API v2: UAG - Secret Management¶

Note

Secrets are encrypted data items stored in collections within the Password Vault.

Secret types supported:

login - Username/password credentials
sshkey - SSH private/public key pairs
note - Secure text notes
apikey - API tokens and keys
certificate - X.509 certificates with private keys

Data Structures¶

`SecretModel`¶
Attribute	Type	Required	Description
`id`	string		Read-only. Unique secret identifier.
`name`	string	yes	Secret name. Unique within collection (case-insensitive).
`collection_id`	string	yes	Parent collection identifier.
`owner_id`	string		Read-only. Expensive to use. User ID of the personal vault owner.
`collection_name`	string		Read-only. Hidden. Expensive to use. Collection name.
`type`	string	yes	Immutable. Secret type. One of: `login`, `sshkey`, `note`, `apikey`, `certificate`.
`description`	string		Not encrypted secret description.
`login`	string	If `type == login` \|\| `sshkey` \|\| `apikey`	Username for authentication.
`domain`	string	If `type == login` \|\| `sshkey` \|\| `apikey`	Domain for the credential.
`certificate`	string	If `type == certificate`	X.509 certificate.
`x509_pubkey_fingerprint_sha256`	string		Read-only. Expensive to use. Public key SHA256 fingerprint from certificate.
`secret`	string		Protected. Encrypted secret value (password, private key, etc).
`secret_passphrase`	string	If `type == certificate` \|\| `sshkey`	Protected. Passphrase to decrypt private key.
`has_secret`	boolean		Read-only. Expensive to use. Whether secret value is set.
`ssh_public_key`	string		Read-only. Expensive to use. SSH public key from private key.
`ssh_fingerprint_sha256`	string		Read-only. Expensive to use. SSH key SHA256 fingerprint.
`access_policy`	string		Read-only. Expensive to use. Access policy level.
`checkout_mode`	string		Read-only. Expensive to use. Checkout mode (simple, exclusive).
`my_checkout_id`	string		Read-only. Expensive to use. Current user’s checkout ID if checked out.
`created_at`	datetime		Read-only. Creation timestamp.
`modified_at`	datetime		Read-only. Modification timestamp.
`removed`	boolean		Read-only. Soft deletion flag.

Retrieve Available Attributes of the SecretModel¶

Request

Method	`GET`
Path	`/api/v2/objspec/secret`

GET /api/v2/objspec/secret

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  'https://10.0.214.98/api/v2/objspec/secret'

List Secrets¶

Retrieve a list of secrets accessible to the user.

Request

Method	`GET`
Path	`/api/v2/secret`

GET /api/v2/secret

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  https://10.0.0.1/api/v2/secret

Response

{
    "result": "success",
    "secret": [
        {
            "id": "3260606130216239105",
            "name": "secret for: root-fudo-PV",
            "collection_id": "3260606130216239105",
            "type": "login",
            "login": "root",
            "has_secret": true,
            "access_policy": "view_on_request",
            "checkout_mode": "simple",
            "created_at": "2026-04-17 06:34:37.912715-07",
            "modified_at": "2026-04-17 06:34:37.91632-07"
        },
        {
            "id": "3260606130216239106",
            "name": "secret for: user01-macOS-PV",
            "collection_id": "3260606130216239105",
            "type": "login",
            "login": "user01",
            "has_secret": true,
            "access_policy": "view_on_request",
            "checkout_mode": "simple",
            "created_at": "2026-04-17 06:34:41.255687-07",
            "modified_at": "2026-04-17 06:34:41.257013-07"
        }
    ]
}

Get Secret by ID¶

Retrieve details of a specific secret.

Request

Method	`GET`
Path	`/api/v2/secret/<id>`

GET /api/v2/secret/<id>

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  https://10.0.0.1/api/v2/secret/3260606130216239105

Response

{
    "result": "success",
    "secret": {
        "id": "3260606130216239105",
        "name": "secret for: root-fudo-PV",
        "collection_id": "3260606130216239105",
        "type": "login",
        "login": "root",
        "has_secret": true,
        "access_policy": "view_on_request",
        "checkout_mode": "simple",
        "created_at": "2026-04-17 06:34:37.912715-07",
        "modified_at": "2026-04-17 06:34:37.91632-07"
    }
}

Create Secret¶

Create a new secret in a collection.

