Contact UsGet started

Lockbox API, REST: Secret.Get

Written by
Updated at December 17, 2024

Returns the specified secret.

To get the list of all available secrets, make a List request.
Use PayloadService.Get to get the payload (confidential data themselves) of the secret.

HTTP request

GET https://lockbox.api.cloud.yandex.net/lockbox/v1/secrets/{secretId}

Path parameters

Field

Description

secretId

string

Required field. ID of the secret to return.

To get a secret ID make a List request.

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "folderId": "string",
  "createdAt": "string",
  "name": "string",
  "description": "string",
  "labels": "object",
  "kmsKeyId": "string",
  "status": "string",
  "currentVersion": {
    "id": "string",
    "secretId": "string",
    "createdAt": "string",
    "destroyAt": "string",
    "description": "string",
    "status": "string",
    "payloadEntryKeys": [
      "string"
    ],
    // Includes only one of the fields `passwordPayloadSpecification`
    "passwordPayloadSpecification": {
      "passwordKey": "string",
      "length": "string",
      "includeUppercase": "boolean",
      "includeLowercase": "boolean",
      "includeDigits": "boolean",
      "includePunctuation": "boolean",
      "includedPunctuation": "string",
      "excludedPunctuation": "string"
    }
    // end of the list of possible fields
  },
  "deletionProtection": "boolean",
  // Includes only one of the fields `passwordPayloadSpecification`
  "passwordPayloadSpecification": {
    "passwordKey": "string",
    "length": "string",
    "includeUppercase": "boolean",
    "includeLowercase": "boolean",
    "includeDigits": "boolean",
    "includePunctuation": "boolean",
    "includedPunctuation": "string",
    "excludedPunctuation": "string"
  }
  // end of the list of possible fields
}

A secret that may contain several versions of the payload.

Field

Description

id

string

ID of the secret.

folderId

string

ID of the folder that the secret belongs to.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

name

string

Name of the secret.

description

string

Description of the secret.

labels

object (map<string, string>)

Custom labels for the secret as key:value pairs. Maximum 64 per key.

kmsKeyId

string

Optional ID of the KMS key will be used to encrypt and decrypt the secret.

status

enum (Status)

Status of the secret.

  • STATUS_UNSPECIFIED

  • CREATING: The secret is being created.

  • ACTIVE: The secret is active and the secret payload can be accessed.

    Can be set to INACTIVE using the SecretService.Deactivate method.

  • INACTIVE: The secret is inactive and unusable.

    Can be set to ACTIVE using the SecretService.Deactivate method.

currentVersion

Version

Current (i.e. the latest) version of the secret.

deletionProtection

boolean

Flag that inhibits deletion of the secret.

passwordPayloadSpecification

PasswordPayloadSpecification

Includes only one of the fields passwordPayloadSpecification.

Version

Field

Description

id

string

ID of the version.

secretId

string

ID of the secret that the version belongs to.

createdAt

string (date-time)

Time when the version was created.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

destroyAt

string (date-time)

Time when the version is going to be destroyed. Empty unless the status
is SCHEDULED_FOR_DESTRUCTION.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

description

string

Description of the version.

status

enum (Status)

Status of the secret.

  • STATUS_UNSPECIFIED
  • ACTIVE: The version is active and the secret payload can be accessed.
  • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed
    is specified in the Version.destroyAt field.
  • DESTROYED: The version is destroyed and cannot be recovered.

payloadEntryKeys[]

string

Keys of the entries contained in the version payload.

passwordPayloadSpecification

PasswordPayloadSpecification

Includes only one of the fields passwordPayloadSpecification.

PasswordPayloadSpecification

Field

Description

passwordKey

string

Required field. key of the entry to store generated password value

length

string (int64)

password length; by default, a reasonable length will be decided

includeUppercase

boolean

whether at least one A..Z character is included in the password, true by default

includeLowercase

boolean

whether at least one a..z character is included in the password, true by default

includeDigits

boolean

whether at least one 0..9 character is included in the password, true by default

includePunctuation

boolean

whether at least one punctuation character is included in the password, true by default
punctuation characters by default (there are 32): !"#$%&'()*+,-./:;<=>?@[]^_`{|}~
to customize the punctuation characters, see included_punctuation and excluded_punctuation below

includedPunctuation

string

If include_punctuation is true, one of these two fields (not both) may be used optionally to customize the punctuation:
a string of specific punctuation characters to use (at most, all the 32)

excludedPunctuation

string

a string of punctuation characters to exclude from the default (at most 31, it's not allowed to exclude all the 32)
Previous
Overview
Next
List