Aura Secret Management API v1

Create and manage an external TLS secret store.

Learn more:


Overview

This API allows an LCDN operator to configure the AMC to communicate with an external secret store for storing TLS secrets. The API supports only secret stores based on Hashicorp-Vault. Hashicorp-Vault is an open source secret management solution that secures, stores, and controls access to tokens, passwords, certificates, API keys and other secrets. For more information about Hashicorp-Vault, see the Hashicorp site.

The Aura LCDN supports HTTPS traffic delivery for Content Providers. HTTPS traffic delivery requires that HPC nodes use TLS certificates signed by trusted Certificate Authorities. The TLS certificates and associated private keys are collectively referred to as “secrets.”

Get started

Before you use the Aura Secret Management API for the first time, you need to obtain an authorization token by creating and registering an application using the Aura Management Center (AMC). For detailed information about obtaining a token, see the “Managing OAuth2 Applications” section in the latest version of the Aura LCDN Administration Guide.

Concurrency control

To make sure that API clients do not overwrite each other’s data, this API supports optimistic concurrency control for PUT operations by including an Etag header. When the client updates a resource, it can include an optional If-Match header with the ETag header value it received from the GET. When the client provides an If-Match header, the request succeeds if the state matches what the client is updating as indicated by the ETag. Otherwise, it issues a 412 error.

Resources

This section provides details on the API’s various operations.

Here are all the conceptual objects you interact with in this API.

  • Secret. A secret is a secure object that stores sensitive data such as TLS certificates and associated private keys, in a secret store.

  • Secret Store. A secret store is a server used to secure, store, and control access to tokens, passwords, certificates, and other secrets. When configured, the HPC requests the required secrets when needed using encrypted API calls to the secret store.

  • Token. The secret store provides the token, a random string of characters that serve as credentials, to authorize access to protected resources.

  • User credentials. The user name and password used to access the secret store.

API summary

Download the RAML descriptors for this API.

Operation Method Endpoint
Secrets  
Create a new secret POST /api/secret-management/v1/secrets
List secrets GET /api/secret-management/v1/secrets
Update a secret PUT /api/secret-management/v1/secrets/{secretId}
Delete a secret DELETE /api/secret-management/v1/secrets/{secretId}
Get a secret GET /api/secret-management/v1/secrets/{secretId}
Secret stores  
Create a secret store POST /api/secret-management/v1/secret-stores
List secret stores GET /api/secret-management/v1/secret-stores
Update a secret store PUT /api/secret-management/v1/secret-stores/{secretStoreId}
Delete a secret store DELETE /api/secret-management/v1/secret-stores/{secretStoreId}
Get a secret store GET /api/secret-management/v1/secret-stores/{secretStoreId}
Update credentials PUT /api/secret-management/v1/secret-stores/{secretStoreId}/user-credentials
Get credentials GET /api/secret-management/v1/secret-stores/{secretStoreId}/user-credentials
Update token settings PUT /api/secret-management/v1/secret-stores/{secretStoreId}/token
Get token settings GET /api/secret-management/v1/secret-stores/{secretStoreId}/token
Update TLS settings PUT /api/secret-management/v1/secret-stores/{secretStoreId}/tls-settings
Get TLS settings GET /api/secret-management/v1/secret-stores/{secretStoreId}/tls-settings

Create a new secret

This operation creates a new secret. A secret is a secure object that stores sensitive data such as TLS certificates and associated private keys.

POST /api/secret-management/v1/secrets

Content-Type: application/json

Object type: Secret

Download schema: secret.create.schema.json

Request body:

{
    "name": "test-secret",
    "secretStoreId": 2,
    "type": "CERTIFICATE_KEY_BUNDLE",
    "secretUri": "/v1/data/secrets/123"
}

Status 201 application/json

Headers:

Location: https://akzz-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net/api/secret-management/v1/secrets/1

Object type: Secret

Download schema: secret.full.schema.json

Response body:

{
    "secretId": 1,
    "name": "test-secret",
    "secretStoreId": 2,
    "type": "CERTIFICATE_KEY_BUNDLE",
    "secretUri": "/v1/data/secrets/123"
}
  1. Build a new Secret object.

  2. POST the object to /api/secret-management/v1/secrets.

  3. The Location response header provides a link where you can GET the newly-created Secret object.

List secrets

This operation returns a list of all configured secrets.

GET /api/secret-management/v1/secrets

Status 200 application/json

Object type: Secret

Download schema: secret.collection.schema.json

Response body:

{
    "secretStores": [
        {
            "secretStoreId": 1,
            "type": "VAULT",
            "hostname": "test.server.com"
        }
    ],
    "page": {
        "pageNumber": 1,
        "pageSize": 100,
        "totalPages": 1,
        "totalResults": 1
    }
}
  1. To get a list of configured secrets, make a GET request to /api/secret-management/v1/secrets. Store the relevant secretId value from the response.

  2. Make a GET request to /api/secret-management/v1/secrets/{secretId}.

  3. The operation responds with a Secret object.

Update a secret

This operation modifies the details of the secret.

PUT /api/secret-management/v1/secrets/{secretId}

Sample: /api/secret-management/v1/secrets/1

Content-Type: application/json

Object type: Secret

Download schema: secret.full.schema.json

Request body:

{
    "secretId": 1,
    "name": "test-secret",
    "secretStoreId": 2,
    "type": "CERTIFICATE_KEY_BUNDLE",
    "secretUri": "/v1/data/secrets/123"
}
Parameter Type Sample Description
URL path parameters
secretId Integer 1 Uniquely identifies a secret.

Status 200 application/json

Object type: Secret

Download schema: secret.full.schema.json

Response body:

{
    "secretId": 1,
    "name": "test-secret",
    "secretStoreId": 2,
    "type": "CERTIFICATE_KEY_BUNDLE",
    "secretUri": "/v1/data/secrets/123"
}
  1. To get a list of all configured secrets, make a GET request to /api/secret-management/v1/secrets. Store the secretId value from the relevant secrets in the response.

  2. Make a GET request to /api/secret-management/v1/secrets/{secretId}.

  3. Update the appropriate object members in the Secret object.

  4. PUT the object back to the same URL.

  5. The operation responds with the updated Secret object.

Delete a secret

This operation deletes the reference to a secret, which is stored on the remote secret store. You cannot delete the reference to a secret if the API detects that the secret is currently in use.

DELETE /api/secret-management/v1/secrets/{secretId}

Sample: /api/secret-management/v1/secrets/1

Parameter Type Sample Description
URL path parameters
secretId Integer 1 Uniquely identifies a secret.

Status 204

  1. To get a list of all configured secrets, make a GET request to /api/secret-management/v1/secrets. Store the relevant secretId value from the response.

  2. Make a DELETE request to /api/secret-management/v1/secrets/{secretId}.

Get a secret

This operation retrieves the details of the secret.

GET /api/secret-management/v1/secrets/{secretId}

Sample: /api/secret-management/v1/secrets/1

Parameter Type Sample Description
URL path parameters
secretId Integer 1 Uniquely identifies a secret.

Status 200 application/json

Object type: Secret

Download schema: secret.full.schema.json

Response body:

{
    "secretId": 1,
    "name": "test-secret",
    "secretStoreId": 2,
    "type": "CERTIFICATE_KEY_BUNDLE",
    "secretUri": "/v1/data/secrets/123"
}
  1. To get a list of configured secrets, make a GET request to /api/secret-management/v1/secrets/. Store the relevant secretId value from the response.

  2. Make a GET request to /api/secret-management/v1/secrets/{secretId}.

  3. The operation responds with a Secret object.

Create a secret store

This operation creates a new secret store. A secret store is a server used to secure, store, and control access to tokens, passwords, certificates, and other secrets.

POST /api/secret-management/v1/secret-stores

Content-Type: application/json

Object type: SecretStore

Download schema: secret-store.create.schema.json

Request body:

