POST | Inject a secret

  • 1 minute(s) read
Prev Next

The Segura® API offers the ability to automatically inject credentials and secrets into configuration files in various environments. Using A2A (Application-to-Application) integration, organizations can update application secrets stored in various file formats, including YAML, JSON, XML, ENV, or INI, which supports both legacy systems and cloud-native workloads. Credential injection can be triggered by credential rotation, scheduled events, or on-demand API requests, eliminating the risks of hard-coded secrets and ensuring operational continuity.

Use Case

A financial services provider needs to regularly rotate the database and API credentials of its core applications without interruptions. Using the Segura API, the DevOps pipeline injects updated secrets directly into the .env files and Kubernetes YAML configurations during deployment. This procedure ensures that all services use only the latest credentials, without the need for manual intervention from developers or operators.

Important Notes

  1. Authentication: API requests must be authenticated using a Bearer token to ensure that only authorized users can perform injections or query status.
  2. Error Handling: the API returns specific HTTP status codes and detailed messages to aid in diagnosing problems, such as file format errors or injection failures.
  3. Compatibility: the API is designed to be compatible with popular CI/CD tools, facilitating integration into existing workflows.
  4. Injection Security: secret injection is performed securely, respecting defined security policies, and secrets are never unnecessarily exposed.
  5. Logs and Auditing: maintaining detailed logs of all injection events helps meet compliance requirements and facilitates security review

Request

  • Endpoint: POST /api/v4/injection/config-file
  • Authorization: Bearer {token}
{
  "target_path": "/etc/myapp/config.yaml",
  "secret_id": "db-prod-123",
  "file_type": "yaml",
  "injection_field": "db.password",
  "application": "myapp",
  "trigger_type": "rotation"
}

Response

{
  "status": "success",
  "message": "Secret injected and config file updated.",
  "timestamp": "2025-05-28T13:45:00Z"
}