保险库 API
如果您已经在使用 HashiCorp Vault HTTP API,则可以使用其 API 格式和指南与 IBM Cloud® Secrets Manager 交互。
要将标准 REST API 用于 Secrets Manager,请查看 Secrets Manager API 参考。
概述
Secrets Manager 使用 Vault,增加了对 IAM Auth 方法的支持,并增加了一套秘密引擎,以支持 中各种秘密类型的操作。HashiCorp IBM Cloud Secrets Manager
所有操作均遵循 REST API 标准,该标准适用于 Vault HTTP API。 有关如何验证和使用 Vault HTTP API 的更多信息,请查看 Vault 文档。
Secrets Manager 将保险库文件访问权限制为仅用于帮助您使用私钥和登录到实例的特定路径。 所有其他路径都返回 HTTP 403 Forbidden 响应状态代码。 Secrets Manager 可能无法访问 HashiCorp Vault 提供的插件和其他组件。 有关更多信息,请参阅常见问题。
端点 URL
要使用 Vault API 访问 Secrets Manager,请使用 Secrets Manager 服务实例独有的专用端点 URL。
下表按区域列出可用于与保险库文件 API 交互的端点 URL。
| 区域 | 端点 URL |
|---|---|
| 达拉斯 | https://{instance_ID}.us-south.secrets-manager.appdomain.cloud |
| 法兰克福 | https://{instance_ID}.eu-de.secrets-manager.appdomain.cloud |
| 伦敦 | https://{instance_ID}.eu-gb.secrets-manager.appdomain.cloud |
| 马德里自治区 | https://{instance_ID}.eu-es.secrets-manager.appdomain.cloud |
| 大板 | https://{instance_ID}.jp-osa.secrets-manager.appdomain.cloud |
| 圣保罗州 | https://{instance_ID}.br-sao.secrets-manager.appdomain.cloud |
| 悉尼 | https://{instance_ID}.au-syd.secrets-manager.appdomain.cloud |
| 东京 | https://{instance_ID}.jp-tok.secrets-manager.appdomain.cloud |
| 多伦多 | https://{instance_ID}.ca-tor.secrets-manager.appdomain.cloud |
| 华盛顿 | https://{instance_ID}.us-east.secrets-manager.appdomain.cloud |
| 区域 | 端点 URL |
|---|---|
| 达拉斯 | https://{instance_ID}.private.us-south.secrets-manager.appdomain.cloud |
| 法兰克福 | https://{instance_ID}.private.eu-de.secrets-manager.appdomain.cloud |
| 伦敦 | https://{instance_ID}.private.eu-gb.secrets-manager.appdomain.cloud |
| 马德里自治区 | https://{instance_ID}.private.eu-es.secrets-manager.appdomain.cloud |
| 大板 | https://{instance_ID}.private.jp-osa.secrets-manager.appdomain.cloud |
| 圣保罗州 | https://{instance_ID}.private.br-sao.secrets-manager.appdomain.cloud |
| 悉尼 | https://{instance_ID}.private.au-syd.secrets-manager.appdomain.cloud |
| 东京 | https://{instance_ID}.private.jp-tok.secrets-manager.appdomain.cloud |
| 多伦多 | https://{instance_ID}.private.ca-tor.secrets-manager.appdomain.cloud |
| 华盛顿 | https://{instance_ID}.private.us-east.secrets-manager.appdomain.cloud |
您可以在 Secrets Manager 用户界面的端点页面中找到您的唯一端点 URL,或通过 HTTP 请求检索。 有关更多信息,请参阅 查看端点 URL。
公共头
本部分描述了所有请求的公共头。
| 头 | 描述 |
|---|---|
X-Vault-Token |
必需。 具有足够许可权以执行操作的有效保险库文件令牌。 |
Content-Type |
必需。 application/json |
时间戳记
所有请求和响应 (例如,创建日期和到期日期) 中的时间戳记都根据 RFC 3339进行格式化。 例如: 1985-04-12T23:20:50.52Z
字段名称
该应用程序接口遵循 Vault HTTP API 指南。 所有字段名称都以蛇形大小写 (snake_case) 进行格式化。
登录
登录到保险库
使用 IBM Cloud IAM 令牌登录保险库文件,并获取具有映射策略的保险库文件令牌。
| 请求参数 | 描述 |
|---|---|
token |
必需。 IBM Cloud IAM 访问令牌。 |
示例请求
curl -X PUT "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/auth/ibmcloud/login" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"token": "{IAM_token}"
}'
示例响应
{
"request_id": "d9a41bfe-b8ba-8709-f1be-6dbdbc305e07",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": null,
"auth": {
"client_token": "s.w6vmYTRuEJdzEvVFVYjIEAYG",
"accessor": "5m6VpELSK42N3sq0yTEuVhn5",
"policies": [
"default",
"instance-reader"
],
"token_policies": [
"default",
"instance-reader"
],
"metadata": {
"bss_acc": "791f5fb10986423e97aa8512f18b7e65",
"grant_type": "urn:ibm:params:oauth:grant-type:apikey",
"name": "secrets-manager-test-reader",
"resource": "crn:v1:bluemix:public:secrets-manager:us-south:a/791f5fb10986423e97aa8512f18b7e65:e415e570-f073-423a-abdc-55de9b58f54e::",
"user": "iam-ServiceId-b7ebcf90-c7a9-495b-8ce8-bbf33cb95ca0"
},
"lease_duration": 3600,
"renewable": true,
"entity_id": "336f5725-b98d-e0c6-921a-6041e2d3157d",
"token_type": "service",
"orphan": true
}
}
配置登录令牌
配置保险库文件登录令牌的持续时间或生存时间 (TTL) 和生命周期 (MaxTTL)。
使用持续时间字符串,例如 300s 或 2h45m。 有效时间单位为 s,m 和 h。 IBM Cloud 认证插件将缺省登录令牌持续时间 (TTL) 设置为 1 小时,将缺省生命周期 (MaxTTL) 设置为 24 小时。
| 请求参数 | 描述 |
|---|---|
token_max_ttl |
登录令牌的最大生存期。 缺省值为 24h。 此值不能超过保险库文件 MaxLeaseTTL 值。 |
token_ttl |
要生成的登录令牌的初始生存时间 (TTL)。 缺省值为 1h。 |
示例请求
curl -X PUT "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/auth/ibmcloud/manage/login" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault_token}' \
-H 'Content-Type: application/json' \
-d '{
"token_ttl": "30m",
"token_max_ttl": "2h"
}'
示例响应
此操作将返回 HTTP 204 No Content。
获取登录令牌的配置
检索保险库文件令牌的登录配置。
示例请求
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/auth/ibmcloud/manage/login" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
{
"request_id": "41bc89dc-c950-113f-aa8f-a025646d2975",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"login": {
"token_max_ttl": "2h0m0s",
"token_ttl": "30m0s"
}
},
"wrap_info": null,
"warnings": null,
"auth": null
}
私钥组
创建私钥组
创建私钥组。
| 请求参数 | 描述 |
|---|---|
name |
必需。 要分配给私钥组的人类可读别名。 |
description |
对秘密小组的详细描述。 |
示例请求
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/auth/ibmcloud/manage/groups" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-secret-group",
"description": "Extended description for my secret group."
}'
示例响应
{
"request_id": "f0e47267-940e-1a59-8742-e4e77401b06b",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"creation_date": "2020-12-15T22:08:46Z",
"description": "Extended description for my secret group.",
"id": "2bcaa289-5d38-aa57-910d-970e418ab1b3",
"last_update_date": "2020-12-15T22:08:46Z",
"name": "test-secret-group",
"type": "application/vnd.ibm.secrets-manager.secret.group+json"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
列出密钥组
列出 Secrets Manager 服务实例中可用的秘密组。
示例请求
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/auth/ibmcloud/manage/groups" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
{
"request_id": "7ecc32f2-b78b-9290-015c-24803a1e87c9",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"groups": [
{
"creation_date": "2020-12-14T14:48:55Z",
"description": "Read and write to Cloud Object storage buckets.",
"id": "714e070d-8122-6270-198c-fef9166729e3",
"last_update_date": "2020-12-14T14:48:55Z",
"name": "cloud-object-storage-writers",
"type": "application/vnd.ibm.secrets-manager.secret.group+json"
},
{
"creation_date": "2020-12-15T22:08:46Z",
"description": "Extended description for my secret group.",
"id": "2bcaa289-5d38-aa57-910d-970e418ab1b3",
"last_update_date": "2020-12-15T22:08:46Z",
"name": "test-secret-group",
"type": "application/vnd.ibm.secrets-manager.secret.group+json"
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
更新私钥组
更新现有密钥组的详细信息。
| 请求参数 | 描述 |
|---|---|
name |
必需。 要分配给私钥组的人类可读别名。 |
description |
对秘密小组的详细描述。 |
示例请求
curl -X PUT "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/auth/ibmcloud/manage/groups/{group_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "updated-secret-group-name",
"description": "Updated description for my secret group"
}'
示例响应
{
"request_id": "b02c5035-9da1-85fe-b7c7-3db2c77ddbb6",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"creation_date": "2020-12-15T22:08:46Z",
"description": "Updated description for my secret group.",
"id": "2bcaa289-5d38-aa57-910d-970e418ab1b3",
"last_update_date": "2020-12-15T22:16:32Z",
"name": "updated-secret-group-name",
"type": "application/vnd.ibm.secrets-manager.secret.group+json"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