{
    "type": "VAULT",
    "hostname": "test.server.com",
    "username": "test_user",
    "password": "example_password",
    "token": "95eba8ed-f6fc-958a-f490-c7fd0eda5e9e",
    "caCertificates": "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgIJANE7xHqsKGMkMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV\nBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMREwDwYDVQQHDAhXZXN0Zm9y\nZDEXMBUGA1UEAwwOd3d3Lm1hZGJvYS5jb20wHhcNMTUwMzA5MTUyOTUyWhcNMjUw\nMzA2MTUyOTUyWjBRMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0\nczERMA8GA1UEBwwIV2VzdGZvcmQxFzAVBgNVBAMMDnd3dy5tYWRib2EuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8pN2qqE90CtZs3hEBg3BJ88\ntX98BZNEpv8OD4wYbaOFx9i1FXvfk3/ii5zwwuO+LlJjzGGXHFV3WruFuWTdKnbG\n4OPO5FAaxhMzujUhcvmpoLdzIwOq+OHxnH/mFApti5a/Sa8DrwIDmFJlKuQC88GD\nZu88LCWq55OX4FyvihWG/R1hJ4BveV8Ip3YDDr3uJGrLF4iZKBfdILRaPJX48Muj\nXr8q4Ps4qd6oWbOqQLCcVsB4D9uFdoRua4JIRZXIJHyi/S/K5aCzP6/+0wgVWwBy\niqNkiycIRPLZcCPrsDa0XdDrWJGNb8wbXpvoRMv/TYZUPjRvsi8TwI1s/PCLBwID\nAQABo1AwTjAdBgNVHQ4EFgQUFxj1KAd5MPSwJPLrpzEnP2fCj3IwHwYDVR0jBBgw\nFoAUFxj1KAd5MPSwJPLrpzEnP2fCj3IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\nAQsFAAOCAQEAJOM8D7HhJK1yZvMhK7SHm/W4jfU+SuXLLUM5pZgEXBJNRoryfQGw\n02LtvhF4Y80uA22ikdVpjrryjDXK4kew0Q3bb8B/dzC22kSR2+/GQ1ket+zj6ubc\nYJt6zNAuckEjSqXciVtRXU+wuHQ99ClbrzDOzirgZTKUHy55JX5lJPU2dUqV+6vy\nMgmdZlK/SfTgqLHdCRpBfGnOFQj9ctbr4urLqo1rx4oIevpTeUfF991bRnWAGWZu\nUu8BEbeCFenVrOoG17wiVamRXLbhLqW99tUrYyCj66ap/btvILZj4LSwsnGpKOGE\nHU4i54Bgh39o77YI3TctfBl+lky3scyHLA==\n-----END CERTIFICATE-----",
    "clientTlsCertificate": "-----BEGIN CERTIFICATE-----\nMIIGTjCCBDagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVT\nMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRcwFQYDVQQDDA5sY2RuLmRvY2tlci5jYTEgMB4GCSqGSIb3DQEJ\nARYRbm9ib2R5QGFrYW1haS5jb20wHhcNMTcwNjE1MTQyMjAzWhcNNDQxMDMwMTQy\nMjAzWjCBmTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRQwEgYDVQQDDAtKVW5pdCBUZXN0czEfMB0GCSqGSIb3DQEJARYQ\nanVuaXRAYWthbWFpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALXVfrXTzUhFY9RVNPP7ghE/qngf5xhzvlHQav9x6vUkHSbcvBr8tpuV3fjdMua7\ntNgH8AL/B3h8boD4kZZWDGlz7HmA2AH1Lvq3FBY6jY3VusbfK+X3VOZ7cmecYv9l\n9Rpk20vZrWXI8WnPlYrhmC639GhQ4ZPJy69XQD28dvXGw7usCbs3BZdqi4A2CiNG\nmFiTZyFBh1V4WSkWsaah2MA3XDlx/cxl1wC8bIMm8pQE1cWGzF2R6MOJqy4CMWxi\nVkBomGEOq/7rkuiXBlDQZ/E5M3vEM44BjH0sUrF9xydWvtW856blrosoevD3sOt1\novDgZzXFCABnACzVe/iMYS8CAwEAAaOCAYQwggGAMAkGA1UdEwQCMAAwEQYJYIZI\nAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBT\nZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIub/DhaKcLxfbxpTcw8YdiT5O9H\nMIHmBgNVHSMEgd4wgduAFATfWUDHxy1CWxSHYJLxJqDiHhI2oYG3pIG0MIGxMQsw\nCQYDVQQGEwJVUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAG\nA1UECgwZQWthbWFpIFRlY2hub2xvZ2llcywgSW5jLjEiMCAGA1UECwwZQ2Fycmll\nciBQcm9kdWN0cyBEaXZpc2lvbjEXMBUGA1UEAwwObGNkbi5kb2NrZXIuY2ExIDAe\nBgkqhkiG9w0BCQEWEW5vYm9keUBha2FtYWkuY29tggkAz0/BS2yHqvAwDgYDVR0P\nAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IC\nAQDAqO8TYIYmPmtlkctmdYpAjyHrezyOvQqISI1puzUZiv45r1RLJdnx61hCeZXr\naIYgtsPco7yzZP1kmpb1VifJuVzX84MqoJlmIJsSlR7n3cu64qUe0eSs3ZnkFw1d\nWWz0UzWeMYU9f4hf9QPiFV15VjwpWOpwOeuBOoX1eIEQbd8dpIh05TgU6UV6cyTR\nLPImlFhqEKb5uQPUMf4jjnbgiMI+DRWiCElYJ1l3wS1xbVaqaQQaCmsPfvKQ9oIe\nO/HeEpdFtT6pgMaPB7cnxHnMArVGaWLeApnuIvSvbziLU2pA2IUIvktINoSbXMiN\nP/5IDt3CBLs7bMpeUTclo7W58H5m1UEGmfTjl4HmSEIuyXBREx49S8dvgrijvLsS\nGBAeV2JYovAgn0Jz2vD7zWD8QoacOsiu7UUnnBWhY+Lb2xB4w2tfCAfkzhfOt4Cr\nu6iSHiyQH0MwZXFSkfGtEMG40MW/UTWbBbYqCML3YDR3Ncbj8toiyWKTkkDBL6LJ\nlNfRWm955Q85bcrBseAY94wyCsnv9JhLvIq/RrLZqjv/8GOol/P0kzL1TIFBbP6G\nI576UQ9nrWO+oFcC9CYq9OnMKDYuwQ6a1/d1i8dhj3HwPakrS8hLGe5PgNM983f8\n3VfxMEPxHp0J3lYQDslGHURspHGRVRRvaUZeLvk8lmnf1g==\n-----END CERTIFICATE-----\n",
    "clientTlsCertificateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAtdV+tdPNSEVj1FU08/uCET+qeB/nGHO+UdBq/3Hq9SQdJty8\nGvy2m5Xd+N0y5ru02AfwAv8HeHxugPiRllYMaXPseYDYAfUu+rcUFjqNjdW6xt8r\n5fdU5ntyZ5xi/2X1GmTbS9mtZcjxac+ViuGYLrf0aFDhk8nLr1dAPbx29cbDu6wJ\nuzcFl2qLgDYKI0aYWJNnIUGHVXhZKRaxpqHYwDdcOXH9zGXXALxsgybylATVxYbM\nXZHow4mrLgIxbGJWQGiYYQ6r/uuS6JcGUNBn8Tkze8QzjgGMfSxSsX3HJ1a+1bzn\npuWuiyh68Pew63Wi8OBnNcUIAGcALNV7+IxhLwIDAQABAoIBAF/tJ5GpES1FXisQ\nYIUudCnBWp9QxUvDE+55c1kbsgZtbOupm5rpIzTlVVsK5uWOtRMa7OXHwRsxGeL0\nP2n+L0Iao/Bdppcxz/z4RKKNdUwUKxrrdW82khWdnndGq3ttQGcSOhbD2ZRO8/0M\nRComZXCQH2JA+SBMXyY7c2qeWGvD8oeCFVW+NLTBe3SZBvEzYz4ZvFOG/jTX9P79\noCvgPIoCneu9W3c1ZbizOzQsV7OW6qBmuqwoJHRZ+8mYXCrPEx7SUyzp4/TYcF+d\nn+MDfNxVvLxkh4dpKsa/icsw1JJTxDq9TBw44lHtnfNpi1OWBh027p6KnjWPU0Aa\n+y/SdLECgYEA37XRzMG31+Na0LqSzQm/szA62bG/EYzD7fuybmu6r0Hr2hy4yPlB\nAwbycqAevCKF3r7/z2eJJegC0/l+7YQI5Zt098lCbFBd7WBHS2zf/nH7+KL6rdfG\nHlcKMR6g3h7n3A7Z5UnqO1Xw0gvi/UchLrYh6T9N8WazJAp1F9ForZUCgYEA0BRU\nuv+4SvVd7vFhGxyemcygrt1Sb+QshPPTPv+a/00bN5s9ksweOzFFQp4KieBwZDdI\nXlZYQBeO9HDbitkWTCBm7cRwQ8dH9kyhxknX3Cm6iL1//0NXF30HdNpiiDCEosjF\nXtkLCim2IL/xsC7fBbeHvr2Lth6hRNJv08aaerMCgYEAuMogpikyajNUVex3zMSL\nxEFHq4EGmkGTqqZpaoq0Z4ZlgwKMpP43dH+tj3+yQ6ekuy08c59Li7NNermx3hJd\nowQ5p2Bo7L2qCKWp3qTtlemjwGsn9Key8GbndVGegjw3O/BMjvjycdb4mRjWhG7X\n+xTZiCkRgiFaQqAcvvLsq80CgYEAmSiN4YL+tPX8aTd0wY8EUrKjB3NTDZcHCemq\n8TEVdpvbz8dNwDLMgcdXcpx/p1Lzh2CFvSKTHMH6cIRtpLr7xZcIDDVOaSVTG8D2\nRsztvVlduu65Ozvm7BwUk/d3FUWZK3TaimD51kYzj9GY5ZTqhfu8SDKelrPfAphe\nxaPm6y8CgYEApoObwhaX4d2NChFSAvaVNmyt5huXdIQ6JBzW/zFlgxA6f24H4Wxg\nw65RHeXr3m84HuHt+hl5pZS0dxDKQrCjxwY88xJP8MY1+eaMzZvDTCjInWUzHBD0\nvXEjh6gigJXD30VXF5GxO0gmkm5OcgmhOKGOq0gTRrSVmRrwNHCnE+E=\n-----END RSA PRIVATE KEY-----",
    "managementLoginUri": "/v1/auth/userpass/login",
    "managementTokenRenewalUri": "/v1/auth/token/renew",
    "serviceLoginUri": "/v1/auth/token/create",
    "serviceTokenRenewalUri": "/v1/auth/token/renew"
}

Status 201 application/json

Headers:

Location: https://akzz-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net/api/secret-management/v1/secret-stores/1

Object type: SecretStore

Download schema: secret-store.read-detailed.schema.json

Response body:

{
    "secretStoreId": 1,
    "type": "VAULT",
    "hostname": "test.server.com",
    "username": "test_user",
    "tokenLastUpdated": "2019-04-02T22:40:56.245+0000",
    "caCertificatesDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
                "sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
            },
            "validity": {
                "notBefore": "2017-06-15T14:22:03.000+0000",
                "notAfter": "2044-10-30T14:22:03.000+0000"
            },
            "issuedTo": {
                "commonName": "JUnit Tests",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division",
                "serial": "10:00"
            },
            "issuedBy": {
                "commonName": "lcdn.docker.ca",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division"
            }
        }
    ],
    "clientTlsCertificateDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
                "sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
            },
            "validity": {
                "notBefore": "2015-03-09T15:29:52.000+0000",
                "notAfter": "2025-03-06T15:29:52.000+0000"
            },
            "issuedTo": {
                "commonName": "www.akamai.com",
                "serial": "D1:3B:C4:7A:AC:28:63:24"
            },
            "issuedBy": {
                "commonName": "www.akamai.com"
            }
        }
    ],
    "managementLoginUri": "/v1/auth/userpass/login",
    "managementTokenRenewalUri": "/v1/auth/token/renew",
    "serviceLoginUri": "/v1/auth/token/create",
    "serviceTokenRenewalUri": "/v1/auth/token/renew"
}
  1. Build a new SecretStore object.

