Finished updating REST API documentation

2025-12-18 19:32:24 -06:00 · 2020-08-05 13:40:06 -04:00
parent 65af012d60
commit 73756f7483
4 changed files with 171 additions and 208 deletions
--- a/docs/rest-api/working-with-secrets.md
+++ b/docs/rest-api/working-with-secrets.md
@@ -1,16 +1,19 @@
 # Working with Secrets

-As with most other objects, the NetBox API can be used to create, modify, and delete secrets. However, additional steps are needed to encrypt or decrypt secret data.
+As with most other objects, the REST API can be used to view, create, modify, and delete secrets. However, additional steps are needed to encrypt or decrypt secret data.

 ## Generating a Session Key

 In order to encrypt or decrypt secret data, a session key must be attached to the API request. To generate a session key, send an authenticated request to the `/api/secrets/get-session-key/` endpoint with the private RSA key which matches your [UserKey](../../core-functionality/secrets/#user-keys). The private key must be POSTed with the name `private_key`.

-```
-$ curl -X POST http://localhost:8000/api/secrets/get-session-key/ \
-H "Authorization: Token c639d619ecbeb1f3055c4141ba6870e20572edd7" \
+```no-highlight
+$ curl -X POST http://netbox/api/secrets/get-session-key/ \
+-H "Authorization: Token $TOKEN" \
 -H "Accept: application/json; indent=4" \
 --data-urlencode "private_key@<filename>"
+```
+
+```json
 {
    "session_key": "dyEnxlc9lnGzaOAV1dV/xqYPV63njIbdZYOgnAlGPHk="
 }
@@ -19,94 +22,106 @@ $ curl -X POST http://localhost:8000/api/secrets/get-session-key/ \
 !!! note
    To read the private key from a file, use the convention above. Alternatively, the private key can be read from an environment variable using `--data-urlencode "private_key=$PRIVATE_KEY"`.

-The request uses your private key to unlock your stored copy of the master key and generate a session key which can be attached in the `X-Session-Key` header of future API requests.
+The request uses the provided private key to unlock your stored copy of the master key and generate a temporary session key, which can be attached in the `X-Session-Key` header of future API requests.

 ## Retrieving Secrets

 A session key is not needed to retrieve unencrypted secrets: The secret is returned like any normal object with its `plaintext` field set to null.

-```
-$ curl http://localhost:8000/api/secrets/secrets/2587/ \
-H "Authorization: Token c639d619ecbeb1f3055c4141ba6870e20572edd7" \
+```no-highlight
+$ curl http://netbox/api/secrets/secrets/2587/ \
+-H "Authorization: Token $TOKEN" \
 -H "Accept: application/json; indent=4"
+```
+
+```json
 {
    "id": 2587,
+    "url": "http://netbox/api/secrets/secrets/2587/",
    "device": {
        "id": 1827,
-        "url": "http://localhost:8000/api/dcim/devices/1827/",
+        "url": "http://netbox/api/dcim/devices/1827/",
        "name": "MyTestDevice",
        "display_name": "MyTestDevice"
    },
    "role": {
        "id": 1,
-        "url": "http://localhost:8000/api/secrets/secret-roles/1/",
+        "url": "http://netbox/api/secrets/secret-roles/1/",
        "name": "Login Credentials",
        "slug": "login-creds"
    },
    "name": "admin",
    "plaintext": null,
    "hash": "pbkdf2_sha256$1000$G6mMFe4FetZQ$f+0itZbAoUqW5pd8+NH8W5rdp/2QNLIBb+LGdt4OSKA=",
+    "tags": [],
+    "custom_fields": {},
    "created": "2017-03-21",
    "last_updated": "2017-03-21T19:28:44.265582Z"
 }
 ```

-To decrypt a secret, we must include our session key in the `X-Session-Key` header:
+To decrypt a secret, we must include our session key in the `X-Session-Key` header when sending the `GET` request:

-```
-$ curl http://localhost:8000/api/secrets/secrets/2587/ \
-H "Authorization: Token c639d619ecbeb1f3055c4141ba6870e20572edd7" \
+```no-highlight
+$ curl http://netbox/api/secrets/secrets/2587/ \
+-H "Authorization: Token $TOKEN" \
 -H "Accept: application/json; indent=4" \
 -H "X-Session-Key: dyEnxlc9lnGzaOAV1dV/xqYPV63njIbdZYOgnAlGPHk="
+```
+
+```json
 {
    "id": 2587,
+    "url": "http://netbox/api/secrets/secrets/2587/",
    "device": {
        "id": 1827,
-        "url": "http://localhost:8000/api/dcim/devices/1827/",
+        "url": "http://netbox/api/dcim/devices/1827/",
        "name": "MyTestDevice",
        "display_name": "MyTestDevice"
    },
    "role": {
        "id": 1,
-        "url": "http://localhost:8000/api/secrets/secret-roles/1/",
+        "url": "http://netbox/api/secrets/secret-roles/1/",
        "name": "Login Credentials",
        "slug": "login-creds"
    },
    "name": "admin",
    "plaintext": "foobar",
    "hash": "pbkdf2_sha256$1000$G6mMFe4FetZQ$f+0itZbAoUqW5pd8+NH8W5rdp/2QNLIBb+LGdt4OSKA=",
+    "tags": [],
+    "custom_fields": {},
    "created": "2017-03-21",
    "last_updated": "2017-03-21T19:28:44.265582Z"
 }
 ```

