1. Create a node
This POST method creates a node under a specified path.
Note: To execute this API, the user should have permission assigned (through policy) with action sm.node.create.
| POST | {{url}}//api/v1/secretmanager/vault/{vaultId}/secrets?path=<path> |
Request Parameter
The request parameter used in this method is shown in the following table:
| Parameter | Description | Data Type | Required |
path | Specifies where the node needs to be created. | String | Mandatory |
Request Example
curl -X POST '{{url}}/api/v1/secretmanager/vault/{vaultId}/secrets?path=<path>' -H 'Authorization: Bearer <token>' -H 'content-type: application/json' -d
'{
"entityType": "node",
"name": "DocNode"
}'Response Example
| Status:201 Created |
2. Create a Secret
This POST method creates a secret under the specified path.
Note: To execute this API, the user should have permission assigned (through policy) with action as sm.node.create.
| POST | {{url}}//api/v1/secretmanager/vault/{vaultId}/secrets?path=<path> |
Request Parameter
The request parameter used in this method is shown in the following table:
| Parameter | Description | Data Type | Required |
path | Specifies where the secret needs to be created. | String | Mandatory |
Request Example
curl -X POST '{{url}}/api/v1/secretmanager/vault/{vaultId}/secrets?path=<path>' -H 'content-type: application/json' -H "Accept: application/json" -H 'Authorization: Bearer <token>'
-d
'{
"entityType": "secret",
"name": "DocGenericWebApp",
"staticSecretTemplateId":"67a0ab76-7e50-4578-a1f2-fa0181a712f9",
"secretMode":"shared",
"secretNature":"static",
"value":
{
"URL":"http://test.com",
"Username":"DocGenericWebUser",
"Password": "vT2%Ps@V"
}
}'Response Example
| Status:201 Created |
{
"entityType": "secret",
"id": "e2281658-52d6-47f2-8884-d1c15c4be036",
"name": "DocGenericWebApp",
"staticSecretTemplateId": "67a0ab76-7e50-4578-a1f2-fa0181a712f9",
"secretMode": "shared",
"secretNature": "static",
"lastRotation": "2022-02-21T07:01:40.484Z",
"nextRotation": "2022-03-23T07:01:40.484Z",
"path": "/DocGenericWebApp"
}3. Create Secret with File
This POST method creates a secret with a file for the specified path.
Note: To execute this API, the user should have permission assigned (through policy) with action as sm.node.create. The file size limit is 400 KB.
| POST | {{url}}//api/v1/secretmanager/vault/{vaultId}/secrets/file?path=<path> |
Request Example
curl -X POST '{{url}}/api/v1/secretmanager/vault/{vaultId}/secrets/file?path=<path>' -H 'Authorization: Bearer <token>'
--form 'file=@"/home/testcert1.cer"'
--form 'secretData="{"entityType": "secret","name":"Test47", "staticSecretTemplateId": "098d9863-0590-4570-8c65-388458617a8e","secretMode": "shared", "secretNature": "static","value": {"password": "Passw0rd"}}"'Response Example
| Status:201 Created |
4. Update Secret with File
This PATCH method updates the secret file for the specified path.
Note: To execute this API, the user should have permission assigned (through policy) with action as sm.secret.update.
| PATCH | {{url}}/api/v1/secretmanager/vault/{valueId}/secret/file?path=<path> |
Request Parameter
The request parameter used in this method is shown in the following table:
| Parameter | Description | Data Type | Required |
path | Specifies where the secret file needs to be updated. | String | Mandatory |
Request Example
curl -X PATCH '{{url}}/api/v1/secretmanager/vault/{vaultId}/secrets/file?path=<path>'
-H 'Authorization: Bearer <token>'
--form 'file=@"/home/testcert1.cer"'
--form 'secretData="{"value": {"password": "Passw0rd"}}}"'Response Example
| Status: 204 No content |
5. Update secret
This PATCH method updates the secret details under the specified path.
- To execute this API, the user should have permission assigned (through policy) with action as sm.secret.update.
- Renaming a secret cancels the pending approvals. You need to send an approval request again to gain access.
| PATCH | {{url}}/api/v1/secretmanager/vault/{vaultId}/secrets?path=<path>/<secret_name> |
Request Parameter
The request parameter used in this method is shown in the following table:
| Parameter | Description | Data Type | Required |
path | Specifies where the secret needs to be updated. | String | Mandatory |
Request Example
curl -X PATCH '{{url}}/api/v1/secretmanager/vault/{vaultId}/secrets?path=<path>/<secret_name>'
-H 'Authorization: Bearer <token>' -H 'content-type: application/json'
-d
{
"name": "secret_1feb_500"
"value":
{
"username":"user",
"password": "(ssword3",
"url": "abc@xyz.com"
}
}'Response Example
| Status: 204 No content |
6. Move secret
This PATCH method moves a secret to a different node/path.
- To execute this API, the user should have permission assigned (through policy) with action as sm.secret.update.
