openapi: 3.1.0 info: title: Secret Manager API description: |- Scaleway’s Secret Manager allows you to conveniently store, access and share sensitive data such as passwords, API keys and certificates. With Secret Manager you can manage secrets which are logical containers made up of zero or more immutable versions, that hold sensitive data. Your data is encrypted both in transit and at rest and it is automatically replicated to multiple zones within your region of choice. ## Concepts Refer to our [dedicated concepts page](https://www.scaleway.com/en/docs/identity-and-access-management/secret-manager/concepts/) to find definitions of the different terms referring to Secret Manager. ## Quickstart 1. **Configure your environment variables.** This is an optional step that seeks to simplify your usage of the API. ```bash export SCW_ACCESS_KEY="" export SCW_SECRET_KEY="" export SCW_PROJECT_ID=" ``` 2. **Create an opaque secret** in the root (`/`) folder. ```bash curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets" \ -H "Content-Type: application/json" \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -d '{ "name": "my-secret", "project_id": "$PROJECT_ID" }' ``` The `opaque` type is the default secret type. If you want to create another secret type (e.g., for certificates or credentials), specify the `type` field in the request. Refer to our [concepts page](https://www.scaleway.com/en/docs/identity-and-access-management/secret-manager/concepts/) for supported types. 3. **Create a secret version**. Run the following command to create a version and add your secret value: ```bash curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets//versions" \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -d "{\"your-data\":\"$(echo -n "y0ur-p@sSw0Rd_" | base64)\"}" ``` When creating a secret with data, two separate API calls are required: `CreateSecret`: This initializes an empty container for your secret. `CreateSecretVersion`: This associates the data with the secret as a version. The [Scaleway console](https://console.scaleway.com/) automates these two steps for you, but when using the API, you must perform both calls in sequence. 4. Create a `basic_credentials` secret type in the root (`/`) folder: ```bash curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets" \ -H "Content-Type: application/json" \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -d '{ "name": "my-secret", "type": "basic_credentials", "project_id": "$PROJECT_ID" }' ``` 5. Create a version for your `basic_credentials` secret to store your credentials in your secret version: ```bash curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets//versions" \ -H "Content-Type: application/json" \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -d '{ "data": "'"$(echo -n "{\"username\": \"my-username\", \"password\": \"my-password\"}" | base64)"'"}' ``` 6. **Access data from your latest secret version**. Run the following command to access the data of your most recent secret version: ```bash curl "https://api.scaleway.com/secret-manager/v1beta1/regions/$REGION/secrets//versions/latest/access" \ -H "Content-Type: application/json" \ -H "X-Auth-Token: $SCW_SECRET_KEY" ``` - The command above returns a base64-decoded JSON with your username and password if you have created the `basic_credentials` secret or any data you may have stored in other secrets. - Requests can either target a specific version or the latest. - You have your [Organization and your Project ID](https://console.scaleway.com/project/settings) - You have [created an API key](https://www.scaleway.com/en/docs/iam/how-to/create-api-keys/) - You have [installed `curl`](https://curl.se/download.html) - You have created an [API key](https://www.scaleway.com/en/docs/iam/how-to/create-api-keys/) and that the API key has sufficient [IAM permissions](https://www.scaleway.com/en/docs/iam/reference-content/permission-sets/) to perform the actions described on this page ## Technical information ### Regions Scaleway's infrastructure spans different [regions and Availability Zones](https://www.scaleway.com/en/docs/account/reference-content/products-availability/). Secret Manager is available in the Paris, Amsterdam and Warsaw regions, which are represented by the following path parameters: - fr-par - nl-ams - pl-waw ## Technical limitations - Operations on secrets and versions are limited to CRUDL - A secret's payload size is limited to 64KiB ## Going further For more information about Secret Manager, you can check out the following pages: * [Secret Manager Documentation](https://www.scaleway.com/en/docs/identity-and-access-management/secret-manager/) * [Scaleway Slack Community](https://scaleway-community.slack.com/) join the #secret-manager channel * [Contact our support team](https://console.scaleway.com/support/tickets). version: v1beta1 servers: - url: https://api.scaleway.com tags: - name: Secrets description: Secrets are logical containers made up of zero or more immutable versions, that contain sensitive data - name: Secret Versions description: Versions store the sensitive data contained in your secrets (API keys, passwords, or certificates) components: schemas: google.protobuf.Int32Value: type: integer format: int32 nullable: true scaleway.secret_manager.v1beta1.AccessSecretVersionResponse: type: object properties: secret_id: type: string description: ID of the secret. (UUID format) example: 6170692e-7363-616c-6577-61792e636f6d revision: type: integer description: |- Version number. The first version of the secret is numbered 1, and all subsequent revisions augment by 1. format: uint32 data: type: string description: The base64-encoded secret payload of the version. data_crc32: type: integer description: |- The CRC32 