Creating Azure Secrets
Use the post /v1/cckm/azure/secrets API to create Azure secrets.
Specify the following details.
Name for the secret.
Name or ID of the key vault where the secret will be created.
Value of the secret.
Type of the secret, such as a password (optional).
Secret management attributes (optional).
Syntax
curl -k '<IP>/api/v1/cckm/azure/secrets' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "secret_name": "<secret_name>",\n "key_vault": "<key_vault>",\n "azure_param": {<azure_params>}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| azure_param | JSON | Azure secret parameters. Refer to Azure Parameters for details. |
| secret_name | string | Name for the Azure secret. Secret names can only contain alphanumeric characters and hyphens (-). |
| key_vault | string | Name or ID of the Azure vault where the secret will be created. Azure managed HSM vaults are not supported. |
Azure Parameters
| Parameter | Type | Description |
|---|---|---|
| value | string | Value of the Azure secret. |
| attributes | JSON | Attributes for the secret such as creation date, expiry date, whether enabled, and not before date. Refer to Secret Attributes for details. |
| content_type | string | Type of the Azure secret value such as password. |
| tags | JSON | An optional parameter to add additional information to the secret. The value must be specified as the key-value pair. Refer to the following rules on tag values. |
CCKM allows the following characters in tag values:
Alphanumeric characters
Special characters ** ! @ # $ ) ( { } > < ? + - / [ ] ^ & + = | ~ ` ; . ' _ **
CCKM does not allow the following special characters in tag values:
** \ , : " % **
Secret Attributes
| Parameter | Type | Description |
|---|---|---|
| created | string | Secret creation time in UTC. |
| enabled | boolean | Whether the key is enabled (true/false). |
| exp | string | Expiry date for the secret in UTC. |
| nbf | string | Activation date for the secret in UTC. The secret cannot be activated before this date. |
| recoverableDays | integer | Days to retain soft-deleted secrets, that is, the number of days within which a soft-deleted secret can be recovered. When softDelete is enabled, the value of recoverableDays should be >=7 and <=90, otherwise it should be 0. |
| recoveryLevel | string | Deletion recovery level set for secrets in the current vault. If set to Purgeable, the secret can be permanently deleted by a privileged user; otherwise, only the system can purge the secret at the end of the retention interval (recoverableDays). The options are:• Purgeable • RecoverablePurgeable • Recoverable • RecoverableProtectedSubscription • CustomizedRecoverablePurgeable • CustomizedRecoverable • CustomizedRecoverableProtectedSubscription |
| updated | string | Time when the secret is updated the last. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/secrets' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiYTIyYmI0NC03YWU1LTRiNTEtYTliOS0zMTVhOWU3M2YwMjIiLCJzdWIiOiJsb2NhbHwwNGNmNTgwNi05MDMwLTQ2NTAtYTg0Zi0xMTYyNjNiOTc1NzQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iLCJLZXkgVXNlcnMiLCJVc2VyIEFkbWlucyJdLCJzaWQiOiI0ZWIzMmFiOS1hMzEwLTQ3ZjYtODQ2NC1mNjQ2NWNmMjJkYTMiLCJ6b25lX2lkIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0sImp3dGlkIjoiZTkyN2RjNWItNTQxYS00NmQyLWJmMDEtM2ZhMzQ3MmUyODQxIiwiaWF0IjoxNjUxODE2MjgyLCJleHAiOjE2NTE4MTY1ODJ9.CGGiI2Pf98QPXeZNuGO7vsUBePaVd-qVam17HJcFu-I' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "secret_name": "azure_secret",\n "key_vault": "9ae64517-7249-42a9-bf86-9252add02ef9",\n "azure_param": {\n "value": "test-secret-value",\n "attributes": {\n "enabled": true,\n "recoveryLevel": "Recoverable" \n "recoverableDays": 0\n}\n }\n}' --compressed
Example Response
{
"id": "73524b70-1234-4f92-954b-6312f4567d1a",
"uri": "kylo:kylo:cckm:azure-secret:73524b70-1234-4f92-954b-6312f4567d1a",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2022-03-30T09:56:14.567777723Z",
"updatedAt": "2022-03-30T09:56:14.563283073Z",
"key_vault": "cckm-test-soft-delete::1cda5d8b-c825-4976-9999-26022adb76b5",
"key_vault_id": "9ae64517-7249-42a9-bf86-9252add02ef9",
"region": "eastus",
"deleted": false,
"backup_at": "2022-03-30T09:56:14.563055462Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"syncedAt": "2022-03-30T09:56:15Z",
"created_by": "a8f38993-aa49-4281-888c-52afd80af6b1",
"modified_by": "a8f38993-aa49-4281-888c-52afd80af6b1",
"backup": "1d92fa15995e471eb9afdcf12ddae350ac3143034e2048390bdd7eb69d21cf2",
"secret_name": "test-secret",
"azure_param": {
"value": "test-secret-value",
"attributes": {
"recoveryLevel": "Recoverable",
"enabled": true,
"created": 1648634175,
"updated": 1648634175
}
},
"azure_created_at": "2022-03-30T09:56:15Z",
"azure_updated_at": "2022-03-30T09:56:15Z",
"tenant": "d27d849e-e487-4b0e-a54c-a6e177867d10",
"status": "AVAILABLE"
}
The sample output shows that a secret is created in the Azure vault.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
