Export named encryption or signing key
[**TransitExportKeyVersion**](SecretsApi.md#transitexportkeyversion) | **GET** /{transit_mount_path}/export/{type}/{name}/{version} | Export named encryption or signing key
+[**TransitGenerateCsrForKey**](SecretsApi.md#transitgeneratecsrforkey) | **POST** /{transit_mount_path}/keys/{name}/csr |
[**TransitGenerateDataKey**](SecretsApi.md#transitgeneratedatakey) | **POST** /{transit_mount_path}/datakey/{plaintext}/{name} | Generate a data key
[**TransitGenerateHmac**](SecretsApi.md#transitgeneratehmac) | **POST** /{transit_mount_path}/hmac/{name} | Generate an HMAC for input data using the named key
[**TransitGenerateHmacWithAlgorithm**](SecretsApi.md#transitgeneratehmacwithalgorithm) | **POST** /{transit_mount_path}/hmac/{name}/{urlalgorithm} | Generate an HMAC for input data using the named key
@@ -391,6 +392,7 @@ Method | HTTP request | Description
[**TransitRestoreKey**](SecretsApi.md#transitrestorekey) | **POST** /{transit_mount_path}/restore | Restore the named key
[**TransitRewrap**](SecretsApi.md#transitrewrap) | **POST** /{transit_mount_path}/rewrap/{name} | Rewrap ciphertext
[**TransitRotateKey**](SecretsApi.md#transitrotatekey) | **POST** /{transit_mount_path}/keys/{name}/rotate | Rotate named encryption key
+[**TransitSetCertificateForKey**](SecretsApi.md#transitsetcertificateforkey) | **POST** /{transit_mount_path}/keys/{name}/set-certificate |
[**TransitSign**](SecretsApi.md#transitsign) | **POST** /{transit_mount_path}/sign/{name} | Generate a signature for input data using the named key
[**TransitSignWithAlgorithm**](SecretsApi.md#transitsignwithalgorithm) | **POST** /{transit_mount_path}/sign/{name}/{urlalgorithm} | Generate a signature for input data using the named key
[**TransitTrimKey**](SecretsApi.md#transittrimkey) | **POST** /{transit_mount_path}/keys/{name}/trim | Trim key versions of a named key
@@ -36240,6 +36242,107 @@ No authorization required
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
+
+# **TransitGenerateCsrForKey**
+
+> void TransitGenerateCsrForKey (string name, string transitMountPath, TransitGenerateCsrForKeyRequest transitGenerateCsrForKeyRequest, TimeSpan? wrapTTL = null)
+
+
+
+### Example
+```csharp
+using System.Collections.Generic;
+using System.Diagnostics;
+
+using System.Net.Http;
+
+using Vault.Api;
+using Vault.Client;
+using Vault.Model;
+
+namespace Example
+{
+ public class TransitGenerateCsrForKeyExample
+ {
+ public static void Main()
+ {
+ Configuration config = new Configuration();
+ config.BasePath = "http://localhost";
+
+
+ // create instances of HttpClient, HttpClientHandler to be reused later with different Api classes
+ HttpClient httpClient = new HttpClient();
+ HttpClientHandler httpClientHandler = new HttpClientHandler();
+ var apiInstance = new Secrets(httpClient, config, httpClientHandler);
+
+
+
+
+ var name = "name_example"; // string | Name of the key
+
+
+
+
+ var transitMountPath = "\"transit\""; // string | Path that the backend was mounted at (default to "transit")
+
+
+
+
+
+ var transitGenerateCsrForKeyRequest = new TransitGenerateCsrForKeyRequest(); // TransitGenerateCsrForKeyRequest |
+
+
+
+ try
+ {
+
+
+ apiInstance.TransitGenerateCsrForKey(string name, string transitMountPath, TransitGenerateCsrForKeyRequest transitGenerateCsrForKeyRequest, TimeSpan? wrapTTL = null);
+ }
+ catch (ApiException e)
+ {
+ Debug.Print("Exception when calling Secrets.TransitGenerateCsrForKey: " + e.Message );
+ Debug.Print("Status Code: "+ e.ErrorCode);
+ }
+ }
+ }
+}
+```
+
+### Parameters
+
+Name | Type | Description | Notes
+------------- | ------------- | ------------- | -------------
+ **name** | **string**| Name of the key |
+ **transitMountPath** | **string**| Path that the backend was mounted at | [default to "transit"]
+ **transitGenerateCsrForKeyRequest** | [**TransitGenerateCsrForKeyRequest**](TransitGenerateCsrForKeyRequest.md)| |
+
+
+### Return type
+
