The Segura SDK for Java makes it easy for developers to access the Segura services in their code and build robust applications and software using the Segura PAM and DSM services. The services include Credentials, Devices, and DevOps Secret Management.
Requirements
To run the SDK, your system will need to meet the minimum requirements, including having java jdk >= 8. It’s also necessary to get an application token for OAuth 2.0 standard authorization with the system administrator.
Information
- Local caching: all information is stored in a local cache to reduce the response time of requests. The data is encrypted before storage to ensure security.
- Credentials: the credential object provides a set of methods for querying and registering credentials.
Create a CredentialClient
To instantiate a credential client, use the CredentialClient class.
You'll have to provide the following parameters:
- PAM URL.
client_ID.client_secret.
import Segura;
// Instantiate a credential client.
CredentialClient client = new CredentialClient(
"https://cofre.Segura.com", // PAM URL
"7e02a0e07eef10e73f56585a9a505fb2e", // OAuth 2.0 Application Client ID
"431eaba0fb56bf360272b54892" // OAuth 2.0 Application Client Secret
);
Create or update a credential
Use the Save method to create or update a credential. If you find a credential with the provided parameters, you’ll change it; if not, you’ll create a new credential.
Method signature
public void Save(String hostname, String ip, String identifier, String username) { ... }
Parameters required
| Parameter | Type | Example | Description |
|---|---|---|---|
hostname |
String | mycredential02 |
Hostname of the credential |
ip |
String | 22.13.50.71 |
IP address |
identifier |
String | 5 |
Credential identifier |
username |
String | credential05 |
Username |
Example: save a credential
client.Save("mycredential02","22.13.50.71", "5", "credential05");
Search for a registered credential
Use the Get method to query a single credential. Method signature:
public Credential Get(String hostname, String ip, String username) { ... }
Parameters available for filtering
| Parameter | Type | Example | Description |
|---|---|---|---|
hostname |
String | mycredential02 | Hostname of the credential (optional) |
ip |
String | 22.13.50.71 | IP address (optional) |
username |
String | credential05 | Username (optional) |
Example: search the credential credential05 from the device with hostname mycredential02
Credential credential = client.Get("mycredential02", "", "credential05");
List credentials
Use the Fetch method to query a list of credentials.
Method signature
public ArrayList<Credential> Fetch(String hostname, String ip, String username, String all) { ... }
Parameters available for filter
| Parameter | Type | Example | Description |
|---|---|---|---|
hostname |
String | mycredential02 | Hostname of the credential (optional) |
ip |
String | 22.13.50.71 | IP address of the credential (optional) |
username |
String | credential05 | Username of the credential (optional) |
all |
String | credential05 | Searches the value in the fields hostname, ip, or username (optional) |
Example 1: list all credentials
ArrayList<Credential> credentials = client.Fetch();
Example 2: list all credentials from the device with hostname mycredential02
ArrayList<Credential> credentials = client.Fetch("mycredential02", "", "", "");
Deactivate a credential
Use the Disable method to inactivate a credential.
Method signature
private void Disable(String hostname, String ip, String username) { ... }
Parameters available for filtering
| Parameter | Type | Example | Description |
|---|---|---|---|
hostname |
String | mycredential02 | Hostname of the credential (optional) |
ip |
String | 22.13.50.71 | IP address (optional) |
username |
String | credential05 | Username (optional) |
Example: deactivate the credential credential05 from the device with hostname mycredential02
client.Disable("mycredential02","","credential05" );
Devices
The device object provides a set of methods for querying and registering devices.
Create a DeviceClient
To instantiate a device client, use the DeviceClient class.
You will have to provide the following parameters:
- Vault URL.
client_IDclient_secret.
import Segura;
// Instantiate a device client.
DeviceClient device = new DeviceClient(
"https://cofre.Segura.com", // URL
"7e02a0e07eef10e73f56585a9a505fb2e", // OAuth 2.0 Application
"431eaba0fb56bf360272b54892" // OAuth 2.0 Application Client
);
Create or update a device
Use the Save method to create or update a device. If a device with the provided parameters is found, it will be changed; otherwise, a new device will be created.
Method signature
public void Save(String hostname, String ip, String site, String model, String vendor, String type) { ... }
Parameters required
| Parameter | Type | Example | Description |
|---|---|---|---|
hostname |
String | mydevice02 | Hostname of the device |
ip |
String | 22.13.50.71 | IP address of the device |
site |
String | AWS | Site or location of the device |
model |
String | CentOS 7 | Model or OS version of the device |
vendor |
String | CentOS | Vendor or manufacturer of the device |
type |
String | Server | Type of device (should be an existing one) |
Example: save a device
client.Save("mydevice02","22.13.50.71","AWS","CentOS 7","CentOS", "Server");
Search for a registered device
Use the Get method to query a single device.
