Creating Azure Secrets
Use the post /v1/cckm/azure/secrets API to create Azure secrets.
Specify the following details.
Name for the secret.
Name or ID of the key vault where the secret will be created.
Value of the secret.
Type of the secret, such as a password (optional).
Secret management attributes (optional).
Syntax
curl -k '<IP>/api/v1/cckm/azure/secrets' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "secret_name": "<secret_name>",\n "key_vault": "<key_vault>",\n "azure_param": {<azure_params>}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| azure_param | JSON | Azure secret parameters. Refer to Azure Parameters for details. |
| secret_name | string | Name for the Azure secret. Secret names can only contain alphanumeric characters and hyphens (-). |
| key_vault | string | Name or ID of the Azure vault where the secret will be created. Vaults stored in Azure Managed HSM pools are not supported. |
Azure Parameters
| Parameter | Type | Description |
|---|---|---|
| value | string | Value of the Azure secret. |
| attributes | JSON | Attributes for the secret such as creation date, expiry date, whether enabled, and not before date. Refer to Secret Attributes for details. |
| content_type | string | Type of the Azure secret value such as password. |
| tags | JSON | An optional parameter to add additional information to the secret. The value must be specified as the key-value pair. Refer to the following rules on tag values. |
CCKM allows the following characters in tag values:
Alphanumeric characters
Special characters ** ! @ # $ ) ( { } > < ? + - / [ ] ^ & + = | ~ ` ; . ' _ **
CCKM does not allow colon (:) and percent (%) special characters in tag values.
Secret Attributes
| Parameter | Type | Description |
|---|---|---|
| enabled | boolean | Whether the key is enabled (true/false). |
| exp | string | Expiry date for the secret in UTC. |
| nbf | string | Activation date for the secret in UTC. The secret cannot be activated before this date. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/secrets' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiYTIyYmI0NC03YWU1LTRiNTEtYTliOS0zMTVhOWU3M2YwMjIiLCJzdWIiOiJsb2NhbHwwNGNmNTgwNi05MDMwLTQ2NTAtYTg0Zi0xMTYyNjNiOTc1NzQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iLCJLZXkgVXNlcnMiLCJVc2VyIEFkbWlucyJdLCJzaWQiOiI0ZWIzMmFiOS1hMzEwLTQ3ZjYtODQ2NC1mNjQ2NWNmMjJkYTMiLCJ6b25lX2lkIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0sImp3dGlkIjoiZTkyN2RjNWItNTQxYS00NmQyLWJmMDEtM2ZhMzQ3MmUyODQxIiwiaWF0IjoxNjUxODE2MjgyLCJleHAiOjE2NTE4MTY1ODJ9.CGGiI2Pf98QPXeZNuGO7vsUBePaVd-qVam17HJcFu-I' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "secret_name": "azure_secret",\n "key_vault": "9ae64517-7249-42a9-bf86-9252add02ef9",\n "azure_param": {\n "value": "test-secret-value",\n "attributes": {\n "enabled": true,\n "recoveryLevel": "Recoverable" \n "recoverableDays": 0\n}\n }\n}' --compressed
Example Response
{
"id": "73524b70-1234-4f92-954b-6312f4567d1a",
"uri": "kylo:kylo:cckm:azure-secret:73524b70-1234-4f92-954b-6312f4567d1a",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2022-03-30T09:56:14.567777723Z",
"updatedAt": "2022-03-30T09:56:14.563283073Z",
"key_vault": "cckm-test-soft-delete::1cda5d8b-c825-4976-9999-26022adb76b5",
"key_vault_id": "9ae64517-7249-42a9-bf86-9252add02ef9",
"region": "eastus",
"deleted": false,
"backup_at": "2022-03-30T09:56:14.563055462Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"syncedAt": "2022-03-30T09:56:15Z",
"created_by": "a8f38993-aa49-4281-888c-52afd80af6b1",
"modified_by": "a8f38993-aa49-4281-888c-52afd80af6b1",
"backup": "1d92fa15995e471eb9afdcf12ddae350ac3143034e2048390bdd7eb69d21cf2",
"secret_name": "key-28-mar-01",
"azure_param": {
"value": "dummy value",
"attributes": {
"recoveryLevel": "Recoverable",
"enabled": true,
"created": 1648634175,
"updated": 1648634175
}
},
"azure_created_at": "2022-03-30T09:56:15Z",
"azure_updated_at": "2022-03-30T09:56:15Z",
"tenant": "d27d849e-e487-4b0e-a54c-a6e177867d10",
"status": "AVAILABLE"
}
The sample output shows that a secret is created in the Azure vault.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
