Encrypted Text API

Updated 1 month ago by Michael Katz

This topic lists sample queries for CRUD operations that create, read, update, and delete Harness secrets that rely on encrypted text.

The ! following the type means that this field is required.

In this topic:

Before You Begin

Get a Secret

This sample retrieves an existing encrypted-text secret by its ID.

query{
secret(secretId:"mkijzQa3Z_yrgUVPAqwkNQ", secretType:ENCRYPTED_TEXT){
... on EncryptedText{
id
name
secretManagerId
usageScope{
appEnvScopes{
application{
filterType
appId
}
environment{
filterType
envId
}
}
}
}
}
}

Get a Secret by Name

This sample uses a secretByName query to retrieve an existing secret by its name.

query{
secretByName(name:"anz-csr-reader",secretType:ENCRYPTED_TEXT){
... on EncryptedText{
id
name
secretManagerId
}
}
}

This second sample adds elements to also retrieve the secret's Application and Environment scope.

query{
secretByName(name:"gcp-sergey", secretType:ENCRYPTED_TEXT){
... on EncryptedText{
id
name
secretManagerId
usageScope{
appEnvScopes{
application{
filterType
appId
}
environment{
filterType
envId
}
}
}
}
}
}

Get Secrets Manager IDs

To create a secret, you need the secrets manager's Harness ID (secretManagerId). This sample retrieves 10 secrets managers' IDs and names.

query{
secretManagers(limit:10, offset:2){
nodes{
id
name
}
}
}

This sample uses a secretManagerByName query to retrieve the secretManagerId of a secret manager whose name you know.

query{
secretManagerByName(name: "Vault_App_Role"){
secretManagerId
name
}
}

This sample retrieves the name of a secrets manager whose ID you know.

query{
secretManager(secretManagerId: "LP8GWIE4R1efLKCnyj3EOw"){
id
name
}
}

Create an Encrypted Text Secret

This sample creates a secret. The required CreateSecretInput input must include a SecretType.

mutation($secret: CreateSecretInput!){
createSecret(input: $secret){
secret{
id,
name
... on EncryptedText{
name
secretManagerId
id
}
usageScope{
appEnvScopes{
application{
filterType
appId
}
environment{
filterType
envId
}
}
}
}
}
}

Query Variables: Inline Value

For the above query, these sample variables specify the SecretType, and include an inline name value.

{
"secret": {
"secretType": "ENCRYPTED_TEXT",
"encryptedText": {
"name": "azure-secrets",
"value": "000-azure-b22",
"secretManagerId": "kmpySmUISimoRrJL6NL73w",
"usageScope": {
"appEnvScopes": [{
"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "PRODUCTION_ENVIRONMENTS"
}
}]
}
}
}
}

Query Variables: Reference

These sample variables specify the SecretType, but provide the name value by reference.

{
"secret": {
"secretType": "ENCRYPTED_TEXT",
"encryptedText": {
"name": "azure-secret-reference",
"secretReference": "000-azure-b22",
"secretManagerId": "EeokrL4TQoGLXkT-9F9mpw",
"usageScope": {
"appEnvScopes": [{
"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "NON_PRODUCTION_ENVIRONMENTS"
}
}]
}
}
}
}

Update a Secret

This sample updates an existing secret. The required UpdateSecretInput input must supply an id and a secretType.

mutation($secret: UpdateSecretInput!){
updateSecret(input: $secret){
secret{
id,
name
... on EncryptedText{
name
secretManagerId
id
}
usageScope{
appEnvScopes{
application{
filterType
appId
}
environment{
filterType
envId
}
}
}
}
}
}

Query Variables: Inline Value

{
"secret": {
"secretId": "5ZeVqBUjSCS5gVJH9viAqw",
"secretType": "ENCRYPTED_TEXT",
"encryptedText": {
"name": "azure-secrets",
"value": "000-azure-b22",
"usageScope": {
"appEnvScopes": [{
"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "PRODUCTION_ENVIRONMENTS"
}
}]
}
}
}
}

Query Variables: Reference

{
"secret": {
"secretId": "5ZeVqBUjSCS5gVJH9viAqw",
"secretType": "ENCRYPTED_TEXT",
"encryptedText": {
"name": "azure-secret-update",
"secretReference": "000-azure-b22",
"usageScope": {
"appEnvScopes": [{
"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "PRODUCTION_ENVIRONMENTS"
}
}]
}
}
}
}

Delete a Secret

This sample deletes a specified secret. The required DeleteSecretInput input must supply a secretId and a secretType.

mutation($secret: DeleteSecretInput!){
deleteSecret(input: $secret)
}

Query Variables

Here are query variables for the above deleteSecret operation.

{
"secret": {
"secretId": "cHP3nO_fTt2pWhjzu_lMLw",
"secretType": "ENCRYPTED_TEXT"
}
}


How did we do?