Method signature
public Device Get(String identifier) { ... }
Required parameter for filter
| Parâmetro | Tipo | Exemplo | Descrição |
|---|---|---|---|
identifier |
String | localhost |
Hostname ou ID do dispositivo a consultar |
Example: search the localhost hostname device
Device device = client.Get("localhost");
List devices
Use the Fetch method to query a list of devices. Method signature:
public ArrayList<Device> Fetch(String hostname, String ip, String type, String vendor, String model, { ... }
Parameters available for filtering
| Parameter | Type | Example | Description |
|---|---|---|---|
hostname |
String | mydevice02 | Hostname of the device (optional) |
ip |
String | 22.13.50.71 | IP address of the device (optional) |
type |
String | Server | Type of the device (optional) |
vendor |
String | CentOS | Vendor of the device (optional) |
model |
String | CentOS 7 | Model of the device (optional) |
site |
String | AWS | Site or location (optional) |
Example 1: listing all devices
ArrayList<Device> devices = client.Fetch();
Example 2: list devices of type server
ArrayList<Device> devices = client.Fetch("server");
Deactivate a device
Use the Disable method to inactivate a device.
Method signature
private void Disable(String identifier) { ... }
Required parameters for filter
| Parâmetro | Tipo | Exemplo | Descrição |
|---|---|---|---|
identifier |
String | localhost |
Hostname ou ID do dispositivo a consultar |
Example: Inactivate the localhost hostname device
client.Disable("localhost");
Devops secret management
The DSM object provides a set of methods for registering an application and managing its secrets and variables.
Creating a dsm client
To instantiate an application client, use the ApplicationClient class.
You’ll have to provide the following parameters:
- Vault URL.
client_ID.client_secret.
import Segura;
ApplicationClient client = new ApplicationClient(
"https://cofre.Segura.com", // PAM URL
"7e02a0e07eef10e73f56585a9a505fb2e", // OAuth 2.0 A
"431eaba0fb56bf360272b54892" // OAuth 2.0 Applicati
);
Create or update an application
Use the Save method to create or update the application. If the client has an application with the combination of application, system, and environment, it will be changed; otherwise, a new application or authorization will be created. If the application has dynamic provisioning enabled, the target will automatically provision a secret.
Method signature
public void Save(String application, String system, String environment, String unique_key) { ... }
Parameters required
| Parameter | Type | Example | Description |
|---|---|---|---|
application |
String | checkout | Application name |
system |
String | ecommerce | System to which the app belongs |
environment |
String | production | Application environment |
Optional parameter
| Parameter | Type | Example | Description |
|---|---|---|---|
unique_key |
String | checkout_auth01 | Unique key for the application |
Example: save an application
client.Save("checkout", "ecommerce", "production","");
Get the client application info and secrets
Use the Get method to return the client application information.
Application application = client.Get();
Method signature
public Application Get() { ... }
Example: get the application information and secrets
Application application = client.Get();
Register application secrets
Use the RegisterSecret method to register the application secrets.
Method signature:
public void RegisterSecret(String secret_type, String access_keys, String key_value, String credential { ... }
Required parameter
| Parameter | Type | Possible Values | Description |
|---|---|---|---|
secret_type |
String | access_key, key_value, credential, certificate, ssh_key |
Type of secret to register. |
Other required parameters (depend on the secret_type)
| Parameter | Type | Applies to secret_type |
Description |
|---|---|---|---|
access_keys |
String | access_key |
Access keys for the secret |
key_value |
ArrayList<HashMap.SimpleEntry<>> | key_value |
Key-value pairs for the secret |
credentials |
String | credential |
Credentials for the secret |
certificate |
String | certificate |
Certificate for the secret |
ssh_key |
String | ssh_key |
SSH key for the secret |
Example: create an application secret (for key_value type)
client.RegisterSecret("key_value", "access_keys", new ArrayList<HashMap.SimpleEntry<String, String>>() {{
add(new HashMap.SimpleEntry<>("key1", "val1"));
add(new HashMap.SimpleEntry<>("key2", "val2"));
add(new HashMap.SimpleEntry<>("key3", "val3"));
}}, "", "", "");
Register application variables
Use the RegisterVariables method to register the application variables
Method signature
public void RegisterVariables(String env, String helm, String map) { ... }
Parameters required
| Parameter | Type | Description |
|---|---|---|
env |
String | Environment variables for the application |
helm |
String | Application helm |
map |
String | Variables map |
Example: register the application variables
client.RegisterVariables("PATH=C:\\,SHELL=cmd","helm", "map");
Delete the application authorization
Use the Delete method to delete the client application authorization. If dynamic provisioning is enabled for the application, all secrets will be unprovisioned automatically.
Method signature
public void Delete() { ... }
Example: delete the client application authorization
client.Delete();