  2. POST the object to /api/secret-management/v1/secret-stores.

  3. The Location response header provides a link where you can get the newly-created SecretStore.

List secret stores

This operation returns a list of all configured secret stores.

GET /api/secret-management/v1/secret-stores

Status 200 application/json

Object type: SecretStore

Download schema: secret-store.collection.schema.json

Response body:

{
    "secretStores": [
        {
            "secretStoreId": 1,
            "type": "VAULT",
            "hostname": "test.server.com"
        }
    ],
    "page": {
        "pageNumber": 1,
        "pageSize": 100,
        "totalPages": 1,
        "totalResults": 1
    }
}
  1. To get a list of all configured secret stores, make a GET request to /api/secret-management/v1/secret-stores. Store the relevant secretStoreId value from the response.

  2. Make a GET request to /api/secret-management/v1/secret-stores/{secretStoreId}.

  3. The operation responds with a SecretStore object.

Update a secret store

This operation modifies the details of the secret store.

PUT /api/secret-management/v1/secret-stores/{secretStoreId}

Sample: /api/secret-management/v1/secret-stores/1

Content-Type: application/json

Object type: SecretStore

Download schema: secret-store.update.schema.json

Request body:

{
    "type": "VAULT",
    "hostname": "test.server.com",
    "managementLoginUri": "/v1/auth/userpass/login",
    "managementTokenRenewalUri": "/v1/auth/token/renew",
    "serviceLoginUri": "/v1/auth/token/create",
    "serviceTokenRenewalUri": "/v1/auth/token/renew"
}
Parameter Type Sample Description
URL path parameters
secretStoreId Integer 1 Uniquely identifies a secret store.

Status 200 application/json

Object type: SecretStore

Download schema: secret-store.read-detailed.schema.json

Response body:

{
    "secretStoreId": 1,
    "type": "VAULT",
    "hostname": "test.server.com",
    "username": "test_user",
    "tokenLastUpdated": "2019-04-02T22:40:56.245+0000",
    "caCertificatesDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
                "sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
            },
            "validity": {
                "notBefore": "2017-06-15T14:22:03.000+0000",
                "notAfter": "2044-10-30T14:22:03.000+0000"
            },
            "issuedTo": {
                "commonName": "JUnit Tests",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division",
                "serial": "10:00"
            },
            "issuedBy": {
                "commonName": "lcdn.docker.ca",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division"
            }
        }
    ],
    "clientTlsCertificateDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
                "sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
            },
            "validity": {
                "notBefore": "2015-03-09T15:29:52.000+0000",
                "notAfter": "2025-03-06T15:29:52.000+0000"
            },
            "issuedTo": {
                "commonName": "www.akamai.com",
                "serial": "D1:3B:C4:7A:AC:28:63:24"
            },
            "issuedBy": {
                "commonName": "www.akamai.com"
            }
        }
    ],
    "managementLoginUri": "/v1/auth/userpass/login",
    "managementTokenRenewalUri": "/v1/auth/token/renew",
    "serviceLoginUri": "/v1/auth/token/create",
    "serviceTokenRenewalUri": "/v1/auth/token/renew"
}
  1. To generate a list of all configured secret stores, make a GET request to /api/secret-management/v1/secret-stores. Store the secretId value from the relevant secret stores in the response.

  2. Make a GET request to /api/secret-management/v1/secret-stores/{secretStoreId}.

  3. Update the appropriate object members in the SecretStore object.

  4. PUT the object back to the same URL.

  5. The operation responds with the updated SecretStore object.

Delete a secret store

This operation deletes the details of the secret store.

DELETE /api/secret-management/v1/secret-stores/{secretStoreId}

Sample: /api/secret-management/v1/secret-stores/1

Parameter Type Sample Description
URL path parameters
secretStoreId Integer 1 Uniquely identifies a secret store.

Status 204

  1. To get a list of all configured secret stores, make a GET request to /api/secret-management/v1/secret-stores. Store the relevant secretStoreId value from the response.

  2. Make a DELETE request to /api/secret-management/v1/secret-stores/{secretStoreId}.

Get a secret store

This operation retrieves the details of the secret store.

GET /api/secret-management/v1/secret-stores/{secretStoreId}

Sample: /api/secret-management/v1/secret-stores/1

Parameter Type Sample Description
URL path parameters
secretStoreId Integer 1 Uniquely identifies a secret store.

Status 200 application/json

Object type: SecretStore

Download schema: secret-store.read-detailed.schema.json

Response body:

{
    "secretStoreId": 1,
    "type": "VAULT",
    "hostname": "test.server.com",
    "username": "test_user",
    "tokenLastUpdated": "2019-04-02T22:40:56.245+0000",
    "caCertificatesDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
                "sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
            },
            "validity": {
                "notBefore": "2017-06-15T14:22:03.000+0000",
                "notAfter": "2044-10-30T14:22:03.000+0000"
            },
            "issuedTo": {
                "commonName": "JUnit Tests",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division",
                "serial": "10:00"
            },
            "issuedBy": {
                "commonName": "lcdn.docker.ca",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division"
            }
        }
    ],
    "clientTlsCertificateDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
                "sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
            },
            "validity": {
                "notBefore": "2015-03-09T15:29:52.000+0000",
                "notAfter": "2025-03-06T15:29:52.000+0000"
            },
            "issuedTo": {
                "commonName": "www.akamai.com",
                "serial": "D1:3B:C4:7A:AC:28:63:24"
            },
            "issuedBy": {
                "commonName": "www.akamai.com"
            }
        }
    ],
    "managementLoginUri": "/v1/auth/userpass/login",
    "managementTokenRenewalUri": "/v1/auth/token/renew",
    "serviceLoginUri": "/v1/auth/token/create",
    "serviceTokenRenewalUri": "/v1/auth/token/renew"
}
  1. To get a list of all configured secret stores, make a GET request to /api/secret-management/v1/secret-stores/. Store the relevant secretStoreId value from the response.

  2. Make a GET request to /api/secret-management/v1/secret-stores/{secretStoreId}.

  3. The operation responds with a SecretStore object.

Update credentials

This operation updates the user credentials settings for the secret store.

PUT /api/secret-management/v1/secret-stores/{secretStoreId}/user-credentials

Sample: /api/secret-management/v1/secret-stores/1/user-credentials

Content-Type: application/json

Object type: UserCredentials

Download schema: user-credentials.update.schema.json

Request body:

{
    "username": "test_user",
    "password": "example_password"
}
Parameter Type Sample Description
URL path parameters
secretStoreId Integer 1 Uniquely identifies a secret store.

Status 200 application/json

Object type: UserCredentials

Download schema: user-credentials.read.schema.json

Response body:

{
    "username": "test_user"
}
  1. To get a list of all configured user credential settings, make a GET request to /api/secret-management/v1/secret-stores/user-credentials. Store the secretStoreId value from the relevant user credential settings in the response.

  2. Make a GET request to /api/secret-management/v1/secret-stores/{secretStoreId}/user-credentials.

  3. Update the appropriate object members in the UserCredentials object.

  4. PUT the object back to the same URL.

  5. The operation responds with the updated UserCredentials object.

Get credentials

This operation retrieves the user credentials settings for the secret store.

GET /api/secret-management/v1/secret-stores/{secretStoreId}/user-credentials

Sample: /api/secret-management/v1/secret-stores/1/user-credentials

Parameter Type Sample Description
URL path parameters
secretStoreId Integer 1 Uniquely identifies a secret store.

Status 200 application/json

Object type: UserCredentials

Download schema: user-credentials.read.schema.json

Response body:

{
    "username": "test_user"
}
  1. To get a list of user credentials settings for the secret store, make a GET request to /api/secret-management/v1/secret-stores/user-credentials. Store the relevant secretStoreId value from the response.

  2. Make a GET request to /api/secret-management/v1/secret-stores/{secretStoreId}/user-credentials.

  3. The operation responds with a UserCredentials object.

Update token settings

This operation updates the token settings for the secret store.

PUT /api/secret-management/v1/secret-stores/{secretStoreId}/token

Sample: /api/secret-management/v1/secret-stores/1/token

Content-Type: application/json

Object type: Token

Download schema: token.update.schema.json

Request body:

{
    "token": "95eba8ed-f6fc-958a-f490-c7fd0eda5e9e"
}
Parameter Type Sample Description
URL path parameters
secretStoreId Integer 1 Uniquely identifies a secret store.

Status 200 application/json

Object type: Token

Download schema: token.read.schema.json

Response body:

{
    "tokenLastUpdated": "2019-04-02T22:40:56.245+0000"
}
  1. To generate a list of all configured token settings for the secret store, make a GET request to /api/secret-management/v1/secret-stores/token. Store the secretStoreId from the response.

  2. Make a GET request /api/secret-management/v1/secret-stores/{secretStoreId}/token.

  3. Update the appropriate object members in the Token object.

  4. PUT the object back to the same URL.

  5. The operation responds with the updated Token object.

Get token settings

This operation retrieves the token settings for the secret store.

GET /api/secret-management/v1/secret-stores/{secretStoreId}/token

Sample: /api/secret-management/v1/secret-stores/1/token

Parameter Type Sample Description
URL path parameters
secretStoreId Integer 1 Uniquely identifies a secret store.

Status 200 application/json

Object type: Token

Download schema: token.read.schema.json

Response body:

{
    "tokenLastUpdated": "2019-04-02T22:40:56.245+0000"
}
  1. To get a list of token settings for the secret store, make a GET request to /api/secret-management/v1/secret-stores/token. Store the relevant secretStoreId value from the response.

  2. Make a GET request to /api/secret-management/v1/secret-stores/{secretStoreId}/token.

  3. The operation responds with a Token object.

Update TLS settings

This operation updates the TLS settings for the secret store.

