How to configure authenticators

Configure OAuth 1.0

OAuth 1.0 is an authentication method that uses four tokens to identify and authorize access to an application. When opting for OAuth 1.0, it's crucial to choose HMAC-SHA1 as the signature method and 1.0 as the version. The Timestamp, Nonce, and Signature items are mandatory and must be provided.

To use this authentication method, access Grid Menu > DevOps Secret Manager > Applications > Applications and follow these steps:

1. Edit or create an application.
2. Select OAuth 1.0 as the authentication method.
3. Provide the required data in case of a new application as mentioned in the Application document.
4. Click Save.

Configure OAuth 2.0

OAuth 2.0 is an authentication method that requires a Client ID and a Client Secret to obtain a token that allows access to senhasegura resources for a limited time. When using OAuth 2.0 as an authentication method, select Client Credentials as the Grant Type.

To use this authentication method, access Grid Menu > DevOps Secret Manager > Applications > Applications and follow these steps:

1. Edit or create an application.
2. Select OAuth 2.0 as the authentication method.
3. Provide the required data in case of a new application as mentioned in the Application document.
4. Click Save.

Configure the AWS authenticator

Using AWS as the authentication method allows applications to retrieve stored data using the AWS Access Keys ID and Secret Access Keys with a unique key generated by senhasegura DSM.

To use this authentication method, access Grid Menu > DevOps Secret Manager > Applications > Applications and follow these steps:

1. Edit or create an application.
2. Select AWS as the authentication method.
3. Provide the required data in case of a new application as mentioned in the Application document.
4. In the Amazon AWS ARN section, provide a valid credential ARN.
5. Click Save.

The AWS ARN, or Amazon Resource Name, is a unique identifier assigned to resources within the Amazon Web Services (AWS) ecosystem. This identifier is used to accurately and securely identify and access resources on the AWS platform. The ARN comprises multiple fields that provide detailed information about the associated resource. The general structure of an ARN is as follows: arn:partition:service:region:account-id:resource-type/resource-id, where each field refers to:

• arn: a fixed number that indicates that it's an Amazon Resource Name.
• partition: represents the AWS partition where the resource is located.
• service: indicates the AWS service to which the resource belongs.
• region: specifies the geographical region in which the resource is located.
• account-id: uniquely identifies the AWS account that owns the resource.
• resource-type: identifies the specific resource within the service.
• resource-id: identifies the resource. Indicates the name, ID, or resource path.

To access sensitive data, a resource can request access using its AWS Access Key ID, Secret Access Key, and a unique key generated by senhasegura DSM. This request is sent to senhasegura to verify whether the information provided matches the AWS ARNs configured in the application. Once the match is confirmed, senhasegura DSM grants the application authorization to access the secrets.

Do you still have questions? Reach out to the senhasegura Community.