{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "#/components/schemas/AcmePluginConfig", "title": "AcmePluginConfig", "x-speakeasy-entity": "PluginAcme", "properties": { "config": { "type": "object", "properties": { "account_email": { "description": "The account identifier. Can be reused in a different plugin instance.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "account_key": { "description": "The private key associated with the account.", "type": "object", "properties": { "key_id": { "description": "The Key ID.", "type": "string", "x-encrypted": true }, "key_set": { "description": "The name of the key set to associate the Key ID with.", "type": "string", "x-encrypted": true } }, "required": [ "key_id" ] }, "allow_any_domain": { "description": "If set to `true`, the plugin allows all domains and ignores any values in the `domains` list.", "type": "boolean", "default": false }, "api_uri": { "description": "A string representing a URL, such as https://example.com/path/to/resource?q=search.", "type": "string", "default": "https://acme-v02.api.letsencrypt.org/directory" }, "cert_type": { "description": "The certificate type to create. The possible values are `rsa` for RSA certificate or `ecc` for EC certificate.", "type": "string", "default": "rsa", "enum": [ "ecc", "rsa" ] }, "domains": { "description": "An array of strings representing hosts. A valid host is a string containing one or more labels separated by periods, with at most one wildcard label ('*')", "type": "array", "items": { "type": "string" } }, "eab_hmac_key": { "description": "External account binding (EAB) base64-encoded URL string of the HMAC key. You usually don't need to set this unless it is explicitly required by the CA.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "eab_kid": { "description": "External account binding (EAB) key id. You usually don't need to set this unless it is explicitly required by the CA.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "enable_ipv4_common_name": { "description": "A boolean value that controls whether to include the IPv4 address in the common name field of generated certificates.", "type": "boolean", "default": true }, "fail_backoff_minutes": { "description": "Minutes to wait for each domain that fails to create a certificate. This applies to both a\nnew certificate and a renewal certificate.", "type": "number", "default": 5 }, "preferred_chain": { "description": "A string value that specifies the preferred certificate chain to use when generating certificates.", "type": "string" }, "renew_threshold_days": { "description": "Days remaining to renew the certificate before it expires.", "type": "number", "default": 14 }, "rsa_key_size": { "description": "RSA private key size for the certificate. The possible values are 2048, 3072, or 4096.", "type": "integer", "default": 4096, "enum": [ 2048, 3072, 4096 ] }, "storage": { "description": "The backend storage type to use. In DB-less mode and Konnect, `kong` storage is unavailable. In hybrid mode and Konnect, `shm` storage is unavailable. `shm` storage does not persist during Kong restarts and does not work for Kong running on different machines, so consider using one of `kong`, `redis`, `consul`, or `vault` in production.", "type": "string", "default": "shm", "enum": [ "consul", "kong", "redis", "shm", "vault" ] }, "storage_config": { "type": "object", "properties": { "consul": { "type": "object", "properties": { "host": { "description": "A string representing a host name, such as example.com.", "type": "string" }, "https": { "description": "Boolean representation of https.", "type": "boolean", "default": false }, "kv_path": { "description": "KV prefix path.", "type": "string" }, "port": { "description": "An integer representing a port number between 0 and 65535, inclusive.", "type": "integer", "maximum": 65535, "minimum": 0 }, "timeout": { "description": "Timeout in milliseconds.", "type": "number" }, "token": { "description": "Consul ACL token.", "type": "string", "x-encrypted": true, "x-referenceable": true } } }, "kong": { "type": "object", "additionalProperties": true }, "redis": { "type": "object", "properties": { "cloud_authentication": { "description": "Cloud auth related configs for connecting to a Cloud Provider's Redis instance.", "type": "object", "properties": { "auth_provider": { "description": "Auth providers to be used to authenticate to a Cloud Provider's Redis instance.", "type": "string", "enum": [ "aws", "azure", "gcp" ], "x-referenceable": true }, "aws_access_key_id": { "description": "AWS Access Key ID to be used for authentication when `auth_provider` is set to `aws`.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "aws_assume_role_arn": { "description": "The ARN of the IAM role to assume for generating ElastiCache IAM authentication tokens.