Authenticators

Authenticators provide a secure way to guarantee trust between different applications to exchange secrets and manage applications, authorizations, and related functions. DevOps Secret Management module provides integration with the most used authenticators, as described in the following section.

OAuth 1.0 Authenticator

OAuth 1.0 is an authentication method that uses a set of Consumer Key, Consumer Secret, Access Token, and Token Secret to identify and authorize application access. When using OAuth 1.0 as an authentication method, make sure to select HMAC-SHA1 Signature Method and 1.0 Version. Also, ensure to provide a Timestamp, Nonce, and Signature since they are mandatory.

Configure OAuth 1.0

To use OAuth 1.0 as an authentication method for an application, follow the DevOps Secret Manager ➔ Applications ➔ Applications.

1. Edit or create an application and select OAuth 1.0 as the authentication method;
2. Provide the required data in case of a new application as mentioned in the Applications guide;
3. To finish, click on Save

 

When a resource needs to retrieve data from a secret, it can use its OAuth 1.0 tokens to request the information from senhasegura DSM. DSM will authorize the application to access its secrets if the data is valid.

OAuth 2.0 Authenticator

OAuth 2.0 is an authentication method that uses a Client ID and a Client Secret to request a time-limited token and access senhasegura resources. When using OAuth 2.0 as an authentication method, make sure to select Client Credentials Grant Type.

Configure OAuth 2.0 Authenticator

To use OAuth 2.0 as an authentication method for an application, follow the menu DevOps Secret Manager ➔ Applications ➔ Applications.

1. Edit or create an application and select OAuth 2.0 as the authentication method;
2. Provide the required data in case of a new application as mentioned in the Applications guide;
3. To finish, click on Save

 

When a resource needs to retrieve data from a secret, it can use its OAuth 2.0 clients to request a time-limited token and use it to request the information from senhasegura DSM. DSM will authorize the application to access its secrets if the token is valid.

AWS Authenticator

AWS is an authentication method that enables applications to retrieve stored data using AWS Access Keys ID and Secret Access Keys together with a unique key generated by senhasegura DSM.

Configure AWS Authenticator

To use AWS as an authentication method for an application, follow the menu DevOps Secret Manager ➔ Application ➔ Application.

1. Edit or create an application and select AWS as the authentication method;
2. On the Amazon AWS ARNs section, provide a valid credential ARN;
3. Provide the required data in case of a new application as mentioned in the Applications guide;
4. To finish, click on Save

 

When a resource needs to retrieve data from a secret, it can use its AWS Access Key ID, Secret Access Key, and a unique key generated by senhasegura DSM to request the information from senhasegura DSM. Once the request is sent, senhasegura will validate if the provided information matches based on the AWS ARNs configured in the application. If it does, DSM will authorize the application to access its secrets.