Manage Vault
- Print
- PDF
Manage Vault
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The following Britive API methods help you to manage operations related to the Britive vault.
1. Create Vault
The POST method creates a vault for the Secrets manager. Only an administrator can create a vault.
Note: To execute this API, the user should have permission assigned (through policy) with the action sm.vault.create.
| POST | {{url}}/api/v1/secretmanager/vault |
Request Example
curl -X POST '{{url}}/api/v1/secretmanager/vault' -H 'content-type: application/json' -H "Accept: application/json" -H 'Authorization: Bearer <token> \
-d
{
"name": "BritiveVault",
"description": "Test vault",
"rotationTime": 30,
"maxSecretRotationInterval": 60,
"encryptionAlgorithm": "AES_256",
"defaultNotificationMediumId": "01d4b73e-46b3-4347-842d-6b556dc7f9b2",
"recipients": {
"userIds": [
"g1bfrv2idml7sxfb5q70"
],
"tags": [],
"channelIds": []
}
}Response Example
| Status: 201 Created |
{
"name": "BritiveVault",
"description": "Test vault",
"lastRotation": "2021-09-28 03:49:07",
"nextRotation": "2021-10-28 03:49:07",
"status": "ready",
"encryptionAlgorithm": "AES_256",
"rotationTime": 30,
"maxSecretRotationInterval": 60,
"defaultNotificationMediumId": "01d4b73e-46b3-4347-842d-6b556dc7f9b2",
"recipients": {
"userIds": [
"g1bfrv2idml7sxfb5q70"
],
"tags": [],
"channelIds": null
}
}2. Update Vault
This PATCH method updates the vault details.
Note: To execute this API, the user should have permission assigned (through policy) with the action “sm.vault.update“.
| PATCH | {{url}}//api/v1/secretmanager/vault/<vaultId> |
Request Example
curl -X PATCH '{{url}}/api/v1/secretmanager/vault/<vaultId>' -H 'content-type: application/json' -H "Accept: application/json" -H 'Authorization: Bearer <token>'
-d
'{
"name" : "vault1",
"description" : "vault description1",
"rotationTime": 3,
"maxSecretRotationInterval": 60,
"defaultNotificationMediumId": "01d4b73e-46b3-4347-842d-6b556dc7f9b2",
"recipients": {
"userIds": [
"g1bfrv2idml7sxfb5q70"
],
"tags": [],
"channelIds": null
}
}'
Response Example
| Status: 204 No content |
3. Get Vault Details
This GET method returns the vault details of the current active vault.
Note: To execute this API, the user should have permission assigned (through policy) with the action “sm.vault.read“.
| GET | {{url}}/api/v1/secretmanager/vault |
Response Example
| Status: 200 OK |
{
"id": "d6ff7658-f253-4831-abfa-ce8ea0b16759",
"name": "vault_5dec23",
"description": "created for testing SM-5895",
"lastRotation": "2023-12-05T05:09:55.857Z",
"nextRotation": "2024-02-03T05:09:55.858Z",
"status": "ready",
"encryptionAlgorithm": "AES_256",
"metadata": {
"authz.policy.create": "Allow",
"sm.node.delete": "Allow",
"sm.vault.delete": "Allow",
"sm.key.rotate": "Allow",
"authz.policy.update": "Allow",
"sm.vault.update": "Allow",
"authz.policy.delete": "Allow",
"authz.policy.list": "Allow",
"sm.secret.update": "Allow",
"sm.vault.list": "Allow",
"sm.node.list": "Allow",
"sm.vault.create": "Allow",
"authz.policy.read": "Allow",
"sm.node.create": "Allow",
"sm.vault.read": "Allow"
},
"defaultNotificationMediumId": "b16c5b49-f7f8-4612-9f14-bf7b3fa17ade",
"recipients": {
"userIds": [
"flezj9blrokzakkmlov2",
"k9hv0lowfsg803spfijy",
"s08843npsu8ldtjoeloc"
],
"tags": [
"04x2bi6v1bra1lqsj9ke"
]
},
"maxSecretRotationInterval": 60,
"rotationTime": 60
} 4. Get Vault Details with vaultID
This GET method returns the vault details of the specified <vaultID>.
Note: To execute this API, the user should have permission assigned (through policy) with the action “sm.vault.read“.
| GET | {{url}}/api/v1/secretmanager/vault/<vaultID> |
Request Example
curl -X GET '{{url}}/api/v1/secretmanager/vault/<vaultId>' -H 'Authorization: Bearer <token>' Response Example
| Status: 200 OK |
{
"id": "d6ff7658-f253-4831-abfa-ce8ea0b16759",
"name": "vault_5dec23",
"description": "created for testing SM-5895",
"lastRotation": "2023-12-05T05:09:55.857Z",
"nextRotation": "2024-02-03T05:09:55.858Z",
"status": "ready",
"encryptionAlgorithm": "AES_256",
"metadata": {
"authz.policy.create": "Allow",
"sm.node.delete": "Allow",
"sm.vault.delete": "Allow",
"sm.key.rotate": "Allow",
"authz.policy.update": "Allow",
"sm.vault.update": "Allow",
"authz.policy.delete": "Allow",
"authz.policy.list": "Allow",
"sm.secret.update": "Allow",
"sm.vault.list": "Allow",
"sm.node.list": "Allow",
"sm.vault.create": "Allow",
"authz.policy.read": "Allow",
"sm.node.create": "Allow",
"sm.vault.read": "Allow"
},
"defaultNotificationMediumId": "b16c5b49-f7f8-4612-9f14-bf7b3fa17ade",
"recipients": {
"userIds": [
"flezj9blrokzakkmlov2",
"k9hv0lowfsg803spfijy",
"s08843npsu8ldtjoeloc"
],
"tags": [
"04x2bi6v1bra1lqsj9ke"
]
},
"maxSecretRotationInterval": 60,
"rotationTime": 60
} 5. Delete Vault
This DELETE method deletes the vault specified by the <vaultID>.
Note: To execute this API, the user should have permission assigned (through policy) with the action “sm.vault.delete“.
| DELETE | {{url}}/api/v1/secretmanager/vault/<vaultId> |
Request Example
curl -X DELETE '{{url}}/api/v1/secretmanager/vault/<vaultId>' -H 'Authorization: Bearer <token>'Response Example
| Status: 204 No content |
6. Rotate Key
This POST method rotates the vault encryption key.
Note: To execute this API, the user should have permission assigned (through policy) with the action “sm.key.rotate“.
| POST | {{url}}/api/v1/secretmanager/keys/rotate |
Request Example
curl -X POST '{{url}}/api/v1/secretmanager/keys/rotate' -H 'Authorization: Bearer <token>'Response Example
| Status:202 Accepted |
Was this article helpful?
