openapi: 3.1.0
info:
title: Secret Manager API
description: |-
Scaleway’s Secret Manager allows you to conveniently store, access and share sensitive data such as passwords, API keys and certificates. With Secret Manager you can manage secrets which are logical containers made up of zero or more immutable versions, that hold sensitive data. Your data is encrypted both in transit and at rest and it is automatically replicated to multiple zones within your region of choice.
## Concepts
Refer to our [dedicated concepts page](https://www.scaleway.com/en/docs/identity-and-access-management/secret-manager/concepts/) to find definitions of the different terms referring to Secret Manager.
## Quickstart
1. **Configure your environment variables.**
This is an optional step that seeks to simplify your usage of the API.
```bash
export SCW_ACCESS_KEY=""
export SCW_SECRET_KEY=""
export SCW_PROJECT_ID="
```
2. **Create an opaque secret** in the root (`/`) folder.
```bash
curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets" \
-H "Content-Type: application/json" \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-d '{
"name": "my-secret",
"project_id": "$PROJECT_ID"
}'
```
The `opaque` type is the default secret type. If you want to create another secret type (e.g., for certificates or credentials), specify the `type` field in the request. Refer to our [concepts page](https://www.scaleway.com/en/docs/identity-and-access-management/secret-manager/concepts/) for supported types.
3. **Create a secret version**. Run the following command to create a version and add your secret value:
```bash
curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets//versions" \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-d "{\"your-data\":\"$(echo -n "y0ur-p@sSw0Rd_" | base64)\"}"
```
When creating a secret with data, two separate API calls are required:
`CreateSecret`: This initializes an empty container for your secret.
`CreateSecretVersion`: This associates the data with the secret as a version.
The [Scaleway console](https://console.scaleway.com/) automates these two steps for you, but when using the API, you must perform both calls in sequence.
4. Create a `basic_credentials` secret type in the root (`/`) folder:
```bash
curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets" \
-H "Content-Type: application/json" \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-d '{
"name": "my-secret",
"type": "basic_credentials",
"project_id": "$PROJECT_ID"
}'
```
5. Create a version for your `basic_credentials` secret to store your credentials in your secret version:
```bash
curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets//versions" \
-H "Content-Type: application/json" \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-d '{
"data": "'"$(echo -n "{\"username\": \"my-username\", \"password\": \"my-password\"}" | base64)"'"}'
```
6. **Access data from your latest secret version**. Run the following command to access the data of your most recent secret version:
```bash
curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets//versions/latest/access" \
-H "Content-Type: application/json" \
-H "X-Auth-Token: $SCW_SECRET_KEY"
```
- The command above returns a base64-decoded JSON with your username and password if you have created the `basic_credentials` secret or any data you may have stored in other secrets.
- Requests can either target a specific version or the latest.
- You have your [Organization and your Project ID](https://console.scaleway.com/project/settings)
- You have [created an API key](https://www.scaleway.com/en/docs/iam/how-to/create-api-keys/)
- You have [installed `curl`](https://curl.se/download.html)
- You have created an [API key](https://www.scaleway.com/en/docs/iam/how-to/create-api-keys/) and that the API key has sufficient [IAM permissions](https://www.scaleway.com/en/docs/iam/reference-content/permission-sets/) to perform the actions described on this page
## Technical information
### Regions
Scaleway's infrastructure spans different [regions and Availability Zones](https://www.scaleway.com/en/docs/account/reference-content/products-availability/).
