Use HashiCorp Vault Secrets Manager API
Harness includes a built-in Secrets Management feature that enables you to store encrypted secrets, such as access keys, and use them in your Harness Applications.
This topic describes how to create, read, update, and delete HashiCorp Vault Secrets Manager using Harness API.
Before You Begin
Create a Secret Manager Using HashiCorp Vault
Use this sample query to create a Secret Manager.
Request
You create a Secret Manager using the mutation createSecretManager
.
mutation CreateSecretManagerMutation($secretManagerInput: CreateSecretManagerInput!) {
createSecretManager(input: $secretManagerInput) {
secretManager {
id
}
}
}
Query Variables
The Query Variables follow this syntax, with secretManagerType
identifying the Secret Manager to create.
- Authentication: To get the authentication token, you can use Token or App Role method.
- Secret Engine: Identify the engine name and version of the Secret Manager in Vault. See Manually Enter Secret Engine.
{
"secretManagerInput": {
"secretManagerType": "HASHICORP_VAULT",
"hashicorpVaultConfigInput": {
"name": "abc test 222",
"vaultUrl": "https://vaultqa.test.io",
"basePath": "harness",
"secretEngineName": "harness-test",
"secretEngineVersion": 1,
"secretEngineRenewalInterval": 60,
"authDetails": {
"authToken": "s.xxxxxxxxxxxxx11"
},
"usageScope": {
"appEnvScopes": [
{"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "PRODUCTION_ENVIRONMENTS"
}
}
]
}
}
}
Update a Secret Manager Using HashiCorp Vault
Use this sample query to update a Secret Manager.
Request
You update a Secret Manager using the mutation updateSecretManager
.
mutation UpdateSecretManagerMutation($input: UpdateSecretManagerInput!) {
updateSecretManager(input: $input) {
secretManager {
name
id
}
}
}
Query Variable
The Query Variables follow this syntax, with secretManagerId
and secretManagerType
identifying the Secret Manager to update.
{
"input": {
"secretManagerId": "xxxxxxxxxxxxxxxx",
"secretManagerType": "HASHICORP_VAULT",
"hashicorpVaultConfigInput": {
"name": "new name",
"isDefault": true,
"secretEngineRenewalInterval": 120
}
}
}
Delete a Secret Manager Using HashiCorp Vault
Use this sample query to delete a Secret Manager.
Request
You delete a Secret Manager using the mutation deleteSecretManager
.
mutation DeleteSecretManagerMutation($input: DeleteSecretManagerInput!){
deleteSecretManager(input: $input){
clientMutationId
}
}
Query Variable
The Query Variables follow this syntax, with secretManagerId
identifying the Secret Manager to delete.
{
"input": {
"clientMutationId": "xPxNsOusEaAsdQifDdGxx",
"secretManagerId": "ZZZ07Kh4SC2sI_unqKqXxX"
}
}