- Overview
- Resources
- API summary
- Create a new secret
- List secrets
- Update a secret
- Delete a secret
- Get a secret
- Create a secret store
- List secret stores
- Update a secret store
- Delete a secret store
- Get a secret store
- Update credentials
- Get credentials
- Update token settings
- Get token settings
- Update TLS settings
- Get TLS settings
- Data
- Errors
Aura Secret Management API v1
Create and manage an external TLS secret store.
Learn more:
- Download this API’s RAML and JSON schema descriptors.
Overview
This API allows an LCDN operator to configure the AMC to communicate with an external secret store for storing TLS secrets. The API supports only secret stores based on Hashicorp-Vault. Hashicorp-Vault is an open source secret management solution that secures, stores, and controls access to tokens, passwords, certificates, API keys and other secrets. For more information about Hashicorp-Vault, see the Hashicorp site.
The Aura LCDN supports HTTPS traffic delivery for Content Providers. HTTPS traffic delivery requires that HPC nodes use TLS certificates signed by trusted Certificate Authorities. The TLS certificates and associated private keys are collectively referred to as “secrets.”
Getting started
Before you use the Aura Secret Management API for the first time, you need to obtain an authorization token by creating and registering an application using the Aura Management Center (AMC). For detailed information about obtaining a token, see the “Managing OAuth2 Applications” section in the latest version of the Aura LCDN Administration Guide.
Concurrency control
To make sure that API clients do not overwrite each other’s data, this API supports optimistic concurrency control for PUT operations by including an Etag header. When the client updates a resource, it can include an optional
If-Match header with the ETag header value it received from the GET. When the client provides an If-Match header, the request succeeds if the state matches what the client is updating as indicated by the ETag. Otherwise, it issues a 412 error.
Resources
This section provides details on the API’s various operations.
Here are all the conceptual objects you interact with in this API.
Secret. A secret is a secure object that stores sensitive data such as TLS certificates and associated private keys, in a secret store.
Secret Store. A secret store is a server used to secure, store, and control access to tokens, passwords, certificates, and other secrets. When configured, the HPC requests the required secrets when needed using encrypted API calls to the secret store.
Token. The secret store provides the token, a random string of characters that serve as credentials, to authorize access to protected resources.
User credentials. The user name and password used to access the secret store.
API summary
Download the RAML descriptors for this API.
| Operation | Method | Endpoint |
|---|---|---|
| Secrets | ||
| Create a new secret | POST | /api/ |
| List secrets | GET | /api/ |
| Update a secret | PUT | /api/ |
| Delete a secret | DELETE | /api/ |
| Get a secret | GET | /api/ |
| Secret stores | ||
| Create a secret store | POST | /api/ |
| List secret stores | GET | /api/ |
| Update a secret store | PUT | /api/ |
| Delete a secret store | DELETE | /api/ |
| Get a secret store | GET | /api/ |
| Update credentials | PUT | /api/ |
| Get credentials | GET | /api/ |
| Update token settings | PUT | /api/ |
| Get token settings | GET | /api/ |
| Update TLS settings | PUT | /api/ |
| Get TLS settings | GET | /api/ |
Create a new secret
This operation creates a new secret. A secret is a secure object that stores sensitive data such as TLS certificates and associated private keys.
POST /api/
Content-Type: application/json
Object type: Secret
Download schema: secret.create.schema.json
Request body:
{
"name": "test-secret",
"secretStoreId": 2,
"type": "CERTIFICATE_KEY_BUNDLE",
"secretUri": "/v1/data/secrets/123"
}
Status 201
application/json
Headers:
Location: https://akzz-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net/api/secret-management/v1/secrets/1
Object type: Secret
Download schema: secret.full.schema.json
Response body:
{
"secretId": 1,
"name": "test-secret",
"secretStoreId": 2,
"type": "CERTIFICATE_KEY_BUNDLE",
"secretUri": "/v1/data/secrets/123"
}
List secrets
This operation returns a list of all configured secrets.
GET /api/
Status 200
application/json
Object type: Secret
Download schema: secret.collection.schema.json
Response body:
{
"secretStores": [
{
"secretStoreId": 1,
"type": "VAULT",
"hostname": "test.server.com"
}
],
"page": {
"pageNumber": 1,
"pageSize": 100,
"totalPages": 1,
"totalResults": 1
}
}
To get a list of configured secrets, make a GET request to
/api/. Store the relevantsecret-management/ v1/ secrets secretIdvalue from the response.Make a GET request to
/api/.secret-management/ v1/ secrets/ {secretId} The operation responds with a Secret object.
Update a secret
This operation modifies the details of the secret.
PUT /api/
Sample: /api/
Content-Type: application/json
Object type: Secret
Download schema: secret.full.schema.json
Request body:
{
"secretId": 1,
"name": "test-secret",
"secretStoreId": 2,
"type": "CERTIFICATE_KEY_BUNDLE",
"secretUri": "/v1/data/secrets/123"
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretId |
Integer | 1 |
Uniquely identifies a secret. |
Status 200
application/json
Object type: Secret
Download schema: secret.full.schema.json
Response body:
{
"secretId": 1,
"name": "test-secret",
"secretStoreId": 2,
"type": "CERTIFICATE_KEY_BUNDLE",
"secretUri": "/v1/data/secrets/123"
}
To get a list of all configured secrets, make a GET request to
/api/. Store thesecret-management/ v1/ secrets secretIdvalue from the relevant secrets in the response.Make a GET request to
/api/.secret-management/ v1/ secrets/ {secretId} Update the appropriate object members in the Secret object.
PUT the object back to the same URL.
The operation responds with the updated Secret object.
Delete a secret
This operation deletes the reference to a secret, which is stored on the remote secret store. You cannot delete the reference to a secret if the API detects that the secret is currently in use.
DELETE /api/
Sample: /api/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretId |
Integer | 1 |
Uniquely identifies a secret. |
Status 204
To get a list of all configured secrets, make a GET request to
/api/. Store the relevantsecret-management/ v1/ secrets secretIdvalue from the response.Make a DELETE request to
/api/.secret-management/ v1/ secrets/ {secretId}
Get a secret
This operation retrieves the details of the secret.
GET /api/
Sample: /api/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretId |
Integer | 1 |
Uniquely identifies a secret. |
Status 200
application/json
Object type: Secret
Download schema: secret.full.schema.json
Response body:
{
"secretId": 1,
"name": "test-secret",
"secretStoreId": 2,
"type": "CERTIFICATE_KEY_BUNDLE",
"secretUri": "/v1/data/secrets/123"
}
To get a list of configured secrets, make a GET request to
/api/. Store the relevantsecret-management/ v1/ secrets/ secretIdvalue from the response.Make a GET request to
/api/.secret-management/ v1/ secrets/ {secretId} The operation responds with a Secret object.
Create a secret store
This operation creates a new secret store. A secret store is a server used to secure, store, and control access to tokens, passwords, certificates, and other secrets.
POST /api/
Content-Type: application/json
Object type: SecretStore
Download schema: secret-store.create.schema.json
Request body:
{
"type": "VAULT",
"hostname": "test.server.com",
"username": "test_user",
"password": "example_password",
"token": "95eba8ed-f6fc-958a-f490-c7fd0eda5e9e",