Secret Manager is available in the Paris, Amsterdam and Warsaw regions, which are represented by the following path parameters:
- fr-par
- nl-ams
- pl-waw
## Technical limitations
- Operations on secrets and versions are limited to CRUDL
- A secret's payload size is limited to 64KiB
## Going further
For more information about Secret Manager, you can check out the following pages:
* [Secret Manager Documentation](https://www.scaleway.com/en/docs/identity-and-access-management/secret-manager/)
* [Scaleway Slack Community](https://scaleway-community.slack.com/) join the #secret-manager channel
* [Contact our support team](https://console.scaleway.com/support/tickets).
version: v1beta1
servers:
- url: https://api.scaleway.com
tags:
- name: Secrets
description: Secrets are logical containers made up of zero or more immutable versions,
that contain sensitive data
- name: Secret Versions
description: Versions store the sensitive data contained in your secrets (API keys,
passwords, or certificates)
components:
schemas:
google.protobuf.Int32Value:
type: integer
format: int32
nullable: true
scaleway.secret_manager.v1beta1.AccessSecretVersionResponse:
type: object
properties:
secret_id:
type: string
description: ID of the secret. (UUID format)
example: 6170692e-7363-616c-6577-61792e636f6d
revision:
type: integer
description: |-
Version number.
The first version of the secret is numbered 1, and all subsequent revisions augment by 1.
format: uint32
data:
type: string
description: The base64-encoded secret payload of the version.
data_crc32:
type: integer
description: |-
The CRC32 checksum of the data as a base-10 integer.
This field is only available if a CRC32 was supplied during the creation of the version.
format: uint32
nullable: true
type:
type: string
description: |-
Type of the secret.
See the `Secret.Type` enum for a description of values.
enum:
- unknown_type
- opaque
- certificate
- key_value
- basic_credentials
- database_credentials
- ssh_key
x-enum-descriptions:
values:
opaque: Default type.
certificate: List of concatenated PEM blocks. They can contain certificates,
private keys or any other PEM block types.
key_value: Flat JSON that allows you to set as many first level keys
and scalar types as values (string, numeric, boolean) as you need.
basic_credentials: Flat JSON that allows you to set a username and a
password.
database_credentials: Flat JSON that allows you to set an engine, username,
password, host, database name, and port.
ssh_key: Flat JSON that allows you to set an SSH key.
default: unknown_type
x-properties-order:
- secret_id
- revision
- data
- data_crc32
- type
scaleway.secret_manager.v1beta1.ListSecretVersionsResponse:
type: object
properties:
versions:
type: array
description: Single page of versions.
items:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion'
total_count:
type: integer
description: Number of versions.
format: uint64
x-properties-order:
- versions
- total_count
scaleway.secret_manager.v1beta1.ListSecretsRequest.OrderBy:
type: string
enum:
- name_asc
- name_desc
- created_at_asc
- created_at_desc
- updated_at_asc
- updated_at_desc
default: name_asc
scaleway.secret_manager.v1beta1.ListSecretsResponse:
type: object
properties:
secrets:
type: array
description: Single page of secrets matching the requested criteria.
items:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret'
total_count:
type: integer
description: Count of all secrets matching the requested criteria.
format: uint64
x-properties-order:
- secrets
- total_count
scaleway.secret_manager.v1beta1.Product:
type: string
enum:
- unknown_product
- edge_services
- s2s_vpn
default: unknown_product
scaleway.secret_manager.v1beta1.Secret:
type: object
properties:
id:
type: string
description: ID of the secret. (UUID format)
example: 6170692e-7363-616c-6577-61792e636f6d
project_id:
type: string
description: ID of the Project containing the secret. (UUID format)
example: 6170692e-7363-616c-6577-61792e636f6d
name:
type: string
description: Name of the secret.
status:
type: string
description: |-
Current status of the secret.
* `ready`: the secret can be read, modified and deleted.
* `locked`: no action can be performed on the secret. This status can only be applied and removed by Scaleway.
enum:
- unknown_status
- ready
- locked
default: unknown_status
created_at:
type: string
description: Date and time of the secret's creation. (RFC 3339 format)
format: date-time
example: "2022-03-22T12:34:56.123456Z"
nullable: true
updated_at:
type: string
description: Last update of the secret. (RFC 3339 format)
format: date-time
example: "2022-03-22T12:34:56.123456Z"
nullable: true
tags:
type: array
description: List of the secret's tags.
items:
type: string
version_count:
type: integer
description: Number of versions for this secret.
format: uint32
description:
type: string
description: Updated description of the secret.
nullable: true
managed:
type: boolean
description: Returns `true` for secrets that are managed by another product.
protected:
type: boolean
description: Returns `true` for protected secrets that cannot be deleted.
type:
type: string
description: |-
Type of the secret.