+void (empty response body)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+ - **Content-Type**: ,
+ - **Accept**: Not defined
+
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+
+| **200** | OK | - |
+
+
+
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
@@ -38250,6 +38353,107 @@ No authorization required
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
+
+# **TransitSetCertificateForKey**
+
+> void TransitSetCertificateForKey (string name, string transitMountPath, TransitSetCertificateForKeyRequest transitSetCertificateForKeyRequest, TimeSpan? wrapTTL = null)
+
+
+
+### Example
+```csharp
+using System.Collections.Generic;
+using System.Diagnostics;
+
+using System.Net.Http;
+
+using Vault.Api;
+using Vault.Client;
+using Vault.Model;
+
+namespace Example
+{
+ public class TransitSetCertificateForKeyExample
+ {
+ public static void Main()
+ {
+ Configuration config = new Configuration();
+ config.BasePath = "http://localhost";
+
+
+ // create instances of HttpClient, HttpClientHandler to be reused later with different Api classes
+ HttpClient httpClient = new HttpClient();
+ HttpClientHandler httpClientHandler = new HttpClientHandler();
+ var apiInstance = new Secrets(httpClient, config, httpClientHandler);
+
+
+
+
+ var name = "name_example"; // string | Name of the key
+
+
+
+
+ var transitMountPath = "\"transit\""; // string | Path that the backend was mounted at (default to "transit")
+
+
+
+
+
+ var transitSetCertificateForKeyRequest = new TransitSetCertificateForKeyRequest(); // TransitSetCertificateForKeyRequest |
+
+
+
+ try
+ {
+
+
+ apiInstance.TransitSetCertificateForKey(string name, string transitMountPath, TransitSetCertificateForKeyRequest transitSetCertificateForKeyRequest, TimeSpan? wrapTTL = null);
+ }
+ catch (ApiException e)
+ {
+ Debug.Print("Exception when calling Secrets.TransitSetCertificateForKey: " + e.Message );
+ Debug.Print("Status Code: "+ e.ErrorCode);
+ }
+ }
+ }
+}
+```
+
+### Parameters
+
+Name | Type | Description | Notes
+------------- | ------------- | ------------- | -------------
+ **name** | **string**| Name of the key |
+ **transitMountPath** | **string**| Path that the backend was mounted at | [default to "transit"]
+ **transitSetCertificateForKeyRequest** | [**TransitSetCertificateForKeyRequest**](TransitSetCertificateForKeyRequest.md)| |
+
+
+### Return type
+
+void (empty response body)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+ - **Content-Type**: ,
+ - **Accept**: Not defined
+
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+
+| **200** | OK | - |
+
+
+
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
diff --git a/docs/SystemApi.md b/docs/SystemApi.md
index 568030c2..6b29d399 100644
--- a/docs/SystemApi.md
+++ b/docs/SystemApi.md
@@ -91,6 +91,10 @@ Method | HTTP request | Description
[**PluginsCatalogRemovePlugin**](SystemApi.md#pluginscatalogremoveplugin) | **DELETE** /sys/plugins/catalog/{name} | Remove the plugin with the given name.
[**PluginsCatalogRemovePluginWithType**](SystemApi.md#pluginscatalogremovepluginwithtype) | **DELETE** /sys/plugins/catalog/{type}/{name} | Remove the plugin with the given name.
[**PluginsReloadBackends**](SystemApi.md#pluginsreloadbackends) | **POST** /sys/plugins/reload/backend | Reload mounted plugin backends.
+[**PluginsRuntimesCatalogListPluginsRuntimes**](SystemApi.md#pluginsruntimescataloglistpluginsruntimes) | **GET** /sys/plugins/runtimes/catalog/ |
+[**PluginsRuntimesCatalogReadPluginRuntimeConfiguration**](SystemApi.md#pluginsruntimescatalogreadpluginruntimeconfiguration) | **GET** /sys/plugins/runtimes/catalog/{type}/{name} | Return the configuration data for the plugin runtime with the given name.
+[**PluginsRuntimesCatalogRegisterPluginRuntime**](SystemApi.md#pluginsruntimescatalogregisterpluginruntime) | **POST** /sys/plugins/runtimes/catalog/{type}/{name} | Register a new plugin runtime, or updates an existing one with the supplied name.