"caCertificates": "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgIJANE7xHqsKGMkMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV\nBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMREwDwYDVQQHDAhXZXN0Zm9y\nZDEXMBUGA1UEAwwOd3d3Lm1hZGJvYS5jb20wHhcNMTUwMzA5MTUyOTUyWhcNMjUw\nMzA2MTUyOTUyWjBRMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0\nczERMA8GA1UEBwwIV2VzdGZvcmQxFzAVBgNVBAMMDnd3dy5tYWRib2EuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8pN2qqE90CtZs3hEBg3BJ88\ntX98BZNEpv8OD4wYbaOFx9i1FXvfk3/ii5zwwuO+LlJjzGGXHFV3WruFuWTdKnbG\n4OPO5FAaxhMzujUhcvmpoLdzIwOq+OHxnH/mFApti5a/Sa8DrwIDmFJlKuQC88GD\nZu88LCWq55OX4FyvihWG/R1hJ4BveV8Ip3YDDr3uJGrLF4iZKBfdILRaPJX48Muj\nXr8q4Ps4qd6oWbOqQLCcVsB4D9uFdoRua4JIRZXIJHyi/S/K5aCzP6/+0wgVWwBy\niqNkiycIRPLZcCPrsDa0XdDrWJGNb8wbXpvoRMv/TYZUPjRvsi8TwI1s/PCLBwID\nAQABo1AwTjAdBgNVHQ4EFgQUFxj1KAd5MPSwJPLrpzEnP2fCj3IwHwYDVR0jBBgw\nFoAUFxj1KAd5MPSwJPLrpzEnP2fCj3IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\nAQsFAAOCAQEAJOM8D7HhJK1yZvMhK7SHm/W4jfU+SuXLLUM5pZgEXBJNRoryfQGw\n02LtvhF4Y80uA22ikdVpjrryjDXK4kew0Q3bb8B/dzC22kSR2+/GQ1ket+zj6ubc\nYJt6zNAuckEjSqXciVtRXU+wuHQ99ClbrzDOzirgZTKUHy55JX5lJPU2dUqV+6vy\nMgmdZlK/SfTgqLHdCRpBfGnOFQj9ctbr4urLqo1rx4oIevpTeUfF991bRnWAGWZu\nUu8BEbeCFenVrOoG17wiVamRXLbhLqW99tUrYyCj66ap/btvILZj4LSwsnGpKOGE\nHU4i54Bgh39o77YI3TctfBl+lky3scyHLA==\n-----END CERTIFICATE-----",
"clientTlsCertificate": "-----BEGIN CERTIFICATE-----\nMIIGTjCCBDagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVT\nMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRcwFQYDVQQDDA5sY2RuLmRvY2tlci5jYTEgMB4GCSqGSIb3DQEJ\nARYRbm9ib2R5QGFrYW1haS5jb20wHhcNMTcwNjE1MTQyMjAzWhcNNDQxMDMwMTQy\nMjAzWjCBmTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRQwEgYDVQQDDAtKVW5pdCBUZXN0czEfMB0GCSqGSIb3DQEJARYQ\nanVuaXRAYWthbWFpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALXVfrXTzUhFY9RVNPP7ghE/qngf5xhzvlHQav9x6vUkHSbcvBr8tpuV3fjdMua7\ntNgH8AL/B3h8boD4kZZWDGlz7HmA2AH1Lvq3FBY6jY3VusbfK+X3VOZ7cmecYv9l\n9Rpk20vZrWXI8WnPlYrhmC639GhQ4ZPJy69XQD28dvXGw7usCbs3BZdqi4A2CiNG\nmFiTZyFBh1V4WSkWsaah2MA3XDlx/cxl1wC8bIMm8pQE1cWGzF2R6MOJqy4CMWxi\nVkBomGEOq/7rkuiXBlDQZ/E5M3vEM44BjH0sUrF9xydWvtW856blrosoevD3sOt1\novDgZzXFCABnACzVe/iMYS8CAwEAAaOCAYQwggGAMAkGA1UdEwQCMAAwEQYJYIZI\nAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBT\nZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIub/DhaKcLxfbxpTcw8YdiT5O9H\nMIHmBgNVHSMEgd4wgduAFATfWUDHxy1CWxSHYJLxJqDiHhI2oYG3pIG0MIGxMQsw\nCQYDVQQGEwJVUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAG\nA1UECgwZQWthbWFpIFRlY2hub2xvZ2llcywgSW5jLjEiMCAGA1UECwwZQ2Fycmll\nciBQcm9kdWN0cyBEaXZpc2lvbjEXMBUGA1UEAwwObGNkbi5kb2NrZXIuY2ExIDAe\nBgkqhkiG9w0BCQEWEW5vYm9keUBha2FtYWkuY29tggkAz0/BS2yHqvAwDgYDVR0P\nAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IC\nAQDAqO8TYIYmPmtlkctmdYpAjyHrezyOvQqISI1puzUZiv45r1RLJdnx61hCeZXr\naIYgtsPco7yzZP1kmpb1VifJuVzX84MqoJlmIJsSlR7n3cu64qUe0eSs3ZnkFw1d\nWWz0UzWeMYU9f4hf9QPiFV15VjwpWOpwOeuBOoX1eIEQbd8dpIh05TgU6UV6cyTR\nLPImlFhqEKb5uQPUMf4jjnbgiMI+DRWiCElYJ1l3wS1xbVaqaQQaCmsPfvKQ9oIe\nO/HeEpdFtT6pgMaPB7cnxHnMArVGaWLeApnuIvSvbziLU2pA2IUIvktINoSbXMiN\nP/5IDt3CBLs7bMpeUTclo7W58H5m1UEGmfTjl4HmSEIuyXBREx49S8dvgrijvLsS\nGBAeV2JYovAgn0Jz2vD7zWD8QoacOsiu7UUnnBWhY+Lb2xB4w2tfCAfkzhfOt4Cr\nu6iSHiyQH0MwZXFSkfGtEMG40MW/UTWbBbYqCML3YDR3Ncbj8toiyWKTkkDBL6LJ\nlNfRWm955Q85bcrBseAY94wyCsnv9JhLvIq/RrLZqjv/8GOol/P0kzL1TIFBbP6G\nI576UQ9nrWO+oFcC9CYq9OnMKDYuwQ6a1/d1i8dhj3HwPakrS8hLGe5PgNM983f8\n3VfxMEPxHp0J3lYQDslGHURspHGRVRRvaUZeLvk8lmnf1g==\n-----END CERTIFICATE-----\n",
"clientTlsCertificateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAtdV+tdPNSEVj1FU08/uCET+qeB/nGHO+UdBq/3Hq9SQdJty8\nGvy2m5Xd+N0y5ru02AfwAv8HeHxugPiRllYMaXPseYDYAfUu+rcUFjqNjdW6xt8r\n5fdU5ntyZ5xi/2X1GmTbS9mtZcjxac+ViuGYLrf0aFDhk8nLr1dAPbx29cbDu6wJ\nuzcFl2qLgDYKI0aYWJNnIUGHVXhZKRaxpqHYwDdcOXH9zGXXALxsgybylATVxYbM\nXZHow4mrLgIxbGJWQGiYYQ6r/uuS6JcGUNBn8Tkze8QzjgGMfSxSsX3HJ1a+1bzn\npuWuiyh68Pew63Wi8OBnNcUIAGcALNV7+IxhLwIDAQABAoIBAF/tJ5GpES1FXisQ\nYIUudCnBWp9QxUvDE+55c1kbsgZtbOupm5rpIzTlVVsK5uWOtRMa7OXHwRsxGeL0\nP2n+L0Iao/Bdppcxz/z4RKKNdUwUKxrrdW82khWdnndGq3ttQGcSOhbD2ZRO8/0M\nRComZXCQH2JA+SBMXyY7c2qeWGvD8oeCFVW+NLTBe3SZBvEzYz4ZvFOG/jTX9P79\noCvgPIoCneu9W3c1ZbizOzQsV7OW6qBmuqwoJHRZ+8mYXCrPEx7SUyzp4/TYcF+d\nn+MDfNxVvLxkh4dpKsa/icsw1JJTxDq9TBw44lHtnfNpi1OWBh027p6KnjWPU0Aa\n+y/SdLECgYEA37XRzMG31+Na0LqSzQm/szA62bG/EYzD7fuybmu6r0Hr2hy4yPlB\nAwbycqAevCKF3r7/z2eJJegC0/l+7YQI5Zt098lCbFBd7WBHS2zf/nH7+KL6rdfG\nHlcKMR6g3h7n3A7Z5UnqO1Xw0gvi/UchLrYh6T9N8WazJAp1F9ForZUCgYEA0BRU\nuv+4SvVd7vFhGxyemcygrt1Sb+QshPPTPv+a/00bN5s9ksweOzFFQp4KieBwZDdI\nXlZYQBeO9HDbitkWTCBm7cRwQ8dH9kyhxknX3Cm6iL1//0NXF30HdNpiiDCEosjF\nXtkLCim2IL/xsC7fBbeHvr2Lth6hRNJv08aaerMCgYEAuMogpikyajNUVex3zMSL\nxEFHq4EGmkGTqqZpaoq0Z4ZlgwKMpP43dH+tj3+yQ6ekuy08c59Li7NNermx3hJd\nowQ5p2Bo7L2qCKWp3qTtlemjwGsn9Key8GbndVGegjw3O/BMjvjycdb4mRjWhG7X\n+xTZiCkRgiFaQqAcvvLsq80CgYEAmSiN4YL+tPX8aTd0wY8EUrKjB3NTDZcHCemq\n8TEVdpvbz8dNwDLMgcdXcpx/p1Lzh2CFvSKTHMH6cIRtpLr7xZcIDDVOaSVTG8D2\nRsztvVlduu65Ozvm7BwUk/d3FUWZK3TaimD51kYzj9GY5ZTqhfu8SDKelrPfAphe\nxaPm6y8CgYEApoObwhaX4d2NChFSAvaVNmyt5huXdIQ6JBzW/zFlgxA6f24H4Wxg\nw65RHeXr3m84HuHt+hl5pZS0dxDKQrCjxwY88xJP8MY1+eaMzZvDTCjInWUzHBD0\nvXEjh6gigJXD30VXF5GxO0gmkm5OcgmhOKGOq0gTRrSVmRrwNHCnE+E=\n-----END RSA PRIVATE KEY-----",
"managementLoginUri": "/v1/auth/userpass/login",
"managementTokenRenewalUri": "/v1/auth/token/renew",
"serviceLoginUri": "/v1/auth/token/create",
"serviceTokenRenewalUri": "/v1/auth/token/renew"
}
Status 201
application/json
Headers:
Location: https://akzz-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net/api/secret-management/v1/secret-stores/1
Object type: SecretStore
Download schema: secret-store.read-detailed.schema.json
Response body:
{
"secretStoreId": 1,
"type": "VAULT",
"hostname": "test.server.com",
"username": "test_user",
"tokenLastUpdated": "2019-04-02T22:40:56.245+0000",
"caCertificatesDetails": [
{
"fingerprints": {
"sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
"sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
},
"validity": {
"notBefore": "2017-06-15T14:22:03.000+0000",
"notAfter": "2044-10-30T14:22:03.000+0000"
},
"issuedTo": {
"commonName": "JUnit Tests",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division",
"serial": "10:00"
},
"issuedBy": {
"commonName": "lcdn.docker.ca",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division"
}
}
],
"clientTlsCertificateDetails": [
{
"fingerprints": {
"sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
"sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
},
"validity": {
"notBefore": "2015-03-09T15:29:52.000+0000",
"notAfter": "2025-03-06T15:29:52.000+0000"
},
"issuedTo": {
"commonName": "www.akamai.com",
"serial": "D1:3B:C4:7A:AC:28:63:24"
},
"issuedBy": {
"commonName": "www.akamai.com"
}
}
],
"managementLoginUri": "/v1/auth/userpass/login",
"managementTokenRenewalUri": "/v1/auth/token/renew",
"serviceLoginUri": "/v1/auth/token/create",
"serviceTokenRenewalUri": "/v1/auth/token/renew"
}
Build a new SecretStore object.
POST the object to
/api/.secret-management/ v1/ secret-stores The
Locationresponse header provides a link where you can get the newly-created SecretStore.
List secret stores
This operation returns a list of all configured secret stores.
GET /api/
Status 200
application/json
Object type: SecretStore
Download schema: secret-store.collection.schema.json
Response body:
{
"secretStores": [
{
"secretStoreId": 1,
"type": "VAULT",
"hostname": "test.server.com"
}
],
"page": {
"pageNumber": 1,
"pageSize": 100,
"totalPages": 1,
"totalResults": 1
}
}
To get a list of all configured secret stores, make a GET request to
/api/. Store the relevantsecret-management/ v1/ secret-stores secretStoreIdvalue from the response.Make a GET request to
/api/.secret-management/ v1/ secret-stores/ {secretStoreId} The operation responds with a SecretStore object.
Update a secret store
This operation modifies the details of the secret store.