See the `Secret.Type` enum for a description of values.
enum:
- unknown_type
- opaque
- certificate
- key_value
- basic_credentials
- database_credentials
- ssh_key
x-enum-descriptions:
values:
opaque: Default type.
certificate: List of concatenated PEM blocks. They can contain certificates,
private keys or any other PEM block types.
key_value: Flat JSON that allows you to set as many first level keys
and scalar types as values (string, numeric, boolean) as you need.
basic_credentials: Flat JSON that allows you to set a username and a
password.
database_credentials: Flat JSON that allows you to set an engine, username,
password, host, database name, and port.
ssh_key: Flat JSON that allows you to set an SSH key.
default: unknown_type
path:
type: string
description: |-
Path of the secret.
Location of the secret in the directory structure.
ephemeral_policy:
type: object
description: |-
Ephemeral policy of the secret.
(Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
properties:
time_to_live:
type: string
description: Time frame, from one second and up to one year, during
which the secret's versions are valid. (in seconds)
example: 2.5s
nullable: true
expires_once_accessed:
type: boolean
description: Returns `true` if the version expires after a single user
access.
nullable: true
action:
type: string
description: |-
Action to perform when the version of a secret expires.
See the `EphemeralPolicy.Action` enum for a description of values.
enum:
- unknown_action
- delete
- disable
x-enum-descriptions:
values:
delete: The version is deleted once it expires.
disable: The version is disabled once it expires.
default: unknown_action
x-properties-order:
- time_to_live
- expires_once_accessed
- action
used_by:
type: array
description: List of Scaleway resources that can access and manage the secret.
items:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Product'
deletion_requested_at:
type: string
description: Returns the time at which deletion was requested. (RFC 3339
format)
format: date-time
example: "2022-03-22T12:34:56.123456Z"
nullable: true
key_id:
type: string
description: |-
ID of the Scaleway Key Manager key.
(Optional.) The Scaleway Key Manager key ID used to encrypt and decrypt secret versions. (UUID format)
example: 6170692e-7363-616c-6577-61792e636f6d
nullable: true
region:
type: string
description: Region of the secret.
x-properties-order:
- id
- project_id
- name
- status
- created_at
- updated_at
- tags
- version_count
- description
- managed
- protected
- type
- path
- ephemeral_policy
- used_by
- deletion_requested_at
- key_id
- region
scaleway.secret_manager.v1beta1.SecretVersion:
type: object
properties:
revision:
type: integer
description: |-
Version number.
The first version of the secret is numbered 1, and all subsequent revisions augment by 1.
format: uint32
secret_id:
type: string
description: ID of the secret. (UUID format)
example: 6170692e-7363-616c-6577-61792e636f6d
status:
type: string
description: |-
Current status of the version.
* `unknown_status`: the version is in an invalid state.
* `enabled`: the version is accessible.
* `disabled`: the version is not accessible but can be enabled.
* `scheduled_for_deletion`: the version is scheduled for deletion. It will be deleted in 7 days.
* `deleted`: the version is permanently deleted. It is not possible to recover it.
enum:
- unknown_status
- enabled
- disabled
- deleted
- scheduled_for_deletion
default: unknown_status
created_at:
type: string
description: Date and time of the version's creation. (RFC 3339 format)
format: date-time
example: "2022-03-22T12:34:56.123456Z"
nullable: true
updated_at:
type: string
description: Last update of the version. (RFC 3339 format)
format: date-time
example: "2022-03-22T12:34:56.123456Z"
nullable: true
deleted_at:
type: string
description: Date and time of the version's deletion. (RFC 3339 format)
format: date-time
example: "2022-03-22T12:34:56.123456Z"
nullable: true
description:
type: string
description: Description of the version.
nullable: true
latest:
type: boolean
description: Returns `true` if the version is the latest.
ephemeral_properties:
type: object
description: |-
Properties of the ephemeral version.
