Use HashiCorp Vault Secrets Manager API

Harness includes a built-in Secrets Management feature that enables you to store encrypted secrets, such as access keys, and use them in your Harness Applications.

This topic describes how to create, read, update, and delete HashiCorp Vault Secrets Manager using Harness API.

Before You Begin

• Review the Harness API
• Review Secrets Management Overview
• Add a HashiCorp Vault Secrets Manager

Create a Secret Manager Using HashiCorp Vault

Use this sample query to create a Secret Manager.

Request

You create a Secret Manager using the mutation createSecretManager.

mutation CreateSecretManagerMutation($secretManagerInput: CreateSecretManagerInput!) {  
  createSecretManager(input: $secretManagerInput) {  
    secretManager {  
      id  
    }  
  }  
}

Query Variables

The Query Variables follow this syntax, with secretManagerType identifying the Secret Manager to create.

• Authentication: To get the authentication token, you can use Token or App Role method.
• Secret Engine: Identify the engine name and version of the Secret Manager in Vault. See Manually Enter Secret Engine.

{  
  "secretManagerInput": {  
    "secretManagerType": "HASHICORP_VAULT",  
    "hashicorpVaultConfigInput": {  
      "name": "abc test 222",  
      "vaultUrl": "https://vaultqa.test.io",  
      "basePath": "harness",  
      "secretEngineName": "harness-test",  
      "secretEngineVersion": 1,  
      "secretEngineRenewalInterval": 60,  
      "authDetails": {  
        "authToken": "s.xxxxxxxxxxxxx11"  
      },  
      "usageScope": {  
        "appEnvScopes": [  
          {"application": {  
            "filterType": "ALL"  
          },  
          "environment": {  
            "filterType": "PRODUCTION_ENVIRONMENTS"  
          }  
        }  
      ]  
    }  
  }  
}

Update a Secret Manager Using HashiCorp Vault

Use this sample query to update a Secret Manager.

Request

You update a Secret Manager using the mutation updateSecretManager.

mutation UpdateSecretManagerMutation($input: UpdateSecretManagerInput!) {  
  updateSecretManager(input: $input) {  
    secretManager {  
      name  
      id  
    }  
  }  
}  

Query Variable

The Query Variables follow this syntax, with secretManagerId and secretManagerType identifying the Secret Manager to update.

{  
  "input": {  
    "secretManagerId": "xxxxxxxxxxxxxxxx",  
    "secretManagerType": "HASHICORP_VAULT",  
    "hashicorpVaultConfigInput": {  
      "name": "new name",  
      "isDefault": true,  
      "secretEngineRenewalInterval": 120  
    }  
  }  
}

Delete a Secret Manager Using HashiCorp Vault

Use this sample query to delete a Secret Manager.

Request

You delete a Secret Manager using the mutation deleteSecretManager.

mutation DeleteSecretManagerMutation($input: DeleteSecretManagerInput!){  
  deleteSecretManager(input: $input){  
   clientMutationId  
  }  
}

Query Variable

The Query Variables follow this syntax, with secretManagerId  identifying the Secret Manager to delete.

{  
  "input": {  
    "clientMutationId": "xPxNsOusEaAsdQifDdGxx",  
    "secretManagerId": "ZZZ07Kh4SC2sI_unqKqXxX"  
  }  
}