获取私钥组
检索私钥组及其详细信息。
示例请求
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/auth/ibmcloud/manage/groups/{group_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
{
"request_id": "0d127ae6-8359-bc36-af53-3a56be4c3e24",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"creation_date": "2020-12-15T22:08:46Z",
"description": "Updated description for my secret group.",
"id": "2bcaa289-5d38-aa57-910d-970e418ab1b3",
"last_update_date": "2020-12-15T22:18:44Z",
"name": "updated-secret-group-name",
"type": "application/vnd.ibm.secrets-manager.secret.group+json"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
删除私钥组
删除私钥组。
示例请求
curl -X DELETE "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/auth/ibmcloud/manage/groups/{group_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
{
"request_id": "37065859-3238-f671-941f-d43ac340ad99",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": null,
"auth": null
}
密钥
创建密钥
使用 Secrets Manager 私钥引擎创建或导入私钥。 您可以添加下列其中一种 私钥类型:
- 任意私钥 (
arbitrary) - IAM 凭证 (
iam_credentials) - 键值私钥 (
kv) - 用户凭证 (
user_credentials) - 导入的证书 (
import_cert) - 专用证书 (
private_cert) - 公用证书 (
public_cert) - 服务凭证 (
service_credentials)
| 请求参数 | 描述 |
|---|---|
name |
必需。 要分配给私钥的人类可读别名。 |
description |
对秘密的详细描述。 |
payload |
必需。 要分配给私钥的私钥数据。 |
expiration_date |
要分配给私钥的截止日期。 日期格式遵循 RFC 3339。 |
labels[] |
标签,用于过滤实例中的秘密。 最多可添加 30 个标签。 |
| 请求参数 | 描述 |
|---|---|
name |
必需。 要分配给私钥的人类可读别名。 |
description |
对秘密的详细描述。 |
access_groups[] |
必需。 用于定义为 iam_credentials 私钥生成的服务标识和 API 密钥的功能的访问组。 |
ttl |
必需。 要分配给生成的凭证的生存时间 (TTL) 或租赁持续时间。 该值可以是指定秒数的整数,也可以是表示持续时间的字符串,如 120m 或 24h。 |
labels[] |
标签,用于过滤实例中的秘密。 最多可添加 30 个标签。 |
| 请求参数 | 描述 |
|---|---|
name |
必需。 要分配给私钥的人类可读别名。 |
description |
对秘密的详细描述。 |
payload |
必需。 要分配给私钥的 JSON 格式的私钥数据。 最大文件大小为 512 KB。 |
labels[] |
标签,用于过滤实例中的秘密。 最多可添加 30 个标签。 |
| 请求参数 | 描述 |
|---|---|
name |
必需。 要分配给私钥的人类可读别名。 |
description |
对秘密的详细描述。 |
username |
必需。 要分配给私钥的用户名。 |
password |
要分配给私钥的密码。 |
expiration_date |
要分配给私钥的截止日期。 日期格式遵循 RFC 3339。 |
labels[] |
标签,用于过滤实例中的秘密。 最多可添加 30 个标签。 |
| 请求参数 | 描述 |
|---|---|
name |
必需。 要分配给私钥的人类可读别名。 |
description |
对秘密的详细描述。 |
certificate |
必需。 要分配给 imported_cert 私钥的证书数据。 |
private_key |
要分配给 imported_cert 私钥的匹配专用密钥。 |
intermediate |
要分配给 import_cert 私钥的中间证书数据。 |
labels[] |
标签,用于过滤实例中的秘密。 最多可添加 30 个标签。 |
| 请求参数 | 描述 |
|---|---|
name |
必需。 要分配给私钥的人类可读别名。 |
description |
对秘密的详细描述。 |
certificate_template |
必需。 证书模板的名称。 |
common_name |
证书的标准域名或主机域名。 |
labels[] |
标签,用于过滤实例中的秘密。 最多可添加 30 个标签。 |
alt_names |
要为证书定义的主题备选名称,以逗号分隔列表。 |
ip_sans |
要为证书定义的 IP 主题备选名称,以逗号分隔列表。 |
uri_sans |
为证书定义的 URI 主题备选名称,以逗号分隔。 |
other_sans |
为证书定义的自定义对象标识符 (OID) 或 UTF8-string 主题备选名称。
备用名称必须与关联证书模板的 |
ttl |
要分配给专用证书的生存时间 (TTL)。
该值可作为持续时间 (以小时为单位) 的字符串表示,例如 "12h"。 该值不能超过相关证书模板中定义的 |
format |
返回的数据的格式。 允许的值为: pem 和 pem_bundle。缺省值: pem |
auto_rotate |
确定 Secrets Manager 是否自动轮换证书。 对于专用证书,将根据 interval 和 unit 字段中指定的时间间隔来轮换证书。 |
interval |
与 unit 字段一起用于指定旋转时间间隔。 最小时间间隔为 1 天,最大时间间隔为 3 年 (1095 天)。 在 auto_rotate 设置为 true 的情况下是必需的。 |
unit |
旋转时间间隔的时间单位。 允许的值为: day 和 month |
| 请求参数 | 描述 |
|---|---|
name |
必需。 要分配给私钥的人类可读别名。 |
description |
对秘密的详细描述。 |
ca |
必需。 认证中心配置的名称。 |
dns |
必需。 DNS 提供程序配置的名称。 |
common_name |
必需。 证书的标准域名或主机域名。 |
alt_names[] |
为证书定义的替代名称。 |
bundle_certs |
确定发出的证书是否与中间证书捆绑在一起。
设置为 |
key_algorithm |
用于生成与证书关联的公开密钥的加密算法标识符。
允许的值: |
auto_rotate |
确定 Secrets Manager 是否自动轮换证书。
如果设置为 |
rotate_keys |
确定 Secrets Manager 是否自动轮换证书的专用密钥。 如果设置为 true,那么服务将为轮换后的证书生成并存储新的专用密钥。 缺省值: false |
labels[] |
标签,用于过滤实例中的秘密。 最多可添加 30 个标签。 |
| 请求参数 | 描述 |
|---|---|
name |
必需。 要分配给私钥的人类可读别名。 |
source_crn |
必需。 源服务实例的 CRN。 |
role |
必需。 要分配的许可权级别的 IAM 服务角色名称。 |
ttl |
要分配给凭证的生存时间 (TTL)。 可以指定时间 (以天计)。 |
示例请求
在 default 私钥组中创建任意私钥。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-arbitrary-secret",
"description": "Extended description for my secret.",
"payload": "secret-data",
"labels": [
"dev",
"us-south"
],
"expiration_date": "2030-04-01T09:30:00Z"
}'
在现有私钥组中创建任意私钥。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/groups/{group_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-arbitrary-secret-in-group",
"description": "Extended description for my secret.",
"payload": "secret-data",
"labels": [
"dev",
"us-south"
],
"expiration_date": "2030-04-01T09:30:00Z"
}'
在 default 私钥组中创建 IAM 凭证。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/iam_credentials/roles/{secret_name}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-iam-credentials",
"description": "Extended description for my secret.",
"access_groups": [
"AccessGroupId-0529f490-129c-4877-a2a0-b57f50d3e53b"
],
"labels": [
"dev",
"us-south"
],
"ttl": "30m"
}'
在现有组中创建 IAM 凭证。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/iam_credentials/roles/groups/{group_id}/{secret_name}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-iam-credentials-in-group",
"description": "Extended description for my secret.",
"access_groups": [
"AccessGroupId-0529f490-129c-4877-a2a0-b57f50d3e53b"
],
"labels": [
"dev",
"us-south"
],
"ttl": "30m"
}'
在 default 私钥组中创建密钥值私钥。 了解更多信息。
curl -X POST 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/kv/secrets' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-kv-secret",
"description": "Extended description for my secret.",
"payload": {
"key1": "value1"
},
"labels": [
"dev",
"us-south"
]
}'
在现有密钥组中创建密钥值密钥。
curl -X POST 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/kv/secrets/groups/{group_id}' \
-H 'Accept: application/json/groups/{group_id}' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-kv-secret",
"description": "Extended description for my secret.",
"payload": {
"key1": "value1"
},
"labels": [
"dev",
"us-south"
]
}'
在 default 私钥组中创建用户凭证。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/secrets" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-username-password",
"description": "Extended description for my secret.",
"username": "user123",
"password": "cloudy-rainy-coffee-book",
"expiration_date": "2020-12-31T00:00:00Z",
"labels": [
"dev",
"us-south"
]
}'
在现有密钥组中创建用户凭证:
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/secrets/groups/{group_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-username-password-in-group",
"description": "Extended description for my secret.",
"username": "user123",
"password": "cloudy-rainy-coffee-book",
"expiration_date": "2020-12-31T00:00:00Z",
"labels": [
"dev",
"us-south"
]
}'
导入 SSL/TLS 证书并将其分配给 default 密钥组。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/imported_cert/secrets" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-imported-certificate",
"description": "Extended description for my secret."
"certificate": "-----BEGIN CERTIFICATE-----\nMIICWzCCAcQCC...(redacted)",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANB...(redacted)",
"intermediate": "-----BEGIN CERTIFICATE-----\nMIICUzHHraOa...(redacted)",
"labels": [
"dev",
"us-south"
]
}'
导入 SSL/TLS 证书并将其分配给现有密钥组。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/imported_cert/secrets/groups/{group_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-imported-certificate-in-group",
"description": "Extended description for my secret."
