Creating Azure Secrets
Use the post /v1/cckm/azure/secrets API to create Azure secrets.
Specify the following details.
-
Name for the secret.
-
Name or ID of the key vault where the secret will be created.
-
Value of the secret.
-
Type of the secret, such as a password (optional).
-
Secret management attributes (optional).
Syntax
curl -k '<IP>/api/v1/cckm/azure/secrets' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "secret_name": "<secret_name>",\n "key_vault": "<key_vault>",\n "azure_param": {<azure_params>}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| azure_param | JSON | Azure secret parameters. Refer to Azure Parameters for details. |
| secret_name | string | Name for the Azure secret. Secret names can only contain alphanumeric characters and hyphens (-). |
| key_vault | string | Name or ID of the Azure vault where the secret will be created. |
Azure Parameters
| Parameter | Type | Description |
|---|---|---|
| value | string | Value of the Azure secret. |
| attributes | JSON | Attributes for the secret such as creation date, expiry date, whether enabled, and not before date. Refer to Secret Attributes for details. |
| content_type | string | Type of the Azure secret value such as password. |
| tags | JSON | An optional parameter to add additional information to the secret. The value must be specified as the key-value pair. Refer to the following rules on tag values. |
-
CCKM allows the following characters in tag values:
-
Alphanumeric characters
-
Special characters ! @ # $ ) ( { } > < ? + - / [ ] ^ & + = | ~ ` ; . ' _
-
-
CCKM does not allow the following special characters in tag values:
\ , : " %
Secret Attributes
| Parameter | Type | Description |
|---|---|---|
| enabled | boolean | Whether the key is enabled (true/false). |
| exp | string | Expiry date for the secret in UTC. |
| nbf | string | Activation date for the secret in UTC. The secret cannot be activated before this date. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/secrets' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiYTIyYmI0NC03YWU1LTRiNTEtYTliOS0zMTVhOWU3M2YwMjIiLCJzdWIiOiJsb2NhbHwwNGNmNTgwNi05MDMwLTQ2NTAtYTg0Zi0xMTYyNjNiOTc1NzQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iLCJLZXkgVXNlcnMiLCJVc2VyIEFkbWlucyJdLCJzaWQiOiI0ZWIzMmFiOS1hMzEwLTQ3ZjYtODQ2NC1mNjQ2NWNmMjJkYTMiLCJ6b25lX2lkIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0sImp3dGlkIjoiZTkyN2RjNWItNTQxYS00NmQyLWJmMDEtM2ZhMzQ3MmUyODQxIiwiaWF0IjoxNjUxODE2MjgyLCJleHAiOjE2NTE4MTY1ODJ9.CGGiI2Pf98QPXeZNuGO7vsUBePaVd-qVam17HJcFu-I' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "secret_name": "azure_secret",\n "key_vault": "9ae64517-7249-42a9-bf86-9252add02ef9",\n "azure_param": {\n "value": "test-secret-value",\n "attributes": {\n "enabled": true,\n "recoveryLevel": "Recoverable" \n "recoverableDays": 0\n}\n }\n}' --compressed
Example Response
{
"id": "73524b70-1234-4f92-954b-6312f4567d1a",
"uri": "kylo:kylo:cckm:azure-secret:73524b70-1234-4f92-954b-6312f4567d1a",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2022-03-30T09:56:14.567777723Z",
"updatedAt": "2022-03-30T09:56:14.563283073Z",
"key_vault": "cckm-test-soft-delete::1cda5d8b-c825-4976-9999-26022adb76b5",
"key_vault_id": "9ae64517-7249-42a9-bf86-9252add02ef9",
"region": "eastus",
"deleted": false,
"backup_at": "2022-03-30T09:56:14.563055462Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"syncedAt": "2022-03-30T09:56:15Z",
"created_by": "a8f38993-aa49-4281-888c-52afd80af6b1",
"modified_by": "a8f38993-aa49-4281-888c-52afd80af6b1",
"backup": "1d92fa15995e471eb9afdcf12ddae350ac3143034e2048390bdd7eb69d21cf2",
"secret_name": "key-28-mar-01",
"azure_param": {
"value": "dummy value",
"attributes": {
"recoveryLevel": "Recoverable",
"enabled": true,
"created": 1648634175,
"updated": 1648634175
}
},
"azure_created_at": "2022-03-30T09:56:15Z",
"azure_updated_at": "2022-03-30T09:56:15Z",
"tenant": "d27d849e-e487-4b0e-a54c-a6e177867d10",
"status": "AVAILABLE"
}
The sample output shows that a secret is created in the Azure vault.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.