Skip to main content
Version: 3.23

DSM Methods

Introduction

The senhasegura DevOps Secret Management (DSM) offers a rapid and secure way for tools and applications to request confidential information such as secrets, credentials and other sensitive data that are used on DevOps lifecycle.

The purpose of this section is to provide guidance for DevOps teams that need integration with senhasegura to manage all secrets used on their pipeline.

In this section, the following DevOps functions will be covered:

  • Request a secret to be used on an application

  • Provision a new credential to be used on an applications

  • Deprovision a credential

Method

The senhasegura web integration service has a method for query secrets stored in the application.

Query secret

GET https://vault_url/iso/dapp/application 

The application method queries all secrets linked to an application authorization.

Response

FieldTypeDescription
nameStringApplication name
descriptionStringApplication description
tagsStringTags that identify the application
systemStringSecret system
environmentStringSecret environment
secret _idIntegerSecret ID
secret_nameStringSecret Name
identityStringSecret identifier
versionStringSecret version
expiration_dateDate/TimeSecret expiration date
engineStringSecret engine
dataStringSecret values
FieldTypeDescription
nomeStringApplication name.
descriçãoStringApplication description.
tagsStringApplication tags to be used as filters inside senhasegura .
sistemaStringSecret system.
ambienteStringSecret environment.
secret _idIntegerSecret ID.
secret_nameStringSecret name.
identificadorStringSecret identification. Free for use.
versãoStringSecret version number.
expiration_dateDate/TimeSecret expiration time.
motorStringSecret engine.
valoresStringSecret values.
{
"response": {
"status": 200,
"mensagem": "Application 5",
"erro": false,
"message": "Application 5",
"error": false
},
"application": {
"name": "postman",
"description": null,
"tags": [
""
],
"system": "back",
"environment": "test",
"secrets": [
{
"secret_id": "106",
"secret_name": "application5",
"identity": "application5",
"version": "",
"expiration_date": "",
"engine": "Kubernetes",
"data": [
{
"hostname": "application5_v_test",
"username": "ADMIN_V_USR",
"password": "ADMIN_V_PW",
"additional_information": "ADMIN_V_SCHEMA",
"ip": "app.application.com"
},
{
"access_key_id": "LKU5YC6QWAT487S4KEK",
"secret_access_key": "sack10821du07f9sacfsdaasdf",
"TTL": null
},
{
"my_key_name": "my_key_value",
"my_key_name_2": "my_key_value_2"
}
]
}
]
}
}

Provision a credential

POST https://vault_url/iso/coe/dapp/provision 

Create a new credential secret to be used on a container

Parameters

FieldTypeDescriptionRequired
pod_nameStringName of the pod that will use the credentialYes
deployStringName of the deploy that will use the credentialYes
namespaceStringNamespace of the container that will use the credentialYes

Response

FieldTypeDescription
nameStringApplication name
descriptionStringApplication description
tagsStringTags that identify the application
systemStringSecret system
environmentStringSecret environment
secret_idIntegerSecret ID
secret_nameStringSecret Name
identityStringSecret identifier
versionStringSecret version
expiration_dateDate/TimeSecret expiration date
engineStringSecret engine
dataStringSecret values
{
"response": {
"status": 200,
"mensagem": "Application 6",
"erro": false
},
"application": {
"name": "runb",
"description": null,
"tags": [
""
],
"system": "senhasegura",
"environment": "lab",
"secrets": [
{
"secret_id": "3",
"secret_name": "secure-demo",
"identity": "secure-demo",
"version": "",
"expiration_date": "",
"engine": "Kubernetes",
"data": {
"APP_VAR1": "fX6v8vh7TADY",
"APP_VAR2": "vlln0XkBNWIk",
"APP_VAR3": "7qWgm1EBFnQb",
"APP_DB_PASSWORD": "4i8Vm0khqTWs",
"APP_SECRET": "GSePWjXyd91K"
}
}
]
}
}

Deprovision a credential

POST https://vault_url/iso/coe/dapp/deprovision 

Deprovision a credential secret to be used on a container

Parameters

FieldTypeDescriptionRequired
pod_nameStringName of the pod that will use the credentialYes
deployStringName of the deploy that will use the credentialYes
namespaceStringNamespace of the container that will use the credentialYes
secret_idIntegerSecret IDYes