PUT /api/secret-management/v1/secret-stores/{secretStoreId}/tls-settings

Sample: /api/secret-management/v1/secret-stores/1/tls-settings

Content-Type: application/json

Object type: TlsSettings

Download schema: tls-settings.update.schema.json

Request body:

{
    "caCertificates": "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgIJANE7xHqsKGMkMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV\nBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMREwDwYDVQQHDAhXZXN0Zm9y\nZDEXMBUGA1UEAwwOd3d3Lm1hZGJvYS5jb20wHhcNMTUwMzA5MTUyOTUyWhcNMjUw\nMzA2MTUyOTUyWjBRMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0\nczERMA8GA1UEBwwIV2VzdGZvcmQxFzAVBgNVBAMMDnd3dy5tYWRib2EuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8pN2qqE90CtZs3hEBg3BJ88\ntX98BZNEpv8OD4wYbaOFx9i1FXvfk3/ii5zwwuO+LlJjzGGXHFV3WruFuWTdKnbG\n4OPO5FAaxhMzujUhcvmpoLdzIwOq+OHxnH/mFApti5a/Sa8DrwIDmFJlKuQC88GD\nZu88LCWq55OX4FyvihWG/R1hJ4BveV8Ip3YDDr3uJGrLF4iZKBfdILRaPJX48Muj\nXr8q4Ps4qd6oWbOqQLCcVsB4D9uFdoRua4JIRZXIJHyi/S/K5aCzP6/+0wgVWwBy\niqNkiycIRPLZcCPrsDa0XdDrWJGNb8wbXpvoRMv/TYZUPjRvsi8TwI1s/PCLBwID\nAQABo1AwTjAdBgNVHQ4EFgQUFxj1KAd5MPSwJPLrpzEnP2fCj3IwHwYDVR0jBBgw\nFoAUFxj1KAd5MPSwJPLrpzEnP2fCj3IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\nAQsFAAOCAQEAJOM8D7HhJK1yZvMhK7SHm/W4jfU+SuXLLUM5pZgEXBJNRoryfQGw\n02LtvhF4Y80uA22ikdVpjrryjDXK4kew0Q3bb8B/dzC22kSR2+/GQ1ket+zj6ubc\nYJt6zNAuckEjSqXciVtRXU+wuHQ99ClbrzDOzirgZTKUHy55JX5lJPU2dUqV+6vy\nMgmdZlK/SfTgqLHdCRpBfGnOFQj9ctbr4urLqo1rx4oIevpTeUfF991bRnWAGWZu\nUu8BEbeCFenVrOoG17wiVamRXLbhLqW99tUrYyCj66ap/btvILZj4LSwsnGpKOGE\nHU4i54Bgh39o77YI3TctfBl+lky3scyHLA==\n-----END CERTIFICATE-----",
    "clientTlsCertificate": "-----BEGIN CERTIFICATE-----\nMIIGTjCCBDagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVT\nMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRcwFQYDVQQDDA5sY2RuLmRvY2tlci5jYTEgMB4GCSqGSIb3DQEJ\nARYRbm9ib2R5QGFrYW1haS5jb20wHhcNMTcwNjE1MTQyMjAzWhcNNDQxMDMwMTQy\nMjAzWjCBmTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRQwEgYDVQQDDAtKVW5pdCBUZXN0czEfMB0GCSqGSIb3DQEJARYQ\nanVuaXRAYWthbWFpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALXVfrXTzUhFY9RVNPP7ghE/qngf5xhzvlHQav9x6vUkHSbcvBr8tpuV3fjdMua7\ntNgH8AL/B3h8boD4kZZWDGlz7HmA2AH1Lvq3FBY6jY3VusbfK+X3VOZ7cmecYv9l\n9Rpk20vZrWXI8WnPlYrhmC639GhQ4ZPJy69XQD28dvXGw7usCbs3BZdqi4A2CiNG\nmFiTZyFBh1V4WSkWsaah2MA3XDlx/cxl1wC8bIMm8pQE1cWGzF2R6MOJqy4CMWxi\nVkBomGEOq/7rkuiXBlDQZ/E5M3vEM44BjH0sUrF9xydWvtW856blrosoevD3sOt1\novDgZzXFCABnACzVe/iMYS8CAwEAAaOCAYQwggGAMAkGA1UdEwQCMAAwEQYJYIZI\nAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBT\nZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIub/DhaKcLxfbxpTcw8YdiT5O9H\nMIHmBgNVHSMEgd4wgduAFATfWUDHxy1CWxSHYJLxJqDiHhI2oYG3pIG0MIGxMQsw\nCQYDVQQGEwJVUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAG\nA1UECgwZQWthbWFpIFRlY2hub2xvZ2llcywgSW5jLjEiMCAGA1UECwwZQ2Fycmll\nciBQcm9kdWN0cyBEaXZpc2lvbjEXMBUGA1UEAwwObGNkbi5kb2NrZXIuY2ExIDAe\nBgkqhkiG9w0BCQEWEW5vYm9keUBha2FtYWkuY29tggkAz0/BS2yHqvAwDgYDVR0P\nAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IC\nAQDAqO8TYIYmPmtlkctmdYpAjyHrezyOvQqISI1puzUZiv45r1RLJdnx61hCeZXr\naIYgtsPco7yzZP1kmpb1VifJuVzX84MqoJlmIJsSlR7n3cu64qUe0eSs3ZnkFw1d\nWWz0UzWeMYU9f4hf9QPiFV15VjwpWOpwOeuBOoX1eIEQbd8dpIh05TgU6UV6cyTR\nLPImlFhqEKb5uQPUMf4jjnbgiMI+DRWiCElYJ1l3wS1xbVaqaQQaCmsPfvKQ9oIe\nO/HeEpdFtT6pgMaPB7cnxHnMArVGaWLeApnuIvSvbziLU2pA2IUIvktINoSbXMiN\nP/5IDt3CBLs7bMpeUTclo7W58H5m1UEGmfTjl4HmSEIuyXBREx49S8dvgrijvLsS\nGBAeV2JYovAgn0Jz2vD7zWD8QoacOsiu7UUnnBWhY+Lb2xB4w2tfCAfkzhfOt4Cr\nu6iSHiyQH0MwZXFSkfGtEMG40MW/UTWbBbYqCML3YDR3Ncbj8toiyWKTkkDBL6LJ\nlNfRWm955Q85bcrBseAY94wyCsnv9JhLvIq/RrLZqjv/8GOol/P0kzL1TIFBbP6G\nI576UQ9nrWO+oFcC9CYq9OnMKDYuwQ6a1/d1i8dhj3HwPakrS8hLGe5PgNM983f8\n3VfxMEPxHp0J3lYQDslGHURspHGRVRRvaUZeLvk8lmnf1g==\n-----END CERTIFICATE-----\n",
    "clientTlsCertificateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAtdV+tdPNSEVj1FU08/uCET+qeB/nGHO+UdBq/3Hq9SQdJty8\nGvy2m5Xd+N0y5ru02AfwAv8HeHxugPiRllYMaXPseYDYAfUu+rcUFjqNjdW6xt8r\n5fdU5ntyZ5xi/2X1GmTbS9mtZcjxac+ViuGYLrf0aFDhk8nLr1dAPbx29cbDu6wJ\nuzcFl2qLgDYKI0aYWJNnIUGHVXhZKRaxpqHYwDdcOXH9zGXXALxsgybylATVxYbM\nXZHow4mrLgIxbGJWQGiYYQ6r/uuS6JcGUNBn8Tkze8QzjgGMfSxSsX3HJ1a+1bzn\npuWuiyh68Pew63Wi8OBnNcUIAGcALNV7+IxhLwIDAQABAoIBAF/tJ5GpES1FXisQ\nYIUudCnBWp9QxUvDE+55c1kbsgZtbOupm5rpIzTlVVsK5uWOtRMa7OXHwRsxGeL0\nP2n+L0Iao/Bdppcxz/z4RKKNdUwUKxrrdW82khWdnndGq3ttQGcSOhbD2ZRO8/0M\nRComZXCQH2JA+SBMXyY7c2qeWGvD8oeCFVW+NLTBe3SZBvEzYz4ZvFOG/jTX9P79\noCvgPIoCneu9W3c1ZbizOzQsV7OW6qBmuqwoJHRZ+8mYXCrPEx7SUyzp4/TYcF+d\nn+MDfNxVvLxkh4dpKsa/icsw1JJTxDq9TBw44lHtnfNpi1OWBh027p6KnjWPU0Aa\n+y/SdLECgYEA37XRzMG31+Na0LqSzQm/szA62bG/EYzD7fuybmu6r0Hr2hy4yPlB\nAwbycqAevCKF3r7/z2eJJegC0/l+7YQI5Zt098lCbFBd7WBHS2zf/nH7+KL6rdfG\nHlcKMR6g3h7n3A7Z5UnqO1Xw0gvi/UchLrYh6T9N8WazJAp1F9ForZUCgYEA0BRU\nuv+4SvVd7vFhGxyemcygrt1Sb+QshPPTPv+a/00bN5s9ksweOzFFQp4KieBwZDdI\nXlZYQBeO9HDbitkWTCBm7cRwQ8dH9kyhxknX3Cm6iL1//0NXF30HdNpiiDCEosjF\nXtkLCim2IL/xsC7fBbeHvr2Lth6hRNJv08aaerMCgYEAuMogpikyajNUVex3zMSL\nxEFHq4EGmkGTqqZpaoq0Z4ZlgwKMpP43dH+tj3+yQ6ekuy08c59Li7NNermx3hJd\nowQ5p2Bo7L2qCKWp3qTtlemjwGsn9Key8GbndVGegjw3O/BMjvjycdb4mRjWhG7X\n+xTZiCkRgiFaQqAcvvLsq80CgYEAmSiN4YL+tPX8aTd0wY8EUrKjB3NTDZcHCemq\n8TEVdpvbz8dNwDLMgcdXcpx/p1Lzh2CFvSKTHMH6cIRtpLr7xZcIDDVOaSVTG8D2\nRsztvVlduu65Ozvm7BwUk/d3FUWZK3TaimD51kYzj9GY5ZTqhfu8SDKelrPfAphe\nxaPm6y8CgYEApoObwhaX4d2NChFSAvaVNmyt5huXdIQ6JBzW/zFlgxA6f24H4Wxg\nw65RHeXr3m84HuHt+hl5pZS0dxDKQrCjxwY88xJP8MY1+eaMzZvDTCjInWUzHBD0\nvXEjh6gigJXD30VXF5GxO0gmkm5OcgmhOKGOq0gTRrSVmRrwNHCnE+E=\n-----END RSA PRIVATE KEY-----"
}
Parameter Type Sample Description
URL path parameters
secretStoreId Integer 1 Uniquely identifies a secret store.