"certificate": "-----BEGIN CERTIFICATE-----\nMIICWzCCAcQCC...(redacted)",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANB...(redacted)",
"intermediate": "-----BEGIN CERTIFICATE-----\nMIICUzHHraOa...(redacted)",
"labels": [
"dev",
"us-south"
]
}'
订购公用 SSL/TLS 证书并将其分配给 default 密钥组。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/public_cert/secrets" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-public-certificate-in-group",
"description": "Extended description for my secret.",
"ca": "my-configured-certificate-authority",
"dns": "my-configured-dns-provider",
"common_name": "example.com",
"alt_names": [
"www.example.com"
],
"labels": [
"dev",
"us-south"
],
"bundle_certs": false,
"key_algorithm": "RSA2048",
"rotation": {
"auto_rotate": false,
"rotate_keys": false
}
}'
订购公用 SSL/TLS 证书并将其分配给现有密钥组。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/public_cert/secrets/groups/{group_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-public-certificate-in-group",
"description": "Extended description for my secret.",
"ca": "my-configured-certificate-authority",
"dns": "my-configured-dns-provider",
"common_name": "example.com",
"alt_names": [
"www.example.com"
],
"labels": [
"dev",
"us-south"
],
"bundle_certs": false,
"key_algorithm": "RSA2048",
"rotation": {
"auto_rotate": false,
"rotate_keys": false
}
}'
创建专用 SSL/TLS 证书并将其分配给 default 密钥组。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/private_cert/secrets" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-private-certificate",
"description": "Extended description for my secret.",
"certificate_template": "my-configured-certificate-template",
"common_name": "example.com",
"alt_names": [
"www.example.com"
],
"labels": [
"dev",
"us-south"
],
"rotation": {
"auto_rotate": true,
"interval": 90,
"unit": day
}
}'
创建专用 SSL/TLS 证书并将其分配给现有密钥组。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/private_cert/secrets/groups/{group_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-private-certificate",
"description": "Extended description for my secret.",
"certificate_template": "my-configured-certificate-template",
"common_name": "example.com",
"alt_names": [
"www.example.com"
],
"labels": [
"dev",
"us-south"
],
"rotation": {
"auto_rotate": true,
"interval": 90,
"unit": day
}
}'
创建或导入一组服务证书。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/service_credentials/secrets" \
-H 'Accept: application/json' \
-H "X-Vault-Token: $VAULT_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"name": "test-sc-secret",
"source_crn":"crn:v1:staging:public:event-notifications:us-south:a/826aa2b9cab6c666477fc55ebc47bafc:f85409e9-1a06-47d5-8320-95ed4e1675bc::",
"role":"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"ttl":"90d"
}' | jq
示例响应
在 default 私钥组中创建任意私钥的请求将返回以下响应:
{
"request_id": "8c047529-de3a-a79d-7c2f-c382a8e75312",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:34:53Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:a6972127-35ad-b36f-aac8-0223f0475cb6",
"description": "Extended description for my secret.",
"expiration_date": "2030-04-01T09:30:00Z",
"id": "a6972127-35ad-b36f-aac8-0223f0475cb6",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-15T22:34:53Z",
"name": "test-arbitrary-secret-in-group",
"secret_data": {
"payload": "secret-data"
},
"secret_group_id": "339c026a-ac0f-1ea1-3d43-99adf871b49a",
"secret_type": "arbitrary",
"state": 1,
"state_description": "Active",
"versions": [
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:34:53Z",
"id": "a7f55e6f-b068-977b-062e-4de644633982"
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
在现有私钥组中创建任意私钥的请求将返回以下响应:
{
"request_id": "8c047529-de3a-a79d-7c2f-c382a8e75312",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:34:53Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:a6972127-35ad-b36f-aac8-0223f0475cb6",
"description": "Extended description for my secret.",
"expiration_date": "2030-04-01T09:30:00Z",
"id": "a6972127-35ad-b36f-aac8-0223f0475cb6",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-15T22:34:53Z",
"name": "test-arbitrary-secret-in-group",
"secret_data": {
"payload": "secret-data"
},
"secret_group_id": "339c026a-ac0f-1ea1-3d43-99adf871b49a",
"secret_type": "arbitrary",
"state": 1,
"state_description": "Active",
"versions": [
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:34:53Z",
"id": "a7f55e6f-b068-977b-062e-4de644633982"
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
在 default 私钥组中创建 IAM 凭证的请求将返回以下响应:
{
"request_id": "3bef24c5-5ab9-72f4-8a1a-dd35a6e7aa15",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"access_groups": [
"AccessGroupId-0529f490-129c-4877-a2a0-b57f50d3e53b"
],
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-16T21:34:51Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:8bc5eae8-e5b7-9599-de8e-525d1c3e2723",
"description": "Extended description for my secret.",
"id": "8bc5eae8-e5b7-9599-de8e-525d1c3e2723",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-16T21:34:51Z",
"name": "test-iam-credentials",
"secret_type": "iam_credentials",
"state": 1,
"state_description": "Active",
"ttl": 1800
},
"wrap_info": null,
"warnings": null,
"auth": null
}
在现有密钥组中创建 IAM 凭证的请求将返回以下响应:
{
"request_id": "2278a441-6dbe-5ee8-4a4b-3b5b1e814231",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"access_groups": [
"AccessGroupId-0529f490-129c-4877-a2a0-b57f50d3e53b"
],
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-16T21:57:13Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:99425779-0707-4877-81CB-ca11e28b6ef1",
"description": "Extended description for my secret.",
"id": "99425779-0707-4877-81CB-ca11e28b6ef1",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-16T21:57:13Z",
"name": "test-iam-credentials-in-group",
"secret_group_id": "714e070d-8122-6270-198c-fef9166729e3",
"secret_type": "iam_credentials",
"state": 1,
"state_description": "Active",
"ttl": 1800
},
"wrap_info": null,
"warnings": null,
"auth": null
}
在 default 私钥组中创建密钥值私钥的请求将返回以下响应:
{
"request_id": "6e0000-60c0-d0ef-bc00-000c0a000b00",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-9ca407-f38d-000e-0b02-ed6b41",
"creation_date": "2022-01-25T19:22:59Z",
"crn": "crn:v1:bluemix:public:secrets-manager:eu-gb:a/0000000be376647f5f961f5:50004-5f59-4164-8bfc-5000cf66:secret:43f000f-4085-000c-c028-6ff00004dbd",
"description": "Extended description for my secret.",
"downloaded": false,
"id": "40000df-4000-300c-c01028-6ff20000dbd",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2022-01-25T19:22:59Z",
"name": "test-kv-secret",
"secret_data": {
"payload": {
"key1": "value1"
}
},
"secret_type": "kv",
"state": 1,
"state_description": "Active",
"versions": [
{
"created_by": "iam-ServiceId-9ca407-f38d-000e-0b02-ed6b41",
"creation_date": "2022-01-25T19:22:59Z",
"downloaded": false,
"id": "40000df-4000-300c-c01028-6ff20000dbd",
"payload_available": true
}
],
"versions_total": 1
},
"wrap_info": null,
"warnings": null,
"auth": null
}
在现有私钥组中创建密钥值私钥的请求将返回以下响应:
{
"request_id": "a0766ef6-5bfe-d92d-4894-6d3f40126b25",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-9ca24407-f38d-479e-8b02-ed6b4e1b0d31",
"creation_date": "2022-01-27T17:59:20Z",
"crn": "crn:v1:bluemix:public:secrets-manager:eu-gb:a/4b85ea6bbea644a6be376647f5f961f5:5f1a3554-5f59-4164-8bfc-5eef0a20cf66:secret:21764466-5a9d-a9df-fc71-5b8ee4ecbb99",
"description": "Extended description for my secret.",
"downloaded": false,
"id": "21764466-5a9d-a9df-fc71-5b8ee4ecbb99",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2022-01-27T17:59:20Z",
"name": "test-kv-secret6",
"secret_data": {
"payload": {
"key6": "value6"
}
},
"secret_group_id": "aded5ffd-da17-c923-eb21-600569c5d1c2",
"secret_type": "kv",
"state": 1,
"state_description": "Active",
"versions": [
{
"created_by": "iam-ServiceId-9ca24407-f38d-479e-8b02-ed6b4e1b0d31",
"creation_date": "2022-01-27T17:59:20Z",
"downloaded": false,
"id": "96d5b7dd-d8fb-5afc-9c05-6cfdaff8af9e",
"payload_available": true
}
],
"versions_total": 1
},
"wrap_info": null,
"warnings": null,
"auth": null
}
在 default 私钥组中创建用户凭证的请求将返回以下响应:
{
"request_id": "96fc9603-5aff-5daa-f25c-efc3599b374b",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:43:36Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:2bd4c8fc-c1e4-f9d7-8026-6c04610f051f",
"description": "Extended description for my secret.",
"expiration_date": "2020-12-31T00:00:00Z",
"id": "2bd4c8fc-c1e4-f9d7-8026-6c04610f051f",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-15T22:43:36Z",
"name": "test-username-password",
"secret_data": {
"password": "cloudy-rainy-coffee-book",
"username": "user123"
},
"secret_type": "username_password",
"state": 1,
"state_description": "Active",
"versions": [
{
"auto_rotated": false,
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:43:36Z",
"id": "ae4b3afd-5e63-5951-790b-f1892e8c5267"
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
在现有密钥组中创建用户凭证的请求将返回以下响应:
{
"request_id": "4ccc9dd5-af3a-6865-293f-3f704d2866e1",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:46:41Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:be4a0846-4cb5-3bfa-bab5-10a44dfc3e85",
"description": "Extended description for my secret.",
"expiration_date": "2020-12-31T00:00:00Z",
"id": "be4a0846-4cb5-3bfa-bab5-10a44dfc3e85",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-15T22:46:41Z",
"name": "test-username-password-in-group",
"secret_data": {
"password": "cloudy-rainy-coffee-book",
"username": "user123"
},
"secret_group_id": "339c026a-ac0f-1ea1-3d43-99adf871b49a",
"secret_type": "username_password",
"state": 1,
"state_description": "Active",
"versions": [
{
"auto_rotated": false,
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:46:41Z",
"id": "a09c7a3c-13a5-7a17-fadc-e7850496d27a"
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
将证书导入到 default 私钥组的请求将返回以下响应:
{
"request_id": "811b893b-55c7-b6bb-4e55-26a7a8362164",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"algorithm": "RSA",
