Secrets API
- The
/providersendpoint - The
/providers/:providerendpoint - The
/secretsendpoint - The
/secrets/:secretendpoint
COMMERCIAL FEATURE: Access secrets management in the packaged Sensu Go distribution. For more information, see Get started with commercial features.
The /providers endpoint
/providers (GET)
The /providers API endpoint provides HTTP GET access to a list of secrets providers.
EXAMPLE
The following example demonstrates a request to the /providers API endpoint, resulting in a list of secrets providers.
curl -X GET \
http://127.0.0.1:8080/api/enterprise/secrets/v1/providers \
-H "Authorization: Bearer $SENSU_ACCESS_TOKEN"
[
{
"type": "VaultProvider",
"api_version": "secrets/v1",
"metadata": {
"name": "my_vault",
"created_by": "admin"
},
"spec": {
"client": {
"address": "https://vaultserver.example.com:8200",
"token": "VAULT_TOKEN",
"version": "v1",
"tls": {
"ca_cert": "/etc/ssl/certs/vault_ca_cert.pem"
},
"max_retries": 2,
"timeout": "20s",
"rate_limiter": {
"limit": 10.0,
"burst": 100
}
}
}
}
]NOTE: In addition to the VaultProvider type, the secrets API also includes a built-in Env secrets provider type that can retrieve backend environment variables as secrets.
Learn more in the secrets providers reference.
API Specification
| /providers (GET) | |
|---|---|
| description | Returns the list of secrets providers. |
| example url | http://hostname:8080/api/enterprise/secrets/v1/providers |
| response filtering | This endpoint supports API response filtering. |
| response type | Array |
| response codes |
|
| output | |
The /providers/:provider API endpoint
/providers/:provider (GET)
The /providers/:provider API endpoint provides HTTP GET access to data for a specific secrets :provider, by provider name.
EXAMPLE
In the following example, querying the /providers/:provider API endpoint returns a JSON map that contains the requested :provider, my_vault.
curl -X GET \
http://127.0.0.1:8080/api/enterprise/secrets/v1/providers/my_vault \
-H "Authorization: Bearer $SENSU_ACCESS_TOKEN"
{
"type": "VaultProvider",
"api_version": "secrets/v1",
"metadata": {
"name": "my_vault",
"created_by": "admin"
},
"spec": {
"client": {
"address": "https://vaultserver.example.com:8200",
"token": "VAULT_TOKEN",
"version": "v1",
"tls": {
"ca_cert": "/etc/ssl/certs/vault_ca_cert.pem"
},
"max_retries": 2,
"timeout": "20s",
"rate_limiter": {
"limit": 10.0,
"burst": 100
}
}
}
}API Specification
| /providers/:provider (GET) | |
|---|---|
| description | Returns the specified secrets provider. |
| example url | http://hostname:8080/api/enterprise/secrets/v1/providers/my_vault |
| response type | Map |
| response codes |
|
| output | |
/providers/:provider (PUT)
The /providers/:provider API endpoint provides HTTP PUT access to create or update a specific :provider, by provider name.
EXAMPLE
The following example demonstrates a request to the /providers/:provider API endpoint to update the provider my_vault.
curl -X PUT \
-H "Authorization: Bearer $SENSU_ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"type": "VaultProvider",
"api_version": "secrets/v1",
"metadata": {
"name": "my_vault"
},
"spec": {
"client": {
"address": "https://vaultserver.example.com:8200",
"token": "VAULT_TOKEN",
"version": "v1",
"tls": {
"ca_cert": "/etc/ssl/certs/vault_ca_cert.pem"
},
"max_retries": 2,
"timeout": "20s",
"rate_limiter": {
"limit": 10.0,
"burst": 100
}
}
}
}' \
http://127.0.0.1:8080/api/enterprise/secrets/v1/providers/my_vault
HTTP/1.1 200 OKAPI Specification
| /providers/:provider (PUT) | |
|---|---|
| description | Creates or updates the specified secrets provider. The provider resource and API version cannot be altered. |
| example URL | http://hostname:8080/api/enterprise/secrets/v1/providers/my_vault |
| payload | |
| response codes |
|
/providers/:provider (DELETE)
The /providers/:provider API endpoint provides HTTP DELETE access to delete the specified provider from Sensu.