Request

Method	`POST`
Path	`/api/v2/secret`
Headers	`Content-Type: application/json`
Body	`SecretModel`

POST /api/v2/secret

Example Request

curl -s -k -X POST \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "Staging Database",
    "collection_id": "3260606130216239119",
    "type": "login",
    "description": "Staging environment database",
    "login": "staging_user",
    "domain": "staging.example.com",
    "secret": "StrongPassword123!"
  }' \
  'https://10.0.214.98/api/v2/secret'

Response

{
    "result": "success",
    "secret": {
        "id": "3260606130216239109"
    }
}

Update Secret¶

Update properties of an existing secret.

Request

Method	`PATCH`
Path	`/api/v2/secret/<id>`
Headers	`Content-Type: application/json`
Body	`Partial SecretModel`

PATCH /api/v2/secret/<id>

Example Request

curl -s -k -X PATCH \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  -H 'Content-Type: application/json' \
  -d '{
    "description": "Updated description"
  }' \
  'https://10.0.214.98/api/v2/secret/3260606130216239109'

Response

{
    "result": "success"
}

Delete Secret¶

Permanently delete a secret from the collection.

Request

Method	`DELETE`
Path	`/api/v2/secret/<id>`

DELETE /api/v2/secret/<id>

Example Request

curl -s -k -X DELETE \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  'https://10.0.214.98/api/v2/secret/3260606130216239109'

Response

{
    "result": "success"
}

Secret History¶

`SecretHistoryModel`¶
Attribute	Type	Required	Description
`id`	string	yes	Read-only. Secret history identifier.
`secret_id`	string	yes	Secret identifier.
`current`	boolean	yes	Read-only. Whether it’s the current version of secret.
`state`	string	yes	Read-only. Secret password changer state. One of: `pending`, `confirmed`, `rejected`.
`created_at`	datetime		Read-only. Creation timestamp.
`modified_at`	datetime		Read-only. Modification timestamp.
`removed`	boolean		Read-only.

Retrieve Available Attributes of the SecretHistoryModel¶

Request

Method	`GET`
Path	`/api/v2/objspec/secret_history`

GET /api/v2/objspec/secret_history

Get Secret History¶

Retrieve history of all secrets accessible to the user.

Request

Method	`GET`
Path	`/api/v2/secret/history`

GET /api/v2/secret/history

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  https://10.0.0.1/api/v2/secret/history

Response

{
    "result": "success",
    "secret_history": [
        {
            "id": "3260606130216239105",
            "secret_id": "3260606130216239105",
            "current": true,
            "state": "confirmed",
            "created_at": "2026-04-17 06:34:37.915698-07",
            "modified_at": "2026-04-17 06:34:37.915698-07"
        },
        {
            "id": "3260606130216239106",
            "secret_id": "3260606130216239106",
            "current": true,
            "state": "confirmed",
            "created_at": "2026-04-17 06:34:41.256853-07",
            "modified_at": "2026-04-17 06:34:41.256853-07"
        }
    ]
}

Shared Secrets¶

`SecretSharedModel`¶
Attribute	Type	Description
`id`	string	Read-only. Secret identifier.
`name`	string	Read-only. Secret name.
`collection_id`	string	Read-only. Parent collection identifier.
`collection_name`	string	Read-only. Hidden. Expensive to use. Collection name.
`type`	string	Read-only. Secret type.
`description`	string	Read-only. Not encrypted secret description.
`login`	string	Read-only. Username.
`domain`	string	Read-only. Domain.
`certificate`	string	Read-only. X.509 certificate.
`secret`	string	Read-only. Protected. Encrypted secret.
`secret_passphrase`	string	Read-only. Protected. Passphrase.
`has_secret`	boolean	Read-only. Expensive to use. Whether secret is set.
`valid_until`	datetime	Read-only. Expensive to use. Expiration time of granted access.
`created_at`	datetime	Read-only.
`modified_at`	datetime	Read-only.
`removed`	boolean	Read-only.