checksum of the data as a base-10 integer. This field is only available if a CRC32 was supplied during the creation of the version. format: uint32 nullable: true type: type: string description: |- Type of the secret. See the `Secret.Type` enum for a description of values. enum: - unknown_type - opaque - certificate - key_value - basic_credentials - database_credentials - ssh_key x-enum-descriptions: values: opaque: Default type. certificate: List of concatenated PEM blocks. They can contain certificates, private keys or any other PEM block types. key_value: Flat JSON that allows you to set as many first level keys and scalar types as values (string, numeric, boolean) as you need. basic_credentials: Flat JSON that allows you to set a username and a password. database_credentials: Flat JSON that allows you to set an engine, username, password, host, database name, and port. ssh_key: Flat JSON that allows you to set an SSH key. default: unknown_type x-properties-order: - secret_id - revision - data - data_crc32 - type scaleway.secret_manager.v1beta1.ListSecretVersionsResponse: type: object properties: versions: type: array description: Single page of versions. items: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion' total_count: type: integer description: Number of versions. format: uint64 x-properties-order: - versions - total_count scaleway.secret_manager.v1beta1.ListSecretsRequest.OrderBy: type: string enum: - name_asc - name_desc - created_at_asc - created_at_desc - updated_at_asc - updated_at_desc default: name_asc scaleway.secret_manager.v1beta1.ListSecretsResponse: type: object properties: secrets: type: array description: Single page of secrets matching the requested criteria. items: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret' total_count: type: integer description: Count of all secrets matching the requested criteria. format: uint64 x-properties-order: - secrets - total_count scaleway.secret_manager.v1beta1.Product: type: string enum: - unknown_product - edge_services - s2s_vpn default: unknown_product scaleway.secret_manager.v1beta1.Secret: type: object properties: id: type: string description: ID of the secret. (UUID format) example: 6170692e-7363-616c-6577-61792e636f6d project_id: type: string description: ID of the Project containing the secret. (UUID format) example: 6170692e-7363-616c-6577-61792e636f6d name: type: string description: Name of the secret. status: type: string description: |- Current status of the secret. * `ready`: the secret can be read, modified and deleted. * `locked`: no action can be performed on the secret. This status can only be applied and removed by Scaleway. enum: - unknown_status - ready - locked default: unknown_status created_at: type: string description: Date and time of the secret's creation. (RFC 3339 format) format: date-time example: "2022-03-22T12:34:56.123456Z" nullable: true updated_at: type: string description: Last update of the secret. (RFC 3339 format) format: date-time example: "2022-03-22T12:34:56.123456Z" nullable: true tags: type: array description: List of the secret's tags. items: type: string version_count: type: integer description: Number of versions for this secret. format: uint32 description: type: string description: Updated description of the secret. nullable: true managed: type: boolean description: Returns `true` for secrets that are managed by another product. protected: type: boolean description: Returns `true` for protected secrets that cannot be deleted. type: type: string description: |- Type of the secret. See the `Secret.Type` enum for a description of values. enum: - unknown_type - opaque - certificate - key_value - basic_credentials - database_credentials - ssh_key x-enum-descriptions: values: opaque: Default type. certificate: List of concatenated PEM blocks. They can contain certificates, private keys or any other PEM block types. key_value: Flat JSON that allows you to set as many first level keys and scalar types as values (string, numeric, boolean) as you need. basic_credentials: Flat JSON that allows you to set a username and a password. database_credentials: Flat JSON that allows you to set an engine, username, password, host, database name, and port. ssh_key: Flat JSON that allows you to set an SSH key. default: unknown_type path: type: string description: |- Path of the secret. Location of the secret in the directory structure. ephemeral_policy: type: object description: |- Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions. properties: time_to_live: type: string description: Time frame, from one second and up to one year, during which the secret's versions are valid. (in seconds) example: 2.5s nullable: true expires_once_accessed: type: boolean description: Returns `true` if the version expires after a single user access. nullable: true action: type: string description: |- Action to perform when the version of a secret expires. See the `EphemeralPolicy.Action` enum for a description of values. enum: - unknown_action - delete - disable x-enum-descriptions: values: delete: The version is deleted once it expires. disable: The version is disabled once it expires. default: unknown_action x-properties-order: - time_to_live - expires_once_accessed - action used_by: type: array description: List of Scaleway resources that can access and manage the secret. items: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Product' deletion_requested_at: type: string description: Returns the time at which deletion was requested. (RFC 3339 format) format: date-time example: "2022-03-22T12:34:56.123456Z" nullable: true key_id: type: string description: |- ID of the Scaleway Key Manager key. (Optional.) The Scaleway Key Manager key ID used to encrypt and decrypt secret