+[**PluginsRuntimesCatalogRemovePluginRuntime**](SystemApi.md#pluginsruntimescatalogremovepluginruntime) | **DELETE** /sys/plugins/runtimes/catalog/{type}/{name} | Remove the plugin runtime with the given name.
[**PoliciesDeleteAclPolicy**](SystemApi.md#policiesdeleteaclpolicy) | **DELETE** /sys/policies/acl/{name} | Delete the ACL policy with the given name.
[**PoliciesDeletePasswordPolicy**](SystemApi.md#policiesdeletepasswordpolicy) | **DELETE** /sys/policies/password/{name} | Delete a password policy.
[**PoliciesGeneratePasswordFromPasswordPolicy**](SystemApi.md#policiesgeneratepasswordfrompasswordpolicy) | **GET** /sys/policies/password/{name}/generate | Generate a password from an existing password policy.
@@ -8013,6 +8017,396 @@ No authorization required
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
+
+# **PluginsRuntimesCatalogListPluginsRuntimes**
+
+> PluginsRuntimesCatalogListPluginsRuntimesResponse PluginsRuntimesCatalogListPluginsRuntimes (TimeSpan? wrapTTL = null)
+
+
+
+### Example
+```csharp
+using System.Collections.Generic;
+using System.Diagnostics;
+
+using System.Net.Http;
+
+using Vault.Api;
+using Vault.Client;
+using Vault.Model;
+
+namespace Example
+{
+ public class PluginsRuntimesCatalogListPluginsRuntimesExample
+ {
+ public static void Main()
+ {
+ Configuration config = new Configuration();
+ config.BasePath = "http://localhost";
+
+
+ // create instances of HttpClient, HttpClientHandler to be reused later with different Api classes
+ HttpClient httpClient = new HttpClient();
+ HttpClientHandler httpClientHandler = new HttpClientHandler();
+ var apiInstance = new System(httpClient, config, httpClientHandler);
+
+
+
+
+ var list = "true"; // string | Must be set to `true`
+
+
+
+
+ try
+ {
+
+
+ PluginsRuntimesCatalogListPluginsRuntimesResponse result = apiInstance.PluginsRuntimesCatalogListPluginsRuntimes(TimeSpan? wrapTTL = null);
+
+ Debug.WriteLine(result);
+ }
+ catch (ApiException e)
+ {
+ Debug.Print("Exception when calling System.PluginsRuntimesCatalogListPluginsRuntimes: " + e.Message );
+ Debug.Print("Status Code: "+ e.ErrorCode);
+ }
+ }
+ }
+}
+```
+
+### Parameters
+
+Name | Type | Description | Notes
+------------- | ------------- | ------------- | -------------
+ **list** | **string**| Must be set to `true` |
+
+
+### Return type
+
+[**PluginsRuntimesCatalogListPluginsRuntimesResponse**](PluginsRuntimesCatalogListPluginsRuntimesResponse.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+ - **Content-Type**: Not defined
+ - **Accept**: application/json
+
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+
+| **200** | OK | - |
+
+
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
+
+# **PluginsRuntimesCatalogReadPluginRuntimeConfiguration**
+
+> PluginsRuntimesCatalogReadPluginRuntimeConfigurationResponse PluginsRuntimesCatalogReadPluginRuntimeConfiguration (string name, string type, TimeSpan? wrapTTL = null)
+
+Return the configuration data for the plugin runtime with the given name.
+
+### Example
+```csharp
+using System.Collections.Generic;
+using System.Diagnostics;
+
+using System.Net.Http;
+
+using Vault.Api;
+using Vault.Client;
+using Vault.Model;
+
+namespace Example
+{
+ public class PluginsRuntimesCatalogReadPluginRuntimeConfigurationExample
+ {
+ public static void Main()
+ {
+ Configuration config = new Configuration();
+ config.BasePath = "http://localhost";
+
+
+ // create instances of HttpClient, HttpClientHandler to be reused later with different Api classes
+ HttpClient httpClient = new HttpClient();
+ HttpClientHandler httpClientHandler = new HttpClientHandler();
+ var apiInstance = new System(httpClient, config, httpClientHandler);
+
+
+
+
+ var name = "name_example"; // string | The name of the plugin runtime
+
+
+
+
+ var type = "type_example"; // string | The type of the plugin runtime
+
+
+
+
+ try
+ {
+
+ // Return the configuration data for the plugin runtime with the given name.
