Authenticators
  • 3 minutes to read
  • Dark
    Light
  • PDF

Authenticators

  • Dark
    Light
  • PDF

Article Summary

Authenticators provide a secure way to guarantee trust between different applications to exchange secrets and manage applications, authorizations, and related functions. DevOps Secret Management module provides integration with the most used authenticators, as described in the following section.

OAuth 1.0 Authenticator

OAuth 1.0 is an authentication method that uses a set of Consumer Key, Consumer Secret, Access Token, and Token Secret to identify and authorize application access. When using OAuth 1.0 as an authentication method, make sure to select HMAC-SHA1 Signature Method and 1.0 Version. Also, ensure to provide a Timestamp, Nonce, and Signature since they are mandatory.

Configure OAuth 1.0

To use OAuth 1.0 as an authentication method for an application, follow the DevOps Secret Manager ➔ Applications ➔ Applications.

  1. Edit or create an application and select OAuth 1.0 as the authentication method;
  2. Provide the required data in case of a new application as mentioned in the Applications guide;
  3. To finish, click on Save
Using OAuth 1.0 for Authentication

 

When a resource needs to retrieve data from a secret, it can use its OAuth 1.0 tokens to request the information from senhasegura DSM. DSM will authorize the application to access its secrets if the data is valid.

Security Concerns Regard OAuth 1.0

Use always modern authentication types that guarantee data integrity. The possibility of authenticating through OAuth 1.0 exists due to the impossibility of updating legacy applications, and senhasegura strongly discourages its use.

Retrieving Tokens

For more information on how to retrieve the tokens depending on the configured authentication method, please check the Authorizations guide. Also, to create requests using APIs, access A2A - OAuth v1.0.

OAuth 2.0 Authenticator

OAuth 2.0 is an authentication method that uses a Client ID and a Client Secret to request a time-limited token and access senhasegura resources. When using OAuth 2.0 as an authentication method, make sure to select Client Credentials Grant Type.

Configure OAuth 2.0 Authenticator

To use OAuth 2.0 as an authentication method for an application, follow the menu DevOps Secret Manager ➔ Applications ➔ Applications.

  1. Edit or create an application and select OAuth 2.0 as the authentication method;
  2. Provide the required data in case of a new application as mentioned in the Applications guide;
  3. To finish, click on Save
Using OAuth 2.0 for Authentication

 

When a resource needs to retrieve data from a secret, it can use its OAuth 2.0 clients to request a time-limited token and use it to request the information from senhasegura DSM. DSM will authorize the application to access its secrets if the token is valid.

Retrieving Tokens

For more information on how to retrieve the tokens depending on the configured authentication method, please check the Authorizations guide.

AWS Authenticator

AWS is an authentication method that enables applications to retrieve stored data using AWS Access Keys ID and Secret Access Keys together with a unique key generated by senhasegura DSM.

Configure AWS Authenticator

To use AWS as an authentication method for an application, follow the menu DevOps Secret Manager ➔ Application ➔ Application.

  1. Edit or create an application and select AWS as the authentication method;
  2. On the Amazon AWS ARNs section, provide a valid credential ARN;
  3. Provide the required data in case of a new application as mentioned in the Applications guide;
  4. To finish, click on Save
Using AWS for Authentication

 

When a resource needs to retrieve data from a secret, it can use its AWS Access Key ID, Secret Access Key, and a unique key generated by senhasegura DSM to request the information from senhasegura DSM. Once the request is sent, senhasegura will validate if the provided information matches based on the AWS ARNs configured in the application. If it does, DSM will authorize the application to access its secrets.

Retrieving Tokens

For more information on how to retrieve the tokens depending on the configured authentication method, please check the Authorizations guide.


DSM uses Programmatic Access to check if the provided information is valid. For more information on how to generate AWS Access Keys, please visit the AWS Understanding and getting your AWS credential:


Was this article helpful?

What's Next