versions. (UUID format) example: 6170692e-7363-616c-6577-61792e636f6d nullable: true region: type: string description: Region of the secret. x-properties-order: - id - project_id - name - status - created_at - updated_at - tags - version_count - description - managed - protected - type - path - ephemeral_policy - used_by - deletion_requested_at - key_id - region scaleway.secret_manager.v1beta1.SecretVersion: type: object properties: revision: type: integer description: |- Version number. The first version of the secret is numbered 1, and all subsequent revisions augment by 1. format: uint32 secret_id: type: string description: ID of the secret. (UUID format) example: 6170692e-7363-616c-6577-61792e636f6d status: type: string description: |- Current status of the version. * `unknown_status`: the version is in an invalid state. * `enabled`: the version is accessible. * `disabled`: the version is not accessible but can be enabled. * `scheduled_for_deletion`: the version is scheduled for deletion. It will be deleted in 7 days. * `deleted`: the version is permanently deleted. It is not possible to recover it. enum: - unknown_status - enabled - disabled - deleted - scheduled_for_deletion default: unknown_status created_at: type: string description: Date and time of the version's creation. (RFC 3339 format) format: date-time example: "2022-03-22T12:34:56.123456Z" nullable: true updated_at: type: string description: Last update of the version. (RFC 3339 format) format: date-time example: "2022-03-22T12:34:56.123456Z" nullable: true deleted_at: type: string description: Date and time of the version's deletion. (RFC 3339 format) format: date-time example: "2022-03-22T12:34:56.123456Z" nullable: true description: type: string description: Description of the version. nullable: true latest: type: boolean description: Returns `true` if the version is the latest. ephemeral_properties: type: object description: |- Properties of the ephemeral version. Returns the version's expiration date, whether it expires after being accessed once, and the action to perform (disable or delete) once the version expires. properties: expires_at: type: string description: |- The version's expiration date. (Optional.) If not specified, the version does not have an expiration date. (RFC 3339 format) format: date-time example: "2022-03-22T12:34:56.123456Z" nullable: true expires_once_accessed: type: boolean description: |- Returns `true` if the version expires after a single user access. (Optional.) If not specified, the version can be accessed an unlimited amount of times. nullable: true action: type: string description: |- Action to perform when the version of a secret expires. See `EphemeralPolicy.Action` enum for a description of values. enum: - unknown_action - delete - disable x-enum-descriptions: values: delete: The version is deleted once it expires. disable: The version is disabled once it expires. default: unknown_action x-properties-order: - expires_at - expires_once_accessed - action deletion_requested_at: type: string description: Returns the time at which deletion was requested. (RFC 3339 format) format: date-time example: "2022-03-22T12:34:56.123456Z" nullable: true region: type: string description: Region of the version. x-properties-order: - revision - secret_id - status - created_at - updated_at - deleted_at - description - latest - ephemeral_properties - deletion_requested_at - region scaleway.secret_manager.v1beta1.SecretVersion.Status: type: string enum: - unknown_status - enabled - disabled - deleted - scheduled_for_deletion default: unknown_status securitySchemes: scaleway: in: header name: X-Auth-Token type: apiKey paths: /secret-manager/v1beta1/regions/{region}/secrets: get: tags: - Secrets operationId: ListSecrets summary: List secrets description: Retrieve the list of secrets created within an Organization and/or Project. You must specify either the `organization_id` or the `project_id` and the `region`. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: query name: organization_id description: Filter by Organization ID (optional). (UUID format) schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d - in: query name: project_id description: Filter by Project ID (optional). (UUID format) schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d - in: query name: order_by schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.ListSecretsRequest.OrderBy' - in: query name: page schema: $ref: '#/components/schemas/google.protobuf.Int32Value' - in: query name: page_size schema: type: integer format: uint32 - in: query name: tags description: List of tags to filter on (optional). schema: type: array items: type: string - in: query name: name description: Filter by secret name (optional). schema: type: string - in: query name: path description: Filter by exact path (optional). schema: type: string - in: query name: ephemeral description: Filter by ephemeral / not ephemeral (optional). schema: type: boolean - in: query name: type description: Filter by secret type (optional). schema: type: string enum: - unknown_type - opaque - certificate - key_value - basic_credentials - database_credentials - ssh_key x-enum-descriptions: values: opaque: Default type. certificate: List of concatenated PEM blocks. They can contain certificates, private keys or any other PEM block types. key_value: Flat JSON that allows you to set as many first level keys and scalar types as values (string, numeric, boolean) as you need. basic_credentials: Flat JSON that allows you to set a username and a password. database_credentials: Flat JSON that allows you to set an engine, username, password, host, database name, and port. ssh_key: Flat JSON that allows you to set an SSH key. default: unknown_type - in: query name: scheduled_for_deletion description: Filter by whether the secret was scheduled for deletion / not scheduled for deletion. By default, it will display only not scheduled for deletion secrets. required: true schema: type: boolean responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.ListSecretsResponse' security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X GET \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets?scheduled_for_deletion=false" - lang: HTTPie source: |- http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets" \ X-Auth-Token:$SCW_SECRET_KEY \ scheduled_for_deletion==false post: tags: - Secrets operationId: CreateSecret summary: Create a secret description: Create a secret in a given region specified by the `region` parameter. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret' requestBody: required: true content: application/json: schema: type: object properties: project_id: type: string description: ID of the Project containing the secret. (UUID format) example: 6170692e-7363-616c-6577-61792e636f6d name: type: string description: Name of the secret. tags: type: array description: List of the secret's tags. items: type: string description: type: string description: Description of the secret. nullable: true type: type: string description: |- Type of the secret. (Optional.) See the `Secret.Type` enum for a description of values. If not specified, the type is `Opaque`. enum: - unknown_type - opaque - certificate - key_value - basic_credentials - database_credentials - ssh_key x-enum-descriptions: values: opaque: Default type. certificate: List of concatenated PEM blocks. They can contain certificates, private keys or any other PEM block types. key_value: Flat JSON that allows you to set as many first level keys and scalar types as values (string, numeric, boolean) as you need. basic_credentials: Flat JSON that allows you to set a username and a password. database_credentials: Flat JSON that allows you to set an engine, username, password, host, database name, and port. ssh_key: Flat JSON that allows you to set an SSH key. default: unknown_type path: type: string description: |- Path of the secret. (Optional.) Location of the secret in the directory structure. If not specified, the path is `/`. nullable: true ephemeral_policy: type: object description: |- Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions. properties: time_to_live: type: string description: Time frame, from one second and up to one year, during which the secret's versions are valid. (in seconds) example: 2.5s nullable: true expires_once_accessed: type: boolean description: Returns `true` if the version expires after a single user access. nullable: true action: type: string description: |- Action to perform when the version of a secret expires. See the `EphemeralPolicy.Action` enum for a description of values. enum: - unknown_action - delete - disable x-enum-descriptions: values: delete: The version is deleted once it expires. disable: The version is disabled once it expires. default: unknown_action x-properties-order: - time_to_live - expires_once_accessed - action protected: type: boolean description: |- Returns `true` if secret protection is applied to a given secret. A protected secret cannot be deleted. key_id: type: string description: |- ID of the Scaleway Key Manager key. (Optional.) The Scaleway Key Manager key ID will be used to encrypt and decrypt secret versions. If not specified, Secret Manager will use a Key Manager internal key. (UUID format) example: 6170692e-7363-616c-6577-61792e636f6d nullable: true x-properties-order: - project_id - name - tags - description - type - path - ephemeral_policy - protected - key_id security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X POST \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{ "name": "string", "project_id": "6170692e-7363-616c-6577-61792e636f6d", "protected": false }' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets" - lang: HTTPie source: |- http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets" \ X-Auth-Token:$SCW_SECRET_KEY \ name="string" \ project_id="6170692e-7363-616c-6577-61792e636f6d" \ protected:=false /secret-manager/v1beta1/regions/{region}/secrets-by-path/versions/{revision}/access: get: tags: - Secret Versions operationId: AccessSecretVersionByPath summary: Access a secret's version using the secret's name and path description: Access sensitive data in a secret's version specified by the `region`, `secret_name`, `secret_path` and `revision` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: revision description: |- Version number. The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either: - an integer (the revision number) - "latest" (the latest revision) - "latest_enabled" (the latest enabled revision). required: true schema: type: string - in: query name: secret_path description: Secret's path. required: true schema: type: string - in: query name: secret_name description: Secret's name. required: true schema: type: string - in: query name: project_id description: ID of the Project to target. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.AccessSecretVersionResponse' security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X GET \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets-by-path/versions/{revision}/access?project_id=6170692e-7363-616c-6577-61792e636f6d&secret_name=string&secret_path=string" - lang: HTTPie source: |- http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets-by-path/versions/{revision}/access" \ X-Auth-Token:$SCW_SECRET_KEY \ project_id==6170692e-7363-616c-6577-61792e636f6d \ secret_name==string \ secret_path==string /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}: get: tags: - Secrets operationId: GetSecret summary: Get metadata using the secret's ID description: Retrieve the metadata of a secret specified by the `region` and `secret_id` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret' security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X GET \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}" - lang: HTTPie source: |- http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}" \ X-Auth-Token:$SCW_SECRET_KEY patch: tags: - Secrets operationId: UpdateSecret summary: Update metadata of a secret description: Edit a secret's metadata such as name, tag(s), description and ephemeral policy. The secret to update is specified by the `secret_id` and `region` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret' requestBody: required: true content: application/json: schema: type: object properties: name: type: string description: Secret's updated name (optional). nullable: true tags: type: array description: Secret's updated list of tags (optional). nullable: true items: type: string description: type: string description: Description of the secret. nullable: true path: type: string description: |- Path of the folder. (Optional.) Location of the folder in the directory structure. If not specified, the path is `/`. nullable: true ephemeral_policy: type: object description: |- Ephemeral policy of the secret. (Optional.) Policy that defines whether/when a secret's versions expire. properties: time_to_live: type: string description: Time frame, from one second and up to one year, during which the secret's versions are valid. (in seconds) example: 2.5s nullable: true expires_once_accessed: type: boolean description: Returns `true` if the version expires after a single user access. nullable: true action: type: string description: |- Action to perform when the version of a secret expires. See the `EphemeralPolicy.Action` enum for a description of values. enum: - unknown_action - delete - disable x-enum-descriptions: values: delete: The version is deleted once it expires. disable: The version is disabled once it expires. default: unknown_action x-properties-order: - time_to_live - expires_once_accessed - action x-properties-order: - name - tags - description - path - ephemeral_policy security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X PATCH \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{}' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}" - lang: HTTPie source: |- http PATCH "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}" \ X-Auth-Token:$SCW_SECRET_KEY delete: tags: - Secrets operationId: DeleteSecret summary: Delete a secret description: Delete a given secret specified by the `region` and `secret_id` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d responses: "204": description: "" security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X DELETE \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}" - lang: HTTPie source: |- http DELETE "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}" \ X-Auth-Token:$SCW_SECRET_KEY /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/add-owner: post: tags: - Secrets operationId: AddSecretOwner summary: Allow a product to use the secret parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d responses: "204": description: "" requestBody: required: true content: application/json: schema: type: object properties: product: type: string description: |- ID of the product to add. See `Product` enum for description of values. enum: - unknown_product - edge_services - s2s_vpn default: unknown_product x-properties-order: - product security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X POST \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{}' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/add-owner" - lang: HTTPie source: |- http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/add-owner" \ X-Auth-Token:$SCW_SECRET_KEY /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/protect: post: tags: - Secrets operationId: ProtectSecret summary: Enable secret protection description: Enable secret protection for a given secret specified by the `secret_id` parameter. Enabling secret protection means that your secret can be read and modified, but it cannot be deleted. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret to enable secret protection for. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret' requestBody: required: true content: application/json: schema: type: object security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X POST \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{}' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/protect" - lang: HTTPie source: |- http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/protect" \ X-Auth-Token:$SCW_SECRET_KEY /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/restore: post: tags: - Secrets operationId: RestoreSecret summary: Restore a secret description: Restore a secret and all its versions scheduled for deletion specified by the `region` and `secret_id` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret' requestBody: required: true content: application/json: schema: type: object security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X POST \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{}' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/restore" - lang: HTTPie source: |- http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/restore" \ X-Auth-Token:$SCW_SECRET_KEY /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/unprotect: post: tags: - Secrets operationId: UnprotectSecret summary: Disable secret protection description: Disable secret protection for a given secret specified by the `secret_id` parameter. Disabling secret protection means that your secret can be read, modified and deleted. