The Secrets API provides operations to manage Secrets for OPA Teams. Secrets are encrypted key-value pairs used to store sensitive information.
See Secrets.
Resolves the ID or path for a Secret or Secret Folder. Users must be authorized to perform this action by an existing Security Policy.
To resolve the ID, the request must include the named path. To resolve the path, the request must include the ID.
This endpoint requires one of the following roles: authenticated_client
, authenticated_service_user
, security_admin
, delegated_security_admin
.
OK
{- "id": "string",
- "parent_folder_path": "string",
- "project": {
- "id": "string",
- "name": "string"
}, - "resource_group": {
- "id": "string",
- "name": "string"
}, - "secret_folder_name": "string",
- "secret_name": "string"
}
{- "description": "string",
- "id": "string",
- "name": "string",
- "path": [
- {
- "id": "string",
- "name": "string"
}
], - "project": {
- "id": "string",
- "missing": true,
- "name": "string",
- "type": "active_directory_connection"
}, - "resource_group": {
- "id": "string",
- "missing": true,
- "name": "string",
- "type": "active_directory_connection"
}, - "type": "folder"
}
Lists all top-level Secret Folders for a Project. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires the following roles: authenticated_client
, authenticated_service_user
, end_user
.
OK
Forbidden
{- "list": [
- {
- "description": "string",
- "id": "string",
- "name": "string",
- "project": {
- "id": "string",
- "missing": true,
- "name": "string",
- "type": "active_directory_connection"
}, - "resource_group": {
- "id": "string",
- "missing": true,
- "name": "string",
- "type": "active_directory_connection"
}, - "type": "folder"
}
]
}
Creates a Secret Folder. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires the following roles: authenticated_client
, authenticated_service_user
, end_user
.
Created
Forbidden
{- "description": "string",
- "name": "string",
- "parent_folder_id": "string"
}
{- "created_at": "2023-08-25T12:00:00.000000Z",
- "created_by": "string",
- "description": "string",
- "id": "string",
- "name": "string",
- "path": [
- {
- "id": "string",
- "name": "string"
}
], - "updated_at": "2023-08-25T12:00:00.000000Z",
- "updated_by": "string"
}
Retrieves the specified Secret Folder. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires the following roles: authenticated_client
, authenticated_service_user
, end_user
.
OK
Forbidden
{- "created_at": "2023-08-25T12:00:00.000000Z",
- "created_by": "string",
- "description": "string",
- "id": "string",
- "name": "string",
- "path": [
- {
- "id": "string",
- "name": "string"
}
], - "updated_at": "2023-08-25T12:00:00.000000Z",
- "updated_by": "string"
}
Updates the specified Secret Folder. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires the following roles: authenticated_client
, authenticated_service_user
, end_user
.
OK
Forbidden
{- "description": "string",
- "name": "string"
}
{- "created_at": "2023-08-25T12:00:00.000000Z",
- "created_by": "string",
- "description": "string",
- "id": "string",
- "name": "string",
- "path": [
- {
- "id": "string",
- "name": "string"
}
], - "updated_at": "2023-08-25T12:00:00.000000Z",
- "updated_by": "string"
}
Deletes the specified Secret Folder. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires the following roles: authenticated_client
, authenticated_service_user
, end_user
.
No Content
Forbidden
{- "list": [
- {
- "access_credential": "string",
- "brokered": true,
- "conditionals": [
- {
- "access_request_type_id": "string",
- "access_request_type_name": "string",
- "acr_values": "phr",
- "condition_is_met": true,
- "description": "string",
- "expires_after_seconds": 0,
- "type": "access_request"
}
], - "details": {
- "path": [
- {
- "id": "string",
- "name": "string"
}
], - "privileges": {
- "_type": "string",
- "folder_create": true,
- "folder_delete": true,
- "folder_update": true,
- "list": true,
- "secret_create": true,
- "secret_delete": true,
- "secret_reveal": true,
- "secret_update": true
}, - "secret_id": "string",
- "secret_name": "string",
- "_type": "string"
}, - "identity": "string",
- "rule_ids": [
- "string"
], - "security_policy_rule_id": "string",
- "server_id": "string",
- "short_text": "string",
- "sudo_command_bundles": "string",
- "sudo_display_name": "string",
- "user_access_type": "string"
}
]
}
Lists all items in a Secret Folder. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires the following roles: authenticated_client
, authenticated_service_user
, end_user
.
OK
Forbidden
{- "list": [
- {
- "description": "string",
- "id": "string",
- "name": "string",
- "project": {
- "id": "string",
- "missing": true,
- "name": "string",
- "type": "active_directory_connection"
}, - "resource_group": {
- "id": "string",
- "missing": true,
- "name": "string",
- "type": "active_directory_connection"
}, - "type": "folder"
}
]
}
Creates a Secret. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires one of the following roles: authenticated_client
, authenticated_service_user
, end_user
.
