UAG - Secret Checkout/Checkin¶

Note

The checkout/checkin mechanism provides controlled access to secret values with audit trails.

When a secret is checked out, it becomes temporarily unavailable to other users until it is checked back in. This ensures exclusive access during sensitive operations.

Access to secrets may require approval through access requests, depending on the secret’s access_policy setting:

full_edit - Full access without approval
view_on_request - Requires access request approval before checkout
none - No access allowed

Data Structures¶

`SecretCheckoutModel`¶
Attribute	Type	Required	Description
`secret_id`	string	yes	Secret identifier. Protected.

`SecretCheckinModel`¶
Attribute	Type	Required	Description
`secret_id`	string	yes	Secret identifier. Protected.

Retrieve Available Attributes of the SecretCheckoutModel¶

Request

Method	`GET`
Path	`/api/v2/objspec/secret_checkout`

GET /api/v2/objspec/secret_checkout

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  'https://10.0.214.98/api/v2/objspec/secret_checkout'

Retrieve Available Attributes of the SecretCheckinModel¶

Request

Method	`GET`
Path	`/api/v2/objspec/secret_checkin`

GET /api/v2/objspec/secret_checkin

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  'https://10.0.214.98/api/v2/objspec/secret_checkin'

Checkout Secret¶

Checkout a secret to gain exclusive access to its value. The secret must be checked back in after use.

Note

If the secret’s access_policy is set to view_on_request, an approved access request is required before checkout.

Request

Method	`POST`
Path	`/api/v2/secret/<secret_id>/checkout`
Headers	`Content-Type: application/json`
Body	`Empty or SecretCheckoutModel`

POST /api/v2/secret/<secret_id>/checkout

Example Request

curl -s -k -X POST \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  -H 'Content-Type: application/json' \
  https://10.31.116.196/api/v2/secret/3260606130216239105/checkout \
  -d '{}'

Response

{
    "secret_access_id": "1",
    "checkout_type": "simple",
    "expires_at": null,
    "result": "success"
}

Note

After successful checkout, the secret will have a my_checkout_id field when queried via GET /secret/<secret_id>.

Checkin Secret¶

Return a previously checked out secret, making it available for other users.

Request

Method	`POST`
Path	`/api/v2/secret/<secret_id>/checkin`
Headers	`Content-Type: application/json`
Body	`Empty or SecretCheckinModel`

POST /api/v2/secret/<secret_id>/checkin

Example Request

curl -s -k -X POST \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  -H 'Content-Type: application/json' \
  https://10.31.116.196/api/v2/secret/3260606130216239105/checkin \
  -d '{}'

Response

{
    "result": "success"
}