+
+
+ PluginsRuntimesCatalogReadPluginRuntimeConfigurationResponse result = apiInstance.PluginsRuntimesCatalogReadPluginRuntimeConfiguration(string name, string type, TimeSpan? wrapTTL = null);
+
+ Debug.WriteLine(result);
+ }
+ catch (ApiException e)
+ {
+ Debug.Print("Exception when calling System.PluginsRuntimesCatalogReadPluginRuntimeConfiguration: " + e.Message );
+ Debug.Print("Status Code: "+ e.ErrorCode);
+ }
+ }
+ }
+}
+```
+
+### Parameters
+
+Name | Type | Description | Notes
+------------- | ------------- | ------------- | -------------
+ **name** | **string**| The name of the plugin runtime |
+ **type** | **string**| The type of the plugin runtime |
+
+
+### Return type
+
+[**PluginsRuntimesCatalogReadPluginRuntimeConfigurationResponse**](PluginsRuntimesCatalogReadPluginRuntimeConfigurationResponse.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+ - **Content-Type**: Not defined
+ - **Accept**: application/json
+
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+
+| **200** | OK | - |
+
+
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
+
+# **PluginsRuntimesCatalogRegisterPluginRuntime**
+
+> void PluginsRuntimesCatalogRegisterPluginRuntime (string name, string type, PluginsRuntimesCatalogRegisterPluginRuntimeRequest pluginsRuntimesCatalogRegisterPluginRuntimeRequest, TimeSpan? wrapTTL = null)
+
+Register a new plugin runtime, or updates an existing one with the supplied name.
+
+### Example
+```csharp
+using System.Collections.Generic;
+using System.Diagnostics;
+
+using System.Net.Http;
+
+using Vault.Api;
+using Vault.Client;
+using Vault.Model;
+
+namespace Example
+{
+ public class PluginsRuntimesCatalogRegisterPluginRuntimeExample
+ {
+ public static void Main()
+ {
+ Configuration config = new Configuration();
+ config.BasePath = "http://localhost";
+
+
+ // create instances of HttpClient, HttpClientHandler to be reused later with different Api classes
+ HttpClient httpClient = new HttpClient();
+ HttpClientHandler httpClientHandler = new HttpClientHandler();
+ var apiInstance = new System(httpClient, config, httpClientHandler);
+
+
+
+
+ var name = "name_example"; // string | The name of the plugin runtime
+
+
+
+
+ var type = "type_example"; // string | The type of the plugin runtime
+
+
+
+
+
+ var pluginsRuntimesCatalogRegisterPluginRuntimeRequest = new PluginsRuntimesCatalogRegisterPluginRuntimeRequest(); // PluginsRuntimesCatalogRegisterPluginRuntimeRequest |
+
+
+
+ try
+ {
+
+ // Register a new plugin runtime, or updates an existing one with the supplied name.
+
+
+ apiInstance.PluginsRuntimesCatalogRegisterPluginRuntime(string name, string type, PluginsRuntimesCatalogRegisterPluginRuntimeRequest pluginsRuntimesCatalogRegisterPluginRuntimeRequest, TimeSpan? wrapTTL = null);
+ }
+ catch (ApiException e)
+ {
+ Debug.Print("Exception when calling System.PluginsRuntimesCatalogRegisterPluginRuntime: " + e.Message );
+ Debug.Print("Status Code: "+ e.ErrorCode);
+ }
+ }
+ }
+}
+```
+
+### Parameters
+
+Name | Type | Description | Notes
+------------- | ------------- | ------------- | -------------
+ **name** | **string**| The name of the plugin runtime |
+ **type** | **string**| The type of the plugin runtime |
+ **pluginsRuntimesCatalogRegisterPluginRuntimeRequest** | [**PluginsRuntimesCatalogRegisterPluginRuntimeRequest**](PluginsRuntimesCatalogRegisterPluginRuntimeRequest.md)| |
+
+
+### Return type
+
+void (empty response body)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+ - **Content-Type**: ,
+ - **Accept**: Not defined
+
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+
+| **200** | OK | - |
+
+
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
+
+# **PluginsRuntimesCatalogRemovePluginRuntime**
+
+> void PluginsRuntimesCatalogRemovePluginRuntime (string name, string type, TimeSpan? wrapTTL = null)
+
+Remove the plugin runtime with the given name.