Returns the version's expiration date, whether it expires after being accessed once, and the action to perform (disable or delete) once the version expires.
properties:
expires_at:
type: string
description: |-
The version's expiration date.
(Optional.) If not specified, the version does not have an expiration date. (RFC 3339 format)
format: date-time
example: "2022-03-22T12:34:56.123456Z"
nullable: true
expires_once_accessed:
type: boolean
description: |-
Returns `true` if the version expires after a single user access.
(Optional.) If not specified, the version can be accessed an unlimited amount of times.
nullable: true
action:
type: string
description: |-
Action to perform when the version of a secret expires.
See `EphemeralPolicy.Action` enum for a description of values.
enum:
- unknown_action
- delete
- disable
x-enum-descriptions:
values:
delete: The version is deleted once it expires.
disable: The version is disabled once it expires.
default: unknown_action
x-properties-order:
- expires_at
- expires_once_accessed
- action
deletion_requested_at:
type: string
description: Returns the time at which deletion was requested. (RFC 3339
format)
format: date-time
example: "2022-03-22T12:34:56.123456Z"
nullable: true
region:
type: string
description: Region of the version.
x-properties-order:
- revision
- secret_id
- status
- created_at
- updated_at
- deleted_at
- description
- latest
- ephemeral_properties
- deletion_requested_at
- region
scaleway.secret_manager.v1beta1.SecretVersion.Status:
type: string
enum:
- unknown_status
- enabled
- disabled
- deleted
- scheduled_for_deletion
default: unknown_status
securitySchemes:
scaleway:
in: header
name: X-Auth-Token
type: apiKey
paths:
/secret-manager/v1beta1/regions/{region}/secrets:
get:
tags:
- Secrets
operationId: ListSecrets
summary: List secrets
description: Retrieve the list of secrets created within an Organization and/or
Project. You must specify either the `organization_id` or the `project_id`
and the `region`.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: query
name: organization_id
description: Filter by Organization ID (optional). (UUID format)
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
- in: query
name: project_id
description: Filter by Project ID (optional). (UUID format)
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
- in: query
name: order_by
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.ListSecretsRequest.OrderBy'
- in: query
name: page
schema:
$ref: '#/components/schemas/google.protobuf.Int32Value'
- in: query
name: page_size
schema:
type: integer
format: uint32
- in: query
name: tags
description: List of tags to filter on (optional).
schema:
type: array
items:
type: string
- in: query
name: name
description: Filter by secret name (optional).
schema:
type: string
- in: query
name: path
description: Filter by exact path (optional).
schema:
type: string
- in: query
name: ephemeral
description: Filter by ephemeral / not ephemeral (optional).
schema:
type: boolean
- in: query
name: type
description: Filter by secret type (optional).
schema:
type: string
enum:
- unknown_type
- opaque
- certificate
- key_value
- basic_credentials
- database_credentials
- ssh_key
x-enum-descriptions:
values:
opaque: Default type.
certificate: List of concatenated PEM blocks. They can contain certificates,
private keys or any other PEM block types.
key_value: Flat JSON that allows you to set as many first level keys
and scalar types as values (string, numeric, boolean) as you need.
basic_credentials: Flat JSON that allows you to set a username and a
password.
database_credentials: Flat JSON that allows you to set an engine, username,
password, host, database name, and port.
ssh_key: Flat JSON that allows you to set an SSH key.
default: unknown_type
- in: query
name: scheduled_for_deletion
description: Filter by whether the secret was scheduled for deletion / not
scheduled for deletion. By default, it will display only not scheduled for
deletion secrets.