"common_name": "example.com",
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2021-06-03T20:50:11Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:be4a0846-4cb5-3bfa-bab5-10a44dfc3e85",
"description": "Extended description for my secret.",
"expiration_date": "2021-06-04T15:25:44Z",
"id": "be4a0846-4cb5-3bfa-bab5-10a44dfc3e85",
"intermediate_included": false,
"issuer": "US Texas Austin Example Corp. Example Org example.com",
"key_algorithm": "SHA256-RSA",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2021-06-03T20:50:11Z",
"name": "test-imported-certificate-in-group",
"private_key_included": true,
"secret_type": "imported_cert",
"serial_number": "fc:22:29:7e:57:25:8a:05",
"state": 1,
"state_description": "Active",
"validity": {
"not_after": "2021-06-04T15:25:44Z",
"not_before": "2021-06-03T15:25:44Z"
},
"versions": [
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2021-06-03T20:50:11.278296706Z",
"expiration_date": "2021-06-04T15:25:44Z",
"id": "be4a0846-4cb5-3bfa-bab5-10a44dfc3e85",
"serial_number": "fc:22:29:7e:57:25:8a:05",
"validity": {
"not_after": "2021-06-04T15:25:44Z",
"not_before": "2021-06-03T15:25:44Z"
}
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
将证书导入到现有密钥组的请求将返回以下响应:
{
"request_id": "811b893b-55c7-b6bb-4e55-26a7a8362164",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"algorithm": "RSA",
"common_name": "example.com",
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2021-06-03T20:50:11Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:be4a0846-4cb5-3bfa-bab5-10a44dfc3e85",
"description": "Extended description for my secret.",
"expiration_date": "2021-06-04T15:25:44Z",
"id": "be4a0846-4cb5-3bfa-bab5-10a44dfc3e85",
"intermediate_included": false,
"issuer": "US Texas Austin Example Corp. Example Org example.com",
"key_algorithm": "SHA256-RSA",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2021-06-03T20:50:11Z",
"name": "test-imported-certificate-in-group",
"private_key_included": true,
"secret_group_id": "339c026a-ac0f-1ea1-3d43-99adf871b49a",
"secret_type": "imported_cert",
"serial_number": "fc:22:29:7e:57:25:8a:05",
"state": 1,
"state_description": "Active",
"validity": {
"not_after": "2021-06-04T15:25:44Z",
"not_before": "2021-06-03T15:25:44Z"
},
"versions": [
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2021-06-03T20:50:11.278296706Z",
"expiration_date": "2021-06-04T15:25:44Z",
"id": "e4f44e8b-abe0-9267-88da-199e754f974a",
"serial_number": "fc:22:29:7e:57:25:8a:05",
"validity": {
"not_after": "2021-06-04T15:25:44Z",
"not_before": "2021-06-03T15:25:44Z"
}
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
创建或导入一组服务凭证的请求将返回以下响应:
{
"request_id": "b7b8799c-e0f7-f31c-c050-3d66f854c214",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "IBMid-2723462DAH",
"creation_date": "2023-11-23T13:33:36Z",
"crn": "crn:v1:staging:public:secrets-manager:us-south:a/826aa2b9cab6c666477fc55ebc47bacc:e2c32ad4-1414-41e0-8747-e107e6b9f8e6:secret:c70951dd-f672-9995-968d-b76204b2432d",
"custom_metadata": {},
"downloaded": true,
"iam_apikey_description": "Auto-generated for key crn:v1:staging:public:event-notifications:us-south:a/826aa2b9cab6c666477fc55ebc47bacc:f85409e9-1a06-47d5-8320-95ed4e1675cc:resource-key:d13dd212-cd38-4732-a14e-1889ee3ca4fa",
"iam_apikey_id": "ApiKey-4fdabb94-2654-4ab7-8d01-fbf41117b4a9",
"iam_apikey_name": "test-sc-secret",
"iam_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Manager",
"iam_serviceid_crn": "crn:v1:staging:public:iam-identity::a/826aa2b9cab6c666477fc55ebc47bacc::serviceid:ServiceId-38fd1d20-db0b-4ae6-bee9-23d6468e149f",
"id": "c70951dd-f672-9995-968d-b76204b2432d",
"labels": [],
"last_update_date": "2023-11-23T13:33:36Z",
"locks_total": 0,
"name": "test-sc-secret",
"parameters": {},
"resource_key_crn": "crn:v1:staging:public:event-notifications:us-south:a/826aa2b9cab6c666477fc55ebc47bacc:f85409e9-1a06-47d5-8320-95ed4e1675cc:resource-key:d13dd212-cd38-4732-a14e-1889ee3ca4fa",
"resource_key_name": "test-sc-secret",
"role": "crn:v1:bluemix:public:iam::::serviceRole:Manager",
"secret_data": {
"apikey": "xxxxxxxxxxxxxxxxxxxx",
"guid": "f85409e9-1a06-47d5-8320-95ed4e1675bc",
"iam_apikey_description": "Auto-generated for key crn:v1:staging:public:event-notifications:us-south:a/826aa2b9cab6c666477fc55ebc47bacc:f85409e9-1a06-47d5-8320-95ed4e1675cc:resource-key:d13dd212-cd38-4732-a14e-1889ee3ca4fa",
"iam_apikey_id": "ApiKey-4fdabb94-2654-4ab7-8d01-fbf41117b4a9",
"iam_apikey_name": "test-sc-secret",
"iam_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Manager",
"iam_serviceid_crn": "crn:v1:staging:public:iam-identity::a/826aa2b9cab6c666477fc55ebc47bacc::serviceid:ServiceId-38fd1d20-db0b-4ae6-bee9-23d6468e149f",
"instance_id": "f85409e9-1a06-47d5-8320-95ed4e1675cc",
"plan": "33b50df2-9cd6-4005-a941-bf0a59f0d133",
"region": "us-south"
},
"secret_type": "service_credentials",
"source_crn": "crn:v1:staging:public:event-notifications:us-south:a/826aa2b9cab6c666477fc55ebc47bafc:f85409e9-1a06-47d5-8320-95ed4e1675cc::",
"state": 1,
"state_description": "Active",
"ttl": 7776000,
"versions": [
{
"created_by": "IBMid-2723462DAH",
"creation_date": "2023-11-23T13:33:36Z",
"downloaded": true,
"expiration_date": "2024-02-21T13:33:36Z",
"id": "1ab6e797-c74d-419d-0863-a8976b64efe8",
"payload_available": true,
"version_custom_metadata": {}
}
],
"versions_total": 1
},
"wrap_info": null,
"warnings": null,
"auth": null
}
获取私钥
获取秘密的值。 可以使用私钥标识或私钥名称来检索私钥。
示例请求
获取任意私钥。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/{secret_id_or_secret_name}' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取现有私钥组中的任意私钥。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/groups/{group_id}/{secret_id_or_secret_name}' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取 IAM 凭证。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/iam_credentials/creds/{secret_id_or_secret_name}' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取现有密钥组中的 IAM 凭证。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/iam_credentials/creds/groups/{group_id}/{secret_id_or_secret_name}' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取键值私钥。 了解更多信息。
curl -L -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/kv/secrets/{secret_id_or_secret_name}' \
-H 'Accept: application/json'\
-H 'X-Vault-Token: {Vault-Token}'
获取现有密钥组中的密钥值私钥。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/kv/secrets/groups/{group_id}/{secret_id_or_secret_name}' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取用户凭证。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/secrets/{secret_id_or_secret_name}' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取现有密钥组中的用户凭证。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/secrets/groups/{group_id}/{secret_id_or_secret_name}' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取导入的证书。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/imported_cert/secrets/{secret_id_or_secret_name}' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取现有密钥组中的已导入证书。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/imported_cert/secrets/groups/{group_id}/{secret_id_or_secret_name}' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取一组服务证书。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/service_credentials/secrets/{secret_id_or_secret_name}" \
-H 'Accept: application/json' \
-H "X-Vault-Token: $VAULT_TOKEN" | jq
示例响应
检索任意私钥的请求将返回以下响应:
{
"request_id": "463e84e8-3a0c-1061-1a6e-6ce1434c7ba2",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-16T20:54:52Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:582a8f65-9a2b-a072-4fc3-e69ff3462c23",
"description": "Extended description for my secret.",
"expiration_date": "2030-04-01T09:30:00Z",
"id": "582a8f65-9a2b-a072-4fc3-e69ff3462c23",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-16T20:54:52Z",
"name": "test-arbitrary-secret",
"secret_data": {
"payload": "secret-data"
},
"secret_type": "arbitrary",
"state": 1,
"state_description": "Active",
"versions": [
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-16T20:54:52Z",
"id": "03d9ddb3-aa1d-d929-40c8-04027213ef08"
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
用于在现有私钥组中检索任意私钥的请求将返回以下响应:
{
"request_id": "791340bd-5664-c1e3-e779-d1391494f55d",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:34:53Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:a6972127-35ad-b36f-aac8-0223f0475cb6",
"description": "Extended description for my secret.",
"expiration_date": "2030-04-01T09:30:00Z",
"id": "a6972127-35ad-b36f-aac8-0223f0475cb6",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-15T22:34:53Z",
"name": "test-arbitrary-secret-in-group",
"secret_data": {
"payload": "secret-data"
},
"secret_group_id": "339c026a-ac0f-1ea1-3d43-99adf871b49a",
"secret_type": "arbitrary",
"state": 1,
"state_description": "Active",
"versions": [
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:34:53Z",
"id": "a7f55e6f-b068-977b-062e-4de644633982"
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
生成 IAM 凭证的请求将返回以下响应:
{
"request_id": "c9716624-669f-2ef4-5560-a5d4e6618826",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"access_groups": [
"AccessGroupId-0529f490-129c-4877-a2a0-b57f50d3e53b"
],
"api_key": "U40hERZ0h-0C0cnka2bEuL2y...(redacted)",
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-16T21:55:31Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:d7a2b83f-997c-4914-857a-86bfcdbf0873",
"description": "Extended description for my secret.",
"id": "d7a2b83f-997c-4914-857a-86bfcdbf0873",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-16T22:05:16Z",
"name": "test-iam-credentials",
"secret_type": "iam_credentials",
"service_id": "ServiceId-43c79ec9-7f02-481d-92f1-e60363483298",
"state": 1,
"state_description": "Active",
"ttl": 1800
},
"wrap_info": null,
"warnings": null,
"auth": null
}
在现有密钥组中生成 IAM 凭证的请求将返回以下响应:
{