Status 200 application/json

Object type: TlsSettings

Download schema: tls-settings.read.schema.json

Response body:

{
    "caCertificatesDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
                "sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
            },
            "validity": {
                "notBefore": "2017-06-15T14:22:03.000+0000",
                "notAfter": "2044-10-30T14:22:03.000+0000"
            },
            "issuedTo": {
                "commonName": "JUnit Tests",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division",
                "serial": "10:00"
            },
            "issuedBy": {
                "commonName": "lcdn.docker.ca",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division"
            }
        }
    ],
    "clientTlsCertificateDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
                "sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
            },
            "validity": {
                "notBefore": "2015-03-09T15:29:52.000+0000",
                "notAfter": "2025-03-06T15:29:52.000+0000"
            },
            "issuedTo": {
                "commonName": "www.akamai.com",
                "serial": "D1:3B:C4:7A:AC:28:63:24"
            },
            "issuedBy": {
                "commonName": "www.akamai.com"
            }
        }
    ]
}
  1. Make a GET request to /api/secret-management/v1/secret-stores/tls-settings to retrieve a list of all configured TLS settings for the secret store. Store the secretId value from the relevant TLS settings in the response.

  2. Make a GET request to /api/secret-management/v1/secret-stores/{secretStoreId}/tls-settings.

  3. Update the appropriate object members in the TlsSettings object.

  4. PUT the object back to the same URL.

  5. The operation responds with the updated TlsSettings object.

Get TLS settings

This operation retrieves the TLS settings for the secret store.

GET /api/secret-management/v1/secret-stores/{secretStoreId}/tls-settings

Sample: /api/secret-management/v1/secret-stores/1/tls-settings

Parameter Type Sample Description
URL path parameters
secretStoreId Integer 1 Uniquely identifies a secret store.

Status 200 application/json

Object type: TlsSettings

Download schema: tls-settings.read.schema.json

Response body:

{
    "caCertificatesDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
                "sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
            },
            "validity": {
                "notBefore": "2017-06-15T14:22:03.000+0000",
                "notAfter": "2044-10-30T14:22:03.000+0000"
            },
            "issuedTo": {
                "commonName": "JUnit Tests",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division",
                "serial": "10:00"
            },
            "issuedBy": {
                "commonName": "lcdn.docker.ca",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division"
            }
        }
    ],
    "clientTlsCertificateDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
                "sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
            },
            "validity": {
                "notBefore": "2015-03-09T15:29:52.000+0000",
                "notAfter": "2025-03-06T15:29:52.000+0000"
            },
            "issuedTo": {
                "commonName": "www.akamai.com",
                "serial": "D1:3B:C4:7A:AC:28:63:24"
            },
            "issuedBy": {
                "commonName": "www.akamai.com"
            }
        }
    ]
}
  1. To get a list of configured secrets, make a GET request /api/secret-management/v1/secret-stores/tls-settings. Store the relevant secretStoreId value from the response.

  2. Make a GET request to /api/secret-management/v1/secret-stores/{secretStoreId}/tls-settings.

  3. The operation responds with a TlsSettings object.

Data

This section describes the Aura Secret Management API’s data objects.

Download the JSON schemas for this API.

The data schema tables below list membership requirements as follows:

Member is required in requests, or always present in responses, even if its value is empty or null.
Member is optional, and may be omitted in some cases.
Member is out of scope, and irrelevant to the specified interaction context. If you include the member in that context, it either triggers an error, or is ignored.

Secret

Secret management secret create schema

Download schema: secret.create.schema.json, secret.full.schema.json

Sample GET response:

{
    "secretId": 1,
    "name": "test-secret",
    "secretStoreId": 2,
    "type": "CERTIFICATE_KEY_BUNDLE",
    "secretUri": "/v1/data/secrets/123"
}

Secret members

Member Type POST PUT Description
Secret: Secret management secret create schema
name String The unique name for this secret.
secretId Integer Read-only. The unique ID for this secret.
secretStoreId Integer The id of the secret store that holds this secret.
secretUri String The URI endpoint where the secret is hosted on the secret store.
type Enumeration The type of secret. Choose one of the following secret types: CA_CERTIFICATE_BUNDLE, which is a single file that includes a bundle of root and intermediate certificates verified (signed) by a trusted Certificate Authority (CA). CERTIFICATE_KEY_BUNDLE, which is a file that includes the certificate and key pair.

SecretStore

Secret management secret store create schema

Download schema: secret-store.create.schema.json, secret-store.read-detailed.schema.json, secret-store.update.schema.json

Sample POST request:

{
    "type": "VAULT",
    "hostname": "test.server.com",
    "username": "test_user",
    "password": "example_password",
    "token": "95eba8ed-f6fc-958a-f490-c7fd0eda5e9e",
    "caCertificates": "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgIJANE7xHqsKGMkMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV\nBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMREwDwYDVQQHDAhXZXN0Zm9y\nZDEXMBUGA1UEAwwOd3d3Lm1hZGJvYS5jb20wHhcNMTUwMzA5MTUyOTUyWhcNMjUw\nMzA2MTUyOTUyWjBRMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0\nczERMA8GA1UEBwwIV2VzdGZvcmQxFzAVBgNVBAMMDnd3dy5tYWRib2EuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8pN2qqE90CtZs3hEBg3BJ88\ntX98BZNEpv8OD4wYbaOFx9i1FXvfk3/ii5zwwuO+LlJjzGGXHFV3WruFuWTdKnbG\n4OPO5FAaxhMzujUhcvmpoLdzIwOq+OHxnH/mFApti5a/Sa8DrwIDmFJlKuQC88GD\nZu88LCWq55OX4FyvihWG/R1hJ4BveV8Ip3YDDr3uJGrLF4iZKBfdILRaPJX48Muj\nXr8q4Ps4qd6oWbOqQLCcVsB4D9uFdoRua4JIRZXIJHyi/S/K5aCzP6/+0wgVWwBy\niqNkiycIRPLZcCPrsDa0XdDrWJGNb8wbXpvoRMv/TYZUPjRvsi8TwI1s/PCLBwID\nAQABo1AwTjAdBgNVHQ4EFgQUFxj1KAd5MPSwJPLrpzEnP2fCj3IwHwYDVR0jBBgw\nFoAUFxj1KAd5MPSwJPLrpzEnP2fCj3IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\nAQsFAAOCAQEAJOM8D7HhJK1yZvMhK7SHm/W4jfU+SuXLLUM5pZgEXBJNRoryfQGw\n02LtvhF4Y80uA22ikdVpjrryjDXK4kew0Q3bb8B/dzC22kSR2+/GQ1ket+zj6ubc\nYJt6zNAuckEjSqXciVtRXU+wuHQ99ClbrzDOzirgZTKUHy55JX5lJPU2dUqV+6vy\nMgmdZlK/SfTgqLHdCRpBfGnOFQj9ctbr4urLqo1rx4oIevpTeUfF991bRnWAGWZu\nUu8BEbeCFenVrOoG17wiVamRXLbhLqW99tUrYyCj66ap/btvILZj4LSwsnGpKOGE\nHU4i54Bgh39o77YI3TctfBl+lky3scyHLA==\n-----END CERTIFICATE-----",
    "clientTlsCertificate": "-----BEGIN CERTIFICATE-----\nMIIGTjCCBDagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVT\nMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRcwFQYDVQQDDA5sY2RuLmRvY2tlci5jYTEgMB4GCSqGSIb3DQEJ\nARYRbm9ib2R5QGFrYW1haS5jb20wHhcNMTcwNjE1MTQyMjAzWhcNNDQxMDMwMTQy\nMjAzWjCBmTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRQwEgYDVQQDDAtKVW5pdCBUZXN0czEfMB0GCSqGSIb3DQEJARYQ\nanVuaXRAYWthbWFpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALXVfrXTzUhFY9RVNPP7ghE/qngf5xhzvlHQav9x6vUkHSbcvBr8tpuV3fjdMua7\ntNgH8AL/B3h8boD4kZZWDGlz7HmA2AH1Lvq3FBY6jY3VusbfK+X3VOZ7cmecYv9l\n9Rpk20vZrWXI8WnPlYrhmC639GhQ4ZPJy69XQD28dvXGw7usCbs3BZdqi4A2CiNG\nmFiTZyFBh1V4WSkWsaah2MA3XDlx/cxl1wC8bIMm8pQE1cWGzF2R6MOJqy4CMWxi\nVkBomGEOq/7rkuiXBlDQZ/E5M3vEM44BjH0sUrF9xydWvtW856blrosoevD3sOt1\novDgZzXFCABnACzVe/iMYS8CAwEAAaOCAYQwggGAMAkGA1UdEwQCMAAwEQYJYIZI\nAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBT\nZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIub/DhaKcLxfbxpTcw8YdiT5O9H\nMIHmBgNVHSMEgd4wgduAFATfWUDHxy1CWxSHYJLxJqDiHhI2oYG3pIG0MIGxMQsw\nCQYDVQQGEwJVUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAG\nA1UECgwZQWthbWFpIFRlY2hub2xvZ2llcywgSW5jLjEiMCAGA1UECwwZQ2Fycmll\nciBQcm9kdWN0cyBEaXZpc2lvbjEXMBUGA1UEAwwObGNkbi5kb2NrZXIuY2ExIDAe\nBgkqhkiG9w0BCQEWEW5vYm9keUBha2FtYWkuY29tggkAz0/BS2yHqvAwDgYDVR0P\nAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IC\nAQDAqO8TYIYmPmtlkctmdYpAjyHrezyOvQqISI1puzUZiv45r1RLJdnx61hCeZXr\naIYgtsPco7yzZP1kmpb1VifJuVzX84MqoJlmIJsSlR7n3cu64qUe0eSs3ZnkFw1d\nWWz0UzWeMYU9f4hf9QPiFV15VjwpWOpwOeuBOoX1eIEQbd8dpIh05TgU6UV6cyTR\nLPImlFhqEKb5uQPUMf4jjnbgiMI+DRWiCElYJ1l3wS1xbVaqaQQaCmsPfvKQ9oIe\nO/HeEpdFtT6pgMaPB7cnxHnMArVGaWLeApnuIvSvbziLU2pA2IUIvktINoSbXMiN\nP/5IDt3CBLs7bMpeUTclo7W58H5m1UEGmfTjl4HmSEIuyXBREx49S8dvgrijvLsS\nGBAeV2JYovAgn0Jz2vD7zWD8QoacOsiu7UUnnBWhY+Lb2xB4w2tfCAfkzhfOt4Cr\nu6iSHiyQH0MwZXFSkfGtEMG40MW/UTWbBbYqCML3YDR3Ncbj8toiyWKTkkDBL6LJ\nlNfRWm955Q85bcrBseAY94wyCsnv9JhLvIq/RrLZqjv/8GOol/P0kzL1TIFBbP6G\nI576UQ9nrWO+oFcC9CYq9OnMKDYuwQ6a1/d1i8dhj3HwPakrS8hLGe5PgNM983f8\n3VfxMEPxHp0J3lYQDslGHURspHGRVRRvaUZeLvk8lmnf1g==\n-----END CERTIFICATE-----\n",
    "clientTlsCertificateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAtdV+tdPNSEVj1FU08/uCET+qeB/nGHO+UdBq/3Hq9SQdJty8\nGvy2m5Xd+N0y5ru02AfwAv8HeHxugPiRllYMaXPseYDYAfUu+rcUFjqNjdW6xt8r\n5fdU5ntyZ5xi/2X1GmTbS9mtZcjxac+ViuGYLrf0aFDhk8nLr1dAPbx29cbDu6wJ\nuzcFl2qLgDYKI0aYWJNnIUGHVXhZKRaxpqHYwDdcOXH9zGXXALxsgybylATVxYbM\nXZHow4mrLgIxbGJWQGiYYQ6r/uuS6JcGUNBn8Tkze8QzjgGMfSxSsX3HJ1a+1bzn\npuWuiyh68Pew63Wi8OBnNcUIAGcALNV7+IxhLwIDAQABAoIBAF/tJ5GpES1FXisQ\nYIUudCnBWp9QxUvDE+55c1kbsgZtbOupm5rpIzTlVVsK5uWOtRMa7OXHwRsxGeL0\nP2n+L0Iao/Bdppcxz/z4RKKNdUwUKxrrdW82khWdnndGq3ttQGcSOhbD2ZRO8/0M\nRComZXCQH2JA+SBMXyY7c2qeWGvD8oeCFVW+NLTBe3SZBvEzYz4ZvFOG/jTX9P79\noCvgPIoCneu9W3c1ZbizOzQsV7OW6qBmuqwoJHRZ+8mYXCrPEx7SUyzp4/TYcF+d\nn+MDfNxVvLxkh4dpKsa/icsw1JJTxDq9TBw44lHtnfNpi1OWBh027p6KnjWPU0Aa\n+y/SdLECgYEA37XRzMG31+Na0LqSzQm/szA62bG/EYzD7fuybmu6r0Hr2hy4yPlB\nAwbycqAevCKF3r7/z2eJJegC0/l+7YQI5Zt098lCbFBd7WBHS2zf/nH7+KL6rdfG\nHlcKMR6g3h7n3A7Z5UnqO1Xw0gvi/UchLrYh6T9N8WazJAp1F9ForZUCgYEA0BRU\nuv+4SvVd7vFhGxyemcygrt1Sb+QshPPTPv+a/00bN5s9ksweOzFFQp4KieBwZDdI\nXlZYQBeO9HDbitkWTCBm7cRwQ8dH9kyhxknX3Cm6iL1//0NXF30HdNpiiDCEosjF\nXtkLCim2IL/xsC7fBbeHvr2Lth6hRNJv08aaerMCgYEAuMogpikyajNUVex3zMSL\nxEFHq4EGmkGTqqZpaoq0Z4ZlgwKMpP43dH+tj3+yQ6ekuy08c59Li7NNermx3hJd\nowQ5p2Bo7L2qCKWp3qTtlemjwGsn9Key8GbndVGegjw3O/BMjvjycdb4mRjWhG7X\n+xTZiCkRgiFaQqAcvvLsq80CgYEAmSiN4YL+tPX8aTd0wY8EUrKjB3NTDZcHCemq\n8TEVdpvbz8dNwDLMgcdXcpx/p1Lzh2CFvSKTHMH6cIRtpLr7xZcIDDVOaSVTG8D2\nRsztvVlduu65Ozvm7BwUk/d3FUWZK3TaimD51kYzj9GY5ZTqhfu8SDKelrPfAphe\nxaPm6y8CgYEApoObwhaX4d2NChFSAvaVNmyt5huXdIQ6JBzW/zFlgxA6f24H4Wxg\nw65RHeXr3m84HuHt+hl5pZS0dxDKQrCjxwY88xJP8MY1+eaMzZvDTCjInWUzHBD0\nvXEjh6gigJXD30VXF5GxO0gmkm5OcgmhOKGOq0gTRrSVmRrwNHCnE+E=\n-----END RSA PRIVATE KEY-----",
    "managementLoginUri": "/v1/auth/userpass/login",
    "managementTokenRenewalUri": "/v1/auth/token/renew",
    "serviceLoginUri": "/v1/auth/token/create",
    "serviceTokenRenewalUri": "/v1/auth/token/renew"
}

