How to configure authenticators

  • 3 minute(s) read
Prev Next
Info

Although not recommended, it's possible to not include authenticators in your DSM application.

Configure OAuth 1.0

OAuth 1.0 is an authentication method that uses four tokens to identify and authorize access to an application. When opting for OAuth 1.0, it's crucial to choose HMAC-SHA1 as the signature method and 1.0 as the version. The Timestamp, Nonce, and Signature items are mandatory and must be provided.

To use this authentication method, access Products menu > DevOps Secret Manager > Application management > Applications and follow these steps:

  1. Edit or create an application.
  2. Select OAuth 1.0 as the authentication method.
  3. Provide the required data in case a new application as mentioned in the Application document.
  4. Click Save.
Attention

To ensure data integrity, always use a modern authentication method. Segura advises against using OAuth 1.0 due to its outdated security measures and recommends updating legacy applications to support modern authentication methods.

Configure OAuth 2.0

OAuth 2.0 is an authentication method that requires a Client ID and a Client Secret to obtain a token that allows access to Segura resources for a limited time. When using OAuth 2.0 as an authentication method, select Client Credentials as the Grant Type.

To use this authentication method, access Products menu > DevOps Secret Manager > Application management > Applications and follow these steps:

  1. Edit or create an application.
  2. Select OAuth 2.0 as the authentication method.
  3. Provide the required data in case a new application as mentioned in the Application document.
  4. Click Save.
Info

For OAuth 1.0 and OAuth 2.0, when a resource needs to access a secret, it can use its OAuth 1.0/OAuth 2.0 tokens to request information from Segura. If the data is valid, Segura will allow the application to interact with the DSM's secrets and authorizations.

Configure the AWS authenticator

Using AWS as the authentication method allows applications to retrieve stored data using the AWS Access Keys ID and Secret Access Keys with a unique key generated by Segura DSM.

To use this authentication method, access Products menu > DevOps Secret Manager > Application management > Applications and follow these steps:

  1. Edit or create an application.
  2. Select AWS as the authentication method.
  3. Provide the required data in case a new application as mentioned in the Application document.
  4. In the Amazon AWS ARN section, provide a valid credential ARN.
  5. Click Save.

The AWS ARN, or Amazon Resource Name, is a unique identifier assigned to resources within the Amazon Web Services (AWS) ecosystem. This identifier is used to accurately and securely identify and access resources on the AWS platform. The ARN comprises multiple fields that provide detailed information about the associated resource. The general structure of an ARN is as follows: arn:partition:service:region:account-id:resource-type/resource-id, where each field refers to:

  • arn: a fixed number that indicates that it's an Amazon Resource Name.
  • partition: represents the AWS partition where the resource is located.
  • service: indicates the AWS service to which the resource belongs.
  • region: specifies the geographical region in which the resource is located.
  • account-id: uniquely identifies the AWS account that owns the resource.
  • resource-type: identifies the specific resource within the service.
  • resource-id: identifies the resource. Indicates the name, ID, or resource path.
Info

It's possible for the AWS ARN to have only resource-type, only resource-id, or both. When it has both values, it will be presented as: arn:partition:service:region:account-id:resource-type:resource-id.

To access sensitive data, a resource can request access using its AWS Access Key ID, Secret Access Key, and a unique key generated by Segura DSM. This request is sent to Segura to verify whether the information provided matches the AWS ARNs configured in the application. Once the match is confirmed, Segura DSM grants the application authorization to access the secrets.

Info

The DSM uses Programmatic Access to verify that the information provided is valid. For more information on how to generate AWS Access Keys, access the AWS guide.

Do you still have questions? Reach out to the Segura Community.