PUT /api/
Sample: /api/
Content-Type: application/json
Object type: SecretStore
Download schema: secret-store.update.schema.json
Request body:
{
"type": "VAULT",
"hostname": "test.server.com",
"managementLoginUri": "/v1/auth/userpass/login",
"managementTokenRenewalUri": "/v1/auth/token/renew",
"serviceLoginUri": "/v1/auth/token/create",
"serviceTokenRenewalUri": "/v1/auth/token/renew"
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretStoreId |
Integer | 1 |
Uniquely identifies a secret store. |
Status 200
application/json
Object type: SecretStore
Download schema: secret-store.read-detailed.schema.json
Response body:
{
"secretStoreId": 1,
"type": "VAULT",
"hostname": "test.server.com",
"username": "test_user",
"tokenLastUpdated": "2019-04-02T22:40:56.245+0000",
"caCertificatesDetails": [
{
"fingerprints": {
"sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
"sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
},
"validity": {
"notBefore": "2017-06-15T14:22:03.000+0000",
"notAfter": "2044-10-30T14:22:03.000+0000"
},
"issuedTo": {
"commonName": "JUnit Tests",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division",
"serial": "10:00"
},
"issuedBy": {
"commonName": "lcdn.docker.ca",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division"
}
}
],
"clientTlsCertificateDetails": [
{
"fingerprints": {
"sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
"sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
},
"validity": {
"notBefore": "2015-03-09T15:29:52.000+0000",
"notAfter": "2025-03-06T15:29:52.000+0000"
},
"issuedTo": {
"commonName": "www.akamai.com",
"serial": "D1:3B:C4:7A:AC:28:63:24"
},
"issuedBy": {
"commonName": "www.akamai.com"
}
}
],
"managementLoginUri": "/v1/auth/userpass/login",
"managementTokenRenewalUri": "/v1/auth/token/renew",
"serviceLoginUri": "/v1/auth/token/create",
"serviceTokenRenewalUri": "/v1/auth/token/renew"
}
To generate a list of all configured secret stores, make a GET request to
/api/. Store thesecret-management/ v1/ secret-stores secretIdvalue from the relevant secret stores in the response.Make a GET request to
/api/.secret-management/ v1/ secret-stores/ {secretStoreId} Update the appropriate object members in the SecretStore object.
PUT the object back to the same URL.
The operation responds with the updated SecretStore object.
Delete a secret store
This operation deletes the details of the secret store.
DELETE /api/
Sample: /api/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretStoreId |
Integer | 1 |
Uniquely identifies a secret store. |
Status 204
To get a list of all configured secret stores, make a GET request to
/api/. Store the relevantsecret-management/ v1/ secret-stores secretStoreIdvalue from the response.Make a DELETE request to
/api/.secret-management/ v1/ secret-stores/ {secretStoreId}
Get a secret store
This operation retrieves the details of the secret store.
GET /api/
Sample: /api/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretStoreId |
Integer | 1 |
Uniquely identifies a secret store. |
Status 200
application/json
Object type: SecretStore
Download schema: secret-store.read-detailed.schema.json
Response body:
{
"secretStoreId": 1,
"type": "VAULT",
"hostname": "test.server.com",
"username": "test_user",
"tokenLastUpdated": "2019-04-02T22:40:56.245+0000",
"caCertificatesDetails": [
{
"fingerprints": {
"sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
"sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
},
"validity": {
"notBefore": "2017-06-15T14:22:03.000+0000",
"notAfter": "2044-10-30T14:22:03.000+0000"
},
"issuedTo": {
"commonName": "JUnit Tests",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division",
"serial": "10:00"
},
"issuedBy": {
"commonName": "lcdn.docker.ca",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division"
}
}
],
"clientTlsCertificateDetails": [
{
"fingerprints": {
"sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
"sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
},
"validity": {
"notBefore": "2015-03-09T15:29:52.000+0000",
"notAfter": "2025-03-06T15:29:52.000+0000"
},
"issuedTo": {
"commonName": "www.akamai.com",
"serial": "D1:3B:C4:7A:AC:28:63:24"
},
"issuedBy": {
"commonName": "www.akamai.com"
}
}
],
"managementLoginUri": "/v1/auth/userpass/login",
"managementTokenRenewalUri": "/v1/auth/token/renew",
"serviceLoginUri": "/v1/auth/token/create",
"serviceTokenRenewalUri": "/v1/auth/token/renew"
}
To get a list of all configured secret stores, make a GET request to
/api/. Store the relevantsecret-management/ v1/ secret-stores/ secretStoreIdvalue from the response.Make a GET request to
/api/.secret-management/ v1/ secret-stores/ {secretStoreId} The operation responds with a SecretStore object.
Update credentials
This operation updates the user credentials settings for the secret store.
PUT /api/
Sample: /api/
Content-Type: application/json
Object type: UserCredentials
Download schema: user-credentials.update.schema.json
Request body:
{
"username": "test_user",
"password": "example_password"
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretStoreId |
Integer | 1 |
Uniquely identifies a secret store. |
Status 200
application/json
Object type: UserCredentials
Download schema: user-credentials.read.schema.json
Response body:
{
"username": "test_user"
}
To get a list of all configured user credential settings, make a GET request to
/api/. Store thesecret-management/ v1/ secret-stores/user-credentials secretStoreIdvalue from the relevant user credential settings in the response.Make a GET request to
/api/.secret-management/ v1/ secret-stores/ {secretStoreId}/ user-credentials Update the appropriate object members in the UserCredentials object.
PUT the object back to the same URL.
The operation responds with the updated UserCredentials object.
Get credentials
This operation retrieves the user credentials settings for the secret store.
GET /api/
Sample: /api/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretStoreId |
Integer | 1 |
Uniquely identifies a secret store. |
Status 200
application/json
Object type: UserCredentials
Download schema: user-credentials.read.schema.json
Response body:
{
"username": "test_user"
}
To get a list of user credentials settings for the secret store, make a GET request to
/api/. Store the relevantsecret-management/ v1/ secret-stores/user-credentials secretStoreIdvalue from the response.Make a GET request to
/api/.secret-management/ v1/ secret-stores/ {secretStoreId}/ user-credentials The operation responds with a UserCredentials object.
Update token settings
This operation updates the token settings for the secret store.
PUT /api/
Sample: /api/
Content-Type: application/json
Object type: Token
Download schema: token.update.schema.json
Request body:
{
"token": "95eba8ed-f6fc-958a-f490-c7fd0eda5e9e"
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretStoreId |
Integer | 1 |
Uniquely identifies a secret store. |
Status 200
application/json
Object type: Token
Download schema: token.read.schema.json
Response body:
{
"tokenLastUpdated": "2019-04-02T22:40:56.245+0000"
}
To generate a list of all configured token settings for the secret store, make a GET request to
/api/. Store thesecret-management/ v1/ secret-stores/ token secretStoreIdfrom the response.Make a GET request
/api/.secret-management/ v1/ secret-stores/ {secretStoreId}/ token Update the appropriate object members in the Token object.
PUT the object back to the same URL.
The operation responds with the updated Token object.
Get token settings
This operation retrieves the token settings for the secret store.
GET /api/
Sample: /api/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretStoreId |
Integer | 1 |
Uniquely identifies a secret store. |
Status 200
application/json
Object type: Token
Download schema: token.read.schema.json
Response body:
{
"tokenLastUpdated": "2019-04-02T22:40:56.245+0000"
}
To get a list of token settings for the secret store, make a GET request to
/api/. Store the relevantsecret-management/ v1/ secret-stores/token secretStoreIdvalue from the response.Make a GET request to
/api/.secret-management/ v1/ secret-stores/ {secretStoreId}/ token The operation responds with a Token object.
Update TLS settings
This operation updates the TLS settings for the secret store.