"request_id": "201eaa80-d5f1-2697-66dd-481d94a52685",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"access_groups": [
"AccessGroupId-0529f490-129c-4877-a2a0-b57f50d3e53b"
],
"api_key": "CFQY6wWPI3C3wKx6XLC9p0c3e...(redacted)",
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-16T21:57:13Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:99425779-0707-4877-81CB-ca11e28b6ef1",
"description": "Extended description for my secret.",
"id": "99425779-0707-4877-81CB-ca11e28b6ef1",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-16T22:07:20Z",
"name": "test-iam-credentials-in-group",
"secret_group_id": "714e070d-8122-6270-198c-fef9166729e3",
"secret_type": "iam_credentials",
"service_id": "ServiceId-d1a99978-2108-4eec-9dae-bdf5691e7136",
"state": 1,
"state_description": "Active",
"ttl": 1800
},
"wrap_info": null,
"warnings": null,
"auth": null
}
用于检索密钥值私钥的请求将返回以下响应:
{
"request_id": "1e0000-7100-cb00b-d00a-b350000f5a",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-9c00000-00d-000e-8000-ed6b40000",
"creation_date": "2022-01-25T19:22:04Z",
"crn": "crn:v1:bluemix:public:secrets-manager:eu-gb:a/4b85000004a6be3700000f5:5f1000-5f00-4000-8bfc-5e0000f66:secret:0000ea8e-7d00-69ce-c000a-0a00000b3ee",
"description": "Extended description for my secret.",
"downloaded": true,
"id": "00002ea8e-7lk90-00ce-c200a-00004b3ee",
"labels": [],
"last_update_date": "2022-01-25T19:22:04Z",
"name": "test-kv-secret",
"secret_data": {
"payload": {
"key1": "value1"
}
},
"secret_type": "kv",
"state": 1,
"state_description": "Active",
"versions": [
{
"created_by": "iam-ServiceId-000000-f000d-479e-8b02-ed600000",
"creation_date": "2022-01-25T19:22:04Z",
"downloaded": true,
"id": "bf00007-800dc-0006-14d9-a7c720000bh",
"payload_available": true
}
],
"versions_total": 1
},
"wrap_info": null,
"warnings": null,
"auth": null
}
在现有私钥组中检索密钥值私钥的请求将返回以下响应:
{
"request_id": "a0000c-e00-000ef-d000e8-a68e60000",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "Id-000000",
"creation_date": "2022-01-26T20:11:29Z",
"crn": "crn:v1:bluemix:public:secrets-manager:eu-gb:a/4b0000a6bbe:5f1a3554-5f59-4164-8bfc-5e0000000cf66:secret:e006e8bc-f497-dc93-4102-9d0000001",
"description": "Extended description for my secret.",
"downloaded": true,
"id": "e00000c-f0000-d0003-00002-9d9cf2000001",
"labels": [],
"last_update_date": "2022-01-26T20:11:29Z",
"name": "test-kv-secret-from-group",
"secret_data": {
"payload": {
"key5": "value5"
}
},
"secret_group_id": "0000ffd-da17-c0000-eb0000-600000002",
"secret_type": "kv",
"state": 1,
"state_description": "Active",
"versions": [
{
"created_by": "Id-0000000",
"creation_date": "2022-01-26T20:11:29Z",
"downloaded": true,
"id": "5c000000-000c3-00003-de0000-c0d200000",
"payload_available": true
}
],
"versions_total": 1
},
"wrap_info": null,
"warnings": null,
"auth": null
}
用于检索已导入证书的请求将返回以下响应:
{
"request_id": "811b893b-55c7-b6bb-4e55-26a7a8362164",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"algorithm": "RSA",
"common_name": "example.com",
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2021-06-03T20:50:11Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:be4a0846-4cb5-3bfa-bab5-10a44dfc3e85",
"description": "Extended description for my secret.",
"expiration_date": "2021-06-04T15:25:44Z",
"id": "be4a0846-4cb5-3bfa-bab5-10a44dfc3e85",
"intermediate_included": true,
"issuer": "US Texas Austin Example Corp. Example Org example.com",
"key_algorithm": "SHA256-RSA",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2021-06-03T20:50:11Z",
"name": "test-imported-certificate",
"private_key_included": true,
"secret_data": {
"certificate": "-----BEGIN CERTIFICATE-----\nMIICWzCCAcQCC...(redacted)",
"intermediate": "-----BEGIN CERTIFICATE-----\nMIICUzHHraOa...(redacted)",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANB...(redacted)"
},
"secret_type": "imported_cert",
"serial_number": "fc:22:29:7e:57:25:8a:05",
"state": 1,
"state_description": "Active",
"validity": {
"not_after": "2021-06-04T15:25:44Z",
"not_before": "2021-06-03T15:25:44Z"
},
"versions": [
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2021-06-03T20:50:11.278296706Z",
"expiration_date": "2021-06-04T15:25:44Z",
"id": "e4f44e8b-abe0-9267-88da-199e754f974a",
"serial_number": "fc:22:29:7e:57:25:8a:05",
"validity": {
"not_after": "2021-06-04T15:25:44Z",
"not_before": "2021-06-03T15:25:44Z"
}
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
用于检索一组服务凭证的请求将返回以下响应:
{
"request_id": "18d15b17-eb6f-68ad-8b44-4033ab64feb1",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "IBMid-2723462DAH",
"creation_date": "2023-11-23T13:33:36Z",
"crn": "crn:v1:staging:public:secrets-manager:us-south:a/826aa2b9cab6c666477fc55ebc47bacc:e2c32ad4-1414-41e0-8747-e107e6b9f8a6:secret:c70951dd-f672-9995-968d-b76204b2432d",
"custom_metadata": {},
"downloaded": true,
"iam_apikey_description": "Auto-generated for key crn:v1:staging:public:event-notifications:us-south:a/826aa2b9cab6c666477fc55ebc47bacc:f85409e9-1a06-47d5-8320-95ed4e1675cc:resource-key:d13dd212-cd38-4732-a14e-1889ee3ca4fa",
"iam_apikey_id": "ApiKey-4fdabb94-2654-4ab7-8d01-fbf41117b4a9",
"iam_apikey_name": "test-sc-secret",
"iam_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Manager",
"iam_serviceid_crn": "crn:v1:staging:public:iam-identity::a/826aa2b9cab6c666477fc55ebc47bacc::serviceid:ServiceId-38fd1d20-db0b-4ae6-bee9-23d6468e149f",
"id": "c70951dd-f672-9995-968d-b76204b2432d",
"labels": [],
"last_update_date": "2023-11-23T13:33:36Z",
"locks_total": 0,
"name": "test-sc-secret",
"parameters": {},
"resource_key_crn": "crn:v1:staging:public:event-notifications:us-south:a/826aa2b9cab6c666477fc55ebc47bacc:f85409e9-1a06-47d5-8320-95ed4e1675cc:resource-key:d13dd212-cd38-4732-a14e-1889ee3ca4fa",
"resource_key_name": "test-sc-secret",
"role": "crn:v1:bluemix:public:iam::::serviceRole:Manager",
"secret_data": {
"apikey": "xxxxxxxxxxxxxxxxxxxxxxx",
"guid": "f85409e9-1a06-47d5-8320-95ed4e1675cc",
"iam_apikey_description": "Auto-generated for key crn:v1:staging:public:event-notifications:us-south:a/826aa2b9cab6c666477fc55ebc47bacc:f85409e9-1a06-47d5-8320-95ed4e1675cc:resource-key:d13dd212-cd38-4732-a14e-1889ee3ca4fa",
"iam_apikey_id": "ApiKey-4fdabb94-2654-4ab7-8d01-fbf41117b4a9",
"iam_apikey_name": "test-sc-secret",
"iam_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Manager",
"iam_serviceid_crn": "crn:v1:staging:public:iam-identity::a/826aa2b9cab6c666477fc55ebc47bacc::serviceid:ServiceId-38fd1d20-db0b-4ae6-bee9-23d6468e149f",
"instance_id": "f85409e9-1a06-47d5-8320-95ed4e1675cc",
"plan": "33b50df2-9cd6-4005-a941-bf0a59f0d133",
"region": "us-south"
},
"secret_type": "service_credentials",
"source_crn": "crn:v1:staging:public:event-notifications:us-south:a/826aa2b9cab6c666477fc55ebc47bacc:f85409e9-1a06-47d5-8320-95ed4e1675cc::",
"state": 1,
"state_description": "Active",
"ttl": 7776000,
"versions": [
{
"created_by": "IBMid-2723462DAH",
"creation_date": "2023-11-23T13:33:36Z",
"downloaded": true,
"expiration_date": "2024-02-21T13:33:36Z",
"id": "1ab6e797-c74d-419d-0863-a8976b64efe8",
"payload_available": true,
"version_custom_metadata": {}
}
],
"versions_total": 1
},
"wrap_info": null,
"warnings": null,
"auth": null
}
列出私钥
检索 Secrets Manager 私钥引擎中可用的私钥列表。
示例请求
列出任意私钥。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
列出现有私钥组中的任意私钥:
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/groups/{group_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
列出所有任意私钥的请求将返回以下响应:
{
"request_id": "d8eb84fd-c0bd-08ae-c3ad-cff87606953c",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"secrets": [
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:34:53Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:a6972127-35ad-b36f-aac8-0223f0475cb6",
"description": "Extended description for my secret.",
"expiration_date": "2030-04-01T09:30:00Z",
"id": "a6972127-35ad-b36f-aac8-0223f0475cb6",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-15T22:34:53Z",
"name": "test-arbitrary-secret-in-group",
"secret_group_id": "339c026a-ac0f-1ea1-3d43-99adf871b49a",
"secret_type": "arbitrary",
"state": 1,
"state_description": "Active"
},
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2020-12-15T22:41:14Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:ea1907c8-8c8e-6b83-3c20-05f2015b80d8",
"description": "Extended description for my secret.",
"expiration_date": "2030-04-01T09:30:00Z",
"id": "ea1907c8-8c8e-6b83-3c20-05f2015b80d8",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2020-12-15T22:41:14Z",
"name": "another-arbitrary-secret-in-group",
"secret_group_id": "339c026a-ac0f-1ea1-3d43-99adf871b49a",
"secret_type": "arbitrary",
"state": 1,
"state_description": "Active"
}
],
"secrets_total": 2
},
"wrap_info": null,
"warnings": null,
"auth": null
}
获取私钥元数据
读取秘密的元数据,如名称、描述等。 要检索私钥的实际值,请使用 获取私钥。
示例请求
获取 arbitrary 私钥的元数据。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/{secret_id}/metadata" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取现有私钥组中 arbitrary 私钥的元数据。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/groups/{group_id}/{secret_id}/metadata" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取 kv 私钥的元数据。 了解更多信息。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/kv/secrets/{secret_id}/metadata' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
获取现有私钥组中 kv 私钥的元数据。
curl -X GET 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/kv/secrets/groups/{group_id}/{secret_id}/metadata' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
用于检索 arbitrary 私钥元数据的请求将返回以下响应:
{
"request_id": "372645c0-9d97-5f6b-0755-99145eacdb93",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2021-06-04T02:55:40Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:ea1907c8-8c8e-6b83-3c20-05f2015b80d8",
"description": "Extended description for my secret.",
"expiration_date": "2030-04-01T09:30:00Z",
"id": "ea1907c8-8c8e-6b83-3c20-05f2015b80d8",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2021-06-04T02:55:40Z",
