How to configure authenticators
  • 3 minutes to read
  • Dark
    Light
  • PDF

How to configure authenticators

  • Dark
    Light
  • PDF

Article summary

Info

Although not recommended, it's possible to not include authenticators in your DSM application.

Configure OAuth 1.0

OAuth 1.0 is an authentication method that uses four tokens to identify and authorize access to an application. When opting for OAuth 1.0, it's crucial to choose HMAC-SHA1 as the signature method and 1.0 as the version. The Timestamp, Nonce, and Signature items are mandatory and must be provided.

To use this authentication method, access Grid Menu > DevOps Secret Manager > Applications > Applications and follow these steps:

  1. Edit or create an application.
  2. Select OAuth 1.0 as the authentication method.
  3. Provide the required data in case of a new application as mentioned in the Application document.
  4. Click Save.
Attention

To ensure data integrity, always use a modern authentication method. senhasegura advises against using OAuth 1.0 due to its outdated security measures and recommends updating legacy applications to support modern authentication methods.

Configure OAuth 2.0

OAuth 2.0 is an authentication method that requires a Client ID and a Client Secret to obtain a token that allows access to senhasegura resources for a limited time. When using OAuth 2.0 as an authentication method, select Client Credentials as the Grant Type.

To use this authentication method, access Grid Menu > DevOps Secret Manager > Applications > Applications and follow these steps:

  1. Edit or create an application.
  2. Select OAuth 2.0 as the authentication method.
  3. Provide the required data in case of a new application as mentioned in the Application document.
  4. Click Save.
Info

For OAuth 1.0 and OAuth 2.0, when a resource needs to access a secret, it can use its OAuth 1.0/OAuth 2.0 tokens to request information from senhasegura. If the data is valid, senhasegura will allow the application to interact with the DSM's secrets and authorizations.

Configure the AWS authenticator

Using AWS as the authentication method allows applications to retrieve stored data using the AWS Access Keys ID and Secret Access Keys with a unique key generated by senhasegura DSM.

To use this authentication method, access Grid Menu > DevOps Secret Manager > Applications > Applications and follow these steps:

  1. Edit or create an application.
  2. Select AWS as the authentication method.
  3. Provide the required data in case of a new application as mentioned in the Application document.
  4. In the Amazon AWS ARN section, provide a valid credential ARN.
  5. Click Save.

The AWS ARN, or Amazon Resource Name, is a unique identifier assigned to resources within the Amazon Web Services (AWS) ecosystem. This identifier is used to accurately and securely identify and access resources on the AWS platform. The ARN comprises multiple fields that provide detailed information about the associated resource. The general structure of an ARN is as follows: arn:partition:service:region:account-id:resource-type/resource-id, where each field refers to:

  • arn: a fixed number that indicates that it's an Amazon Resource Name.
  • partition: represents the AWS partition where the resource is located.
  • service: indicates the AWS service to which the resource belongs.
  • region: specifies the geographical region in which the resource is located.
  • account-id: uniquely identifies the AWS account that owns the resource.
  • resource-type: identifies the specific resource within the service.
  • resource-id: identifies the resource. Indicates the name, ID, or resource path.
Info

It's possible for the AWS ARN to have only resource-type, only resource-id, or both. When it has both values, it will be presented as: arn:partition:service:region:account-id:resource-type:resource-id.

To access sensitive data, a resource can request access using its AWS Access Key ID, Secret Access Key, and a unique key generated by senhasegura DSM. This request is sent to senhasegura to verify whether the information provided matches the AWS ARNs configured in the application. Once the match is confirmed, senhasegura DSM grants the application authorization to access the secrets.

Info

The DSM uses Programmatic Access to verify that the information provided is valid. For more information on how to generate AWS Access Keys, access the AWS guide.


Do you still have questions? Reach out to the senhasegura Community.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.