Lockbox API, REST: Secret.List

Written by

Updated at December 17, 2024

HTTP request
Query parameters
Response
Secret
Version
PasswordPayloadSpecification

Retrieves the list of secrets in the specified folder.

HTTP request

GET https://lockbox.api.cloud.yandex.net/lockbox/v1/secrets

Query parameters

Field	Description
folderId	string Required field. ID of the folder to list secrets in.
pageSize	string (int64) The maximum number of results per page to return. If the number of available results is larger than `page_size`, the service returns a [ListSecretsRequest.next_page_token] that can be used to get the next page of results in subsequent list requests. Default value: 100.
pageToken	string Page token. To get the next page of results, set `page_token` to the [ListSecretsRequest.next_page_token] returned by a previous list request.

Response

HTTP Code: 200 - OK

{
  "secrets": [
    {
      "id": "string",
      "folderId": "string",
      "createdAt": "string",
      "name": "string",
      "description": "string",
      "labels": "object",
      "kmsKeyId": "string",
      "status": "string",
      "currentVersion": {
        "id": "string",
        "secretId": "string",
        "createdAt": "string",
        "destroyAt": "string",
        "description": "string",
        "status": "string",
        "payloadEntryKeys": [
          "string"
        ],
        // Includes only one of the fields `passwordPayloadSpecification`
        "passwordPayloadSpecification": {
          "passwordKey": "string",
          "length": "string",
          "includeUppercase": "boolean",
          "includeLowercase": "boolean",
          "includeDigits": "boolean",
          "includePunctuation": "boolean",
          "includedPunctuation": "string",
          "excludedPunctuation": "string"
        }
        // end of the list of possible fields
      },
      "deletionProtection": "boolean",
      // Includes only one of the fields `passwordPayloadSpecification`
      "passwordPayloadSpecification": {
        "passwordKey": "string",
        "length": "string",
        "includeUppercase": "boolean",
        "includeLowercase": "boolean",
        "includeDigits": "boolean",
        "includePunctuation": "boolean",
        "includedPunctuation": "string",
        "excludedPunctuation": "string"
      }
      // end of the list of possible fields
    }
  ],
  "nextPageToken": "string"
}

Field

Description

secrets[]

Secret

List of secrets in the specified folder.

nextPageToken

string

This token allows you to get the next page of results for list requests. If the number
of results is greater than the specified ListSecretsRequest.pageSize, use
the next_page_token as the value for the ListSecretsRequest.pageToken query parameter
in the next list request. Each subsequent list request will have its own
next_page_token to continue paging through the results.

Secret

A secret that may contain several versions of the payload.

Field	Description
id	string ID of the secret.
folderId	string ID of the folder that the secret belongs to.
createdAt	string (date-time) Creation timestamp. String in RFC3339 text format. The range of possible values is from `0001-01-01T00:00:00Z` to `9999-12-31T23:59:59.999999999Z`, i.e. from 0 to 9 digits for fractions of a second. To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
name	string Name of the secret.
description	string Description of the secret.
labels	object (map<string, string>) Custom labels for the secret as `key:value` pairs. Maximum 64 per key.
kmsKeyId	string Optional ID of the KMS key will be used to encrypt and decrypt the secret.
status	enum (Status) Status of the secret. `STATUS_UNSPECIFIED` `CREATING`: The secret is being created. `ACTIVE`: The secret is active and the secret payload can be accessed. Can be set to INACTIVE using the SecretService.Deactivate method. `INACTIVE`: The secret is inactive and unusable. Can be set to ACTIVE using the SecretService.Deactivate method.
currentVersion	Version Current (i.e. the `latest`) version of the secret.
deletionProtection	boolean Flag that inhibits deletion of the secret.
passwordPayloadSpecification	PasswordPayloadSpecification Includes only one of the fields `passwordPayloadSpecification`.

Version

Field	Description
id	string ID of the version.
secretId	string ID of the secret that the version belongs to.
createdAt	string (date-time) Time when the version was created. String in RFC3339 text format. The range of possible values is from `0001-01-01T00:00:00Z` to `9999-12-31T23:59:59.999999999Z`, i.e. from 0 to 9 digits for fractions of a second. To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
destroyAt	string (date-time) Time when the version is going to be destroyed. Empty unless the status is `SCHEDULED_FOR_DESTRUCTION`. String in RFC3339 text format. The range of possible values is from `0001-01-01T00:00:00Z` to `9999-12-31T23:59:59.999999999Z`, i.e. from 0 to 9 digits for fractions of a second. To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
description	string Description of the version.
status	enum (Status) Status of the secret. `STATUS_UNSPECIFIED` `ACTIVE`: The version is active and the secret payload can be accessed. `SCHEDULED_FOR_DESTRUCTION`: The version is scheduled for destruction, the time when it will be destroyed is specified in the `Version.destroyAt` field. `DESTROYED`: The version is destroyed and cannot be recovered.
payloadEntryKeys[]	string Keys of the entries contained in the version payload.
passwordPayloadSpecification	PasswordPayloadSpecification Includes only one of the fields `passwordPayloadSpecification`.

PasswordPayloadSpecification

Field	Description
passwordKey	string Required field. key of the entry to store generated password value
length	string (int64) password length; by default, a reasonable length will be decided
includeUppercase	boolean whether at least one A..Z character is included in the password, true by default
includeLowercase	boolean whether at least one a..z character is included in the password, true by default
includeDigits	boolean whether at least one 0..9 character is included in the password, true by default
includePunctuation	boolean whether at least one punctuation character is included in the password, true by default punctuation characters by default (there are 32): !"#$%&'()*+,-./:;<=>?@[]^_`{\|}~ to customize the punctuation characters, see included_punctuation and excluded_punctuation below
includedPunctuation	string If include_punctuation is true, one of these two fields (not both) may be used optionally to customize the punctuation: a string of specific punctuation characters to use (at most, all the 32)
excludedPunctuation	string a string of punctuation characters to exclude from the default (at most 31, it's not allowed to exclude all the 32)

Lockbox API, REST: Secret.List

HTTP requestHTTP request

Query parametersQuery parameters

ResponseResponse

SecretSecret

VersionVersion

PasswordPayloadSpecificationPasswordPayloadSpecification