PUT /api/
Sample: /api/
Content-Type: application/json
Object type: TlsSettings
Download schema: tls-settings.update.schema.json
Request body:
{
"caCertificates": "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgIJANE7xHqsKGMkMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV\nBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMREwDwYDVQQHDAhXZXN0Zm9y\nZDEXMBUGA1UEAwwOd3d3Lm1hZGJvYS5jb20wHhcNMTUwMzA5MTUyOTUyWhcNMjUw\nMzA2MTUyOTUyWjBRMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0\nczERMA8GA1UEBwwIV2VzdGZvcmQxFzAVBgNVBAMMDnd3dy5tYWRib2EuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8pN2qqE90CtZs3hEBg3BJ88\ntX98BZNEpv8OD4wYbaOFx9i1FXvfk3/ii5zwwuO+LlJjzGGXHFV3WruFuWTdKnbG\n4OPO5FAaxhMzujUhcvmpoLdzIwOq+OHxnH/mFApti5a/Sa8DrwIDmFJlKuQC88GD\nZu88LCWq55OX4FyvihWG/R1hJ4BveV8Ip3YDDr3uJGrLF4iZKBfdILRaPJX48Muj\nXr8q4Ps4qd6oWbOqQLCcVsB4D9uFdoRua4JIRZXIJHyi/S/K5aCzP6/+0wgVWwBy\niqNkiycIRPLZcCPrsDa0XdDrWJGNb8wbXpvoRMv/TYZUPjRvsi8TwI1s/PCLBwID\nAQABo1AwTjAdBgNVHQ4EFgQUFxj1KAd5MPSwJPLrpzEnP2fCj3IwHwYDVR0jBBgw\nFoAUFxj1KAd5MPSwJPLrpzEnP2fCj3IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\nAQsFAAOCAQEAJOM8D7HhJK1yZvMhK7SHm/W4jfU+SuXLLUM5pZgEXBJNRoryfQGw\n02LtvhF4Y80uA22ikdVpjrryjDXK4kew0Q3bb8B/dzC22kSR2+/GQ1ket+zj6ubc\nYJt6zNAuckEjSqXciVtRXU+wuHQ99ClbrzDOzirgZTKUHy55JX5lJPU2dUqV+6vy\nMgmdZlK/SfTgqLHdCRpBfGnOFQj9ctbr4urLqo1rx4oIevpTeUfF991bRnWAGWZu\nUu8BEbeCFenVrOoG17wiVamRXLbhLqW99tUrYyCj66ap/btvILZj4LSwsnGpKOGE\nHU4i54Bgh39o77YI3TctfBl+lky3scyHLA==\n-----END CERTIFICATE-----",
"clientTlsCertificate": "-----BEGIN CERTIFICATE-----\nMIIGTjCCBDagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVT\nMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRcwFQYDVQQDDA5sY2RuLmRvY2tlci5jYTEgMB4GCSqGSIb3DQEJ\nARYRbm9ib2R5QGFrYW1haS5jb20wHhcNMTcwNjE1MTQyMjAzWhcNNDQxMDMwMTQy\nMjAzWjCBmTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRQwEgYDVQQDDAtKVW5pdCBUZXN0czEfMB0GCSqGSIb3DQEJARYQ\nanVuaXRAYWthbWFpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALXVfrXTzUhFY9RVNPP7ghE/qngf5xhzvlHQav9x6vUkHSbcvBr8tpuV3fjdMua7\ntNgH8AL/B3h8boD4kZZWDGlz7HmA2AH1Lvq3FBY6jY3VusbfK+X3VOZ7cmecYv9l\n9Rpk20vZrWXI8WnPlYrhmC639GhQ4ZPJy69XQD28dvXGw7usCbs3BZdqi4A2CiNG\nmFiTZyFBh1V4WSkWsaah2MA3XDlx/cxl1wC8bIMm8pQE1cWGzF2R6MOJqy4CMWxi\nVkBomGEOq/7rkuiXBlDQZ/E5M3vEM44BjH0sUrF9xydWvtW856blrosoevD3sOt1\novDgZzXFCABnACzVe/iMYS8CAwEAAaOCAYQwggGAMAkGA1UdEwQCMAAwEQYJYIZI\nAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBT\nZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIub/DhaKcLxfbxpTcw8YdiT5O9H\nMIHmBgNVHSMEgd4wgduAFATfWUDHxy1CWxSHYJLxJqDiHhI2oYG3pIG0MIGxMQsw\nCQYDVQQGEwJVUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAG\nA1UECgwZQWthbWFpIFRlY2hub2xvZ2llcywgSW5jLjEiMCAGA1UECwwZQ2Fycmll\nciBQcm9kdWN0cyBEaXZpc2lvbjEXMBUGA1UEAwwObGNkbi5kb2NrZXIuY2ExIDAe\nBgkqhkiG9w0BCQEWEW5vYm9keUBha2FtYWkuY29tggkAz0/BS2yHqvAwDgYDVR0P\nAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IC\nAQDAqO8TYIYmPmtlkctmdYpAjyHrezyOvQqISI1puzUZiv45r1RLJdnx61hCeZXr\naIYgtsPco7yzZP1kmpb1VifJuVzX84MqoJlmIJsSlR7n3cu64qUe0eSs3ZnkFw1d\nWWz0UzWeMYU9f4hf9QPiFV15VjwpWOpwOeuBOoX1eIEQbd8dpIh05TgU6UV6cyTR\nLPImlFhqEKb5uQPUMf4jjnbgiMI+DRWiCElYJ1l3wS1xbVaqaQQaCmsPfvKQ9oIe\nO/HeEpdFtT6pgMaPB7cnxHnMArVGaWLeApnuIvSvbziLU2pA2IUIvktINoSbXMiN\nP/5IDt3CBLs7bMpeUTclo7W58H5m1UEGmfTjl4HmSEIuyXBREx49S8dvgrijvLsS\nGBAeV2JYovAgn0Jz2vD7zWD8QoacOsiu7UUnnBWhY+Lb2xB4w2tfCAfkzhfOt4Cr\nu6iSHiyQH0MwZXFSkfGtEMG40MW/UTWbBbYqCML3YDR3Ncbj8toiyWKTkkDBL6LJ\nlNfRWm955Q85bcrBseAY94wyCsnv9JhLvIq/RrLZqjv/8GOol/P0kzL1TIFBbP6G\nI576UQ9nrWO+oFcC9CYq9OnMKDYuwQ6a1/d1i8dhj3HwPakrS8hLGe5PgNM983f8\n3VfxMEPxHp0J3lYQDslGHURspHGRVRRvaUZeLvk8lmnf1g==\n-----END CERTIFICATE-----\n",
"clientTlsCertificateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAtdV+tdPNSEVj1FU08/uCET+qeB/nGHO+UdBq/3Hq9SQdJty8\nGvy2m5Xd+N0y5ru02AfwAv8HeHxugPiRllYMaXPseYDYAfUu+rcUFjqNjdW6xt8r\n5fdU5ntyZ5xi/2X1GmTbS9mtZcjxac+ViuGYLrf0aFDhk8nLr1dAPbx29cbDu6wJ\nuzcFl2qLgDYKI0aYWJNnIUGHVXhZKRaxpqHYwDdcOXH9zGXXALxsgybylATVxYbM\nXZHow4mrLgIxbGJWQGiYYQ6r/uuS6JcGUNBn8Tkze8QzjgGMfSxSsX3HJ1a+1bzn\npuWuiyh68Pew63Wi8OBnNcUIAGcALNV7+IxhLwIDAQABAoIBAF/tJ5GpES1FXisQ\nYIUudCnBWp9QxUvDE+55c1kbsgZtbOupm5rpIzTlVVsK5uWOtRMa7OXHwRsxGeL0\nP2n+L0Iao/Bdppcxz/z4RKKNdUwUKxrrdW82khWdnndGq3ttQGcSOhbD2ZRO8/0M\nRComZXCQH2JA+SBMXyY7c2qeWGvD8oeCFVW+NLTBe3SZBvEzYz4ZvFOG/jTX9P79\noCvgPIoCneu9W3c1ZbizOzQsV7OW6qBmuqwoJHRZ+8mYXCrPEx7SUyzp4/TYcF+d\nn+MDfNxVvLxkh4dpKsa/icsw1JJTxDq9TBw44lHtnfNpi1OWBh027p6KnjWPU0Aa\n+y/SdLECgYEA37XRzMG31+Na0LqSzQm/szA62bG/EYzD7fuybmu6r0Hr2hy4yPlB\nAwbycqAevCKF3r7/z2eJJegC0/l+7YQI5Zt098lCbFBd7WBHS2zf/nH7+KL6rdfG\nHlcKMR6g3h7n3A7Z5UnqO1Xw0gvi/UchLrYh6T9N8WazJAp1F9ForZUCgYEA0BRU\nuv+4SvVd7vFhGxyemcygrt1Sb+QshPPTPv+a/00bN5s9ksweOzFFQp4KieBwZDdI\nXlZYQBeO9HDbitkWTCBm7cRwQ8dH9kyhxknX3Cm6iL1//0NXF30HdNpiiDCEosjF\nXtkLCim2IL/xsC7fBbeHvr2Lth6hRNJv08aaerMCgYEAuMogpikyajNUVex3zMSL\nxEFHq4EGmkGTqqZpaoq0Z4ZlgwKMpP43dH+tj3+yQ6ekuy08c59Li7NNermx3hJd\nowQ5p2Bo7L2qCKWp3qTtlemjwGsn9Key8GbndVGegjw3O/BMjvjycdb4mRjWhG7X\n+xTZiCkRgiFaQqAcvvLsq80CgYEAmSiN4YL+tPX8aTd0wY8EUrKjB3NTDZcHCemq\n8TEVdpvbz8dNwDLMgcdXcpx/p1Lzh2CFvSKTHMH6cIRtpLr7xZcIDDVOaSVTG8D2\nRsztvVlduu65Ozvm7BwUk/d3FUWZK3TaimD51kYzj9GY5ZTqhfu8SDKelrPfAphe\nxaPm6y8CgYEApoObwhaX4d2NChFSAvaVNmyt5huXdIQ6JBzW/zFlgxA6f24H4Wxg\nw65RHeXr3m84HuHt+hl5pZS0dxDKQrCjxwY88xJP8MY1+eaMzZvDTCjInWUzHBD0\nvXEjh6gigJXD30VXF5GxO0gmkm5OcgmhOKGOq0gTRrSVmRrwNHCnE+E=\n-----END RSA PRIVATE KEY-----"
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretStoreId |
Integer | 1 |
Uniquely identifies a secret store. |
Status 200
application/json
Object type: TlsSettings
Download schema: tls-settings.read.schema.json
Response body:
{
"caCertificatesDetails": [
{
"fingerprints": {
"sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
"sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
},
"validity": {
"notBefore": "2017-06-15T14:22:03.000+0000",
"notAfter": "2044-10-30T14:22:03.000+0000"
},
"issuedTo": {
"commonName": "JUnit Tests",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division",
"serial": "10:00"
},
"issuedBy": {
"commonName": "lcdn.docker.ca",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division"
}
}
],
"clientTlsCertificateDetails": [
{
"fingerprints": {
"sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
"sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
},
"validity": {
"notBefore": "2015-03-09T15:29:52.000+0000",
"notAfter": "2025-03-06T15:29:52.000+0000"
},
"issuedTo": {
"commonName": "www.akamai.com",
"serial": "D1:3B:C4:7A:AC:28:63:24"
},
"issuedBy": {
"commonName": "www.akamai.com"
}
}
]
}
Make a GET request to
/api/to retrieve a list of all configured TLS settings for the secret store. Store thesecret-management/ v1/ secret-stores/ tls-settings secretIdvalue from the relevant TLS settings in the response.Make a GET request to
/api/.secret-management/ v1/ secret-stores/ {secretStoreId}/ tls-settings Update the appropriate object members in the TlsSettings object.
PUT the object back to the same URL.
The operation responds with the updated TlsSettings object.
Get TLS settings
This operation retrieves the TLS settings for the secret store.