Sample GET response:

{
    "secretStoreId": 1,
    "type": "VAULT",
    "hostname": "test.server.com",
    "username": "test_user",
    "tokenLastUpdated": "2019-04-02T22:40:56.245+0000",
    "caCertificatesDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
                "sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
            },
            "validity": {
                "notBefore": "2017-06-15T14:22:03.000+0000",
                "notAfter": "2044-10-30T14:22:03.000+0000"
            },
            "issuedTo": {
                "commonName": "JUnit Tests",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division",
                "serial": "10:00"
            },
            "issuedBy": {
                "commonName": "lcdn.docker.ca",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division"
            }
        }
    ],
    "clientTlsCertificateDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
                "sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
            },
            "validity": {
                "notBefore": "2015-03-09T15:29:52.000+0000",
                "notAfter": "2025-03-06T15:29:52.000+0000"
            },
            "issuedTo": {
                "commonName": "www.akamai.com",
                "serial": "D1:3B:C4:7A:AC:28:63:24"
            },
            "issuedBy": {
                "commonName": "www.akamai.com"
            }
        }
    ],
    "managementLoginUri": "/v1/auth/userpass/login",
    "managementTokenRenewalUri": "/v1/auth/token/renew",
    "serviceLoginUri": "/v1/auth/token/create",
    "serviceTokenRenewalUri": "/v1/auth/token/renew"
}

Sample PUT request:

{
    "type": "VAULT",
    "hostname": "test.server.com",
    "managementLoginUri": "/v1/auth/userpass/login",
    "managementTokenRenewalUri": "/v1/auth/token/renew",
    "serviceLoginUri": "/v1/auth/token/create",
    "serviceTokenRenewalUri": "/v1/auth/token/renew"
}

SecretStore members

Member Type POST GET PUT Description
SecretStore: Secret management secret store create schema
caCertificates String The CA certificate used to authenticate the secret store certificate.
caCertificatesDetails SecretStore.caCertificatesDetails[] Summary information of a digital X.509 Certificate.
clientTlsCertificate String The TLS certificate used to authenticate with the secret store.
clientTlsCertificateDetails SecretStore.clientTlsCertificateDetails[] Summary information of a digital X.509 Certificate.
clientTlsCertificateKey String The TLS certificate key used to authenticate with the secret store.
hostname String The hostname of the secret store server.
managementLoginUri String The URI that the management node uses to access the secret store.
managementTokenRenewalUri String The URI that the management node uses to renew its token.
password String The password used to log in to the secret store.
secretStoreId Integer The unique id for this secret store.
serviceLoginUri String The URI that the service nodes use to access the secret store.
serviceTokenRenewalUri String The URI that the service nodes use to renew their token.
token String The token used to log in to the secret store.
tokenLastUpdated String The date and time that the secret store token was last updated or null if the token is not set.
type Enumeration The type of the secret store. The only type currently available is VAULT.
username String The username used to log in to the secret store.
SecretStore.caCertificatesDetails[]: Summary information of a digital X.509 Certificate.
fingerprints SecretStore.caCertificatesDetails[].fingerprints An abbreviated form of the Public Key of the certificate
issuedBy SecretStore.caCertificatesDetails[].issuedBy A distinguished name (DN) that identifies the certificate authorizer.
issuedTo SecretStore.caCertificatesDetails[].issuedTo A distinguished name (DN) that identifies the certificate owner.
validity SecretStore.caCertificatesDetails[].validity The validity time period of the certificate.
SecretStore.caCertificatesDetails[].fingerprints: An abbreviated form of the Public Key of the certificate
sha1Fingerprint String The fingerprint of the certificate using the SHA1 algorithm.
sha256Fingerprint String The fingerprint of the certificate using the SHA256 algorithm.
SecretStore.caCertificatesDetails[].issuedBy: A distinguished name (DN) that identifies the certificate authorizer.
commonName String The entity (user/web server/domain/hostname) associated with the certificate authorizer.
organization String The organization of the certificate authorizer.
organizationalUnit String The organizational unit of the certificate issuer.
SecretStore.caCertificatesDetails[].issuedTo: A distinguished name (DN) that identifies the certificate owner.
commonName String A common name (CN) that identifies the host and domain name associated with the certificate.
organization String The organization of the certificate owner.
organizationalUnit String The organizational unit of the certificate owner.
serial String A serial number that uniquely identifies the certificate.
SecretStore.caCertificatesDetails[].validity: The validity time period of the certificate.
notAfter String The time and date on which the certificate is no longer valid.
notBefore String The time and date on which the certificate is valid.
SecretStore.clientTlsCertificateDetails[]: Summary information of a digital X.509 Certificate.
fingerprints SecretStore.clientTlsCertificateDetails[].fingerprints An abbreviated form of the Public Key of the certificate
issuedBy SecretStore.clientTlsCertificateDetails[].issuedBy A distinguished name (DN) that identifies the certificate authorizer.
issuedTo SecretStore.clientTlsCertificateDetails[].issuedTo A distinguished name (DN) that identifies the certificate owner.
validity SecretStore.clientTlsCertificateDetails[].validity The validity time period of the certificate.
SecretStore.clientTlsCertificateDetails[].fingerprints: An abbreviated form of the Public Key of the certificate
sha1Fingerprint String The fingerprint of the certificate using the SHA1 algorithm.
sha256Fingerprint String The fingerprint of the certificate using the SHA256 algorithm.
SecretStore.clientTlsCertificateDetails[].issuedBy: A distinguished name (DN) that identifies the certificate authorizer.
commonName String The entity (user/web server/domain/hostname) associated with the certificate authorizer.
organization String The organization of the certificate authorizer.
organizationalUnit String The organizational unit of the certificate issuer.
SecretStore.clientTlsCertificateDetails[].issuedTo: A distinguished name (DN) that identifies the certificate owner.
commonName String A common name (CN) that identifies the host and domain name associated with the certificate.
organization String The organization of the certificate owner.
organizationalUnit String The organizational unit of the certificate owner.
serial String A serial number that uniquely identifies the certificate.
SecretStore.clientTlsCertificateDetails[].validity: The validity time period of the certificate.
notAfter String The time and date on which the certificate is no longer valid.
notBefore String The time and date on which the certificate is valid.