Retrieve Available Attributes of the SecretSharedModel¶

Request

Method	`GET`
Path	`/api/v2/objspec/secret_shared`

GET /api/v2/objspec/secret_shared

Get Shared Secrets¶

Retrieve secrets shared with the user through access requests.

Request

Method	`GET`
Path	`/api/v2/secret/shared`

GET /api/v2/secret/shared

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  https://10.0.0.1/api/v2/secret/shared

Response

{
    "result": "success",
    "secret_shared": []
}

Secret URI Management¶

`SecretUriModel`¶
Attribute	Type	Required	Description
`id`	string		Read-only. Unique secret URI identifier.
`secret_id`	string	yes	Immutable. Secret identifier.
`secret_name`	string		Read-only. Hidden. Expensive to use. Secret name.
`uri`	string	yes	URL/connection string assigned to the secret.
`collection_id`	string		Read-only. Hidden. Expensive to use. Collection identifier.
`host`	string		Read-only. Hidden. Host extracted from the provided uri.
`port`	number		Read-only. Hidden. Port extracted from the provided uri.
`login`	string		Read-only. Hidden. Expensive to use.
`domain`	string		Read-only. Hidden. Expensive to use.
`vault`	string		Read-only. Hidden. Expensive to use. Vault type (organization, personal).
`created_at`	datetime		Read-only.
`modified_at`	datetime		Read-only.
`removed`	boolean		Read-only.

Retrieve Available Attributes of the SecretUriModel¶

Request

Method	`GET`
Path	`/api/v2/objspec/secret_uri`

GET /api/v2/objspec/secret_uri

List All Secret URIs¶

Retrieve all URIs associated with secrets.

Request

Method	`GET`
Path	`/api/v2/secret/uri`

GET /api/v2/secret/uri

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  https://10.0.0.1/api/v2/secret/uri

Response

{
    "result": "success",
    "secret_uri": []
}

Get Secret URIs¶

Retrieve URIs associated with a specific secret.

Request

Method	`GET`
Path	`/api/v2/secret/<secret_id>/uri`

GET /api/v2/secret/<secret_id>/uri

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  'https://10.0.0.1/api/v2/secret/3260606130216239110/uri'

Response

{
    "result": "success",
    "secret_uri": [
        {
            "id": "3260606130216239105",
            "secret_id": "3260606130216239110",
            "uri": "https://example.com/api",
            "created_at": "2026-04-22 08:53:41.4058-07",
            "modified_at": "2026-04-22 08:53:41.4058-07"
        }
    ]
}

Add URI to Secret¶

Associate a URI with a secret.

Request

Method	`POST`
Path	`/api/v2/secret/<secret_id>/uri`
Headers	`Content-Type: application/json`
Body	`SecretUriModel`

POST /api/v2/secret/<secret_id>/uri

Example Request

curl -s -k -X POST \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  -H 'Content-Type: application/json' \
  -d '{"uri": "https://example.com/api"}' \
  'https://10.0.214.98/api/v2/secret/3260606130216239110/uri'

Response

{
    "result": "success",
    "secret_uri": {
        "id": "3260606130216239105"
    }
}

Update Secret URI¶

Update an existing URI associated with a secret.

Request

Method	`PATCH`
Path	`/api/v2/secret/<secret_id>/uri/<id>`
Headers	`Content-Type: application/json`
Body	`Partial SecretUriModel`

PATCH /api/v2/secret/<secret_id>/uri/<id>

Example Request

curl -s -k -X PATCH \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  -H 'Content-Type: application/json' \
  -d '{"uri": "https://new-api.example.com/v2"}' \
  'https://10.0.214.98/api/v2/secret/3260606130216239110/uri/3260606130216239105'

Response

{
    "result": "success"
}

Delete Secret URI¶

Remove a URI association from a secret.

Request

Method	`DELETE`
Path	`/api/v2/secret/<secret_id>/uri/<id>`

DELETE /api/v2/secret/<secret_id>/uri/<id>

Example Request

curl -s -k -X DELETE \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  'https://10.0.214.98/api/v2/secret/3260606130216239110/uri/3260606130216239105'

Response

{
    "result": "success"
}