Created
Forbidden
{- "description": "string",
- "name": "string",
- "parent_folder_id": "string",
- "secret_jwe": "string"
}
{- "created_at": "2023-08-25T12:00:00.000000Z",
- "created_by": "string",
- "description": "string",
- "id": "string",
- "name": "string",
- "path": [
- {
- "id": "string",
- "name": "string"
}
], - "updated_at": "2023-08-25T12:00:00.000000Z",
- "updated_by": "string"
}
Retrieves the specified Secret. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires one of the following roles: authenticated_client
, authenticated_service_user
, end_user
.
OK
Forbidden
{- "created_at": "2023-08-25T12:00:00.000000Z",
- "created_by": "string",
- "description": "string",
- "id": "string",
- "name": "string",
- "path": [
- {
- "id": "string",
- "name": "string"
}
], - "updated_at": "2023-08-25T12:00:00.000000Z",
- "updated_by": "string"
}
Reveals the specified Secret. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires one of the following roles: authenticated_client
, authenticated_service_user
, end_user
.
required | object (RawJSONWebKey) A JSON Web Key formatted in accordance with RFC 7517. |
OK
Forbidden
{- "public_key": {
- "alg": "RSA-OAEP-256",
- "crv": "P-256",
- "d": "string",
- "dp": "string",
- "dq": "string",
- "e": "string",
- "k": "string",
- "kid": "/regex/",
- "kty": "EC",
- "n": "string",
- "p": "string",
- "q": "string",
- "qi": "string",
- "use": "string",
- "x": "string",
- "x5c": [
- "string"
], - "x5t": "string",
- "x5t#S256": "string",
- "x5u": "string",
- "y": "string"
}
}
{- "created_at": "2023-08-25T12:00:00.000000Z",
- "created_by": "string",
- "description": "string",
- "id": "string",
- "name": "string",
- "path": [
- {
- "id": "string",
- "name": "string"
}
], - "updated_at": "2023-08-25T12:00:00.000000Z",
- "updated_by": "string",
- "secret_jwe": "string"
}
Updates the specified Secret. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires one of the following roles: authenticated_client
, authenticated_service_user
, end_user
.
OK
Forbidden
{- "description": "string",
- "name": "string",
- "parent_folder_id": "string",
- "secret_jwe": "string"
}
{- "created_at": "2023-08-25T12:00:00.000000Z",
- "created_by": "string",
- "description": "string",
- "id": "string",
- "name": "string",
- "path": [
- {
- "id": "string",
- "name": "string"
}
], - "updated_at": "2023-08-25T12:00:00.000000Z",
- "updated_by": "string"
}
Deletes the specified Secret. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires one of the following roles: authenticated_client
, authenticated_service_user
, end_user
.
No Content
Forbidden
{- "list": [
- {
- "access_credential": "string",
- "brokered": true,
- "conditionals": [
- {
- "access_request_type_id": "string",
- "access_request_type_name": "string",
- "acr_values": "phr",
- "condition_is_met": true,
- "description": "string",
- "expires_after_seconds": 0,
- "type": "access_request"
}
], - "details": {
- "path": [
- {
- "id": "string",
- "name": "string"
}
], - "privileges": {
- "_type": "string",
- "folder_create": true,
- "folder_delete": true,
- "folder_update": true,
- "list": true,
- "secret_create": true,
- "secret_delete": true,
- "secret_reveal": true,
- "secret_update": true
}, - "secret_id": "string",
- "secret_name": "string",
- "_type": "string"
}, - "identity": "string",
- "rule_ids": [
- "string"
], - "security_policy_rule_id": "string",
- "server_id": "string",
- "short_text": "string",
- "sudo_command_bundles": "string",
- "sudo_display_name": "string",
- "user_access_type": "string"
}
]
}
Lists all top-level Secret Folders for a Team
This endpoint requires the following roles: security_admin
.
OK
{- "list": [
- {
- "description": "string",
- "id": "string",
- "name": "string",
- "project": {
- "id": "string",
- "missing": true,
- "name": "string",
- "type": "active_directory_connection"
}, - "resource_group": {
- "id": "string",
- "missing": true,
- "name": "string",
- "type": "active_directory_connection"
}, - "type": "folder"
}
]
}
Lists all top-level Secret Folders for a User. Users must be authorized to perform this action by an existing Security Policy.
This endpoint requires one of the following roles: authenticated_client
, authenticated_service_user
, end_user
.
OK
{- "list": [
- {
- "description": "string",
- "id": "string",
- "name": "string",
- "project": {
- "id": "string",
- "missing": true,
- "name": "string",
- "type": "active_directory_connection"
}, - "resource_group": {
- "id": "string",
- "missing": true,
- "name": "string",
- "type": "active_directory_connection"
}, - "type": "folder"
}
]
}