UserCredentials

Secret management secret store user credentials read schema

Download schema: user-credentials.read.schema.json, user-credentials.update.schema.json

Sample GET response:

{
    "username": "test_user"
}

Sample PUT request:

{
    "username": "test_user",
    "password": "example_password"
}

UserCredentials members

Member Type GET PUT Description
UserCredentials: Secret management secret store user credentials read schema
password String The password used to log in to the secret store.
username String The username used to log in to the secret store.

Token

Secret management secret store token read schema

Download schema: token.read.schema.json, token.update.schema.json

Sample GET response:

{
    "tokenLastUpdated": "2019-04-02T22:40:56.245+0000"
}

Sample PUT request:

{
    "token": "95eba8ed-f6fc-958a-f490-c7fd0eda5e9e"
}

Token members

Member Type GET PUT Description
Token: Secret management secret store token read schema
token String The token used to log in to the secret store.
tokenLastUpdated String The date and time that the secret store token was last updated or null if the token is not set.

TlsSettings

Secret management secret store TLS settings read schema

Download schema: tls-settings.read.schema.json, tls-settings.update.schema.json

Sample GET response:

{
    "caCertificatesDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "DD:44:7A:D5:B3:DE:D3:C5:3B:CD:DC:72:21:D2:E7:42:C7:C4:0E:75",
                "sha256Fingerprint": "78:12:89:CC:AF:A4:25:12:4E:E9:B5:DF:D5:F3:95:67:18:46:5A:9E:1E:60:AF:AF:AE:5E:3A:7C:F4:E6:92:82"
            },
            "validity": {
                "notBefore": "2017-06-15T14:22:03.000+0000",
                "notAfter": "2044-10-30T14:22:03.000+0000"
            },
            "issuedTo": {
                "commonName": "JUnit Tests",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division",
                "serial": "10:00"
            },
            "issuedBy": {
                "commonName": "lcdn.docker.ca",
                "organization": "Akamai Technologies\\, Inc.",
                "organizationalUnit": "Carrier Products Division"
            }
        }
    ],
    "clientTlsCertificateDetails": [
        {
            "fingerprints": {
                "sha1Fingerprint": "0C:3F:FA:08:82:FB:ED:A2:25:99:A6:F3:B8:6C:BA:59:53:BA:B4:3E",
                "sha256Fingerprint": "7E:02:A6:D7:A7:E1:66:5F:77:05:06:46:8B:8B:CB:F0:29:3E:30:04:A1:7C:49:08:3A:39:A5:79:94:05:59:39"
            },
            "validity": {
                "notBefore": "2015-03-09T15:29:52.000+0000",
                "notAfter": "2025-03-06T15:29:52.000+0000"
            },
            "issuedTo": {
                "commonName": "www.akamai.com",
                "serial": "D1:3B:C4:7A:AC:28:63:24"
            },
            "issuedBy": {
                "commonName": "www.akamai.com"
            }
        }
    ]
}

Sample PUT request:

{
    "caCertificates": "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgIJANE7xHqsKGMkMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV\nBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMREwDwYDVQQHDAhXZXN0Zm9y\nZDEXMBUGA1UEAwwOd3d3Lm1hZGJvYS5jb20wHhcNMTUwMzA5MTUyOTUyWhcNMjUw\nMzA2MTUyOTUyWjBRMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0\nczERMA8GA1UEBwwIV2VzdGZvcmQxFzAVBgNVBAMMDnd3dy5tYWRib2EuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8pN2qqE90CtZs3hEBg3BJ88\ntX98BZNEpv8OD4wYbaOFx9i1FXvfk3/ii5zwwuO+LlJjzGGXHFV3WruFuWTdKnbG\n4OPO5FAaxhMzujUhcvmpoLdzIwOq+OHxnH/mFApti5a/Sa8DrwIDmFJlKuQC88GD\nZu88LCWq55OX4FyvihWG/R1hJ4BveV8Ip3YDDr3uJGrLF4iZKBfdILRaPJX48Muj\nXr8q4Ps4qd6oWbOqQLCcVsB4D9uFdoRua4JIRZXIJHyi/S/K5aCzP6/+0wgVWwBy\niqNkiycIRPLZcCPrsDa0XdDrWJGNb8wbXpvoRMv/TYZUPjRvsi8TwI1s/PCLBwID\nAQABo1AwTjAdBgNVHQ4EFgQUFxj1KAd5MPSwJPLrpzEnP2fCj3IwHwYDVR0jBBgw\nFoAUFxj1KAd5MPSwJPLrpzEnP2fCj3IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\nAQsFAAOCAQEAJOM8D7HhJK1yZvMhK7SHm/W4jfU+SuXLLUM5pZgEXBJNRoryfQGw\n02LtvhF4Y80uA22ikdVpjrryjDXK4kew0Q3bb8B/dzC22kSR2+/GQ1ket+zj6ubc\nYJt6zNAuckEjSqXciVtRXU+wuHQ99ClbrzDOzirgZTKUHy55JX5lJPU2dUqV+6vy\nMgmdZlK/SfTgqLHdCRpBfGnOFQj9ctbr4urLqo1rx4oIevpTeUfF991bRnWAGWZu\nUu8BEbeCFenVrOoG17wiVamRXLbhLqW99tUrYyCj66ap/btvILZj4LSwsnGpKOGE\nHU4i54Bgh39o77YI3TctfBl+lky3scyHLA==\n-----END CERTIFICATE-----",
    "clientTlsCertificate": "-----BEGIN CERTIFICATE-----\nMIIGTjCCBDagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVT\nMQswCQYDVQQIDAJNQTESMBAGA1UEBwwJQ2FtYnJpZGdlMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRcwFQYDVQQDDA5sY2RuLmRvY2tlci5jYTEgMB4GCSqGSIb3DQEJ\nARYRbm9ib2R5QGFrYW1haS5jb20wHhcNMTcwNjE1MTQyMjAzWhcNNDQxMDMwMTQy\nMjAzWjCBmTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMSIwIAYDVQQKDBlBa2Ft\nYWkgVGVjaG5vbG9naWVzLCBJbmMuMSIwIAYDVQQLDBlDYXJyaWVyIFByb2R1Y3Rz\nIERpdmlzaW9uMRQwEgYDVQQDDAtKVW5pdCBUZXN0czEfMB0GCSqGSIb3DQEJARYQ\nanVuaXRAYWthbWFpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALXVfrXTzUhFY9RVNPP7ghE/qngf5xhzvlHQav9x6vUkHSbcvBr8tpuV3fjdMua7\ntNgH8AL/B3h8boD4kZZWDGlz7HmA2AH1Lvq3FBY6jY3VusbfK+X3VOZ7cmecYv9l\n9Rpk20vZrWXI8WnPlYrhmC639GhQ4ZPJy69XQD28dvXGw7usCbs3BZdqi4A2CiNG\nmFiTZyFBh1V4WSkWsaah2MA3XDlx/cxl1wC8bIMm8pQE1cWGzF2R6MOJqy4CMWxi\nVkBomGEOq/7rkuiXBlDQZ/E5M3vEM44BjH0sUrF9xydWvtW856blrosoevD3sOt1\novDgZzXFCABnACzVe/iMYS8CAwEAAaOCAYQwggGAMAkGA1UdEwQCMAAwEQYJYIZI\nAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBT\nZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIub/DhaKcLxfbxpTcw8YdiT5O9H\nMIHmBgNVHSMEgd4wgduAFATfWUDHxy1CWxSHYJLxJqDiHhI2oYG3pIG0MIGxMQsw\nCQYDVQQGEwJVUzELMAkGA1UECAwCTUExEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAG\nA1UECgwZQWthbWFpIFRlY2hub2xvZ2llcywgSW5jLjEiMCAGA1UECwwZQ2Fycmll\nciBQcm9kdWN0cyBEaXZpc2lvbjEXMBUGA1UEAwwObGNkbi5kb2NrZXIuY2ExIDAe\nBgkqhkiG9w0BCQEWEW5vYm9keUBha2FtYWkuY29tggkAz0/BS2yHqvAwDgYDVR0P\nAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IC\nAQDAqO8TYIYmPmtlkctmdYpAjyHrezyOvQqISI1puzUZiv45r1RLJdnx61hCeZXr\naIYgtsPco7yzZP1kmpb1VifJuVzX84MqoJlmIJsSlR7n3cu64qUe0eSs3ZnkFw1d\nWWz0UzWeMYU9f4hf9QPiFV15VjwpWOpwOeuBOoX1eIEQbd8dpIh05TgU6UV6cyTR\nLPImlFhqEKb5uQPUMf4jjnbgiMI+DRWiCElYJ1l3wS1xbVaqaQQaCmsPfvKQ9oIe\nO/HeEpdFtT6pgMaPB7cnxHnMArVGaWLeApnuIvSvbziLU2pA2IUIvktINoSbXMiN\nP/5IDt3CBLs7bMpeUTclo7W58H5m1UEGmfTjl4HmSEIuyXBREx49S8dvgrijvLsS\nGBAeV2JYovAgn0Jz2vD7zWD8QoacOsiu7UUnnBWhY+Lb2xB4w2tfCAfkzhfOt4Cr\nu6iSHiyQH0MwZXFSkfGtEMG40MW/UTWbBbYqCML3YDR3Ncbj8toiyWKTkkDBL6LJ\nlNfRWm955Q85bcrBseAY94wyCsnv9JhLvIq/RrLZqjv/8GOol/P0kzL1TIFBbP6G\nI576UQ9nrWO+oFcC9CYq9OnMKDYuwQ6a1/d1i8dhj3HwPakrS8hLGe5PgNM983f8\n3VfxMEPxHp0J3lYQDslGHURspHGRVRRvaUZeLvk8lmnf1g==\n-----END CERTIFICATE-----\n",
    "clientTlsCertificateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAtdV+tdPNSEVj1FU08/uCET+qeB/nGHO+UdBq/3Hq9SQdJty8\nGvy2m5Xd+N0y5ru02AfwAv8HeHxugPiRllYMaXPseYDYAfUu+rcUFjqNjdW6xt8r\n5fdU5ntyZ5xi/2X1GmTbS9mtZcjxac+ViuGYLrf0aFDhk8nLr1dAPbx29cbDu6wJ\nuzcFl2qLgDYKI0aYWJNnIUGHVXhZKRaxpqHYwDdcOXH9zGXXALxsgybylATVxYbM\nXZHow4mrLgIxbGJWQGiYYQ6r/uuS6JcGUNBn8Tkze8QzjgGMfSxSsX3HJ1a+1bzn\npuWuiyh68Pew63Wi8OBnNcUIAGcALNV7+IxhLwIDAQABAoIBAF/tJ5GpES1FXisQ\nYIUudCnBWp9QxUvDE+55c1kbsgZtbOupm5rpIzTlVVsK5uWOtRMa7OXHwRsxGeL0\nP2n+L0Iao/Bdppcxz/z4RKKNdUwUKxrrdW82khWdnndGq3ttQGcSOhbD2ZRO8/0M\nRComZXCQH2JA+SBMXyY7c2qeWGvD8oeCFVW+NLTBe3SZBvEzYz4ZvFOG/jTX9P79\noCvgPIoCneu9W3c1ZbizOzQsV7OW6qBmuqwoJHRZ+8mYXCrPEx7SUyzp4/TYcF+d\nn+MDfNxVvLxkh4dpKsa/icsw1JJTxDq9TBw44lHtnfNpi1OWBh027p6KnjWPU0Aa\n+y/SdLECgYEA37XRzMG31+Na0LqSzQm/szA62bG/EYzD7fuybmu6r0Hr2hy4yPlB\nAwbycqAevCKF3r7/z2eJJegC0/l+7YQI5Zt098lCbFBd7WBHS2zf/nH7+KL6rdfG\nHlcKMR6g3h7n3A7Z5UnqO1Xw0gvi/UchLrYh6T9N8WazJAp1F9ForZUCgYEA0BRU\nuv+4SvVd7vFhGxyemcygrt1Sb+QshPPTPv+a/00bN5s9ksweOzFFQp4KieBwZDdI\nXlZYQBeO9HDbitkWTCBm7cRwQ8dH9kyhxknX3Cm6iL1//0NXF30HdNpiiDCEosjF\nXtkLCim2IL/xsC7fBbeHvr2Lth6hRNJv08aaerMCgYEAuMogpikyajNUVex3zMSL\nxEFHq4EGmkGTqqZpaoq0Z4ZlgwKMpP43dH+tj3+yQ6ekuy08c59Li7NNermx3hJd\nowQ5p2Bo7L2qCKWp3qTtlemjwGsn9Key8GbndVGegjw3O/BMjvjycdb4mRjWhG7X\n+xTZiCkRgiFaQqAcvvLsq80CgYEAmSiN4YL+tPX8aTd0wY8EUrKjB3NTDZcHCemq\n8TEVdpvbz8dNwDLMgcdXcpx/p1Lzh2CFvSKTHMH6cIRtpLr7xZcIDDVOaSVTG8D2\nRsztvVlduu65Ozvm7BwUk/d3FUWZK3TaimD51kYzj9GY5ZTqhfu8SDKelrPfAphe\nxaPm6y8CgYEApoObwhaX4d2NChFSAvaVNmyt5huXdIQ6JBzW/zFlgxA6f24H4Wxg\nw65RHeXr3m84HuHt+hl5pZS0dxDKQrCjxwY88xJP8MY1+eaMzZvDTCjInWUzHBD0\nvXEjh6gigJXD30VXF5GxO0gmkm5OcgmhOKGOq0gTRrSVmRrwNHCnE+E=\n-----END RSA PRIVATE KEY-----"
}

