The following Britive API methods help you to manage operations related to the Britive vault.
1. Create Vault
The POST method creates a vault for the Secrets manager. Only an administrator can create a vault.
Note: To execute this API, the user should have permission assigned (through policy) with the action sm.vault.create.
| POST | {{url}}/api/v1/secretmanager/vault |
Request Example
curl -X POST '{{url}}/api/v1/secretmanager/vault' -H 'content-type: application/json' -H "Accept: application/json" -H 'Authorization: Bearer <token> \
-d
{
"name": "BritiveVault",
"description": "Test vault",
"rotationTime": 30,
"maxSecretRotationInterval": 60,
"encryptionAlgorithm": "AES_256",
"defaultNotificationMediumId": "01d4b73e-46b3-4347-842d-6b556dc7f9b2",
"recipients": {
"userIds": [
"g1bfrv2idml7sxfb5q70"
],
"tags": [],
"channelIds": []
}
}Response Example
| Status: 201 Created |
{
"name": "BritiveVault",
"description": "Test vault",
"lastRotation": "2021-09-28 03:49:07",
"nextRotation": "2021-10-28 03:49:07",
"status": "ready",
"encryptionAlgorithm": "AES_256",
"rotationTime": 30,
"maxSecretRotationInterval": 60,
"defaultNotificationMediumId": "01d4b73e-46b3-4347-842d-6b556dc7f9b2",
"recipients": {
"userIds": [
"g1bfrv2idml7sxfb5q70"
],
"tags": [],
"channelIds": null
}
}2. Update Vault
This PATCH method updates the vault details.
Note: To execute this API, the user should have permission assigned (through policy) with the action “sm.vault.update“.
| PATCH | {{url}}//api/v1/secretmanager/vault/<vaultId> |
Request Example
curl -X PATCH '{{url}}/api/v1/secretmanager/vault/<vaultId>' -H 'content-type: application/json' -H "Accept: application/json" -H 'Authorization: Bearer <token>'
-d
'{
"name" : "vault1",
"description" : "vault description1",
"rotationTime": 3,
"maxSecretRotationInterval": 60,
"defaultNotificationMediumId": "01d4b73e-46b3-4347-842d-6b556dc7f9b2",
"recipients": {
"userIds": [
"g1bfrv2idml7sxfb5q70"
],
"tags": [],
"channelIds": null
}
}'
Response Example
| Status: 204 No content |
3. Get Vault Details
This GET method returns the vault details of the current active vault.
Note: To execute this API, the user should have permission assigned (through policy) with the action “sm.vault.read“.
| GET | {{url}}/api/v1/secretmanager/vault |
Response Example
| Status: 200 OK |
{
"id": "d6ff7658-f253-4831-abfa-ce8ea0b16759",
"name": "vault_5dec23",
"description": "created for testing SM-5895",
"lastRotation": "2023-12-05T05:09:55.857Z",
"nextRotation": "2024-02-03T05:09:55.858Z",
"status": "ready",
"encryptionAlgorithm": "AES_256",
"metadata": {
"authz.policy.create": "Allow",
"sm.node.delete": "Allow",
"sm.vault.delete": "Allow",
"sm.key.rotate": "Allow",
"authz.policy.update": "Allow",
"sm.vault.update": "Allow",
"authz.policy.delete": "Allow",
"authz.policy.list": "Allow",
"sm.secret.update": "Allow",
"sm.vault.list": "Allow",
"sm.node.list": "Allow",
"sm.vault.create": "Allow",
"authz.policy.read": "Allow",
"sm.node.create": "Allow",
"sm.vault.read": "Allow"
},
"defaultNotificationMediumId": "b16c5b49-f7f8-4612-9f14-bf7b3fa17ade",
"recipients": {
"userIds": [
"flezj9blrokzakkmlov2",
"k9hv0lowfsg803spfijy",
"s08843npsu8ldtjoeloc"
],
"tags": [
"04x2bi6v1bra1lqsj9ke"
]
},
"maxSecretRotationInterval": 60,
"rotationTime": 60
} 4. Get Vault Details with vaultID
This GET method returns the vault details of the specified <vaultID>.
Note: To execute this API, the user should have permission assigned (through policy) with the action “sm.vault.read“.
| GET | {{url}}/api/v1/secretmanager/vault/<vaultID> |
Request Example
curl -X GET '{{url}}/api/v1/secretmanager/vault/<vaultId>' -H 'Authorization: Bearer <token>' Response Example
| Status: 200 OK |
{
"id": "d6ff7658-f253-4831-abfa-ce8ea0b16759",
"name": "vault_5dec23",
"description": "created for testing SM-5895",
"lastRotation": "2023-12-05T05:09:55.857Z",
"nextRotation": "2024-02-03T05:09:55.858Z",
"status": "ready",
"encryptionAlgorithm": "AES_256",
"metadata": {
"authz.policy.create": "Allow",
"sm.node.delete": "Allow",
"sm.vault.delete": "Allow",
"sm.key.rotate": "Allow",
"authz.policy.update": "Allow",
"sm.vault.update": "Allow",
"authz.policy.delete": "Allow",
"authz.policy.list": "Allow",
"sm.secret.update": "Allow",
"sm.vault.list": "Allow",
"sm.node.list": "Allow",
"sm.vault.create": "Allow",
"authz.policy.read": "Allow",
"sm.node.create": "Allow",
"sm.vault.read": "Allow"
},
"defaultNotificationMediumId": "b16c5b49-f7f8-4612-9f14-bf7b3fa17ade",
"recipients": {
"userIds": [
"flezj9blrokzakkmlov2",
"k9hv0lowfsg803spfijy",
"s08843npsu8ldtjoeloc"
],
"tags": [
"04x2bi6v1bra1lqsj9ke"
]
},
"maxSecretRotationInterval": 60,
"rotationTime": 60
} 5. Delete Vault
This DELETE method deletes the vault specified by the <vaultID>.
Note: To execute this API, the user should have permission assigned (through policy) with the action “sm.vault.delete“.
| DELETE | {{url}}/api/v1/secretmanager/vault/<vaultId> |
Request Example
curl -X DELETE '{{url}}/api/v1/secretmanager/vault/<vaultId>' -H 'Authorization: Bearer <token>'Response Example
| Status: 204 No content |
6. Rotate Key
This POST method rotates the vault encryption key.
Note: To execute this API, the user should have permission assigned (through policy) with the action “sm.key.rotate“.
| POST | {{url}}/api/v1/secretmanager/keys/rotate |
Request Example
curl -X POST '{{url}}/api/v1/secretmanager/keys/rotate' -H 'Authorization: Bearer <token>'Response Example
| Status:202 Accepted |