+
+### Example
+```csharp
+using System.Collections.Generic;
+using System.Diagnostics;
+
+using System.Net.Http;
+
+using Vault.Api;
+using Vault.Client;
+using Vault.Model;
+
+namespace Example
+{
+ public class PluginsRuntimesCatalogRemovePluginRuntimeExample
+ {
+ public static void Main()
+ {
+ Configuration config = new Configuration();
+ config.BasePath = "http://localhost";
+
+
+ // create instances of HttpClient, HttpClientHandler to be reused later with different Api classes
+ HttpClient httpClient = new HttpClient();
+ HttpClientHandler httpClientHandler = new HttpClientHandler();
+ var apiInstance = new System(httpClient, config, httpClientHandler);
+
+
+
+
+ var name = "name_example"; // string | The name of the plugin runtime
+
+
+
+
+ var type = "type_example"; // string | The type of the plugin runtime
+
+
+
+
+ try
+ {
+
+ // Remove the plugin runtime with the given name.
+
+
+ apiInstance.PluginsRuntimesCatalogRemovePluginRuntime(string name, string type, TimeSpan? wrapTTL = null);
+ }
+ catch (ApiException e)
+ {
+ Debug.Print("Exception when calling System.PluginsRuntimesCatalogRemovePluginRuntime: " + e.Message );
+ Debug.Print("Status Code: "+ e.ErrorCode);
+ }
+ }
+ }
+}
+```
+
+### Parameters
+
+Name | Type | Description | Notes
+------------- | ------------- | ------------- | -------------
+ **name** | **string**| The name of the plugin runtime |
+ **type** | **string**| The type of the plugin runtime |
+
+
+### Return type
+
+void (empty response body)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+ - **Content-Type**: Not defined
+ - **Accept**: Not defined
+
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+
+| **200** | OK | - |
+
+
+
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
diff --git a/docs/TransitGenerateCsrForKeyRequest.md b/docs/TransitGenerateCsrForKeyRequest.md
new file mode 100644
index 00000000..c099e00a
--- /dev/null
+++ b/docs/TransitGenerateCsrForKeyRequest.md
@@ -0,0 +1,11 @@
+# Vault.Model.TransitGenerateCsrForKeyRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Csr** | **string** | PEM encoded CSR template. The information attributes will be used as a basis for the CSR with the key in transit. If not set, an empty CSR is returned. | [optional]
+**_Version** | **int** | Optional version of key, 'latest' if not set | [optional]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/docs/TransitSetCertificateForKeyRequest.md b/docs/TransitSetCertificateForKeyRequest.md
new file mode 100644
index 00000000..0a0bf83e
--- /dev/null
+++ b/docs/TransitSetCertificateForKeyRequest.md
@@ -0,0 +1,11 @@
+# Vault.Model.TransitSetCertificateForKeyRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CertificateChain** | **string** | PEM encoded certificate chain. It should be composed by one or more concatenated PEM blocks and ordered starting from the end-entity certificate. |
+**_Version** | **int** | Optional version of key, 'latest' if not set | [optional]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/openapi.json b/openapi.json
index 1fb7d5d8..accc85f1 100644
--- a/openapi.json
+++ b/openapi.json
@@ -13178,6 +13178,119 @@
}
}
},
+ "/sys/plugins/runtimes/catalog/": {
+ "description": "List all plugin runtimes in the catalog as a map of type to names.",
+ "x-vault-sudo": true,
+ "get": {
+ "operationId": "plugins-runtimes-catalog-list-plugins-runtimes",
+ "tags": [
+ "system"
+ ],
+ "parameters": [
+ {
+ "name": "list",
+ "description": "Must be set to `true`",
+ "in": "query",
+ "schema": {
+ "type": "string",
+ "enum": [
+ "true"
+ ]
+ },
+ "required": true
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/PluginsRuntimesCatalogListPluginsRuntimesResponse"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/sys/plugins/runtimes/catalog/{type}/{name}": {
+ "description": "Configures plugin runtimes",
+ "parameters": [
+ {
+ "name": "name",
+ "description": "The name of the plugin runtime",
+ "in": "path",
+ "schema": {
+ "type": "string"
+ },
+ "required": true
+ },
+ {
+ "name": "type",
+ "description": "The type of the plugin runtime",
+ "in": "path",
+ "schema": {
+ "type": "string"
+ },
+ "required": true
+ }
+ ],
+ "x-vault-sudo": true,
+ "get": {