GET /api/
Sample: /api/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL path parameters | |||
secretStoreId |
Integer | 1 |
Uniquely identifies a secret store. |
Status 200
application/json
Object type: TlsSettings
Download schema: tls-settings.read.schema.json
Response body:
{
"caCertificatesDetails": [
{
"fingerprints": {
"sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
"sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
},
"validity": {
"notBefore": "2017-06-15T14:22:03.000+0000",
"notAfter": "2044-10-30T14:22:03.000+0000"
},
"issuedTo": {
"commonName": "JUnit Tests",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division",
"serial": "10:00"
},
"issuedBy": {
"commonName": "lcdn.docker.ca",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division"
}
}
],
"clientTlsCertificateDetails": [
{
"fingerprints": {
"sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
"sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
},
"validity": {
"notBefore": "2015-03-09T15:29:52.000+0000",
"notAfter": "2025-03-06T15:29:52.000+0000"
},
"issuedTo": {
"commonName": "www.akamai.com",
"serial": "D1:3B:C4:7A:AC:28:63:24"
},
"issuedBy": {
"commonName": "www.akamai.com"
}
}
]
}
To get a list of configured secrets, make a GET request
/api/. Store the relevantsecret-management/ v1/ secret-stores/ tls-settings secretStoreIdvalue from the response.Make a GET request to
/api/.secret-management/ v1/ secret-stores/ {secretStoreId}/ tls-settings The operation responds with a TlsSettings object.
Data
This section describes the Aura Secret Management API’s data objects.
Download the JSON schemas for this API.
The data schema tables below list membership requirements as follows:
| ✓ | Member is required in requests, or always present in responses, even if its value is empty or null. |
| ○ | Member is optional, and may be omitted in some cases. |
| ✗ | Member is out of scope, and irrelevant to the specified interaction context. If you include the member in that context, it either triggers an error, or is ignored. |
Secret
Secret management secret create schema
Download schema:
secret.create.schema.json, secret.full.schema.json
Sample GET response:
{
"secretId": 1,
"name": "test-secret",
"secretStoreId": 2,
"type": "CERTIFICATE_KEY_BUNDLE",
"secretUri": "/v1/data/secrets/123"
}
Secret members
| Member | Type | POST | PUT | Description |
|---|---|---|---|---|
Secret: Secret management secret create schema |
||||
name |
String | ✓ | ✓ | The unique name for this secret. |
secretId |
Integer | ✗ | ✓ | Read-only. The unique ID for this secret. |
secretStoreId |
Integer | ✓ | ✓ | The id of the secret store that holds this secret. |
secretUri |
String | ✓ | ✓ | The URI endpoint where the secret is hosted on the secret store. |
type |
Enumeration | ✓ | ✓ | The type of secret. Choose one of the following secret types: CA_CERTIFICATE_BUNDLE, which is a single file that includes a bundle of root and intermediate certificates verified (signed) by a trusted Certificate Authority (CA). CERTIFICATE_KEY_BUNDLE, which is a file that includes the certificate and key pair. |
SecretStore
Secret management secret store create schema
Download schema:
secret-store.create.schema.json, secret-store.read-detailed.schema.json, secret-store.update.schema.json
Sample POST request:
{
"type": "VAULT",
"hostname": "test.server.com",
"username": "test_user",
"password": "example_password",
"token": "95eba8ed-f6fc-958a-f490-c7fd0eda5e9e",
"caCertificates": "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgIJANE7xHqsKGMkMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV\nBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMREwDwYDVQQHDAhXZXN0Zm9y\nZDEXMBUGA1UEAwwOd3d3Lm1hZGJvYS5jb20wHhcNMTUwMzA5MTUyOTUyWhcNMjUw\nMzA2MTUyOTUyWjBRMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0\nczERMA8GA1UEBwwIV2VzdGZvcmQxFzAVBgNVBAMMDnd3dy5tYWRib2EuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8pN2qqE90CtZs3hEBg3BJ88\ntX98BZNEpv8OD4wYbaOFx9i1FXvfk3/ii5zwwuO+LlJjzGGXHFV3WruFuWTdKnbG\n4OPO5FAaxhMzujUhcvmpoLdzIwOq+OHxnH/mFApti5a/Sa8DrwIDmFJlKuQC88GD\nZu88LCWq55OX4FyvihWG/R1hJ4BveV8Ip3YDDr3uJGrLF4iZKBfdILRaPJX48Muj\nXr8q4Ps4qd6oWbOqQLCcVsB4D9uFdoRua4JIRZXIJHyi/S/K5aCzP6/+0wgVWwBy\niqNkiycIRPLZcCPrsDa0XdDrWJGNb8wbXpvoRMv/TYZUPjRvsi8TwI1s/PCLBwID\nAQABo1AwTjAdBgNVHQ4EFgQUFxj1KAd5MPSwJPLrpzEnP2fCj3IwHwYDVR0jBBgw\nFoAUFxj1KAd5MPSwJPLrpzEnP2fCj3IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\nAQsFAAOCAQEAJOM8D7HhJK1yZvMhK7SHm/W4jfU+SuXLLUM5pZgEXBJNRoryfQGw\n02LtvhF4Y80uA22ikdVpjrryjDXK4kew0Q3bb8B/dzC22kSR2+/GQ1ket+zj6ubc\nYJt6zNAuckEjSqXciVtRXU+wuHQ99ClbrzDOzirgZTKUHy55JX5lJPU2dUqV+6vy\nMgmdZlK/SfTgqLHdCRpBfGnOFQj9ctbr4urLqo1rx4oIevpTeUfF991bRnWAGWZu\nUu8BEbeCFenVrOoG17wiVamRXLbhLqW99tUrYyCj66ap/btvILZj4LSwsnGpKOGE\nHU4i54Bgh39o77YI3TctfBl+lky3scyHLA==\n-----END CERTIFICATE-----",
"clientTlsCertificate": "-----BEGIN CERTIFICATE-----\nMIIGTjCCBDagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVT\nMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRcwFQYDVQQDDA5sY2RuLmRvY2tlci5jYTEgMB4GCSqGSIb3DQEJ\nARYRbm9ib2R5QGFrYW1haS5jb20wHhcNMTcwNjE1MTQyMjAzWhcNNDQxMDMwMTQy\nMjAzWjCBmTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRQwEgYDVQQDDAtKVW5pdCBUZXN0czEfMB0GCSqGSIb3DQEJARYQ\nanVuaXRAYWthbWFpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALXVfrXTzUhFY9RVNPP7ghE/qngf5xhzvlHQav9x6vUkHSbcvBr8tpuV3fjdMua7\ntNgH8AL/B3h8boD4kZZWDGlz7HmA2AH1Lvq3FBY6jY3VusbfK+X3VOZ7cmecYv9l\n9Rpk20vZrWXI8WnPlYrhmC639GhQ4ZPJy69XQD28dvXGw7usCbs3BZdqi4A2CiNG\nmFiTZyFBh1V4WSkWsaah2MA3XDlx/cxl1wC8bIMm8pQE1cWGzF2R6MOJqy4CMWxi\nVkBomGEOq/7rkuiXBlDQZ/E5M3vEM44BjH0sUrF9xydWvtW856blrosoevD3sOt1\novDgZzXFCABnACzVe/iMYS8CAwEAAaOCAYQwggGAMAkGA1UdEwQCMAAwEQYJYIZI\nAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBT\nZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIub/DhaKcLxfbxpTcw8YdiT5O9H\nMIHmBgNVHSMEgd4wgduAFATfWUDHxy1CWxSHYJLxJqDiHhI2oYG3pIG0MIGxMQsw\nCQYDVQQGEwJVUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAG\nA1UECgwZQWthbWFpIFRlY2hub2xvZ2llcywgSW5jLjEiMCAGA1UECwwZQ2Fycmll\nciBQcm9kdWN0cyBEaXZpc2lvbjEXMBUGA1UEAwwObGNkbi5kb2NrZXIuY2ExIDAe\nBgkqhkiG9w0BCQEWEW5vYm9keUBha2FtYWkuY29tggkAz0/BS2yHqvAwDgYDVR0P\nAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IC\nAQDAqO8TYIYmPmtlkctmdYpAjyHrezyOvQqISI1puzUZiv45r1RLJdnx61hCeZXr\naIYgtsPco7yzZP1kmpb1VifJuVzX84MqoJlmIJsSlR7n3cu64qUe0eSs3ZnkFw1d\nWWz0UzWeMYU9f4hf9QPiFV15VjwpWOpwOeuBOoX1eIEQbd8dpIh05TgU6UV6cyTR\nLPImlFhqEKb5uQPUMf4jjnbgiMI+DRWiCElYJ1l3wS1xbVaqaQQaCmsPfvKQ9oIe\nO/HeEpdFtT6pgMaPB7cnxHnMArVGaWLeApnuIvSvbziLU2pA2IUIvktINoSbXMiN\nP/5IDt3CBLs7bMpeUTclo7W58H5m1UEGmfTjl4HmSEIuyXBREx49S8dvgrijvLsS\nGBAeV2JYovAgn0Jz2vD7zWD8QoacOsiu7UUnnBWhY+Lb2xB4w2tfCAfkzhfOt4Cr\nu6iSHiyQH0MwZXFSkfGtEMG40MW/UTWbBbYqCML3YDR3Ncbj8toiyWKTkkDBL6LJ\nlNfRWm955Q85bcrBseAY94wyCsnv9JhLvIq/RrLZqjv/8GOol/P0kzL1TIFBbP6G\nI576UQ9nrWO+oFcC9CYq9OnMKDYuwQ6a1/d1i8dhj3HwPakrS8hLGe5PgNM983f8\n3VfxMEPxHp0J3lYQDslGHURspHGRVRRvaUZeLvk8lmnf1g==\n-----END CERTIFICATE-----\n",
"clientTlsCertificateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAtdV+tdPNSEVj1FU08/uCET+qeB/nGHO+UdBq/3Hq9SQdJty8\nGvy2m5Xd+N0y5ru02AfwAv8HeHxugPiRllYMaXPseYDYAfUu+rcUFjqNjdW6xt8r\n5fdU5ntyZ5xi/2X1GmTbS9mtZcjxac+ViuGYLrf0aFDhk8nLr1dAPbx29cbDu6wJ\nuzcFl2qLgDYKI0aYWJNnIUGHVXhZKRaxpqHYwDdcOXH9zGXXALxsgybylATVxYbM\nXZHow4mrLgIxbGJWQGiYYQ6r/uuS6JcGUNBn8Tkze8QzjgGMfSxSsX3HJ1a+1bzn\npuWuiyh68Pew63Wi8OBnNcUIAGcALNV7+IxhLwIDAQABAoIBAF/tJ5GpES1FXisQ\nYIUudCnBWp9QxUvDE+55c1kbsgZtbOupm5rpIzTlVVsK5uWOtRMa7OXHwRsxGeL0\nP2n+L0Iao/Bdppcxz/z4RKKNdUwUKxrrdW82khWdnndGq3ttQGcSOhbD2ZRO8/0M\nRComZXCQH2JA+SBMXyY7c2qeWGvD8oeCFVW+NLTBe3SZBvEzYz4ZvFOG/jTX9P79\noCvgPIoCneu9W3c1ZbizOzQsV7OW6qBmuqwoJHRZ+8mYXCrPEx7SUyzp4/TYcF+d\nn+MDfNxVvLxkh4dpKsa/icsw1JJTxDq9TBw44lHtnfNpi1OWBh027p6KnjWPU0Aa\n+y/SdLECgYEA37XRzMG31+Na0LqSzQm/szA62bG/EYzD7fuybmu6r0Hr2hy4yPlB\nAwbycqAevCKF3r7/z2eJJegC0/l+7YQI5Zt098lCbFBd7WBHS2zf/nH7+KL6rdfG\nHlcKMR6g3h7n3A7Z5UnqO1Xw0gvi/UchLrYh6T9N8WazJAp1F9ForZUCgYEA0BRU\nuv+4SvVd7vFhGxyemcygrt1Sb+QshPPTPv+a/00bN5s9ksweOzFFQp4KieBwZDdI\nXlZYQBeO9HDbitkWTCBm7cRwQ8dH9kyhxknX3Cm6iL1//0NXF30HdNpiiDCEosjF\nXtkLCim2IL/xsC7fBbeHvr2Lth6hRNJv08aaerMCgYEAuMogpikyajNUVex3zMSL\nxEFHq4EGmkGTqqZpaoq0Z4ZlgwKMpP43dH+tj3+yQ6ekuy08c59Li7NNermx3hJd\nowQ5p2Bo7L2qCKWp3qTtlemjwGsn9Key8GbndVGegjw3O/BMjvjycdb4mRjWhG7X\n+xTZiCkRgiFaQqAcvvLsq80CgYEAmSiN4YL+tPX8aTd0wY8EUrKjB3NTDZcHCemq\n8TEVdpvbz8dNwDLMgcdXcpx/p1Lzh2CFvSKTHMH6cIRtpLr7xZcIDDVOaSVTG8D2\nRsztvVlduu65Ozvm7BwUk/d3FUWZK3TaimD51kYzj9GY5ZTqhfu8SDKelrPfAphe\nxaPm6y8CgYEApoObwhaX4d2NChFSAvaVNmyt5huXdIQ6JBzW/zFlgxA6f24H4Wxg\nw65RHeXr3m84HuHt+hl5pZS0dxDKQrCjxwY88xJP8MY1+eaMzZvDTCjInWUzHBD0\nvXEjh6gigJXD30VXF5GxO0gmkm5OcgmhOKGOq0gTRrSVmRrwNHCnE+E=\n-----END RSA PRIVATE KEY-----",
"managementLoginUri": "/v1/auth/userpass/login",
"managementTokenRenewalUri": "/v1/auth/token/renew",
"serviceLoginUri": "/v1/auth/token/create",
"serviceTokenRenewalUri": "/v1/auth/token/renew"
}
Sample GET response:
{
"secretStoreId": 1,
"type": "VAULT",
"hostname": "test.server.com",
"username": "test_user",
"tokenLastUpdated": "2019-04-02T22:40:56.245+0000",
"caCertificatesDetails": [
{
"fingerprints": {
"sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
"sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
},
"validity": {
"notBefore": "2017-06-15T14:22:03.000+0000",
"notAfter": "2044-10-30T14:22:03.000+0000"
},
"issuedTo": {
"commonName": "JUnit Tests",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division",
"serial": "10:00"
},
"issuedBy": {
"commonName": "lcdn.docker.ca",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division"
}
}
],
"clientTlsCertificateDetails": [
{
"fingerprints": {
"sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
"sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
},
"validity": {
"notBefore": "2015-03-09T15:29:52.000+0000",
"notAfter": "2025-03-06T15:29:52.000+0000"
},
"issuedTo": {
"commonName": "www.akamai.com",
"serial": "D1:3B:C4:7A:AC:28:63:24"
},
"issuedBy": {
"commonName": "www.akamai.com"
}
}
],
"managementLoginUri": "/v1/auth/userpass/login",
"managementTokenRenewalUri": "/v1/auth/token/renew",
"serviceLoginUri": "/v1/auth/token/create",
"serviceTokenRenewalUri": "/v1/auth/token/renew"
}
Sample PUT request:
{
"type": "VAULT",
"hostname": "test.server.com",
"managementLoginUri": "/v1/auth/userpass/login",
"managementTokenRenewalUri": "/v1/auth/token/renew",
"serviceLoginUri": "/v1/auth/token/create",
"serviceTokenRenewalUri": "/v1/auth/token/renew"
}
SecretStore members
| Member | Type | POST | GET | PUT | Description | |||
|---|---|---|---|---|---|---|---|---|
SecretStore: Secret management secret store create schema |
||||||||
caCertificates |
String | ○ | ✗ | ✗ | The CA certificate used to authenticate the secret store certificate. | |||
ca |
Secret |
✗ | ○ | ✗ | Summary information of a digital X.509 Certificate. | |||
client |
String | ○ | ✗ | ✗ | The TLS certificate used to authenticate with the secret store. | |||
client |
Secret |
✗ | ○ | ✗ | Summary information of a digital X.509 Certificate. | |||
client |
String | ○ | ✗ | ✗ | The TLS certificate key used to authenticate with the secret store. | |||
hostname |
String | ✓ | ✓ | ✓ | The hostname of the secret store server. | |||
management |
String | ○ | ○ | ○ | The URI that the management node uses to access the secret store. | |||
management |
String | ○ | ○ | ○ | The URI that the management node uses to renew its token. | |||
password |
String | ○ | ✗ | ✗ | The password used to log in to the secret store. | |||
secretStoreId |
Integer | ✗ | ✓ | ○ | The unique id for this secret store. | |||
serviceLoginUri |
String | ○ | ○ | ○ | The URI that the service nodes use to access the secret store. | |||
service |
String | ○ | ○ | ○ | The URI that the service nodes use to renew their token. | |||
token |
String | ○ | ✗ | ✗ | The token used to log in to the secret store. | |||
tokenLastUpdated |
String | ✗ | ○ | ✗ | The date and time that the secret store token was last updated or null if the token is not set. | |||
type |
Enumeration | ✓ | ✓ | ✓ | The type of the secret store. The only type currently available is VAULT. |
|||
username |
String | ○ | ○ | ✗ | The username used to log in to the secret store. | |||
SecretStore.caCertificatesDetails[]: Summary information of a digital X.509 Certificate. |
||||||||
fingerprints |
Secret |
✗ | ○ | ✗ | An abbreviated form of the Public Key of the certificate | |||
issuedBy |
Secret |
✗ | ○ | ✗ | A distinguished name (DN) that identifies the certificate authorizer. | |||
issuedTo |
Secret |
✗ | ○ | ✗ | A distinguished name (DN) that identifies the certificate owner. | |||
validity |
Secret |
✗ | ○ | ✗ | The validity time period of the certificate. | |||
SecretStore.caCertificatesDetails[].fingerprints: An abbreviated form of the Public Key of the certificate |
||||||||
sha1Fingerprint |
String | ✗ | ○ | ✗ | The fingerprint of the certificate using the SHA1 algorithm. | |||
sha256Fingerprint |
String | ✗ | ○ | ✗ | The fingerprint of the certificate using the SHA256 algorithm. | |||
SecretStore.caCertificatesDetails[].issuedBy: A distinguished name (DN) that identifies the certificate authorizer. |
||||||||
commonName |
String | ✗ | ✓ | ✗ | The entity (user/web server/domain/hostname) associated with the certificate authorizer. | |||
organization |
String | ✗ | ○ | ✗ | The organization of the certificate authorizer. | |||
organizational |
String | ✗ | ○ | ✗ | The organizational unit of the certificate issuer. | |||
SecretStore.caCertificatesDetails[].issuedTo: A distinguished name (DN) that identifies the certificate owner. |
||||||||
commonName |
String | ✗ | ✓ | ✗ | A common name (CN) that identifies the host and domain name associated with the certificate. | |||
organization |
String | ✗ | ○ | ✗ | The organization of the certificate owner. | |||
organizational |
String | ✗ | ○ | ✗ | The organizational unit of the certificate owner. | |||
serial |
String | ✗ | ○ | ✗ | A serial number that uniquely identifies the certificate. | |||
SecretStore.caCertificatesDetails[].validity: The validity time period of the certificate. |
||||||||
notAfter |
String | ✗ | ○ | ✗ | The time and date on which the certificate is no longer valid. | |||
notBefore |
String | ✗ | ○ | ✗ | The time and date on which the certificate is valid. | |||
SecretStore.clientTlsCertificateDetails[]: Summary information of a digital X.509 Certificate. |
||||||||
fingerprints |
Secret |
✗ | ○ | ✗ | An abbreviated form of the Public Key of the certificate | |||
issuedBy |
Secret |
✗ | ○ | ✗ | A distinguished name (DN) that identifies the certificate authorizer. | |||
issuedTo |
Secret |
✗ | ○ | ✗ | A distinguished name (DN) that identifies the certificate owner. | |||
validity |
Secret |
✗ | ○ | ✗ | The validity time period of the certificate. | |||
SecretStore.clientTlsCertificateDetails[].fingerprints: An abbreviated form of the Public Key of the certificate |
||||||||
sha1Fingerprint |
String | ✗ | ○ | ✗ | The fingerprint of the certificate using the SHA1 algorithm. | |||
sha256Fingerprint |
String | ✗ | ○ | ✗ | The fingerprint of the certificate using the SHA256 algorithm. | |||
SecretStore.clientTlsCertificateDetails[].issuedBy: A distinguished name (DN) that identifies the certificate authorizer. |