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret to disable secret protection for. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.Secret' requestBody: required: true content: application/json: schema: type: object security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X POST \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{}' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/unprotect" - lang: HTTPie source: |- http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/unprotect" \ X-Auth-Token:$SCW_SECRET_KEY /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions: get: tags: - Secret Versions operationId: ListSecretVersions summary: List versions of a secret using the secret's ID description: Retrieve the list of a given secret's versions specified by the `secret_id` and `region` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d - in: query name: page schema: $ref: '#/components/schemas/google.protobuf.Int32Value' - in: query name: page_size schema: type: integer format: uint32 - in: query name: status description: Filter results by status. schema: type: array items: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion.Status' responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.ListSecretVersionsResponse' security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X GET \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions" - lang: HTTPie source: |- http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions" \ X-Auth-Token:$SCW_SECRET_KEY post: tags: - Secret Versions operationId: CreateSecretVersion summary: Create a version description: Create a version of a given secret specified by the `region` and `secret_id` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion' requestBody: required: true content: application/json: schema: type: object properties: data: type: string description: The base64-encoded secret payload of the version. description: type: string description: Description of the version. nullable: true disable_previous: type: boolean description: |- Disable the previous secret version. (Optional.) If there is no previous version or if the previous version was already disabled, does nothing. nullable: true data_crc32: type: integer description: |- (Optional.) The CRC32 checksum of the data as a base-10 integer. If specified, Secret Manager will verify the integrity of the data received against the given CRC32 checksum. An error is returned if the CRC32 does not match. If, however, the CRC32 matches, it will be stored and returned along with the SecretVersion on future access requests. format: uint32 nullable: true x-properties-order: - data - description - disable_previous - data_crc32 security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X POST \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{"data":"string"}' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions" - lang: HTTPie source: |- http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions" \ X-Auth-Token:$SCW_SECRET_KEY \ data="string" /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}: get: tags: - Secret Versions operationId: GetSecretVersion summary: Get metadata of a secret's version using the secret's ID description: Retrieve the metadata of a secret's given version specified by the `region`, `secret_id` and `revision` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d - in: path name: revision description: |- Version number. The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either: - a number (the revision number) - "latest" (the latest revision) - "latest_enabled" (the latest enabled revision). required: true schema: type: string responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion' security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X GET \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}" - lang: HTTPie source: |- http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}" \ X-Auth-Token:$SCW_SECRET_KEY patch: tags: - Secret Versions operationId: UpdateSecretVersion summary: Update metadata of a version description: Edit the metadata of a secret's given version, specified by the `region`, `secret_id` and `revision` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d - in: path name: revision description: |- Version number. The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either: - a number (the revision number) - "latest" (the latest revision) - "latest_enabled" (the latest enabled revision). required: true schema: type: string responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion' requestBody: required: true content: application/json: schema: type: object properties: description: type: string description: Description of the version. nullable: true ephemeral_properties: type: object description: |- Ephemeral properties of the version. (Optional.) Properties that defines the version's expiration date, whether it expires after being accessed once, and the action to perform (disable or delete) once the version expires. properties: expires_at: type: string description: |- The version's expiration date. (Optional.) If not specified, the version does not have an expiration date. (RFC 3339 format) format: date-time example: "2022-03-22T12:34:56.123456Z" nullable: true expires_once_accessed: type: boolean description: |- Returns `true` if the version expires after a single user access. (Optional.) If not specified, the version can be accessed an unlimited amount of times. nullable: true action: type: string description: |- Action to perform when the version of a secret expires. See `EphemeralPolicy.Action` enum for a description of values. enum: - unknown_action - delete - disable x-enum-descriptions: values: delete: The version is deleted once it expires. disable: The version is disabled once it expires. default: unknown_action x-properties-order: - expires_at - expires_once_accessed - action x-properties-order: - description - ephemeral_properties security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X PATCH \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{}' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}" - lang: HTTPie source: |- http PATCH "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}" \ X-Auth-Token:$SCW_SECRET_KEY delete: tags: - Secret Versions operationId: DeleteSecretVersion summary: Delete a version description: Delete a secret's version and the sensitive data contained in it. Deleting a version is permanent and cannot be undone. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d - in: path name: revision description: |- Version number. The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either: - a number (the revision number) - "latest" (the latest revision) - "latest_enabled" (the latest enabled revision). required: true schema: type: string responses: "204": description: "" security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X DELETE \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}" - lang: HTTPie source: |- http DELETE "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}" \ X-Auth-Token:$SCW_SECRET_KEY /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/access: get: tags: - Secret Versions operationId: AccessSecretVersion summary: Access a secret's version using the secret's ID description: Access sensitive data in a secret's version specified by the `region`, `secret_id` and `revision` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d - in: path name: revision description: |- Version number. The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either: - a number (the revision number) - "latest" (the latest revision) - "latest_enabled" (the latest enabled revision). required: true schema: type: string responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.AccessSecretVersionResponse' security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X GET \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/access" - lang: HTTPie source: |- http GET "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/access" \ X-Auth-Token:$SCW_SECRET_KEY /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/disable: post: tags: - Secret Versions operationId: DisableSecretVersion summary: Disable a version description: Make a specific version inaccessible. You must specify the `region`, `secret_id` and `revision` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d - in: path name: revision description: |- Version number. The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either: - a number (the revision number) - "latest" (the latest revision) - "latest_enabled" (the latest enabled revision). required: true schema: type: string responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion' requestBody: required: true content: application/json: schema: type: object security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X POST \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{}' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/disable" - lang: HTTPie source: |- http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/disable" \ X-Auth-Token:$SCW_SECRET_KEY /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/enable: post: tags: - Secret Versions operationId: EnableSecretVersion summary: Enable a version description: Make a specific version accessible. You must specify the `region`, `secret_id` and `revision` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: ID of the secret. (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d - in: path name: revision description: |- Version number. The first version of the secret is numbered 1, and all subsequent revisions augment by 1. Value can be either: - a number (the revision number) - "latest" (the latest revision) - "latest_enabled" (the latest enabled revision). required: true schema: type: string responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion' requestBody: required: true content: application/json: schema: type: object security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X POST \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{}' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/enable" - lang: HTTPie source: |- http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/enable" \ X-Auth-Token:$SCW_SECRET_KEY /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/restore: post: tags: - Secrets operationId: RestoreSecretVersion summary: Restore a version description: Restore a secret's version specified by the `region`, `secret_id` and `revision` parameters. parameters: - in: path name: region description: The region you want to target required: true schema: type: string enum: - fr-par - nl-ams - pl-waw - in: path name: secret_id description: (UUID format) required: true schema: type: string example: 6170692e-7363-616c-6577-61792e636f6d - in: path name: revision required: true schema: type: string responses: "200": description: "" content: application/json: schema: $ref: '#/components/schemas/scaleway.secret_manager.v1beta1.SecretVersion' requestBody: required: true content: application/json: schema: type: object security: - scaleway: [] x-codeSamples: - lang: cURL source: |- curl -X POST \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{}' \ "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/restore" - lang: HTTPie source: |- http POST "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/restore" \ X-Auth-Token:$SCW_SECRET_KEY