+ "summary": "Return the configuration data for the plugin runtime with the given name.",
+ "operationId": "plugins-runtimes-catalog-read-plugin-runtime-configuration",
+ "tags": [
+ "system"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/PluginsRuntimesCatalogReadPluginRuntimeConfigurationResponse"
+ }
+ }
+ }
+ }
+ }
+ },
+ "post": {
+ "summary": "Register a new plugin runtime, or updates an existing one with the supplied name.",
+ "operationId": "plugins-runtimes-catalog-register-plugin-runtime",
+ "tags": [
+ "system"
+ ],
+ "requestBody": {
+ "required": true,
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/PluginsRuntimesCatalogRegisterPluginRuntimeRequest"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "description": "OK"
+ }
+ }
+ },
+ "delete": {
+ "summary": "Remove the plugin runtime with the given name.",
+ "operationId": "plugins-runtimes-catalog-remove-plugin-runtime",
+ "tags": [
+ "system"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK"
+ }
+ }
+ }
+ },
"/sys/policies/acl/": {
"description": "List the configured access control policies.",
"get": {
@@ -29713,6 +29826,51 @@
}
}
},
+ "/{transit_mount_path}/keys/{name}/csr": {
+ "description": "Create a CSR from a key in transit",
+ "parameters": [
+ {
+ "name": "name",
+ "description": "Name of the key",
+ "in": "path",
+ "schema": {
+ "type": "string"
+ },
+ "required": true
+ },
+ {
+ "name": "transit_mount_path",
+ "description": "Path that the backend was mounted at",
+ "in": "path",
+ "schema": {
+ "type": "string",
+ "default": "transit"
+ },
+ "required": true
+ }
+ ],
+ "post": {
+ "operationId": "transit-generate-csr-for-key",
+ "tags": [
+ "secrets"
+ ],
+ "requestBody": {
+ "required": true,
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/TransitGenerateCsrForKeyRequest"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "description": "OK"
+ }
+ }
+ }
+ },
"/{transit_mount_path}/keys/{name}/import": {
"description": "Imports an externally-generated key into a new transit key",
"parameters": [
@@ -29851,6 +30009,51 @@
}
}
},
+ "/{transit_mount_path}/keys/{name}/set-certificate": {
+ "description": "Imports an externally-signed certificate chain into an existing key version",
+ "parameters": [
+ {
+ "name": "name",
+ "description": "Name of the key",
+ "in": "path",
+ "schema": {
+ "type": "string"
+ },
+ "required": true
+ },
+ {
+ "name": "transit_mount_path",
+ "description": "Path that the backend was mounted at",
+ "in": "path",
+ "schema": {
+ "type": "string",
+ "default": "transit"
+ },
+ "required": true
+ }
+ ],
+ "post": {
+ "operationId": "transit-set-certificate-for-key",
+ "tags": [
+ "secrets"
+ ],
+ "requestBody": {
+ "required": true,
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/TransitSetCertificateForKeyRequest"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "description": "OK"
+ }
+ }
+ }
+ },
"/{transit_mount_path}/keys/{name}/trim": {
"description": "Trim key versions of a named key",
"parameters": [
@@ -31554,7 +31757,7 @@
},
"plugin_version": {
"type": "string",
- "description": "The semantic version of the plugin to use."
+ "description": "The semantic version of the plugin to use, or image tag if oci_image is provided."
},
"seal_wrap": {
"type": "boolean",
@@ -31745,7 +31948,7 @@
},
"plugin_version": {
"type": "string",
- "description": "The semantic version of the plugin to use."
+ "description": "The semantic version of the plugin to use, or image tag if oci_image is provided."
},
"token_type": {
"type": "string",
@@ -31821,6 +32024,11 @@
"type": "string",
"description": "The region ID for the sts_endpoint, if set.",
"default": ""
+ },
+ "use_sts_region_from_client": {
+ "type": "boolean",
+ "description": "Uses the STS region from client requests for making AWS STS API calls.",
+ "default": false
}
}
},
@@ -32021,7 +32229,7 @@
"properties": {
"iam_http_request_method": {
"type": "string",
- "description": "HTTP method to use for the AWS request when auth_type is iam. This must match what has been signed in the presigned request. Currently, POST is the only supported value"
+ "description": "HTTP method to use for the AWS request when auth_type is iam. This must match what has been signed in the presigned request."
