Lockbox API, REST: Secret.Get
Returns the specified secret.
To get the list of all available secrets, make a List request.
Use PayloadService.Get to get the payload (confidential data themselves) of the secret.
HTTP request
GET https://lockbox.api.cloud.yandex.net/lockbox/v1/secrets/{secretId}
Path parameters
Field |
Description |
secretId |
string Required field. ID of the secret to return. To get a secret ID make a List request. |
Response
HTTP Code: 200 - OK
{
"id": "string",
"folderId": "string",
"createdAt": "string",
"name": "string",
"description": "string",
"labels": "string",
"kmsKeyId": "string",
"status": "string",
"currentVersion": {
"id": "string",
"secretId": "string",
"createdAt": "string",
"destroyAt": "string",
"description": "string",
"status": "string",
"payloadEntryKeys": [
"string"
],
// Includes only one of the fields `passwordPayloadSpecification`
"passwordPayloadSpecification": {
"passwordKey": "string",
"length": "string",
"includeUppercase": "boolean",
"includeLowercase": "boolean",
"includeDigits": "boolean",
"includePunctuation": "boolean",
"includedPunctuation": "string",
"excludedPunctuation": "string"
}
// end of the list of possible fields
},
"deletionProtection": "boolean",
// Includes only one of the fields `passwordPayloadSpecification`
"passwordPayloadSpecification": {
"passwordKey": "string",
"length": "string",
"includeUppercase": "boolean",
"includeLowercase": "boolean",
"includeDigits": "boolean",
"includePunctuation": "boolean",
"includedPunctuation": "string",
"excludedPunctuation": "string"
}
// end of the list of possible fields
}
A secret that may contain several versions of the payload.
Field |
Description |
id |
string ID of the secret. |
folderId |
string ID of the folder that the secret belongs to. |
createdAt |
string (date-time) Creation timestamp. String in RFC3339 To work with values in this field, use the APIs described in the |
name |
string Name of the secret. |
description |
string Description of the secret. |
labels |
string Custom labels for the secret as |
kmsKeyId |
string Optional ID of the KMS key will be used to encrypt and decrypt the secret. |
status |
enum (Status) Status of the secret.
|
currentVersion |
Current (i.e. the |
deletionProtection |
boolean Flag that inhibits deletion of the secret. |
passwordPayloadSpecification |
Includes only one of the fields |
Version
Field |
Description |
id |
string ID of the version. |
secretId |
string ID of the secret that the version belongs to. |
createdAt |
string (date-time) Time when the version was created. String in RFC3339 To work with values in this field, use the APIs described in the |
destroyAt |
string (date-time) Time when the version is going to be destroyed. Empty unless the status String in RFC3339 To work with values in this field, use the APIs described in the |
description |
string Description of the version. |
status |
enum (Status) Status of the secret.
|
payloadEntryKeys[] |
string Keys of the entries contained in the version payload. |
passwordPayloadSpecification |
Includes only one of the fields |
PasswordPayloadSpecification
Field |
Description |
passwordKey |
string Required field. key of the entry to store generated password value |
length |
string (int64) password length; by default, a reasonable length will be decided |
includeUppercase |
boolean whether at least one A..Z character is included in the password, true by default |
includeLowercase |
boolean whether at least one a..z character is included in the password, true by default |
includeDigits |
boolean whether at least one 0..9 character is included in the password, true by default |
includePunctuation |
boolean whether at least one punctuation character is included in the password, true by default |
includedPunctuation |
string If include_punctuation is true, one of these two fields (not both) may be used optionally to customize the punctuation: |
excludedPunctuation |
string a string of punctuation characters to exclude from the default (at most 31, it's not allowed to exclude all the 32) |