EXAMPLE
The following example shows a request to the /providers/:provider API endpoint to delete the provider my_vault, resulting in a successful HTTP 204 No Content response.
curl -X DELETE \
-H "Authorization: Bearer $SENSU_ACCESS_TOKEN" \
http://127.0.0.1:8080/api/enterprise/secrets/v1/providers/my_vault
HTTP/1.1 204 No ContentAPI Specification
| /providers/:provider (DELETE) | |
|---|---|
| description | Deletes the specified provider from Sensu. |
| example url | http://hostname:8080/api/enterprise/secrets/v1/providers/my_vault |
| response codes |
|
The /secrets endpoint
/secrets (GET)
The /secrets API endpoint provides HTTP GET access to a list of secrets.
EXAMPLE
The following example demonstrates a request to the /secrets API endpoint, resulting in a list of secrets for the specified namespace.
curl -X GET \
http://127.0.0.1:8080/api/enterprise/secrets/v1/namespaces/default/secrets \
-H "Authorization: Bearer $SENSU_ACCESS_TOKEN"
HTTP/1.1 200 OK
[
{
"type": "Secret",
"api_version": "secrets/v1",
"metadata": {
"name": "sensu-ansible-token",
"namespace": "default",
"created_by": "admin"
},
"spec": {
"id": "secret/ansible#token",
"provider": "ansible_vault"
}
}
]API Specification
| /secrets (GET) | |
|---|---|
| description | Returns the list of secrets for the specified namespace. |
| example url | http://hostname:8080/api/enterprise/secrets/v1/namespaces/default/secrets |
| response filtering | This endpoint supports API response filtering. |
| response type | Array |
| response codes |
|
| output | |
The /secrets/:secret endpoint
/secrets/:secret (GET)
The /secrets/:secret API endpoint provides HTTP GET access to data for a specific secret, by secret name.
EXAMPLE
In the following example, querying the /secrets/:secret API endpoint returns a JSON map that contains the requested :secret.
curl -X GET \
http://127.0.0.1:8080/api/enterprise/secrets/v1/namespaces/default/secrets/sensu-ansible-token \
-H "Authorization: Bearer $SENSU_ACCESS_TOKEN"
HTTP/1.1 200 OK
{
"type": "Secret",
"api_version": "secrets/v1",
"metadata": {
"name": "sensu-ansible-token",
"namespace": "default",
"created_by": "admin"
},
"spec": {
"id": "secret/ansible#token",
"provider": "ansible_vault"
}
}API Specification
| /secrets/:secret (GET) | |
|---|---|
| description | Returns the specified secret. |
| example url | http://hostname:8080/api/enterprise/secrets/v1/namespaces/default/secrets/sensu-ansible-token |
| response type | Map |
| response codes |
|
| output | |
/secrets/:secret (PUT)
The /secrets/:secret API endpoint provides HTTP PUT access to create or update a specific secret, by secret name.
EXAMPLE
The following example demonstrates a request to the /secrets/:secret API endpoint to update the secret sensu-ansible-token.
curl -X PUT \
-H "Authorization: Bearer $SENSU_ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"type": "Secret",
"api_version": "secrets/v1",
"metadata": {
"name": "sensu-ansible-token",
"namespace": "default"
},
"spec": {
"id": "secret/ansible#token",
"provider": "ansible_vault"
}
}' \
http://127.0.0.1:8080/api/enterprise/secrets/v1/namespaces/default/secrets/sensu-ansible-token
HTTP/1.1 200 OKAPI Specification
| /secrets/:secret (PUT) | |
|---|---|
| description | Creates or updates the specified secret. |
| example URL | http://hostname:8080/api/enterprise/secrets/v1/namespaces/default/secrets/sensu-ansible-token |
| payload | |
| response codes |
|
/secrets/:secret (DELETE)
The /secrets/:secret API endpoint provides HTTP DELETE access to delete the specified secret from Sensu.
EXAMPLE
The following example shows a request to the /secrets/:secret API endpoint to delete the secret sensu-ansible-token, resulting in a successful HTTP 204 No Content response.
curl -X DELETE \
-H "Authorization: Bearer $SENSU_ACCESS_TOKEN" \
http://127.0.0.1:8080/api/enterprise/secrets/v1/namespaces/default/secrets/sensu-ansible-token
HTTP/1.1 204 No ContentAPI Specification
| /secrets/:secret (DELETE) | |
|---|---|
| description | Deletes the specified secret from Sensu. |
| example url | http://hostname:8080/api/enterprise/secrets/v1/namespaces/default/secrets/sensu-ansible-token |
| response codes |
|
