Secrets Manager

manage secrets

Download Spec

get/secrets-manager/api/v1/host-secret/{host_id}

Read host secret metadata for all accounts

host_idstring

required

Responses

Response examples

Returns array of metadata of secrets for host

{
  "metadata": {
    "host_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "access_group_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "address": "string",
    "port": 123,
    "operating_system": "windows",
    "certificate_validation_options": "DISABLED",
    "winrm_host_certificate_trust_anchors": "string",
    "use_main_account": true,
    "main_account": "string",
    "winrm_main_account_password": "string",
    "password_policy_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "script_template_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "created": "2017-01-01T15:05:05Z",
    "updated": "2017-01-01T15:05:05Z",
    "created_by": "string",
    "updated_by": "string"
  },
  "accounts": [
    {
      "account": "string",
      "last_rotated": "2017-01-01T15:05:05Z",
      "last_error": "2017-01-01T15:05:05Z",
      "last_error_details": "string",
      "initial_password": "string"
    }
  ]
}

post/secrets-manager/api/v1/host-secret/{host_id}

secret definitions from admin via host store

metadataobject (metadata)

required

rotating password object

host_idstring

required

once host object saved, added by backend

Format: uuid

access_group_idstring

Specify ID of access group, default access group will be used if ID is not specified. Access group will be checked for WinRM trust anchors if certificate validation option is set to enabled.

Format: uuid

addressstring

required

address of server

portint

required

operating_systemstring

required

Enum: windows
linux

certificate_validation_optionsstring

required

Disable or enable password rotation certificate validation

Enum: DISABLED
ENABLED

winrm_host_certificate_trust_anchorsstring

WinRM host certificate trust anchors in PEM format

use_main_accountboolean

required

rotate passwords of all accounts in host through one account

main_accountstring

required

rotate passwords of all accounts in host through this account

winrm_main_account_passwordstring

if protocol winrm and main account set, this password is stored to vault-v2

password_policy_idstring

required

password policy to be applied

Format: uuid

script_template_idstring

required

script template to be run in host

Format: uuid

createdstring

When the object was created. Added by backend

Format: date-time
Example: "2017-01-01T15:05:05Z"

updatedstring

When the object was updated. Added by backend

Format: date-time
Example: "2017-01-01T15:05:05Z"

created_bystring

added by backend

updated_bystring

added by backend

accountsarray

accountstring

required

username

last_rotatedstring

When last successful rotation. Added by backend

Format: date-time
Example: "2017-01-01T15:05:05Z"

last_errorstring

When last rotation error. Added by backend

Format: date-time
Example: "2017-01-01T15:05:05Z"

last_error_detailsstring

Last rotation error details. Added by backend

initial_passwordstring

initial password to store in vault to start rotation

Responses

Request examples

{
  "metadata": {
    "host_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "access_group_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "address": "string",
    "port": 123,
    "operating_system": "windows",
    "certificate_validation_options": "DISABLED",
    "winrm_host_certificate_trust_anchors": "string",
    "use_main_account": true,
    "main_account": "string",
    "winrm_main_account_password": "string",
    "password_policy_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "script_template_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "created": "2017-01-01T15:05:05Z",
    "updated": "2017-01-01T15:05:05Z",
    "created_by": "string",
    "updated_by": "string"
  },
  "accounts": [
    {
      "account": "string",
      "last_rotated": "2017-01-01T15:05:05Z",
      "last_error": "2017-01-01T15:05:05Z",
      "last_error_details": "string",
      "initial_password": "string"
    }
  ]
}

Response examples

Returns stored metadata + account array of secret for host

{
  "metadata": {
    "host_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "access_group_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "address": "string",
    "port": 123,
    "operating_system": "windows",
    "certificate_validation_options": "DISABLED",
    "winrm_host_certificate_trust_anchors": "string",
    "use_main_account": true,
    "main_account": "string",
    "winrm_main_account_password": "string",
    "password_policy_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "script_template_id": "5bf77342-221c-11ee-be56-0242ac120002",
    "created": "2017-01-01T15:05:05Z",
    "updated": "2017-01-01T15:05:05Z",
    "created_by": "string",
    "updated_by": "string"
  },
  "accounts": [
    {
      "account": "string",
      "last_rotated": "2017-01-01T15:05:05Z",
      "last_error": "2017-01-01T15:05:05Z",
      "last_error_details": "string",
      "initial_password": "string"
    }
  ]
}

delete/secrets-manager/api/v1/host-secret/{host_id}

delete secret from admin via host store

host_idstring

required

Responses

Response examples

Host secret deleted

Empty response

Was this page helpful?