"name": "test-arbitrary-secret",
"secret_type": "arbitrary",
"state": 1,
"state_description": "Active"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
用于检索 kv 私钥元数据的请求将返回以下响应:
{
"request_id": "0a0000e-0a0f-edfh-000a-ec2000ab00",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-9ca00000-f00d-000e-8b02-ed6b000pl",
"creation_date": "2022-01-25T19:22:04Z",
"crn": "crn:v1:bluemix:public:secrets-manager:eu-gb:a/4000000bbea00000000647f000001f5:5f000004-5f00-40000-8bfc-5mnh0a200000:secret:00000ea8e-7d00-00ce-c00poa-0a00000f0000e",
"description": "Extended description for my secret.",
"downloaded": true,
"id": "0a0000e-0a0f-edfh-000a-ec2000ab00",
"labels": [],
"last_update_date": "2022-01-25T19:22:04Z",
"name": "test-kv-secret",
"secret_type": "kv",
"state": 1,
"state_description": "Active",
"versions_total": 1
},
"wrap_info": null,
"warnings": null,
"auth": null
}
用于检索现有私钥组中 kv 私钥的元数据的请求将返回以下响应:
{
"request_id": "0a0000e-0a0f-edfh-000a-ec2000ab00",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "id-0000000YC6X",
"creation_date": "2022-01-26T20:11:29Z",
"crn": "crn:v1:bluemix:public:secrets-manager:eu-gb:a/4000000bbea00000000647f000001f5:5f000004-5f00-40000-8bfc-5mnh0a200000:secret:00000ea8e-7d00-00ce-c00poa-0a00000f0000e",
"description": "Test secret in test secret group.",
"downloaded": true,
"id": "0a0000e-0a0f-edfh-000a-ec2000ab00",
"labels": [],
"last_update_date": "2022-01-26T20:11:29Z",
"name": "test-kv-secret-from-group",
"secret_group_id": "aded0a0000e-0a0f-edfh-000a-ec2000ab00",
"secret_type": "kv",
"state": 1,
"state_description": "Active",
"versions_total": 1
},
"wrap_info": null,
"warnings": null,
"auth": null
}
更新私钥元数据
更新秘密的元数据,如名称、描述或失效日期。 要旋转私钥的实际值,请使用 旋转私钥。
| 请求参数 | 描述 |
|---|---|
name |
要分配给私钥的更新名称。 |
description |
要分配给私钥的已更新描述。 |
expiration_date |
要分配给私钥的更新到期日期。 arbitrary 和 username_password 私钥类型支持此选项。 日期格式遵循 RFC 3339。 |
示例请求
更新 default 私钥组中 arbitrary 私钥的名称。
curl -X PUT "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/{secret_id}/metadata" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-d '{
"name": "updated-arbitrary-secret-name"
}'
更新现有密钥组中 arbitrary 密钥的截止日期。
curl -X PUT "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/groups/{group_id}/{secret_id}/metadata" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-d '{
"expiration_date": "2030-05-01T09:30:00Z"
}'
示例响应
更新 default 私钥组中 arbitrary 私钥的元数据的请求将返回以下响应:
{
"request_id": "372645c0-9d97-5f6b-0755-99145eacdb93",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2021-06-04T02:55:40Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:secret:ea1907c8-8c8e-6b83-3c20-05f2015b80d8",
"description": "Updated description for my secret.",
"expiration_date": "2030-04-01T09:30:00Z",
"id": "ea1907c8-8c8e-6b83-3c20-05f2015b80d8",
"labels": [
"dev",
"us-south"
],
"last_update_date": "2021-06-05T02:55:40Z",
"name": "updated-arbitrary-secret",
"secret_type": "arbitrary",
"state": 1,
"state_description": "Active"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
轮换私钥
创建新版本的秘密。 秘密保留其识别信息,如名称和 ID。 要为私钥设置自动轮换策略,请参阅 设置私钥策略。
| 请求参数 | 描述 |
|---|---|
payload |
要分配给 arbitrary 或 kv 私钥的新私钥数据。 |
password |
要分配给 username_password 私钥的新密码。 |
certificate |
要分配给 imported_cert 私钥的新证书。 |
private_key |
要分配给 imported_cert 私钥的新专用密钥。 |
intermediate |
要分配给 import_cert 私钥的新中间证书数据。 |
示例请求
在 default 私钥组中轮换 arbitrary 私钥。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/{secret_id}/rotate" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-d '{
"payload": "new-secret-data"
}'
在现有密钥组中轮换 arbitrary 密钥。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/groups/{group_id}/{secret_id}/rotate" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-d '{
"payload": "new-secret-data"
}'
在 default 私钥组中轮换 kv 私钥。 了解更多信息。
curl -X POST 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/kv/secrets/{secret_id}/rotate' \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"payload": {
"key7":"value7"
}
}'
在现有密钥组中轮换 kv 密钥。
curl -X POST 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/kv/secrets/groups/{group_id}/{secret_id}/rotate' \
-H 'Accept: application/json'
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"payload": {
"key7":"value7"
}
}'
在 default 私钥组中轮换 username_password 私钥。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/secrets/{secret_id}/rotate" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-d '{
"password": "new-password"
}'
在 default 私钥组中轮换 imported_cert 私钥。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/imported_cert/secrets/{secret_id}/rotate" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}' \
-d '{
"certificate": "new-certificate",
"private_key": "new-private-key",
"intermediate": "new-intermediate-certificate"
}'
示例响应
用于在 default 私钥组中轮换 kv 私钥的请求将返回以下响应:
{
"request_id": "e00000b-0000-0ad1-beb0-00000d0000",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "iam-ServiceId-9ca2000007-f0000d-400000e-8b02-ed6b000000",
"creation_date": "2022-01-25T19:22:04Z",
"crn": "crn:v1:bluemix:public:secrets-manager:eu-gb:a/00000a6bbea644a6be000000001f5:5f1a000000-5f000-4000-8bfc-5eef00000:secret:00000ea8e-7d00-00ce-c00a-0a0000f000ee",
"description": "Extended description for my secret.",
"downloaded": false,
"id": "00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"labels": [],
"last_update_date": "2022-01-27T21:05:25Z",
"name": "test-kv-secret",
"secret_data": {
"payload": {
"key7": "value7"
}
},
"secret_type": "kv",
"state": 1,
"state_description": "Active",
"versions": [
{
"created_by": "iam-ServiceId-9ca2000007-f0000d-400000e-8b02-ed6b000000",
"creation_date": "2022-01-25T19:22:04Z",
"downloaded": true,
"id": "00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"payload_available": false
},
{
"created_by": "iam-ServiceId-9ca2000007-f0000d-400000e-8b02-ed6b000000",
"creation_date": "2022-01-27T21:05:25Z",
"downloaded": false,
"id": "00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"payload_available": true
}
],
"versions_total": 2
},
"wrap_info": null,
"warnings": null,
"auth": null
}
在现有私钥组中轮换 kv 私钥的请求将返回以下响应:
{
"request_id": "e00000b-0000-0ad1-beb0-00000d0000",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"created_by": "IBMid-662001YC6X",
"creation_date": "2022-01-26T20:11:29Z",
"crn": "crn:v1:bluemix:public:secrets-manager:eu-gb:a/4b85ea6bbea644a6be376647f5f961f5:5f1a3554-5f59-4164-8bfc-5eef0a20cf66:secret:e006e8bc-f497-dc93-4102-9d9cf2051a41",
"description": "Test secret in test secret group.",
"downloaded": false,
"id": "00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"labels": [],
"last_update_date": "2022-01-27T21:00:27Z",
"name": "test-kv-secret-from-group",
"secret_data": {
"payload": {
"key7": "value7"
}
},
"secret_group_id": "00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"secret_type": "kv",
"state": 1,
"state_description": "Active",
"versions": [
{
"created_by": "iam-ServiceId-00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"creation_date": "2022-01-26T20:11:29Z",
"downloaded": true,
"id": "00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"payload_available": false
},
{
"created_by": "iam-ServiceId-00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"creation_date": "2022-01-27T21:00:03Z",
"downloaded": false,
"id": "00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"payload_available": false
},
{
"created_by": "iam-ServiceId-00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"creation_date": "2022-01-27T21:00:27Z",
"downloaded": false,
"id": "00000ea00-7d0000-0000ce-c0002a-0a0000f4b3ee",
"payload_available": true
}
],
"versions_total": 3
},
"wrap_info": null,
"warnings": null,
"auth": null
}
删除私钥
从 Secrets Manager 私钥引擎中删除私钥。
示例请求
删除 default 私钥组中的任意私钥。
curl -X DELETE "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/{secret_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
删除现有私钥组中的任意私钥。
curl -X DELETE "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/groups/{group_id}/{secret_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
{
"request_id": "e48436e3-23d3-ab4a-7642-535cab8935a8",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": null,
"auth": null
}
锁定数
列出私钥锁定
列出与指定密文相关的锁。
| 查询参数 | 描述 |
|---|---|
limit |
要检索的锁的数量。 缺省值为 25。 要检索不同的项目集,请使用 limit 和 offset 翻阅可用资源。 |
offset |
要跳过的锁定数。 缺省值为 0。 通过指定偏移量,可以检索以偏移量值开头的锁子集。 使用具有限制的偏移量,以通过可用私钥锁定页面。 |
search |
过滤名称中包含指定字符串的锁。 |
示例请求
列出任意私钥的锁定。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/locks/{secret_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
列示现有密钥组中用户凭证密钥的锁定。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/locks/groups/{group_id}/{secret_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
通过使用 limit 和 offset 打开可用锁定的页面。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/locks/groups/{group_id}/{secret_id}?limit={limit}&offset={offset}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
过滤以获取名称中包含 book 的锁定。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/locks/groups/{group_id}/{secret_id}?search=book" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
{
"request_id": "ba51140d-31a8-0a51-dd5b-1ca59838e881",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"locks": [
{
"attributes": {
"key": "value"
},
"created_by": "iam-ServiceId-222b47ab-b08e-4619-b68f-8014a2c3acb8",
"creation_date": "2022-06-30T21:41:36.616174Z",
"description": "Test lock for secret in the default secret group.",
"last_update_date": "2022-06-30T21:41:36.616174Z",
"name": "lock-for-app-2",
"secret_group_id": "default",
"secret_id": "184408d6-8264-5ff3-c308-6922ed04ad88",
"secret_version_alias": "current",
"secret_version_id": "f2b68dbb-c291-87df-6026-7611c324c823"
},
{
"attributes": {
"key": "value"
},
"created_by": "iam-ServiceId-222b47ab-b08e-4619-b68f-8014a2c3acb8",
"creation_date": "2022-06-30T20:56:33.138337Z",
"description": "Test lock for secret in the default secret group.",