required: true
schema:
type: boolean
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.ListSecretsResponse'
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X GET \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets?scheduled_for_deletion=false"
- lang: HTTPie
source: |-
http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets" \
X-Auth-Token:$SCW_SECRET_KEY \
scheduled_for_deletion==false
post:
tags:
- Secrets
operationId: CreateSecret
summary: Create a secret
description: Create a secret in a given region specified by the `region` parameter.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
project_id:
type: string
description: ID of the Project containing the secret. (UUID format)
example: 6170692e-7363-616c-6577-61792e636f6d
name:
type: string
description: Name of the secret.
tags:
type: array
description: List of the secret's tags.
items:
type: string
description:
type: string
description: Description of the secret.
nullable: true
type:
type: string
description: |-
Type of the secret.
(Optional.) See the `Secret.Type` enum for a description of values. If not specified, the type is `Opaque`.
enum:
- unknown_type
- opaque
- certificate
- key_value
- basic_credentials
- database_credentials
- ssh_key
x-enum-descriptions:
values:
opaque: Default type.
certificate: List of concatenated PEM blocks. They can contain
certificates, private keys or any other PEM block types.
key_value: Flat JSON that allows you to set as many first level
keys and scalar types as values (string, numeric, boolean)
as you need.
basic_credentials: Flat JSON that allows you to set a username
and a password.
database_credentials: Flat JSON that allows you to set an engine,
username, password, host, database name, and port.
ssh_key: Flat JSON that allows you to set an SSH key.
default: unknown_type
path:
type: string
description: |-
Path of the secret.
(Optional.) Location of the secret in the directory structure. If not specified, the path is `/`.
nullable: true
ephemeral_policy:
type: object
description: |-
Ephemeral policy of the secret.
(Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
properties:
time_to_live:
type: string
description: Time frame, from one second and up to one year,
during which the secret's versions are valid. (in seconds)
example: 2.5s
nullable: true
expires_once_accessed:
type: boolean
description: Returns `true` if the version expires after a single
user access.
nullable: true
action:
type: string
description: |-
Action to perform when the version of a secret expires.
See the `EphemeralPolicy.Action` enum for a description of values.
enum:
- unknown_action
- delete
- disable
x-enum-descriptions:
values:
delete: The version is deleted once it expires.
disable: The version is disabled once it expires.
default: unknown_action
x-properties-order:
- time_to_live
- expires_once_accessed
- action
protected:
type: boolean
description: |-
Returns `true` if secret protection is applied to a given secret.
A protected secret cannot be deleted.
key_id:
type: string
description: |-
ID of the Scaleway Key Manager key.
(Optional.) The Scaleway Key Manager key ID will be used to encrypt and decrypt secret versions. If not specified, Secret Manager will use a Key Manager internal key. (UUID format)
example: 6170692e-7363-616c-6577-61792e636f6d
nullable: true
x-properties-order:
- project_id
- name
- tags
- description
- type
- path
- ephemeral_policy
- protected
- key_id
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "string",
"project_id": "6170692e-7363-616c-6577-61792e636f6d",
"protected": false
}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets"
- lang: HTTPie
source: |-
http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets" \
X-Auth-Token:$SCW_SECRET_KEY \
name="string" \
project_id="6170692e-7363-616c-6577-61792e636f6d" \
protected:=false
/secret-manager/v1beta1/regions/{region}/secrets-by-path/versions/{revision}/access:
get:
tags:
- Secret Versions
operationId: AccessSecretVersionByPath
summary: Access a secret's version using the secret's name and path
description: Access sensitive data in a secret's version specified by the `region`,
`secret_name`, `secret_path` and `revision` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: revision
description: |-
Version number.
