- 3 minutes to read
- Print
- DarkLight
- PDF
How to configure authenticators
- 3 minutes to read
- Print
- DarkLight
- PDF
Although not recommended, it's possible to not include authenticators in your DSM application.
Configure OAuth 1.0
OAuth 1.0 is an authentication method that uses four tokens to identify and authorize access to an application. When opting for OAuth 1.0, it's crucial to choose HMAC-SHA1
as the signature method and 1.0 as the version. The Timestamp
, Nonce
, and Signature
items are mandatory and must be provided.
To use this authentication method, access Grid Menu > DevOps Secret Manager > Applications > Applications and follow these steps:
- Edit or create an application.
- Select OAuth 1.0 as the authentication method.
- Provide the required data in case of a new application as mentioned in the Application document.
- Click Save.
To ensure data integrity, always use a modern authentication method. senhasegura advises against using OAuth 1.0 due to its outdated security measures and recommends updating legacy applications to support modern authentication methods.
Configure OAuth 2.0
OAuth 2.0 is an authentication method that requires a Client ID
and a Client Secret
to obtain a token that allows access to senhasegura resources for a limited time. When using OAuth 2.0 as an authentication method, select Client Credentials as the Grant Type.
To use this authentication method, access Grid Menu > DevOps Secret Manager > Applications > Applications and follow these steps:
- Edit or create an application.
- Select OAuth 2.0 as the authentication method.
- Provide the required data in case of a new application as mentioned in the Application document.
- Click Save.
For OAuth 1.0 and OAuth 2.0, when a resource needs to access a secret, it can use its OAuth 1.0/OAuth 2.0 tokens to request information from senhasegura. If the data is valid, senhasegura will allow the application to interact with the DSM's secrets and authorizations.
Configure the AWS authenticator
Using AWS as the authentication method allows applications to retrieve stored data using the AWS Access Keys ID
and Secret Access Keys
with a unique key generated by senhasegura DSM.
To use this authentication method, access Grid Menu > DevOps Secret Manager > Applications > Applications and follow these steps:
- Edit or create an application.
- Select AWS as the authentication method.
- Provide the required data in case of a new application as mentioned in the Application document.
- In the Amazon AWS ARN section, provide a valid credential ARN.
- Click Save.
The AWS ARN, or Amazon Resource Name, is a unique identifier assigned to resources within the Amazon Web Services (AWS) ecosystem. This identifier is used to accurately and securely identify and access resources on the AWS platform. The ARN comprises multiple fields that provide detailed information about the associated resource. The general structure of an ARN is as follows: arn:partition:service:region:account-id:resource-type/resource-id
, where each field refers to:
arn
: a fixed number that indicates that it's an Amazon Resource Name.partition
: represents the AWS partition where the resource is located.service
: indicates the AWS service to which the resource belongs.region
: specifies the geographical region in which the resource is located.account-id
: uniquely identifies the AWS account that owns the resource.resource-type
: identifies the specific resource within the service.resource-id
: identifies the resource. Indicates the name, ID, or resource path.
It's possible for the AWS ARN to have only resource-type
, only resource-id
, or both. When it has both values, it will be presented as: arn:partition:service:region:account-id:resource-type:resource-id
.
To access sensitive data, a resource can request access using its AWS Access Key ID
, Secret Access Key
, and a unique key
generated by senhasegura DSM. This request is sent to senhasegura to verify whether the information provided matches the AWS ARNs configured in the application. Once the match is confirmed, senhasegura DSM grants the application authorization to access the secrets.
The DSM uses Programmatic Access to verify that the information provided is valid. For more information on how to generate AWS Access Keys, access the AWS guide.
Do you still have questions? Reach out to the senhasegura Community.