"last_update_date": "2022-06-30T21:14:14.903163Z",
"name": "lock-for-app-1",
"secret_group_id": "default",
"secret_id": "184408d6-8264-5ff3-c308-6922ed04ad88",
"secret_version_alias": "previous",
"secret_version_id": "09d9718b-b411-4111-a8f4-b1397d22d11b"
}
],
"locks_total": 2
},
"wrap_info": null,
"warnings": null,
"auth": null
}
锁定私钥
对当前版本的私钥 创建一个或多个锁定。
可以使用锁定来防止在应用程序使用私钥时将其删除或修改。 成功的请求会将新锁定附加到私钥,或者替换同名的锁定 (如果已存在)。 此外,您可以使用此方法通过使用可选锁定方式来清除私钥上的任何匹配锁定。
lock_exclusive:如果在上一版本的密文中发现名称匹配的其他锁,则将其移除。lock_exclusive_delete: 与lock_exclusive相同,但如果找不到锁定,那么还会永久删除先前私钥版本的数据。
| 请求参数 | 描述 |
|---|---|
name |
为密码锁指定的可读名称。 每个私钥版本的名称都是唯一的。/n 注: 使用现有名称创建锁定将替换该锁定并覆盖其属性。 |
description |
详细描述您的秘密锁。 |
attributes |
要与锁定关联的可选信息,例如要由自动化使用的资源 CRN。 |
示例请求
在缺省私钥组中创建对私钥的锁定。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/{secret_id}/lock" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": [
{
"name": "lock-for-app-1",
"description": "Test lock for secret in the default secret group.",
"attributes": {
"key": "value"
}
}
]
}'
在现有密钥组中的当前密钥版本上创建两个锁定。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/groups/{group_id}/{secret_id}/lock" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": [
{
"name": "lock-for-app-1",
"description": "Test lock for secret in a custom secret group.",
"attributes": {
"key": "value"
}
},
{
"name": "lock-for-app-2",
"description": "Test lock for secret in a custom secret group.",
"attributes": {
"key": "value"
}
}
]
}'
专门锁定一个秘密版本。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/{secret_id}/lock_exclusive" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": [
{
"name": "lock-for-app-1",
"description": "Test lock for secret in the default secret group.",
"attributes": {
"key": "value"
}
}
]
}'
以独占方式锁定私钥版本并删除先前版本数据。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/{secret_id}/lock_exclusive_delete" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": [
{
"name": "lock-for-app-1",
"description": "Test lock for secret in the default secret group.",
"attributes": {
"key": "value"
}
}
]
}'
示例响应
用于锁定缺省私钥组中当前版本的私钥的请求将返回以下响应:
{
"request_id": "cad3f223-ec90-1e8e-9408-7fc3c9c50b86",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"secret_group_id": "default",
"secret_id": "184408d6-8264-5ff3-c308-6922ed04ad88",
"versions": [
{
"alias": "current",
"id": "f2b68dbb-c291-87df-6026-7611c324c823",
"locks": [
"lock-for-app-1"
],
"payload_available": true
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
用于锁定作为定制私钥组的私钥的当前版本的请求将返回以下响应:
{
"request_id": "a717fba0-275d-36d2-49e6-ae54fc820ca4",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"secret_group_id": "d2e98a96-18ed-f13c-8dee-db955fb94122",
"secret_id": "c86946e6-b392-2613-159d-aff5a3f095b3",
"versions": [
{
"alias": "current",
"id": "ad6aa6d9-b43c-4bc3-597d-15c376622e64",
"locks": [
"lock-for-app-1"
],
"payload_available": true
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
解锁私钥
删除与当前版本的私钥关联的一个或多个锁定。
成功的请求会删除您指定的锁定。 要除去所有锁定,可以在请求主体中传递 {"locks": ["*"]}。 否则,请指定要删除的锁定的名称。 例如,{"locks": ["lock1", "lock2"]}。
私钥被视为已解锁,并且只有在除去其所有锁定后才能被撤销或删除。 要了解私钥是否包含锁定,请检查作为私钥元数据一部分返回的 locks_total 字段。
示例请求
移除与秘密相关的所有锁。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/{secret_id}/unlock" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": ["*"]
}'
从现有密钥组中的密钥除去两个锁定。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/groups/{group_id}/{secret_id}/unlock" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": ["lock-name-1", "lock-name-2"]
}'
示例响应
除去所有锁定的请求将返回以下响应:
{
"request_id": "4708ebbf-eab0-e68a-9e72-d1c67a209fdc",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"secret_group_id": "default",
"secret_id": "184408d6-8264-5ff3-c308-6922ed04ad88",
"versions": [
{
"alias": "current",
"id": "f2b68dbb-c291-87df-6026-7611c324c823",
"locks": [],
"payload_available": true
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
仅移除特定锁定的请求会列出响应中的剩余锁定:
{
"request_id": "4d954026-68b3-6506-dc1d-5e77574fd2f0",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"secret_group_id": "default",
"secret_id": "184408d6-8264-5ff3-c308-6922ed04ad88",
"versions": [
{
"alias": "current",
"id": "f2b68dbb-c291-87df-6026-7611c324c823",
"locks": [
"lock-for-app-1"
],
"payload_available": true
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
列示密钥版本锁定
列出与指定密钥版本相关联的锁定。
在 URL 路径中使用 {version_id} 指定版本。 还允许使用别名 current 或 previous。
| 查询参数 | 描述 |
|---|---|
limit |
要检索的锁的数量。 缺省值为 25。 要检索不同的项目集,请使用 limit 和 offset 翻阅可用资源。 |
offset |
要跳过的锁定数。 缺省值为 0。 通过指定偏移量,可以检索以偏移量值开头的锁子集。 使用具有限制的偏移量,以通过可用私钥锁定页面。 |
search |
过滤名称中包含指定字符串的锁。 |
示例请求
列出特定版本的任意私钥的锁定。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/locks/{secret_id}/versions/{version_id}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
列示现有密钥组中用户凭证密钥的当前版本的锁定。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/locks/groups/{group_id}/{secret_id}/versions/current" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
通过使用 limit 和 offset 打开可用锁定的页面。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/locks/groups/{group_id}/{secret_id}/versions/current?limit={limit}&offset={offset}" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
过滤以获取名称中包含 book 的锁定。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/locks/groups/{group_id}/{secret_id}/versions/current?search=book" \
-H 'Accept: application/json' \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
获取当前密钥版本的锁定详细信息的请求将返回以下响应:
{
"request_id": "ba51140d-31a8-0a51-dd5b-1ca59838e881",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"locks": [
{
"attributes": {
"key": "value"
},
"created_by": "iam-ServiceId-222b47ab-b08e-4619-b68f-8014a2c3acb8",
"creation_date": "2022-06-30T21:41:36.616174Z",
"description": "Test lock for secret in the default secret group.",
"last_update_date": "2022-06-30T21:41:36.616174Z",
"name": "lock-for-app-2",
"secret_group_id": "default",
"secret_id": "184408d6-8264-5ff3-c308-6922ed04ad88",
"secret_version_alias": "current",
"secret_version_id": "f2b68dbb-c291-87df-6026-7611c324c823"
},
{
"attributes": {
"key": "value"
},
"created_by": "iam-ServiceId-222b47ab-b08e-4619-b68f-8014a2c3acb8",
"creation_date": "2022-06-30T20:56:33.138337Z",
"description": "Test lock for secret in the default secret group.",
"last_update_date": "2022-06-30T21:14:14.903163Z",
"name": "lock-for-app-1",
"secret_group_id": "default",
"secret_id": "184408d6-8264-5ff3-c308-6922ed04ad88",
"secret_version_alias": "current",
"secret_version_id": "f2b68dbb-c291-87df-6026-7611c324c823"
}
],
"locks_total": 2
},
"wrap_info": null,
"warnings": null,
"auth": null
}
锁定私钥版本
在指定版本的私钥上 创建一个或多个锁定。 要指定版本,请使用 {version_id} 路径参数来提供私钥的当前版本或先前版本的唯一标识。 还允许使用别名 current 或 previous。
可以使用锁定来防止在应用程序使用私钥时将其删除或修改。 成功的请求会将新锁定附加到私钥,或者替换同名的锁定 (如果已存在)。 此外,您可以使用此方法通过使用可选锁定方式来清除私钥上的任何匹配锁定。
lock_exclusive:如果在上一版本的密文中发现名称匹配的其他锁,则将其移除。lock_exclusive_delete: 与lock_exclusive相同,但如果找不到锁定,那么还会永久删除先前私钥版本的数据。
| 请求参数 | 描述 |
|---|---|
name |
为密码锁指定的可读名称。 每个私钥版本的名称都是唯一的。/n 注: 使用现有名称创建锁定将替换该锁定并覆盖其属性。 |
description |
详细描述您的秘密锁。 |
attributes |
要与锁定关联的可选信息,例如要由自动化使用的资源 CRN。 |
示例请求
在缺省密钥组中创建对指定版本的密钥的锁定。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/{secret_id}/versions/{version_id}/lock" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": [
{
"name": "lock-for-app-1",
"description": "Test lock for secret in the default secret group.",
"attributes": {
"key": "value"
}
}
]
}'
将 URL 路径中的 {version_id} 替换为 current 别名,以创建对当前秘密版本的锁定。 允许使用别名 current 或 previous。
在现有密钥组中的当前密钥版本上创建两个锁定。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/groups/{group_id}/{secret_id}/versions/current/lock" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": [
{
"name": "lock-for-app-1",
"description": "Test lock for secret in a custom secret group.",
"attributes": {
"key": "value"
}
},
{
"name": "lock-for-app-2",
"description": "Test lock for secret in a custom secret group.",
"attributes": {
"key": "value"
}
}
]
}'
在现有密钥组中创建对先前版本的密钥的锁定。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/groups/{group_id}/{secret_id}/versions/previous/lock" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": [
{
"name": "lock-for-app-1",
"description": "Test lock for secret in a custom secret group.",
"attributes": {
"key": "value"
}
}
]
}'
示例响应
用于锁定定制私钥组中先前版本的私钥的请求
{
"request_id": "97a3d1fb-c137-9c1c-16fb-7aebf05a0eae",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"secret_group_id": "d2e98a96-18ed-f13c-8dee-db955fb94122",
"secret_id": "c86946e6-b392-2613-159d-aff5a3f095b3",
"versions": [
{
"alias": "current",
"id": "3993c39b-3ef5-f6f3-5e20-f6f9c6f8d053",
"locks": [],
"payload_available": true
},
{
"alias": "previous",
"id": "ad6aa6d9-b43c-4bc3-597d-15c376622e64",
"locks": [
"lock-for-app-1"
],
"payload_available": true
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
解锁私钥版本
删除一个或多个与指定秘密版本相关的锁。
成功的请求会删除您指定的锁定。 要除去所有锁定,可以在请求主体中传递 {"locks": ["*"]}。 否则,请指定要删除的锁定的名称。 例如,{"locks": ["lock-1", "lock-2"]}。
私钥被视为已解锁,并且只有在除去其所有锁定后才能被撤销或删除。 要了解私钥是否包含锁定,请检查作为私钥元数据一部分返回的 locks_total 字段。
示例请求
除去对私钥版本的所有锁定。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/{secret_id}/versions/{version_id}/unlock" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": ["*"]
}'
将 URL 路径中的 {version_id} 替换为 current 别名,以从当前秘密版本中移除锁。 允许使用别名 current 或 previous。
除去对现有密钥组中当前版本的密钥的两个锁定。
curl -X POST "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/{secret_type}/locks/groups/{group_id}/{secret_id}/versions/current/unlock" \
-H 'X-Vault-Token: {Vault-Token}'
-H 'Content-Type: application/json' \
-D '{
"locks": ["lock-name-1", "lock-name-2"]
}'
示例响应
除去所有锁定的请求将返回以下响应:
{
"request_id": "4708ebbf-eab0-e68a-9e72-d1c67a209fdc",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"secret_group_id": "default",
"secret_id": "184408d6-8264-5ff3-c308-6922ed04ad88",
"versions": [
{
"alias": "current",
"id": "f2b68dbb-c291-87df-6026-7611c324c823",
"locks": [],
"payload_available": true
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
