In FIPS mode this secret will be reset after 100 failed API key authentication attempts in a 24 hour period.
Success result
Unique identifier of the App.
App authentication mechanisms.
Authenticating credentials of an App.
PKI Certificate based authentication.
When true, revocation status of certificates is checked, and revoked
certificates are rejected
A single subject as a list of OID/value string pairs (representing a sequence of relative distinguished names), which should appear in the client cert's subject field and/or as one of its SANs.
This legacy variant is retained for backcompat purposes, and is equivalent to specifying a directoryName via the SubjectGeneral variant.
A GeneralName that can be used as a subject alternative name in a certificate.
Today, the directoryName, dNSName, and iPAddress choices are supported. Note that directoryName can also be used to represent the subject field in a certificate.
A directoryName, which consists of a sequence of (type, value) pairs, where type is an OID, and value is a DER-encoded ASN.1 value. (This represents a sequence of relative distinguished names.)
A DNS name.
An IP address.
List of allowed GeneralName subjects. At least one of the values in this list must appear in the client cert, under its subject field and/or as one of its SANs.
Currently, DSM supports at most 16 subjects.
A GeneralName that can be used as a subject alternative name in a certificate.
Today, the directoryName, dNSName, and iPAddress choices are supported. Note that directoryName can also be used to represent the subject field in a certificate.
A directoryName, which consists of a sequence of (type, value) pairs, where type is an OID, and value is a DER-encoded ASN.1 value. (This represents a sequence of relative distinguished names.)
A DNS name.
An IP address.
A single root CA certificate.
Multiple root CA certificates. DSM currently supports up to 16 certs.
Set of allowed Google Access reasons.
An access reason provided by Google when making EKMS API calls.
Accept incoming requests which do not specify any access reasons.
Mapping for all groups an application is part of and the Gcp specific permissions it has within each of those groups.
CRYPTO_SPACE_GET_INFO:
CRYPTO_SPACE_GET_PUBLIC_KEY:
Signing keys used to validate JSON Web Signature objects including signed JSON Web Tokens.
Mapping key ids to DER-encoded public key.
Number of seconds that the service is allowed to cache the fetched keys.
LDAP credentials of an App used for authentication.
Authenticating credentials of an App.
PKI Certificate based authentication.
When true, revocation status of certificates is checked, and revoked
certificates are rejected
A single subject as a list of OID/value string pairs (representing a sequence of relative distinguished names), which should appear in the client cert's subject field and/or as one of its SANs.
This legacy variant is retained for backcompat purposes, and is equivalent to specifying a directoryName via the SubjectGeneral variant.
A GeneralName that can be used as a subject alternative name in a certificate.
Today, the directoryName, dNSName, and iPAddress choices are supported. Note that directoryName can also be used to represent the subject field in a certificate.
A directoryName, which consists of a sequence of (type, value) pairs, where type is an OID, and value is a DER-encoded ASN.1 value. (This represents a sequence of relative distinguished names.)
A DNS name.
An IP address.
List of allowed GeneralName subjects. At least one of the values in this list must appear in the client cert, under its subject field and/or as one of its SANs.
Currently, DSM supports at most 16 subjects.
A GeneralName that can be used as a subject alternative name in a certificate.
Today, the directoryName, dNSName, and iPAddress choices are supported. Note that directoryName can also be used to represent the subject field in a certificate.
A directoryName, which consists of a sequence of (type, value) pairs, where type is an OID, and value is a DER-encoded ASN.1 value. (This represents a sequence of relative distinguished names.)
A DNS name.
An IP address.
A single root CA certificate.
Multiple root CA certificates. DSM currently supports up to 16 certs.
Set of allowed Google Access reasons.
An access reason provided by Google when making EKMS API calls.
Accept incoming requests which do not specify any access reasons.
Mapping for all groups an application is part of and the Gcp specific permissions it has within each of those groups.
CRYPTO_SPACE_GET_INFO:
CRYPTO_SPACE_GET_PUBLIC_KEY:
Signing keys used to validate JSON Web Signature objects including signed JSON Web Tokens.
Mapping key ids to DER-encoded public key.
Number of seconds that the service is allowed to cache the fetched keys.