The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either:
- an integer (the revision number)
- "latest" (the latest revision)
- "latest_enabled" (the latest enabled revision).
required: true
schema:
type: string
- in: query
name: secret_path
description: Secret's path.
required: true
schema:
type: string
- in: query
name: secret_name
description: Secret's name.
required: true
schema:
type: string
- in: query
name: project_id
description: ID of the Project to target. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.AccessSecretVersionResponse'
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X GET \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets-by-path/versions/{revision}/access?project_id=6170692e-7363-616c-6577-61792e636f6d&secret_name=string&secret_path=string"
- lang: HTTPie
source: |-
http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets-by-path/versions/{revision}/access" \
X-Auth-Token:$SCW_SECRET_KEY \
project_id==6170692e-7363-616c-6577-61792e636f6d \
secret_name==string \
secret_path==string
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}:
get:
tags:
- Secrets
operationId: GetSecret
summary: Get metadata using the secret's ID
description: Retrieve the metadata of a secret specified by the `region` and
`secret_id` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret'
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X GET \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}"
- lang: HTTPie
source: |-
http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}" \
X-Auth-Token:$SCW_SECRET_KEY
patch:
tags:
- Secrets
operationId: UpdateSecret
summary: Update metadata of a secret
description: Edit a secret's metadata such as name, tag(s), description and
ephemeral policy. The secret to update is specified by the `secret_id` and
`region` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Secret's updated name (optional).
nullable: true
tags:
type: array
description: Secret's updated list of tags (optional).
nullable: true
items:
type: string
description:
type: string
description: Description of the secret.
nullable: true
path:
type: string
description: |-
Path of the folder.
(Optional.) Location of the folder in the directory structure. If not specified, the path is `/`.
nullable: true
ephemeral_policy:
type: object
description: |-
Ephemeral policy of the secret.
(Optional.) Policy that defines whether/when a secret's versions expire.
properties:
time_to_live:
type: string
description: Time frame, from one second and up to one year,
during which the secret's versions are valid. (in seconds)
example: 2.5s
nullable: true
expires_once_accessed:
type: boolean
description: Returns `true` if the version expires after a single
user access.
nullable: true
action:
type: string
description: |-
Action to perform when the version of a secret expires.
See the `EphemeralPolicy.Action` enum for a description of values.
enum:
- unknown_action
- delete
- disable
x-enum-descriptions:
values:
delete: The version is deleted once it expires.
disable: The version is disabled once it expires.
default: unknown_action
x-properties-order:
- time_to_live
- expires_once_accessed
- action
x-properties-order:
- name
- tags
- description
- path
- ephemeral_policy
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X PATCH \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}"
- lang: HTTPie
source: |-
http PATCH "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}" \
X-Auth-Token:$SCW_SECRET_KEY
delete:
tags:
- Secrets
operationId: DeleteSecret
summary: Delete a secret
description: Delete a given secret specified by the `region` and `secret_id`
parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
responses:
"204":
description: ""
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X DELETE \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}"
- lang: HTTPie
source: |-
http DELETE "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}" \
X-Auth-Token:$SCW_SECRET_KEY
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/add-owner:
post:
tags:
- Secrets
operationId: AddSecretOwner
summary: Allow a product to use the secret
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
responses:
"204":
description: ""
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
product:
type: string
description: |-
ID of the product to add.
See `Product` enum for description of values.
enum:
- unknown_product
- edge_services
- s2s_vpn
default: unknown_product
x-properties-order:
- product
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/add-owner"
- lang: HTTPie
source: |-
http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/add-owner" \
X-Auth-Token:$SCW_SECRET_KEY
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/protect:
post:
tags:
- Secrets
operationId: ProtectSecret
summary: Enable secret protection
description: Enable secret protection for a given secret specified by the `secret_id`
parameter. Enabling secret protection means that your secret can be read and
modified, but it cannot be deleted.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret to enable secret protection for. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret'
requestBody:
required: true
content:
application/json:
schema:
type: object
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/protect"
- lang: HTTPie
source: |-
http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/protect" \
X-Auth-Token:$SCW_SECRET_KEY
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/restore:
post:
tags:
- Secrets
operationId: RestoreSecret
summary: Restore a secret
description: Restore a secret and all its versions scheduled for deletion specified
by the `region` and `secret_id` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret'
requestBody:
required: true
content:
application/json:
schema:
type: object
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/restore"
- lang: HTTPie
source: |-
http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/restore" \
X-Auth-Token:$SCW_SECRET_KEY
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/unprotect:
post:
tags:
- Secrets
operationId: UnprotectSecret
summary: Disable secret protection
description: Disable secret protection for a given secret specified by the `secret_id`
parameter. Disabling secret protection means that your secret can be read,
modified and deleted.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret to disable secret protection for. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret'
requestBody:
required: true
content:
application/json:
schema:
type: object
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/unprotect"
- lang: HTTPie
source: |-
http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/unprotect" \
X-Auth-Token:$SCW_SECRET_KEY
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions:
get:
tags:
- Secret Versions
operationId: ListSecretVersions
summary: List versions of a secret using the secret's ID
description: Retrieve the list of a given secret's versions specified by the
`secret_id` and `region` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
- in: query
name: page
schema:
$ref: '#/components/schemas/google.protobuf.Int32Value'
- in: query
name: page_size
schema:
type: integer
format: uint32
- in: query
name: status
description: Filter results by status.