TlsSettings members

Member Type GET PUT Description
TlsSettings: Secret management secret store TLS settings read schema
caCertificates String The CA certificate used to authenticate the secret store certificate.
caCertificatesDetails TlsSettings.caCertificatesDetails[] Summary information of a digital X.509 Certificate.
clientTlsCertificate String The TLS certificate used to authenticate with the secret store.
clientTlsCertificateDetails TlsSettings.clientTlsCertificateDetails[] Summary information of a digital X.509 Certificate.
clientTlsCertificateKey String The TLS certificate key used to authenticate with the secret store.
TlsSettings.caCertificatesDetails[]: Summary information of a digital X.509 Certificate.
fingerprints TlsSettings.caCertificatesDetails[].fingerprints An abbreviated form of the Public Key of the certificate
issuedBy TlsSettings.caCertificatesDetails[].issuedBy A distinguished name (DN) that identifies the certificate authorizer.
issuedTo TlsSettings.caCertificatesDetails[].issuedTo A distinguished name (DN) that identifies the certificate owner.
validity TlsSettings.caCertificatesDetails[].validity The validity time period of the certificate.
TlsSettings.caCertificatesDetails[].fingerprints: An abbreviated form of the Public Key of the certificate
sha1Fingerprint String The fingerprint of the certificate using the SHA1 algorithm.
sha256Fingerprint String The fingerprint of the certificate using the SHA256 algorithm.
TlsSettings.caCertificatesDetails[].issuedBy: A distinguished name (DN) that identifies the certificate authorizer.
commonName String The entity (user/web server/domain/hostname) associated with the certificate authorizer.
organization String The organization of the certificate authorizer.
organizationalUnit String The organizational unit of the certificate issuer.
TlsSettings.caCertificatesDetails[].issuedTo: A distinguished name (DN) that identifies the certificate owner.
commonName String A common name (CN) that identifies the host and domain name associated with the certificate.
organization String The organization of the certificate owner.
organizationalUnit String The organizational unit of the certificate owner.
serial String A serial number that uniquely identifies the certificate.
TlsSettings.caCertificatesDetails[].validity: The validity time period of the certificate.
notAfter String The time and date on which the certificate is no longer valid.
notBefore String The time and date on which the certificate is valid.
TlsSettings.clientTlsCertificateDetails[]: Summary information of a digital X.509 Certificate.
fingerprints TlsSettings.clientTlsCertificateDetails[].fingerprints An abbreviated form of the Public Key of the certificate
issuedBy TlsSettings.clientTlsCertificateDetails[].issuedBy A distinguished name (DN) that identifies the certificate authorizer.
issuedTo TlsSettings.clientTlsCertificateDetails[].issuedTo A distinguished name (DN) that identifies the certificate owner.
validity TlsSettings.clientTlsCertificateDetails[].validity The validity time period of the certificate.
TlsSettings.clientTlsCertificateDetails[].fingerprints: An abbreviated form of the Public Key of the certificate
sha1Fingerprint String The fingerprint of the certificate using the SHA1 algorithm.
sha256Fingerprint String The fingerprint of the certificate using the SHA256 algorithm.
TlsSettings.clientTlsCertificateDetails[].issuedBy: A distinguished name (DN) that identifies the certificate authorizer.
commonName String The entity (user/web server/domain/hostname) associated with the certificate authorizer.
organization String The organization of the certificate authorizer.
organizationalUnit String The organizational unit of the certificate issuer.
TlsSettings.clientTlsCertificateDetails[].issuedTo: A distinguished name (DN) that identifies the certificate owner.
commonName String A common name (CN) that identifies the host and domain name associated with the certificate.
organization String The organization of the certificate owner.
organizationalUnit String The organizational unit of the certificate owner.
serial String A serial number that uniquely identifies the certificate.
TlsSettings.clientTlsCertificateDetails[].validity: The validity time period of the certificate.
notAfter String The time and date on which the certificate is no longer valid.
notBefore String The time and date on which the certificate is valid.

Errors

This section provides details on the data object that reflects the API’s common response to error cases, and lists the API’s range of response status codes for both error and success cases.

Error responses

In case of errors, the API returns an HTTP Problem JSON object with the application/problem+json media type.

In this example, an attempt was made to read a secret store with an ID of 100. The server failed to recognize this value as a valid ID, and responded with an HTTP 404 and HTTP problem describing the error.

{
  "type" : "https://akzz-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net/api/secret-management/errors#core.entity-not-found",
  "title" : "The requested entity could not be found",
  "detail" : "SecretStore 100 does not exist",
  "instance" : "https://akzz-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net/api/secret-management/v1/secret-stores/100#6e5d7651da832852",
  "entityType" : "SecretStore",
  "entityId" : 100
}

HTTP status codes

This section lists the full range of response codes the API might generate.

Code Description
200 The operation was successful.
201 Resource successfully created.
204 Successfully processed request.
400 Bad Request.
401 Authentication failure.
403 Access is forbidden.
404 Resource not found.
405 Method not supported.
409 Conflict with current state of resource.
412 An Etag or If-Match header does not match, indicating the content has been modified. See Concurrency control for more information.
415 Unsupported media type.
500 Internal server error.
503 Too many requests. Service is temporarily unavailable.

Last modified: 7/19/2019