LDAP credentials of an App used for authentication.
App authentication mechanisms.
Authenticating credentials of an App.
PKI Certificate based authentication.
When true, revocation status of certificates is checked, and revoked
certificates are rejected
A single subject as a list of OID/value string pairs (representing a sequence of relative distinguished names), which should appear in the client cert's subject field and/or as one of its SANs.
This legacy variant is retained for backcompat purposes, and is equivalent to specifying a directoryName via the SubjectGeneral variant.
A GeneralName that can be used as a subject alternative name in a certificate.
Today, the directoryName, dNSName, and iPAddress choices are supported. Note that directoryName can also be used to represent the subject field in a certificate.
A directoryName, which consists of a sequence of (type, value) pairs, where type is an OID, and value is a DER-encoded ASN.1 value. (This represents a sequence of relative distinguished names.)
A DNS name.
An IP address.
List of allowed GeneralName subjects. At least one of the values in this list must appear in the client cert, under its subject field and/or as one of its SANs.
Currently, DSM supports at most 16 subjects.
A GeneralName that can be used as a subject alternative name in a certificate.
Today, the directoryName, dNSName, and iPAddress choices are supported. Note that directoryName can also be used to represent the subject field in a certificate.
A directoryName, which consists of a sequence of (type, value) pairs, where type is an OID, and value is a DER-encoded ASN.1 value. (This represents a sequence of relative distinguished names.)
A DNS name.
An IP address.
A single root CA certificate.
Multiple root CA certificates. DSM currently supports up to 16 certs.
Set of allowed Google Access reasons.
An access reason provided by Google when making EKMS API calls.
Accept incoming requests which do not specify any access reasons.
Mapping for all groups an application is part of and the Gcp specific permissions it has within each of those groups.
CRYPTO_SPACE_GET_INFO:
CRYPTO_SPACE_GET_PUBLIC_KEY:
Signing keys used to validate JSON Web Signature objects including signed JSON Web Tokens.
Mapping key ids to DER-encoded public key.
Number of seconds that the service is allowed to cache the fetched keys.
LDAP credentials of an App used for authentication.
Authenticating credentials of an App.
PKI Certificate based authentication.
When true, revocation status of certificates is checked, and revoked
certificates are rejected
A single subject as a list of OID/value string pairs (representing a sequence of relative distinguished names), which should appear in the client cert's subject field and/or as one of its SANs.
This legacy variant is retained for backcompat purposes, and is equivalent to specifying a directoryName via the SubjectGeneral variant.
A GeneralName that can be used as a subject alternative name in a certificate.
Today, the directoryName, dNSName, and iPAddress choices are supported. Note that directoryName can also be used to represent the subject field in a certificate.
A directoryName, which consists of a sequence of (type, value) pairs, where type is an OID, and value is a DER-encoded ASN.1 value. (This represents a sequence of relative distinguished names.)
A DNS name.
An IP address.
List of allowed GeneralName subjects. At least one of the values in this list must appear in the client cert, under its subject field and/or as one of its SANs.
Currently, DSM supports at most 16 subjects.
A GeneralName that can be used as a subject alternative name in a certificate.
Today, the directoryName, dNSName, and iPAddress choices are supported. Note that directoryName can also be used to represent the subject field in a certificate.
A directoryName, which consists of a sequence of (type, value) pairs, where type is an OID, and value is a DER-encoded ASN.1 value. (This represents a sequence of relative distinguished names.)
A DNS name.
An IP address.
A single root CA certificate.
Multiple root CA certificates. DSM currently supports up to 16 certs.
Set of allowed Google Access reasons.
An access reason provided by Google when making EKMS API calls.
Accept incoming requests which do not specify any access reasons.
Mapping for all groups an application is part of and the Gcp specific permissions it has within each of those groups.
CRYPTO_SPACE_GET_INFO:
CRYPTO_SPACE_GET_PUBLIC_KEY:
Signing keys used to validate JSON Web Signature objects including signed JSON Web Tokens.
Mapping key ids to DER-encoded public key.
Number of seconds that the service is allowed to cache the fetched keys.
LDAP credentials of an App used for authentication.
Validity period of the App credentials.