Skip to content
qibdo qibdo
v1
API version
  • v1
Theme
Book a demo

Update Database Role

PATCH
/vault/v1/workspaces/{workspace}/engines/qibdo/databaseroles/{id}
curl --request PATCH \
--url https://example.com/vault/v1/workspaces/example/engines/qibdo/databaseroles/example \
--header 'Content-Type: application/json' \
--data '{}'

Updates a database role’s statements and/or TTLs. Re-runs the dry-run on every update — even unchanged statements get re-validated to catch schema drift on the target database.

workspace
required
string

The workspace the role belongs to.

id
required
string

The unique identifier of the role to update.

update_mask
string format: field-mask

Fields to update. Omit for implied mask (all populated fields). Use * for full replacement of the mutable fields.

Media type application/json

QibdoDatabaseRole resource — a workspace-scoped, Qibdo-managed database role definition. Carries the creation + revocation SQL templates that the vault will execute when issuing or revoking dynamic database credentials. Qibdo is the single source of truth; the vault receives a derived projection via POST /v1/database/roles/{name} after the templates have been dry-run validated against the target database.

object
id

The unique identifier of the database role (UUID).

stringOutput only
workspace_id

The workspace this role belongs to (UUID, weak reference to taxonomy.workspaces).

stringOutput only
name

Workspace-unique human-readable role name. Mirrored as the role name on the vault side.

stringOutput only
db_engine

Target database engine.

string format: enum Output only
Allowed values: DB_ENGINE_UNSPECIFIED DB_ENGINE_POSTGRES DB_ENGINE_MYSQL DB_ENGINE_MSSQL DB_ENGINE_MONGODB DB_ENGINE_ORACLE DB_ENGINE_REDSHIFT DB_ENGINE_CASSANDRA
connection_ref

Reference to the target database connection (engine-specific opaque string — e.g., the vault’s database connection name or a JDBC URL key in the JdbcConnectionRegistry).

stringOutput only
creation_statements

SQL statements executed at credential issuance. Engine-specific placeholders ({{name}}, {{password}}, {{expiration}}) are honoured. Capped to bound storage in vault.database_roles and prevent abuse: at most 64 statements, each at most 8 KiB.

Array<string>Output only
revocation_statements

SQL statements executed at credential revocation ({{name}} placeholder). Same caps as creation_statements.

Array<string>Output only
default_ttl

Default time-to-live applied to credentials issued under this role.

stringOutput only
/^-?(?:0|[1-9][0-9]{0,11})(?:\.[0-9]{1,9})?s$/
max_ttl

Maximum total lifetime any credential under this role can hold.

stringOutput only
/^-?(?:0|[1-9][0-9]{0,11})(?:\.[0-9]{1,9})?s$/
created

Timestamp when the row was created (server-managed).

string format: date-time Output only
updated

Timestamp when the row was last modified (server-managed).

string format: date-time Output only
location_id

Weak reference to a topology Location — where this resource resides. Defaults to the global location when omitted at creation and is immutable thereafter. Only the global location is available in this release.

stringOutput only

OK

Media type application/json

Vault Operation

Tracks the result of a vault command (secret, crypto key, lease, certificate authority, certificate, access policy, or vault-level lifecycle action).

object
id

Operation ID

Unique identifier of the operation.

stringOutput only
workspace_id

Workspace ID

The workspace in whose namespace the operation was executed.

stringOutput only
resource_id

Resource ID

ID of the affected resource (nullable for vault-level lifecycle ops such as snapshot).

stringOutput only
resource_type

Resource Type

URN of the affected resource type (e.g., “com.qibdo.cloud.vault:secret”).

stringOutput only
operation_type

Operation Type

The action performed (CREATE, ROTATE, REVOKE, ENCRYPT, …).

stringOutput only
status

Status

The operation status (PENDING, RUNNING, DONE, FAILED).

stringOutput only
insert_time

Insert Time

When the operation was created.

string format: date-time Output only
start_time

Start Time

When execution started (nullable).

string format: date-time Output only
end_time

End Time

When execution completed (nullable).

string format: date-time Output only
progress

Progress

Progress percentage (0–100).

integer format: int32 Output only
warnings

Warnings

Non-fatal notices emitted during the operation.

Array<object>Output only

Vault Warning

A non-fatal notice emitted by a vault operation. The operation still completed; the warning surfaces unsupported features or capability gaps in the underlying engine.

Warning codes follow the S_SSS_EEE convention:

  • Millions digit: service (9 = vault)
  • Thousands: group
  • Units: specific warning
object
code

Warning Code

Numeric identifier of the warning type.

integer format: uint32 Output only
description

Description

Human-readable explanation of what was ignored or degraded.

stringOutput only
Example generated
{}

Default error response

Media type application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

object
code

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

integer format: int32
message

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

string
details

A list of messages that carry the error details. There is a common set of message types for APIs to use.

Array<object>

Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.

object
@type

The type of the serialized message.

string
key
additional properties
any
Example generated
{
"code": 1,
"message": "example",
"details": [
{
"@type": "example"
}
]
}