},
"iam_request_body": {
"type": "string",
@@ -33891,9 +34099,13 @@
},
"rotation_period": {
"type": "string",
- "description": "Period for automatic credential rotation of the given username. Not valid unless used with \"username\".",
+ "description": "Period for automatic credential rotation of the given username. Not valid unless used with \"username\". Mutually exclusive with \"rotation_schedule.\"",
"format": "duration"
},
+ "rotation_schedule": {
+ "type": "string",
+ "description": "Schedule for automatic credential rotation of the given username. Mutually exclusive with \"rotation_period.\""
+ },
"rotation_statements": {
"type": "array",
"description": "Specifies the database statements to be executed to rotate the accounts credentials. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter.",
@@ -33901,6 +34113,11 @@
"type": "string"
}
},
+ "rotation_window": {
+ "type": "string",
+ "description": "The window of time in which rotations are allowed to occur starting from a given \"rotation_schedule\". Requires \"rotation_schedule\" to be specified",
+ "format": "duration"
+ },
"username": {
"type": "string",
"description": "Name of the static user account for Vault to manage. Requires \"rotation_period\" to be specified"
@@ -38172,7 +38389,7 @@
},
"plugin_version": {
"type": "string",
- "description": "The semantic version of the plugin to use."
+ "description": "The semantic version of the plugin to use, or image tag if oci_image is provided."
},
"seal_wrap": {
"type": "boolean",
@@ -38218,7 +38435,7 @@
},
"plugin_version": {
"type": "string",
- "description": "The semantic version of the plugin to use."
+ "description": "The semantic version of the plugin to use, or image tag if oci_image is provided."
},
"running_plugin_version": {
"type": "string"
@@ -38302,7 +38519,7 @@
},
"plugin_version": {
"type": "string",
- "description": "The semantic version of the plugin to use."
+ "description": "The semantic version of the plugin to use, or image tag if oci_image is provided."
},
"token_type": {
"type": "string",
@@ -38385,7 +38602,7 @@
},
"plugin_version": {
"type": "string",
- "description": "The semantic version of the plugin to use."
+ "description": "The semantic version of the plugin to use, or image tag if oci_image is provided."
},
"token_type": {
"type": "string",
@@ -42621,7 +42838,7 @@
},
"ocsp_servers": {
"type": "array",
- "description": "OSCP Servers",
+ "description": "OCSP Servers",
"items": {
"type": "string"
}
@@ -43490,7 +43707,7 @@
},
"ocsp_servers": {
"type": "array",
- "description": "OSCP Servers",
+ "description": "OCSP Servers",
"items": {
"type": "string"
}
@@ -46132,7 +46349,7 @@
},
"ocsp_servers": {
"type": "array",
- "description": "OSCP Servers",
+ "description": "OCSP Servers",
"items": {
"type": "string"
}
@@ -46992,13 +47209,17 @@
"type": "string",
"description": "The name of the plugin"
},
+ "oci_image": {
+ "type": "string",
+ "description": "The name of the OCI image to be run, without the tag or SHA256. Must already be present on the machine."
+ },
"sha256": {
"type": "string",
- "description": "The SHA256 sum of the executable used in the command field. This should be HEX encoded."
+ "description": "The SHA256 sum of the executable or container to be run. This should be HEX encoded."
},
"version": {
"type": "string",
- "description": "The semantic version of the plugin to use."
+ "description": "The semantic version of the plugin to use, or image tag if oci_image is provided."
}
}
},
@@ -47026,13 +47247,17 @@
"type": "string",
"description": "The name of the plugin"
},
+ "oci_image": {
+ "type": "string",
+ "description": "The name of the OCI image to be run, without the tag or SHA256. Must already be present on the machine."
+ },
"sha256": {
"type": "string",
- "description": "The SHA256 sum of the executable used in the command field. This should be HEX encoded."
+ "description": "The SHA256 sum of the executable or container to be run. This should be HEX encoded."
},
"version": {
"type": "string",
- "description": "The semantic version of the plugin to use."
+ "description": "The semantic version of the plugin to use, or image tag if oci_image is provided."
}
}
},
@@ -47057,13 +47282,17 @@
"type": "string"
}
},
+ "oci_image": {
+ "type": "string",
+ "description": "The name of the OCI image to be run, without the tag or SHA256. Must already be present on the machine."
+ },
"sha256": {
"type": "string",
- "description": "The SHA256 sum of the executable used in the command field. This should be HEX encoded."
+ "description": "The SHA256 sum of the executable or container to be run. This should be HEX encoded."
},
"version": {
"type": "string",
- "description": "The semantic version of the plugin to use."
+ "description": "The semantic version of the plugin to use, or image tag if oci_image is provided."
}
}
},
@@ -47088,13 +47317,17 @@
"type": "string"
}
},
+ "oci_image": {
+ "type": "string",
+ "description": "The name of the OCI image to be run, without the tag or SHA256. Must already be present on the machine."
+ },
"sha256": {
"type": "string",
- "description": "The SHA256 sum of the executable used in the command field. This should be HEX encoded."
