Secret Manager API

Download schema

Scaleway’s Secret Manager allows you to conveniently store, access and share sensitive data such as passwords, API keys and certificates. With Secret Manager you can manage secrets which are logical containers made up of zero or more immutable versions, that hold sensitive data. Your data is encrypted both in transit and at rest and it is automatically replicated to multiple zones within your region of choice.

Concepts

Refer to our dedicated concepts pageOpen in new context to find definitions of the different terms referring to Secret Manager.

Quickstart

Configure your environment variables.

Note

This is an optional step that seeks to simplify your usage of the API.

Code
export SCW_ACCESS_KEY="<API access key>"
export SCW_SECRET_KEY="<API secret key>"
export SCW_PROJECT_ID="<Scaleway Project ID>

Create an opaque secret in the root (/) folder.
```
Code
curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets" \
  -H "Content-Type: application/json" \
  -H "X-Auth-Token: $SCW_SECRET_KEY" \
  -d '{
    "name": "my-secret",
    "project_id": "$PROJECT_ID"
  }'
```
Note
The opaque type is the default secret type. If you want to create another secret type (e.g., for certificates or credentials), specify the type field in the request. Refer to our concepts pageOpen in new context for supported types.

Create a secret version. Run the following command to create a version and add your secret value:

Code
curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets/<SECRET_ID>/versions" \
  -H "X-Auth-Token: $SCW_SECRET_KEY" \
  -d "{\"your-data\":\"$(echo -n "y0ur-p@sSw0Rd_" | base64)\"}"

Note

When creating a secret with data, two separate API calls are required:

Create a basic_credentials secret type in the root (/) folder:

Code
curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets" \
  -H "Content-Type: application/json" \
  -H "X-Auth-Token: $SCW_SECRET_KEY" \
  -d '{
    "name": "my-secret",
    "type": "basic_credentials",
    "project_id": "$PROJECT_ID"
  }'

Create a version for your basic_credentials secret to store your credentials in your secret version:

Code
curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets/<SECRET_ID>/versions" \
  -H "Content-Type: application/json" \
  -H "X-Auth-Token: $SCW_SECRET_KEY" \
  -d '{
   "data": "'"$(echo -n "{\"username\": \"my-username\", \"password\": \"my-password\"}" | base64)"'"}'

Access data from your latest secret version. Run the following command to access the data of your most recent secret version:
```
Code
curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets/<SECRET_ID>/versions/latest/access" \
  -H "Content-Type: application/json" \
  -H "X-Auth-Token: $SCW_SECRET_KEY"
```
Note
- The command above returns a base64-decoded JSON with your username and password if you have created the basic_credentials secret or any data you may have stored in other secrets.
  
  Requests can either target a specific version or the latest.

Requirement

You have your Organization and your Project IDOpen in new context
You have created an API keyOpen in new context
You have installed curlOpen in new context
You have created an API keyOpen in new context and that the API key has sufficient IAM permissionsOpen in new context to perform the actions described on this page

Technical information

Regions

Scaleway's infrastructure spans different regions and Availability ZonesOpen in new context.

Secret Manager is available in the Paris, Amsterdam and Warsaw regions, which are represented by the following path parameters:

fr-par
nl-ams
pl-waw

Technical limitations

Operations on secrets and versions are limited to CRUDL
A secret's payload size is limited to 64KiB

Going further

For more information about Secret Manager, you can check out the following pages:

Secret Manager DocumentationOpen in new context
Scaleway Slack CommunityOpen in new context join the #secret-manager channel
Contact our support teamOpen in new context.