- Only policies associated directly with this secret are moved.
| PATCH | {{url}}/api/v1/secretmanager/vault/{vaultId}/secrets?path=<current-secret-path> |
Request Parameter
The request parameter used in this method is shown in the following table:
| Parameter | Description | Data Type | Required |
current-secret-path | Specifies the current path of the secret. | String | Mandatory |
Request Body Parameter
The request body parameter used in this method is shown in the following table:
| Parameter | Description | Data Type | Required |
| path | Specifies the new path where this secret needs to be moved. | String | Mandatory |
Request Example
curl -X PATCH '{{url}}/api/v1/secretmanager/vault/{vaultId}/secrets?path=<current-secret-path>'
-H 'Authorization: Bearer <token>' -H 'content-type: application/json'
-d
{
"path": String
}'Response Example
| Status: 204 No content |
7. Get Nodes at one level
This GET method returns the secrets and nodes under the specified path.
Note: To execute this API, the user should have permission assigned (through policy) with action as sm.node.list.
| GET | {{url}}/api/v1/secretmanager/vault/{vaultId}/secrets?path=<path> |
Request Parameters
The request parameters used in this method are shown in the following table:
| Parameter | Description | Data Type | Required |
path | Specifies the path from where the secrets and nodes need to be listed. | String | Mandatory |
| type | Specifies the type of node (leaf or non-leaf) to fetch in an API response. Allowed values are 'node' , 'secret'. | String | Optional |
filter | Filter the nodes based on the name of a node. The supported operators are 'eq', 'sw', and 'co'. An example format is given here: name eq TestNode | String | Optional |
| recursiveSecrets | Get all the secrets coming under a hierarchy of this path. Allowed values are 'true' or 'false'. | String | Optional |
getmetadata | Get metadata along with all the nodes. This indicates all possible operations that can be performed on each node along with the Allow/Deny value for the current user. | Boolean | Optional |
pageToken | Autogenerated token for next page of records in case the results are more than one page. Append this token in the requested API URL to access the next set of pages. | String | Optional |
Request Example
curl -X GET ‘{{url}}/api/v1/secretmanager/vault/{vaultId}/secrets?path=<path>’ -H 'Authorization: Bearer <token>'
Response Example
| Status:200 Ok |
8. Delete a node or a secret
This DELETE method deletes a node or a secret under the specified path.
Notes:
- To execute this API, the user should have permission assigned (through policy) with action as “sm.node.delete“.
- Deletion on the non-leaf node is not allowed if the node has any children or secrets under it.
| DELETE | {{url}}/api/v1/secretmanager/vault/{vaultId}/secrets?path=<path> |
Request Parameter
The request parameter used in this method is shown in the following table:
| Parameter | Description | Data Type | Required |
path | Specifies the path for the node or secret to be deleted. | String | Mandatory |
Request Example
curl -X DELETE ‘{{url}}/api/v1/secretmanager/vault/{vaultId}/secrets?path=<path>'
Response Example
| Status:204 No Content |
9. Access a Secret
This POST method lets you access a secret at the given path. In case approval is required to access a secret then it sends an approval request with justification. Till the time the request is not approved, it sends the current status of the request in response. For example: "Pending Approval", "Approval Needed", "Access Denied".
Note: To execute this API, the user should have permission assigned (through policy) with action as sm.secret.read.
| POST | {{url}}/api/v1/secretmanager/vault/{vaultId}/accesssecrets?path=<path/secret_name> |
Request Parameter
The request parameter used in this method is shown in the following table:
| Parameter | Description | Data Type | Required |
path | Specifies the path from where the secret is accessed. | String | Mandatory |
| getmetadata | Get metadata along with all the nodes. This indicates all possible operations that can be performed on each node along with the Allow/Deny value for the current user. | Boolean | Optional |
Request Example
curl -X POST'{{url}}/api/v1/secretmanager/vault/{vaultId}/accesssecrets?path=<path>/<secret_name>' \
-d '{
"justification": "access needed"
}'Response Example
| Status:204 No Content |
{
"entityType": "secret",
"id": "e2281658-52d6-47f2-8884-d1c15c4be036",
"name": "DocGenericWebApp",
"value": {
"Username": "DocGenericWebUser",
"URL": "http://test.com",
"Password": "vT2%Ps@V"
},
"description": "",
"staticSecretTemplateId": "67a0ab76-7e50-4578-a1f2-fa0181a712f9",
"secretMode": "shared",
"secretNature": "static",
"lastRotation": "2022-02-21T07:01:40.484Z",
"nextRotation": "2022-03-23T07:01:40.484Z",
"path": "/DocGenericWebApp"
}10. Download Secret File
This GET method returns the secret file content for the specified path.
Note: To execute this API, the user should have permission assigned (through policy) with action as sm.secret.read.
| GET | {{url}}/api/v1/secretmanager/vault/{vaultId}/downloadfile?path=<path> |
Request Parameters
The request parameters used in this method are shown in the following table:
| Parameter | Description | Data Type | Required |
path | Specifies the path from where the secret files are listed for downloading. | String | Mandatory |
Request Example
curl -X POST '{{url}}/api/v1/secretmanager/vault/{vaultId}/downloadfile?path=<path>' -H 'Authorization: Bearer <token>'Response Example
| Status:200 OK |
The file will be downloaded.