+ "description": "The SHA256 sum of the executable or container to be run. This should be HEX encoded."
},
"version": {
"type": "string",
- "description": "The semantic version of the plugin to use."
+ "description": "The semantic version of the plugin to use, or image tag if oci_image is provided."
}
}
},
@@ -47125,6 +47358,72 @@
}
}
},
+ "PluginsRuntimesCatalogListPluginsRuntimesResponse": {
+ "type": "object",
+ "properties": {
+ "runtimes": {
+ "type": "array",
+ "description": "List of all plugin runtimes in the catalog",
+ "items": {
+ "type": "object"
+ }
+ }
+ }
+ },
+ "PluginsRuntimesCatalogReadPluginRuntimeConfigurationResponse": {
+ "type": "object",
+ "properties": {
+ "cgroup_parent": {
+ "type": "string",
+ "description": "Optional parent cgroup for the container"
+ },
+ "cpu_nanos": {
+ "type": "integer",
+ "description": "The limit of runtime CPU in nanos",
+ "format": "int64"
+ },
+ "memory_bytes": {
+ "type": "integer",
+ "description": "The limit of runtime memory in bytes",
+ "format": "int64"
+ },
+ "name": {
+ "type": "string",
+ "description": "The name of the plugin runtime"
+ },
+ "oci_runtime": {
+ "type": "string",
+ "description": "The OCI-compatible runtime (default \"runsc\")"
+ },
+ "type": {
+ "type": "string",
+ "description": "The type of the plugin runtime"
+ }
+ }
+ },
+ "PluginsRuntimesCatalogRegisterPluginRuntimeRequest": {
+ "type": "object",
+ "properties": {
+ "cgroup_parent": {
+ "type": "string",
+ "description": "Optional parent cgroup for the container"
+ },
+ "cpu_nanos": {
+ "type": "integer",
+ "description": "The limit of runtime CPU in nanos",
+ "format": "int64"
+ },
+ "memory_bytes": {
+ "type": "integer",
+ "description": "The limit of runtime memory in bytes",
+ "format": "int64"
+ },
+ "oci_runtime": {
+ "type": "string",
+ "description": "The OCI-compatible runtime (default \"runsc\")"
+ }
+ }
+ },
"PoliciesGeneratePasswordFromPasswordPolicyResponse": {
"type": "object",
"properties": {
@@ -47625,6 +47924,9 @@
"block_interval": {
"type": "integer"
},
+ "inheritable": {
+ "type": "boolean"
+ },
"interval": {
"type": "integer"
},
@@ -47654,6 +47956,10 @@
"description": "If set, when a client reaches a rate limit threshold, the client will be prohibited from any further requests until after the 'block_interval' has elapsed.",
"format": "duration"
},
+ "inheritable": {
+ "type": "boolean",
+ "description": "Whether all child namespaces can inherit this namespace quota."
+ },
"interval": {
"type": "string",
"description": "The duration to enforce rate limiting for (default '1s').",
@@ -49365,6 +49671,19 @@
}
}
},
+ "TransitGenerateCsrForKeyRequest": {
+ "type": "object",
+ "properties": {
+ "csr": {
+ "type": "string",
+ "description": "PEM encoded CSR template. The information attributes will be used as a basis for the CSR with the key in transit. If not set, an empty CSR is returned."
+ },
+ "version": {
+ "type": "integer",
+ "description": "Optional version of key, 'latest' if not set"
+ }
+ }
+ },
"TransitGenerateDataKeyRequest": {
"type": "object",
"properties": {
@@ -49675,6 +49994,22 @@
}
}
},
+ "TransitSetCertificateForKeyRequest": {
+ "type": "object",
+ "properties": {
+ "certificate_chain": {
+ "type": "string",
+ "description": "PEM encoded certificate chain. It should be composed by one or more concatenated PEM blocks and ordered starting from the end-entity certificate."
+ },
+ "version": {
+ "type": "integer",
+ "description": "Optional version of key, 'latest' if not set"
+ }
+ },
+ "required": [
+ "certificate_chain"
+ ]
+ },
"TransitSignRequest": {
"type": "object",
"properties": {
diff --git a/src/Vault/Api/SecretsApi.cs b/src/Vault/Api/SecretsApi.cs
index 776f8eb6..f45ea5f1 100644
--- a/src/Vault/Api/SecretsApi.cs
+++ b/src/Vault/Api/SecretsApi.cs
@@ -5958,6 +5958,23 @@ public interface ISecretsSync : IApiAccessor
///
VaultResponse