schema:
type: array
items:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion.Status'
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.ListSecretVersionsResponse'
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X GET \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions"
- lang: HTTPie
source: |-
http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions" \
X-Auth-Token:$SCW_SECRET_KEY
post:
tags:
- Secret Versions
operationId: CreateSecretVersion
summary: Create a version
description: Create a version of a given secret specified by the `region` and
`secret_id` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
data:
type: string
description: The base64-encoded secret payload of the version.
description:
type: string
description: Description of the version.
nullable: true
disable_previous:
type: boolean
description: |-
Disable the previous secret version.
(Optional.) If there is no previous version or if the previous version was already disabled, does nothing.
nullable: true
data_crc32:
type: integer
description: |-
(Optional.) The CRC32 checksum of the data as a base-10 integer.
If specified, Secret Manager will verify the integrity of the data received against the given CRC32 checksum. An error is returned if the CRC32 does not match. If, however, the CRC32 matches, it will be stored and returned along with the SecretVersion on future access requests.
format: uint32
nullable: true
x-properties-order:
- data
- description
- disable_previous
- data_crc32
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{"data":"string"}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions"
- lang: HTTPie
source: |-
http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions" \
X-Auth-Token:$SCW_SECRET_KEY \
data="string"
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}:
get:
tags:
- Secret Versions
operationId: GetSecretVersion
summary: Get metadata of a secret's version using the secret's ID
description: Retrieve the metadata of a secret's given version specified by
the `region`, `secret_id` and `revision` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
- in: path
name: revision
description: |-
Version number.
The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either:
- a number (the revision number)
- "latest" (the latest revision)
- "latest_enabled" (the latest enabled revision).
required: true
schema:
type: string
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion'
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X GET \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}"
- lang: HTTPie
source: |-
http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}" \
X-Auth-Token:$SCW_SECRET_KEY
patch:
tags:
- Secret Versions
operationId: UpdateSecretVersion
summary: Update metadata of a version
description: Edit the metadata of a secret's given version, specified by the
`region`, `secret_id` and `revision` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
- in: path
name: revision
description: |-
Version number.
The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either:
- a number (the revision number)
- "latest" (the latest revision)
- "latest_enabled" (the latest enabled revision).
required: true
schema:
type: string
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
description:
type: string
description: Description of the version.
nullable: true
ephemeral_properties:
type: object
description: |-
Ephemeral properties of the version.
(Optional.) Properties that defines the version's expiration date, whether it expires after being accessed once, and the action to perform (disable or delete) once the version expires.
properties:
expires_at:
type: string
description: |-
The version's expiration date.
(Optional.) If not specified, the version does not have an expiration date. (RFC 3339 format)
format: date-time
example: "2022-03-22T12:34:56.123456Z"
nullable: true
expires_once_accessed:
type: boolean
description: |-
Returns `true` if the version expires after a single user access.