||||||||
commonName |
String | ✗ | ✓ | ✗ | The entity (user/web server/domain/hostname) associated with the certificate authorizer. | |||
organization |
String | ✗ | ○ | ✗ | The organization of the certificate authorizer. | |||
organizational |
String | ✗ | ○ | ✗ | The organizational unit of the certificate issuer. | |||
SecretStore.clientTlsCertificateDetails[].issuedTo: A distinguished name (DN) that identifies the certificate owner. |
||||||||
commonName |
String | ✗ | ✓ | ✗ | A common name (CN) that identifies the host and domain name associated with the certificate. | |||
organization |
String | ✗ | ○ | ✗ | The organization of the certificate owner. | |||
organizational |
String | ✗ | ○ | ✗ | The organizational unit of the certificate owner. | |||
serial |
String | ✗ | ○ | ✗ | A serial number that uniquely identifies the certificate. | |||
SecretStore.clientTlsCertificateDetails[].validity: The validity time period of the certificate. |
||||||||
notAfter |
String | ✗ | ○ | ✗ | The time and date on which the certificate is no longer valid. | |||
notBefore |
String | ✗ | ○ | ✗ | The time and date on which the certificate is valid. | |||
UserCredentials
Secret management secret store user credentials read schema
Download schema:
user-credentials.read.schema.json, user-credentials.update.schema.json
Sample GET response:
{
"username": "test_user"
}
Sample PUT request:
{
"username": "test_user",
"password": "example_password"
}
UserCredentials members
| Member | Type | GET | PUT | Description |
|---|---|---|---|---|
UserCredentials: Secret management secret store user credentials read schema |
||||
password |
String | ✗ | ○ | The password used to log in to the secret store. |
username |
String | ○ | ○ | The username used to log in to the secret store. |
Token
Secret management secret store token read schema
Download schema:
token.read.schema.json, token.update.schema.json
Sample GET response:
{
"tokenLastUpdated": "2019-04-02T22:40:56.245+0000"
}
Sample PUT request:
{
"token": "95eba8ed-f6fc-958a-f490-c7fd0eda5e9e"
}
Token members
| Member | Type | GET | PUT | Description |
|---|---|---|---|---|
Token: Secret management secret store token read schema |
||||
token |
String | ✗ | ○ | The token used to log in to the secret store. |
tokenLastUpdated |
String | ○ | ✗ | The date and time that the secret store token was last updated or null if the token is not set. |
TlsSettings
Secret management secret store TLS settings read schema
Download schema:
tls-settings.read.schema.json, tls-settings.update.schema.json
Sample GET response:
{
"caCertificatesDetails": [
{
"fingerprints": {
"sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
"sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
},
"validity": {
"notBefore": "2017-06-15T14:22:03.000+0000",
"notAfter": "2044-10-30T14:22:03.000+0000"
},
"issuedTo": {
"commonName": "JUnit Tests",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division",
"serial": "10:00"
},
"issuedBy": {
"commonName": "lcdn.docker.ca",
"organization": "Akamai Technologies\\, Inc.",
"organizationalUnit": "Carrier Products Division"
}
}
],
"clientTlsCertificateDetails": [
{
"fingerprints": {
"sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
"sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
},
"validity": {
"notBefore": "2015-03-09T15:29:52.000+0000",
"notAfter": "2025-03-06T15:29:52.000+0000"
},
"issuedTo": {
"commonName": "www.akamai.com",
"serial": "D1:3B:C4:7A:AC:28:63:24"
},
"issuedBy": {
"commonName": "www.akamai.com"
}
}
]
}
Sample PUT request:
{
"caCertificates": "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgIJANE7xHqsKGMkMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV\nBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMREwDwYDVQQHDAhXZXN0Zm9y\nZDEXMBUGA1UEAwwOd3d3Lm1hZGJvYS5jb20wHhcNMTUwMzA5MTUyOTUyWhcNMjUw\nMzA2MTUyOTUyWjBRMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0\nczERMA8GA1UEBwwIV2VzdGZvcmQxFzAVBgNVBAMMDnd3dy5tYWRib2EuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8pN2qqE90CtZs3hEBg3BJ88\ntX98BZNEpv8OD4wYbaOFx9i1FXvfk3/ii5zwwuO+LlJjzGGXHFV3WruFuWTdKnbG\n4OPO5FAaxhMzujUhcvmpoLdzIwOq+OHxnH/mFApti5a/Sa8DrwIDmFJlKuQC88GD\nZu88LCWq55OX4FyvihWG/R1hJ4BveV8Ip3YDDr3uJGrLF4iZKBfdILRaPJX48Muj\nXr8q4Ps4qd6oWbOqQLCcVsB4D9uFdoRua4JIRZXIJHyi/S/K5aCzP6/+0wgVWwBy\niqNkiycIRPLZcCPrsDa0XdDrWJGNb8wbXpvoRMv/TYZUPjRvsi8TwI1s/PCLBwID\nAQABo1AwTjAdBgNVHQ4EFgQUFxj1KAd5MPSwJPLrpzEnP2fCj3IwHwYDVR0jBBgw\nFoAUFxj1KAd5MPSwJPLrpzEnP2fCj3IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\nAQsFAAOCAQEAJOM8D7HhJK1yZvMhK7SHm/W4jfU+SuXLLUM5pZgEXBJNRoryfQGw\n02LtvhF4Y80uA22ikdVpjrryjDXK4kew0Q3bb8B/dzC22kSR2+/GQ1ket+zj6ubc\nYJt6zNAuckEjSqXciVtRXU+wuHQ99ClbrzDOzirgZTKUHy55JX5lJPU2dUqV+6vy\nMgmdZlK/SfTgqLHdCRpBfGnOFQj9ctbr4urLqo1rx4oIevpTeUfF991bRnWAGWZu\nUu8BEbeCFenVrOoG17wiVamRXLbhLqW99tUrYyCj66ap/btvILZj4LSwsnGpKOGE\nHU4i54Bgh39o77YI3TctfBl+lky3scyHLA==\n-----END CERTIFICATE-----",
"clientTlsCertificate": "-----BEGIN CERTIFICATE-----\nMIIGTjCCBDagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVT\nMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRcwFQYDVQQDDA5sY2RuLmRvY2tlci5jYTEgMB4GCSqGSIb3DQEJ\nARYRbm9ib2R5QGFrYW1haS5jb20wHhcNMTcwNjE1MTQyMjAzWhcNNDQxMDMwMTQy\nMjAzWjCBmTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRQwEgYDVQQDDAtKVW5pdCBUZXN0czEfMB0GCSqGSIb3DQEJARYQ\nanVuaXRAYWthbWFpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALXVfrXTzUhFY9RVNPP7ghE/qngf5xhzvlHQav9x6vUkHSbcvBr8tpuV3fjdMua7\ntNgH8AL/B3h8boD4kZZWDGlz7HmA2AH1Lvq3FBY6jY3VusbfK+X3VOZ7cmecYv9l\n9Rpk20vZrWXI8WnPlYrhmC639GhQ4ZPJy69XQD28dvXGw7usCbs3BZdqi4A2CiNG\nmFiTZyFBh1V4WSkWsaah2MA3XDlx/cxl1wC8bIMm8pQE1cWGzF2R6MOJqy4CMWxi\nVkBomGEOq/7rkuiXBlDQZ/E5M3vEM44BjH0sUrF9xydWvtW856blrosoevD3sOt1\novDgZzXFCABnACzVe/iMYS8CAwEAAaOCAYQwggGAMAkGA1UdEwQCMAAwEQYJYIZI\nAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBT\nZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIub/DhaKcLxfbxpTcw8YdiT5O9H\nMIHmBgNVHSMEgd4wgduAFATfWUDHxy1CWxSHYJLxJqDiHhI2oYG3pIG0MIGxMQsw\nCQYDVQQGEwJVUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAG\nA1UECgwZQWthbWFpIFRlY2hub2xvZ2llcywgSW5jLjEiMCAGA1UECwwZQ2Fycmll\nciBQcm9kdWN0cyBEaXZpc2lvbjEXMBUGA1UEAwwObGNkbi5kb2NrZXIuY2ExIDAe\nBgkqhkiG9w0BCQEWEW5vYm9keUBha2FtYWkuY29tggkAz0/BS2yHqvAwDgYDVR0P\nAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IC\nAQDAqO8TYIYmPmtlkctmdYpAjyHrezyOvQqISI1puzUZiv45r1RLJdnx61hCeZXr\naIYgtsPco7yzZP1kmpb1VifJuVzX84MqoJlmIJsSlR7n3cu64qUe0eSs3ZnkFw1d\nWWz0UzWeMYU9f4hf9QPiFV15VjwpWOpwOeuBOoX1eIEQbd8dpIh05TgU6UV6cyTR\nLPImlFhqEKb5uQPUMf4jjnbgiMI+DRWiCElYJ1l3wS1xbVaqaQQaCmsPfvKQ9oIe\nO/HeEpdFtT6pgMaPB7cnxHnMArVGaWLeApnuIvSvbziLU2pA2IUIvktINoSbXMiN\nP/5IDt3CBLs7bMpeUTclo7W58H5m1UEGmfTjl4HmSEIuyXBREx49S8dvgrijvLsS\nGBAeV2JYovAgn0Jz2vD7zWD8QoacOsiu7UUnnBWhY+Lb2xB4w2tfCAfkzhfOt4Cr\nu6iSHiyQH0MwZXFSkfGtEMG40MW/UTWbBbYqCML3YDR3Ncbj8toiyWKTkkDBL6LJ\nlNfRWm955Q85bcrBseAY94wyCsnv9JhLvIq/RrLZqjv/8GOol/P0kzL1TIFBbP6G\nI576UQ9nrWO+oFcC9CYq9OnMKDYuwQ6a1/d1i8dhj3HwPakrS8hLGe5PgNM983f8\n3VfxMEPxHp0J3lYQDslGHURspHGRVRRvaUZeLvk8lmnf1g==\n-----END CERTIFICATE-----\n",
"clientTlsCertificateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAtdV+tdPNSEVj1FU08/uCET+qeB/nGHO+UdBq/3Hq9SQdJty8\nGvy2m5Xd+N0y5ru02AfwAv8HeHxugPiRllYMaXPseYDYAfUu+rcUFjqNjdW6xt8r\n5fdU5ntyZ5xi/2X1GmTbS9mtZcjxac+ViuGYLrf0aFDhk8nLr1dAPbx29cbDu6wJ\nuzcFl2qLgDYKI0aYWJNnIUGHVXhZKRaxpqHYwDdcOXH9zGXXALxsgybylATVxYbM\nXZHow4mrLgIxbGJWQGiYYQ6r/uuS6JcGUNBn8Tkze8QzjgGMfSxSsX3HJ1a+1bzn\npuWuiyh68Pew63Wi8OBnNcUIAGcALNV7+IxhLwIDAQABAoIBAF/tJ5GpES1FXisQ\nYIUudCnBWp9QxUvDE+55c1kbsgZtbOupm5rpIzTlVVsK5uWOtRMa7OXHwRsxGeL0\nP2n+L0Iao/Bdppcxz/z4RKKNdUwUKxrrdW82khWdnndGq3ttQGcSOhbD2ZRO8/0M\nRComZXCQH2JA+SBMXyY7c2qeWGvD8oeCFVW+NLTBe3SZBvEzYz4ZvFOG/jTX9P79\noCvgPIoCneu9W3c1ZbizOzQsV7OW6qBmuqwoJHRZ+8mYXCrPEx7SUyzp4/TYcF+d\nn+MDfNxVvLxkh4dpKsa/icsw1JJTxDq9TBw44lHtnfNpi1OWBh027p6KnjWPU0Aa\n+y/SdLECgYEA37XRzMG31+Na0LqSzQm/szA62bG/EYzD7fuybmu6r0Hr2hy4yPlB\nAwbycqAevCKF3r7/z2eJJegC0/l+7YQI5Zt098lCbFBd7WBHS2zf/nH7+KL6rdfG\nHlcKMR6g3h7n3A7Z5UnqO1Xw0gvi/UchLrYh6T9N8WazJAp1F9ForZUCgYEA0BRU\nuv+4SvVd7vFhGxyemcygrt1Sb+QshPPTPv+a/00bN5s9ksweOzFFQp4KieBwZDdI\nXlZYQBeO9HDbitkWTCBm7cRwQ8dH9kyhxknX3Cm6iL1//0NXF30HdNpiiDCEosjF\nXtkLCim2IL/xsC7fBbeHvr2Lth6hRNJv08aaerMCgYEAuMogpikyajNUVex3zMSL\nxEFHq4EGmkGTqqZpaoq0Z4ZlgwKMpP43dH+tj3+yQ6ekuy08c59Li7NNermx3hJd\nowQ5p2Bo7L2qCKWp3qTtlemjwGsn9Key8GbndVGegjw3O/BMjvjycdb4mRjWhG7X\n+xTZiCkRgiFaQqAcvvLsq80CgYEAmSiN4YL+tPX8aTd0wY8EUrKjB3NTDZcHCemq\n8TEVdpvbz8dNwDLMgcdXcpx/p1Lzh2CFvSKTHMH6cIRtpLr7xZcIDDVOaSVTG8D2\nRsztvVlduu65Ozvm7BwUk/d3FUWZK3TaimD51kYzj9GY5ZTqhfu8SDKelrPfAphe\nxaPm6y8CgYEApoObwhaX4d2NChFSAvaVNmyt5huXdIQ6JBzW/zFlgxA6f24H4Wxg\nw65RHeXr3m84HuHt+hl5pZS0dxDKQrCjxwY88xJP8MY1+eaMzZvDTCjInWUzHBD0\nvXEjh6gigJXD30VXF5GxO0gmkm5OcgmhOKGOq0gTRrSVmRrwNHCnE+E=\n-----END RSA PRIVATE KEY-----"
}
TlsSettings members
| Member | Type | GET | PUT | Description | ||||
|---|---|---|---|---|---|---|---|---|
TlsSettings: Secret management secret store TLS settings read schema |
||||||||
caCertificates |
String | ✗ | ○ | The CA certificate used to authenticate the secret store certificate. | ||||
ca |
Tls |
○ | ✗ | Summary information of a digital X.509 Certificate. | ||||
client |
String | ✗ | ○ | The TLS certificate used to authenticate with the secret store. | ||||
client |
Tls |
○ | ✗ | Summary information of a digital X.509 Certificate. | ||||
client |
String | ✗ | ○ | The TLS certificate key used to authenticate with the secret store. | ||||
TlsSettings.caCertificatesDetails[]: Summary information of a digital X.509 Certificate. |
||||||||
fingerprints |
Tls |
○ | ✗ | An abbreviated form of the Public Key of the certificate | ||||
issuedBy |
Tls |
○ | ✗ | A distinguished name (DN) that identifies the certificate authorizer. | ||||
issuedTo |
Tls |
○ | ✗ | A distinguished name (DN) that identifies the certificate owner. | ||||
validity |
Tls |
○ | ✗ | The validity time period of the certificate. | ||||
TlsSettings.caCertificatesDetails[].fingerprints: An abbreviated form of the Public Key of the certificate |
||||||||
sha1Fingerprint |
String | ○ | ✗ | The fingerprint of the certificate using the SHA1 algorithm. | ||||
sha256Fingerprint |
String | ○ | ✗ | The fingerprint of the certificate using the SHA256 algorithm. | ||||
TlsSettings.caCertificatesDetails[].issuedBy: A distinguished name (DN) that identifies the certificate authorizer. |
||||||||
commonName |
String | ✓ | ✗ | The entity (user/web server/domain/hostname) associated with the certificate authorizer. | ||||
organization |
String | ○ | ✗ | The organization of the certificate authorizer. | ||||
organizational |
String | ○ | ✗ | The organizational unit of the certificate issuer. | ||||
TlsSettings.caCertificatesDetails[].issuedTo: A distinguished name (DN) that identifies the certificate owner. |
||||||||
commonName |
String | ✓ | ✗ | A common name (CN) that identifies the host and domain name associated with the certificate. | ||||
organization |
String | ○ | ✗ | The organization of the certificate owner. | ||||
organizational |
String | ○ | ✗ | The organizational unit of the certificate owner. | ||||
serial |
String | ○ | ✗ | A serial number that uniquely identifies the certificate. | ||||
TlsSettings.caCertificatesDetails[].validity: The validity time period of the certificate. |
||||||||
notAfter |
String | ○ | ✗ | The time and date on which the certificate is no longer valid. | ||||
notBefore |
String | ○ | ✗ | The time and date on which the certificate is valid. | ||||
TlsSettings.clientTlsCertificateDetails[]: Summary information of a digital X.509 Certificate. |
||||||||
fingerprints |
Tls |
○ | ✗ | An abbreviated form of the Public Key of the certificate | ||||
issuedBy |
Tls |
○ | ✗ | A distinguished name (DN) that identifies the certificate authorizer. | ||||
issuedTo |
Tls |
○ | ✗ | A distinguished name (DN) that identifies the certificate owner. | ||||
validity |
Tls |
○ | ✗ | The validity time period of the certificate. | ||||
TlsSettings.clientTlsCertificateDetails[].fingerprints: An abbreviated form of the Public Key of the certificate |
||||||||
sha1Fingerprint |
String | ○ | ✗ | The fingerprint of the certificate using the SHA1 algorithm. | ||||
sha256Fingerprint |
String | ○ | ✗ | The fingerprint of the certificate using the SHA256 algorithm. | ||||
TlsSettings.clientTlsCertificateDetails[].issuedBy: A distinguished name (DN) that identifies the certificate authorizer. |
||||||||
commonName |
String | ✓ | ✗ | The entity (user/web server/domain/hostname) associated with the certificate authorizer. | ||||
organization |
String | ○ | ✗ | The organization of the certificate authorizer. | ||||
organizational |
String | ○ | ✗ | The organizational unit of the certificate issuer. | ||||
TlsSettings.clientTlsCertificateDetails[].issuedTo: A distinguished name (DN) that identifies the certificate owner. |
||||||||
commonName |
String | ✓ | ✗ | A common name (CN) that identifies the host and domain name associated with the certificate. | ||||
organization |
String | ○ | ✗ | The organization of the certificate owner. | ||||
organizational |
String | ○ | ✗ | The organizational unit of the certificate owner. | ||||
serial |
String | ○ | ✗ | A serial number that uniquely identifies the certificate. | ||||
TlsSettings.clientTlsCertificateDetails[].validity: The validity time period of the certificate. |
||||||||
notAfter |
String | ○ | ✗ | The time and date on which the certificate is no longer valid. | ||||
notBefore |
String | ○ | ✗ | The time and date on which the certificate is valid. | ||||
Errors
This section provides details on the data object that reflects the API’s common response to error cases, and lists the API’s range of response status codes for both error and success cases.
Error responses
In case of errors, the API returns an HTTP Problem JSON object with the
application/problem+json media type.
In this example, an attempt was made to read a secret store with an ID of 100. The server failed to recognize this value as a valid ID, and responded with an HTTP 404 and HTTP problem describing the error.
{
"type" : "https://akzz-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net/api/secret-management/errors#core.entity-not-found",
"title" : "The requested entity could not be found",
"detail" : "SecretStore 100 does not exist",
"instance" : "https://akzz-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net/api/secret-management/v1/secret-stores/100#6e5d7651da832852",
"entityType" : "SecretStore",
"entityId" : 100
}
HTTP status codes
This section lists the full range of response codes the API might generate.
| Code | Description |
|---|---|
| 200 | The operation was successful. |
| 201 | Resource successfully created. |
| 204 | Successfully processed request. |
| 400 | Bad Request. |
| 401 | Authentication failure. |
| 403 | Access is forbidden. |
| 404 | Resource not found. |
| 405 | Method not supported. |
| 409 | Conflict with current state of resource. |
| 412 | An Etag or If-Match header does not match, indicating the content has been modified. See Concurrency control for more information. |
| 415 | Unsupported media type. |
| 500 | Internal server error. |
| 503 | Too many requests. Service is temporarily unavailable. |
Last modified: 7/19/2019