仅移除特定锁定的请求会列出响应中的剩余锁定:
{
"request_id": "4d954026-68b3-6506-dc1d-5e77574fd2f0",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"secret_group_id": "default",
"secret_id": "184408d6-8264-5ff3-c308-6922ed04ad88",
"versions": [
{
"alias": "current",
"id": "f2b68dbb-c291-87df-6026-7611c324c823",
"locks": [
"lock-for-app-1"
],
"payload_available": true
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
策略
设置私钥策略
为私钥创建或更新 自动轮换策略。 支持的秘密类型包括 username_password
| 请求参数 | 描述 |
|---|---|
interval |
私钥旋转时间间隔的长度。 |
unit |
私钥轮换时间间隔的单位。 允许的值为: 天,月 |
示例请求
在 default 私钥组中的 username_password 私钥上设置轮换策略。
curl -X PUT "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/arbitrary/secrets/{secret_id}/policies" \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
--data-raw '{
"policies": [
{
"rotation": {
"interval": 10,
"unit": "day"
},
"type": "application/vnd.ibm.secrets-manager.secret.policy+json"
}
]
}'
在现有私钥组中的 username_password 私钥上设置轮换策略。
curl -X PUT "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/secrets/groups/{group_id}/{secret_id}/policies" \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"policies": [
{
"rotation": {
"interval": 10,
"unit": "day"
},
"type": "application/vnd.ibm.secrets-manager.secret.policy+json"
}
]
}'
示例响应
{
"request_id": "89698bdc-d787-4a74-eb2f-53e055ddc7f3",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"policies": [
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2021-06-21T14:30:17Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:policy:ea1907c8-8c8e-6b83-3c20-05f2015b80d8",
"id": "ea1907c8-8c8e-6b83-3c20-05f2015b80d8",
"last_update_date": "2021-06-21T14:33:41Z",
"rotation": {
"interval": 10,
"unit": "day"
},
"type": "application/vnd.ibm.secrets-manager.secret.policy+json",
"updated_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0"
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
列出私钥策略
检索与私钥关联的策略列表。
示例请求
列出 username_password 私钥的策略。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/secrets/{secret_id}/policies" \
-H 'X-Vault-Token: {Vault-Token}'
列出现有私钥组中 username_password 私钥的策略。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/username_password/secrets/groups/{group_id}/{secret_id}/policies" \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
{
"request_id": "89698bdc-d787-4a74-eb2f-53e055ddc7f3",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"policies": [
{
"created_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0",
"creation_date": "2021-06-21T14:30:17Z",
"crn": "crn:v1:bluemix:public:secrets-manager:us-south:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0:policy:ea1907c8-8c8e-6b83-3c20-05f2015b80d8",
"id": "ea1907c8-8c8e-6b83-3c20-05f2015b80d8",
"last_update_date": "2021-06-21T14:33:41Z",
"rotation": {
"interval": 10,
"unit": "day"
},
"type": "application/vnd.ibm.secrets-manager.secret.policy+json",
"updated_by": "iam-ServiceId-c0c7cfa4-b24e-4917-ad74-278f2fee5ba0"
}
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
配置
设置秘密类型的配置
配置充当特定类型私钥的后端的私钥引擎。 您可以设置以下密钥类型的配置: iam_credentials
| 请求参数 | 描述 |
|---|---|
api_key |
IBM Cloud API 密钥,可创建和管理服务 ID。 必须为 API 密钥分配“访问组服务”上的“编辑者”平台角色和 IAM Identity Service 上的“操作者”平台角色。 |
示例请求
配置 iam_credentials 密钥引擎。
curl -X PUT "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/iam_credentials/config/root" \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"api_key": "<API_KEY>"
}'
示例响应
用于配置 iam_credentials 密钥引擎的请求将返回以下响应:
{
"request_id": "f7ac2068-6b07-7602-76af-093e354a444a",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": null,
"auth": null
}
获取秘密类型的配置
检索私钥引擎的配置。
示例请求
获取 iam_credentials 密钥引擎的配置。
curl -X GET "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/iam_credentials/config/root" \
-H 'X-Vault-Token: {Vault-Token}'
示例响应
获取 iam_credentials 私钥引擎配置的请求将返回以下响应:
{
"request_id": "12f0a38d-93a5-6a9a-1997-79928f15c5ea",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"api_key_hash": "caf9eabec3c6dcc7f91cb6ea295eb97c8e34e70b0cf5942d6351d8746d9cc2da"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
添加到配置
将配置元素添加到私钥引擎。 此方法用于更复杂的引擎,例如 public_cert 和 private_cert 引擎。
您可以为实例添加多个配置:
- 最多 10 个公用认证中心配置
- 最多 10 个 DNS 提供程序配置
- 最多 10 个专用根认证中心配置
- 最多 10 个专用中间认证中心配置
- 最多 10 个证书模板
| 请求参数 | 描述 |
|---|---|
name |
要分配给认证中心配置的人类可读名称。 |
type |
环境类型,例如与 URL 对应的 Let's Encrypt 暂存环境或生产环境,以便订购公共证书。 允许的值为: letsencrypt-stage 和 letsencrypt |
private_key |
与您注册的 ACME 账户相关联的私人密钥。 |
| 请求参数 | 描述 |
|---|---|
name |
要分配给 DNS 提供者配置的人类可读名称。 |
type |
您要使用的 DNS 提供商的名称。 允许值为 cis |
cis_crn |
要使用的 Cloud Internet Services (CIS) 实例的 CRN。 |
cis_apikey |
可访问 CIS 实例和 Secrets Manager 实例的 API 密钥。 或者,您还可以使用 IAM 在两个服务之间创建授权。 |
| 请求参数 | 描述 |
|---|---|
name |
要分配给认证中心配置的人类可读名称。 |
type |
您要创建的证书颁发机构类型。 允许值为 root_certificate_authority, intermediate_certificate_authority。 |
[params..] |
有关参数的完整列表,请参阅 添加配置。 |
| 请求参数 | 描述 |
|---|---|
name |
为证书模板指定的可读名称。 |
type |
要添加的配置类型。 对于证书模板,请使用 certificate_templates。 |
[params..] |
有关参数的完整列表,请参阅 添加配置。 |
示例请求
添加公共认证中心配置。
curl -X PUT "https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/public_cert/config/certificate_authorities" \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d '{
"name": "test-certificate-authority",
"type": "letsencrypt-stage",
"config": {
"private_key": "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANB...(redacted)"
}
}'
添加专用根认证中心配置。
curl -X POST 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/private_cert/config/root_certificate_authorities' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-H '{
"name": "my-configured-root-ca",
"type": "root_certificate_authority",
"config": {
"max_ttl": "43830h",
"common_name": "example.com",
"crl_disable": false,
"crl_distribution_points_encoded": true,
"issuing_certificates_urls_encoded": true
}
}'
添加中间认证中心配置。
curl -X POST 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/private_cert/config/intermediate_certificate_authorities' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-H '{
"name": "my-configured-intermediate-ca",
"type": "intermediate_certificate_authority",
"config": {
"max_ttl": "26300h",
"common_name": "example.com",
"signing_method": "internal|external",
"issuer": "my-configured-root-ca",
"crl_expiry": "72h",
"crl_disable": false,
"crl_distribution_points_encoded": true,
"issuing_certificates_urls_encoded": true
}
}
添加证书模板。
curl -X POST 'https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/private_cert/config/certificate_templates' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-H '{
"name": "my-configured-certificate-template",
"type": "certificate_template",
"config": {
"certificate_authority": "my-configured-intermediate-ca",
"max_ttl": "8760h",
"allow_any_name": true,
"enforce_hostnames": false,
"allowed_uri_sans": [
"https://www.example.com/test"
]
}
}'
示例响应
添加公共认证中心配置的请求将返回以下响应:
{
"request_id": "af1a900d-3cec-7f6d-8878-fa43d1587d90",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"config": {
"private_key": "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANB...(redacted)"
},
"name": "test-certificate-authority",
"type": "letsencrypt-stage"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
添加专用认证中心配置的请求将返回以下响应:
{
"request_id": "0b221b39-1cd8-fa92-62e5-361c5e1b5d92",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"config": {
"common_name": "example.com",
"country": [],
"crl_disable": false,
"crl_distribution_points_encoded": true,
"crl_expiry": 259200,
"data": {
"certificate": "-----BEGIN CERTIFICATE-----\nMIIGZjCCBU6gAwIBAgIUFsqE2...(redacted",
"expiration": 1808862713,
"issuing_ca": "-----BEGIN CERTIFICATE-----\nMIIGZjCCBU6gAwIBAgIUFsqE2...(redacted)",
"serial_number": "16:ca:84:d8:4f:e5:b0:6c:5c:06:db:51:52:58:c1:3e:0b:96:ce:4f"
},
"exclude_cn_from_sans": false,
"expiration_date": "2027-04-27T21:51:53Z",
"format": "pem",
"issuing_certificates_urls_encoded": true,
"key_bits": 2048,
"key_type": "rsa",
"locality": [],
"max_path_length": -1,
"max_ttl": 157788000,
"organization": [],
"other_sans": [],
"ou": [],
"permitted_dns_domains": [],
"postal_code": [],
"private_key_format": "der",
"province": [],
"status": "configured",
"street_address": [],
"ttl": 157788000
},
"name": "my-configured-root-ca",
"type": "root_certificate_authority"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
更新配置
更新充当特定类型私钥的后端的私钥引擎的配置。 您可以更新以下密钥类型的配置: iam_credentials,private_cert 和 public_cert
示例请求
更新 public_cert 密钥引擎的 DNS 提供程序配置。
curl -X PUT 'https://https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/public_cert/config/dns_providers' \
-H 'X-Vault-Token: {Vault-Token}' \
-H 'Content-Type: application/json' \
-d'{
"name": "my-cis-instance",
"type": "cis",
"config": {
"cis_crn": "crn:v1:bluemix:public:internet-svcs:global:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0::",
"cis_apikey": "<API_KEY>"
}
}'
示例响应
为 public_cert 私钥引擎添加 DNS 提供程序配置的请求将返回以下响应:
{
"request_id": "3c891ae8-18d3-f38e-5b98-dc1db2874f16",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"config": {
"cis_apikey": "mGjiCelas...(redacted)",
"cis_crn": "crn:v1:bluemix:public:internet-svcs:global:a/a5ebf2570dcaedf18d7ed78e216c263a:0f4c764e-dc3d-44d1-bd60-a2f7cd91e0c0::"
},
"name": "my-cis-instance",
"type": "cis"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
删除配置
除去充当特定类型私钥的后端的私钥引擎的配置。 您可以删除以下密钥类型的配置: public_cert,private_cert
示例请求
删除公共认证中心配置。
curl -X DELETE 'https://https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/public_cert/config/certificate_authorities/my-lets-encrypt' \
-H 'X-Vault-Token: {Vault-Token}' \
删除 DNS 提供商配置。
curl -X DELETE 'https://https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/public_cert/config/dns_providers/my-cis-instance' \
-H 'X-Vault-Token: {Vault-Token}' \
删除专用认证中心配置。
curl -X DELETE 'https://https://{instance_id}.{region}.secrets-manager.appdomain.cloud/v1/ibmcloud/private_cert/config/root_certificate_authorities/my-root-ca' \
-H 'X-Vault-Token: {Vault-Token}' \
示例响应
成功的请求将返回 HTTP 204 No Content 响应。