(Optional.) If not specified, the version can be accessed an unlimited amount of times.
nullable: true
action:
type: string
description: |-
Action to perform when the version of a secret expires.
See `EphemeralPolicy.Action` enum for a description of values.
enum:
- unknown_action
- delete
- disable
x-enum-descriptions:
values:
delete: The version is deleted once it expires.
disable: The version is disabled once it expires.
default: unknown_action
x-properties-order:
- expires_at
- expires_once_accessed
- action
x-properties-order:
- description
- ephemeral_properties
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X PATCH \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}"
- lang: HTTPie
source: |-
http PATCH "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}" \
X-Auth-Token:$SCW_SECRET_KEY
delete:
tags:
- Secret Versions
operationId: DeleteSecretVersion
summary: Delete a version
description: Delete a secret's version and the sensitive data contained in it.
Deleting a version is permanent and cannot be undone.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
- in: path
name: revision
description: |-
Version number.
The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either:
- a number (the revision number)
- "latest" (the latest revision)
- "latest_enabled" (the latest enabled revision).
required: true
schema:
type: string
responses:
"204":
description: ""
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X DELETE \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}"
- lang: HTTPie
source: |-
http DELETE "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}" \
X-Auth-Token:$SCW_SECRET_KEY
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/access:
get:
tags:
- Secret Versions
operationId: AccessSecretVersion
summary: Access a secret's version using the secret's ID
description: Access sensitive data in a secret's version specified by the `region`,
`secret_id` and `revision` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
- in: path
name: revision
description: |-
Version number.
The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either:
- a number (the revision number)
- "latest" (the latest revision)
- "latest_enabled" (the latest enabled revision).
required: true
schema:
type: string
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.AccessSecretVersionResponse'
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X GET \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/access"
- lang: HTTPie
source: |-
http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/access" \
X-Auth-Token:$SCW_SECRET_KEY
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/disable:
post:
tags:
- Secret Versions
operationId: DisableSecretVersion
summary: Disable a version
description: Make a specific version inaccessible. You must specify the `region`,
`secret_id` and `revision` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
- in: path
name: revision
description: |-
Version number.
The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either:
- a number (the revision number)
- "latest" (the latest revision)
- "latest_enabled" (the latest enabled revision).
required: true
schema:
type: string
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion'
requestBody:
required: true
content:
application/json:
schema:
type: object
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/disable"
- lang: HTTPie
source: |-
http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/disable" \
X-Auth-Token:$SCW_SECRET_KEY
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/enable:
post:
tags:
- Secret Versions
operationId: EnableSecretVersion
summary: Enable a version
description: Make a specific version accessible. You must specify the `region`,
`secret_id` and `revision` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: ID of the secret. (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
- in: path
name: revision
description: |-
Version number.
The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either:
- a number (the revision number)
- "latest" (the latest revision)
- "latest_enabled" (the latest enabled revision).
required: true
schema:
type: string
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion'
requestBody:
required: true
content:
application/json:
schema:
type: object
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/enable"
- lang: HTTPie
source: |-
http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/enable" \
X-Auth-Token:$SCW_SECRET_KEY
/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/restore:
post:
tags:
- Secrets
operationId: RestoreSecretVersion
summary: Restore a version
description: Restore a secret's version specified by the `region`, `secret_id`
and `revision` parameters.
parameters:
- in: path
name: region
description: The region you want to target
required: true
schema:
type: string
enum:
- fr-par
- nl-ams
- pl-waw
- in: path
name: secret_id
description: (UUID format)
required: true
schema:
type: string
example: 6170692e-7363-616c-6577-61792e636f6d
- in: path
name: revision
required: true
schema:
type: string
responses:
"200":
description: ""
content:
application/json:
schema:
$ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion'
requestBody:
required: true
content:
application/json:
schema:
type: object
security:
- scaleway: []
x-codeSamples:
- lang: cURL
source: |-
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{}' \
"https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/restore"
- lang: HTTPie
source: |-
http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/restore" \
X-Auth-Token:$SCW_SECRET_KEY