DSM Methods
Introduction
The senhasegura DevOps Secret Management (DSM) offers a rapid and secure way for tools and applications to request confidential information such as secrets, credentials and other sensitive data that are used on DevOps lifecycle.
The purpose of this section is to provide guidance for DevOps teams that need integration with senhasegura to manage all secrets used on their pipeline.
In this section, the following DevOps functions will be covered:
Request a secret to be used on an application
Provision a new credential to be used on an applications
Deprovision a credential
Method
The senhasegura web integration service has a method for query secrets stored in the application.
Query secret
GET https://vault_url/iso/dapp/application
The application method queries all secrets linked to an application authorization.
Response
| Field | Type | Description |
|---|---|---|
| name | String | Application name |
| description | String | Application description |
| tags | String | Tags that identify the application |
| system | String | Secret system |
| environment | String | Secret environment |
| secret _id | Integer | Secret ID |
| secret_name | String | Secret Name |
| identity | String | Secret identifier |
| version | String | Secret version |
| expiration_date | Date/Time | Secret expiration date |
| engine | String | Secret engine |
| data | String | Secret values |
| Field | Type | Description |
|---|---|---|
| nome | String | Application name. |
| descrição | String | Application description. |
| tags | String | Application tags to be used as filters inside senhasegura . |
| sistema | String | Secret system. |
| ambiente | String | Secret environment. |
| secret _id | Integer | Secret ID. |
| secret_name | String | Secret name. |
| identificador | String | Secret identification. Free for use. |
| versão | String | Secret version number. |
| expiration_date | Date/Time | Secret expiration time. |
| motor | String | Secret engine. |
| valores | String | Secret values. |
{
"response": {
"status": 200,
"mensagem": "Application 5",
"erro": false,
"message": "Application 5",
"error": false
},
"application": {
"name": "postman",
"description": null,
"tags": [
""
],
"system": "back",
"environment": "test",
"secrets": [
{
"secret_id": "106",
"secret_name": "application5",
"identity": "application5",
"version": "",
"expiration_date": "",
"engine": "Kubernetes",
"data": [
{
"hostname": "application5_v_test",
"username": "ADMIN_V_USR",
"password": "ADMIN_V_PW",
"additional_information": "ADMIN_V_SCHEMA",
"ip": "app.application.com"
},
{
"access_key_id": "LKU5YC6QWAT487S4KEK",
"secret_access_key": "sack10821du07f9sacfsdaasdf",
"TTL": null
},
{
"my_key_name": "my_key_value",
"my_key_name_2": "my_key_value_2"
}
]
}
]
}
}
Provision a credential
POST https://vault_url/iso/coe/dapp/provision
Create a new credential secret to be used on a container
Parameters
| Field | Type | Description | Required |
|---|---|---|---|
| pod_name | String | Name of the pod that will use the credential | Yes |
| deploy | String | Name of the deploy that will use the credential | Yes |
| namespace | String | Namespace of the container that will use the credential | Yes |
Response
| Field | Type | Description |
|---|---|---|
| name | String | Application name |
| description | String | Application description |
| tags | String | Tags that identify the application |
| system | String | Secret system |
| environment | String | Secret environment |
| secret_id | Integer | Secret ID |
| secret_name | String | Secret Name |
| identity | String | Secret identifier |
| version | String | Secret version |
| expiration_date | Date/Time | Secret expiration date |
| engine | String | Secret engine |
| data | String | Secret values |
{
"response": {
"status": 200,
"mensagem": "Application 6",
"erro": false
},
"application": {
"name": "runb",
"description": null,
"tags": [
""
],
"system": "senhasegura",
"environment": "lab",
"secrets": [
{
"secret_id": "3",
"secret_name": "secure-demo",
"identity": "secure-demo",
"version": "",
"expiration_date": "",
"engine": "Kubernetes",
"data": {
"APP_VAR1": "fX6v8vh7TADY",
"APP_VAR2": "vlln0XkBNWIk",
"APP_VAR3": "7qWgm1EBFnQb",
"APP_DB_PASSWORD": "4i8Vm0khqTWs",
"APP_SECRET": "GSePWjXyd91K"
}
}
]
}
}
Deprovision a credential
POST https://vault_url/iso/coe/dapp/deprovision
Deprovision a credential secret to be used on a container
Parameters
| Field | Type | Description | Required |
|---|---|---|---|
| pod_name | String | Name of the pod that will use the credential | Yes |
| deploy | String | Name of the deploy that will use the credential | Yes |
| namespace | String | Namespace of the container that will use the credential | Yes |
| secret_id | Integer | Secret ID | Yes |