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "aws_cache_name": { "description": "The name of the AWS Elasticache cluster when `auth_provider` is set to `aws`.", "type": "string", "x-referenceable": true }, "aws_is_serverless": { "description": "This flag specifies whether the cluster is serverless when auth_provider is set to `aws`.", "type": "boolean", "default": true }, "aws_region": { "description": "The region of the AWS ElastiCache cluster when `auth_provider` is set to `aws`.", "type": "string", "x-referenceable": true }, "aws_role_session_name": { "description": "The session name for the temporary credentials when assuming the IAM role.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "aws_secret_access_key": { "description": "AWS Secret Access Key to be used for authentication when `auth_provider` is set to `aws`.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "azure_client_id": { "description": "Azure Client ID to be used for authentication when `auth_provider` is set to `azure`.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "azure_client_secret": { "description": "Azure Client Secret to be used for authentication when `auth_provider` is set to `azure`.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "azure_tenant_id": { "description": "Azure Tenant ID to be used for authentication when `auth_provider` is set to `azure`.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "gcp_service_account_json": { "description": "GCP Service Account JSON to be used for authentication when `auth_provider` is set to `gcp`.", "type": "string", "x-encrypted": true, "x-referenceable": true } } }, "database": { "description": "Database to use for the Redis connection when using the `redis` strategy", "type": "integer", "default": 0 }, "extra_options": { "description": "Custom ACME Redis options", "type": "object", "properties": { "namespace": { "description": "A namespace to prepend to all keys stored in Redis.", "type": "string", "default": "" }, "scan_count": { "description": "The number of keys to return in Redis SCAN calls.", "type": "number", "default": 10 } } }, "host": { "description": "A string representing a host name, such as example.com.", "type": "string", "x-referenceable": true }, "password": { "description": "Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "port": { "description": "An integer representing a port number between 0 and 65535, inclusive.", "type": "integer", "default": 6379, "maximum": 65535, "minimum": 0, "x-referenceable": true }, "server_name": { "description": "A string representing an SNI (server name indication) value for TLS.", "type": "string", "x-referenceable": true }, "ssl": { "description": "If set to true, uses SSL to connect to Redis.", "type": "boolean", "default": false }, "ssl_verify": { "description": "If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure `lua_ssl_trusted_certificate` in `kong.conf` to specify the CA (or server) certificate used by your Redis server. You may also need to configure `lua_ssl_verify_depth` accordingly.", "type": "boolean", "default": true }, "timeout": { "description": "An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.", "type": "integer", "default": 2000, "maximum": 2147483646, "minimum": 0 }, "username": { "description": "Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to `default`.", "type": "string", "x-referenceable": true } } }, "shm": { "type": "object", "properties": { "shm_name": { "description": "Name of shared memory zone used for Kong API gateway storage", "type": "string", "default": "kong" } } }, "vault": { "type": "object", "properties": { "auth_method": { "description": "Auth Method, default to token, can be 'token' or 'kubernetes'.", "type": "string", "default": "token", "enum": [ "kubernetes", "token" ] }, "auth_path": { "description": "Vault's authentication path to use.", "type": "string" }, "auth_role": { "description": "The role to try and assign.", "type": "string" }, "host": { "description": "A string representing a host name, such as example.com.", "type": "string" }, "https": { "description": "Boolean representation of https.", "type": "boolean", "default": false }, "jwt_path": { "description": "The path to the JWT.", "type": "string" }, "kv_path": { "description": "KV prefix path.", "type": "string" }, "port": { "description": "An integer representing a port number between 0 and 65535, inclusive.", "type": "integer", "maximum": 65535, "minimum": 0 }, "timeout": { "description": "Timeout in milliseconds.", "type": "number" }, "tls_server_name": { "description": "SNI used in request, default to host if omitted.", "type": "string" }, "tls_verify": { "description": "Turn on TLS verification.", "type": "boolean", "default": true }, "token": { "description": "Consul ACL token.", "type": "string", "x-encrypted": true, "x-referenceable": true } } } } }, "tos_accepted": { "description": "If you are using Let's Encrypt, you must set this to `true` to agree the terms of service.", "type": "boolean", "default": false } }, "required": [ "account_email" ] }, "name": { "const": "acme" }, "protocols": { "description": "A set of strings representing HTTP protocols.", "type": "array", "items": { "enum": [ "grpc", "grpcs", "http", "https" ], "type": "string" }, "format": "set", "default": [ "grpc", "grpcs", "http", "https" ] } }, "required": [ "config" ] }