-Lists of secrets can be decrypted in this manner as well:
+Multiple secrets within a list can be decrypted in this manner as well:

-```
-$ curl http://localhost:8000/api/secrets/secrets/?limit=3 \
-H "Authorization: Token c639d619ecbeb1f3055c4141ba6870e20572edd7" \
+```no-highlight
+$ curl http://netbox/api/secrets/secrets/?limit=3 \
+-H "Authorization: Token $TOKEN" \
 -H "Accept: application/json; indent=4" \
 -H "X-Session-Key: dyEnxlc9lnGzaOAV1dV/xqYPV63njIbdZYOgnAlGPHk="
+```
+
+```json
 {
    "count": 3482,
-    "next": "http://localhost:8000/api/secrets/secrets/?limit=3&offset=3",
+    "next": "http://netbox/api/secrets/secrets/?limit=3&offset=3",
    "previous": null,
    "results": [
        {
            "id": 2587,
-            ...
            "plaintext": "foobar",
            ...
        },
        {
            "id": 2588,
-            ...
            "plaintext": "MyP@ssw0rd!",
            ...
        },
        {
            "id": 2589,
-            ...
            "plaintext": "AnotherSecret!",
            ...
        },
@@ -114,25 +129,44 @@ $ curl http://localhost:8000/api/secrets/secrets/?limit=3 \
 }
 ```

-## Creating Secrets
+## Creating and Updating Secrets

-Session keys are also used to decrypt new or modified secrets. This is done by setting the `plaintext` field of the submitted object:
+Session keys are required when creating or modifying secrets. The secret's `plaintext` attribute is set to its non-encrypted value, and NetBox uses the session key to compute and store the encrypted value.

-```
-$ curl -X POST http://localhost:8000/api/secrets/secrets/ \
+```no-highlight
+$ curl -X POST http://netbox/api/secrets/secrets/ \
 -H "Content-Type: application/json" \
-H "Authorization: Token c639d619ecbeb1f3055c4141ba6870e20572edd7" \
+-H "Authorization: Token $TOKEN" \
 -H "Accept: application/json; indent=4" \
 -H "X-Session-Key: dyEnxlc9lnGzaOAV1dV/xqYPV63njIbdZYOgnAlGPHk=" \
 --data '{"device": 1827, "role": 1, "name": "backup", "plaintext": "Drowssap1"}'
+```
+
+```json
 {
-    "id": 2590,
-    "device": 1827,
-    "role": 1,
+    "id": 6194,
+    "url": "http://netbox/api/secrets/secrets/9194/",
+    "device": {
+        "id": 1827,
+        "url": "http://netbox/api/dcim/devices/1827/",
+        "name": "device43",
+        "display_name": "device43"
+    },
+    "role": {
+        "id": 1,
+        "url": "http://netbox/api/secrets/secret-roles/1/",
+        "name": "Login Credentials",
+        "slug": "login-creds"
+    },
    "name": "backup",
-    "plaintext": "Drowssap1"
+    "plaintext": "Drowssap1",
+    "hash": "pbkdf2_sha256$1000$J9db8sI5vBrd$IK6nFXnFl+K+nR5/KY8RSDxU1skYL8G69T5N3jZxM7c=",
+    "tags": [],
+    "custom_fields": {},
+    "created": "2020-08-05",
+    "last_updated": "2020-08-05T16:51:14.990506Z"
 }
 ```

 !!! note
-    Don't forget to include the `Content-Type: application/json` header when making a POST request.
+    Don't forget to include the `Content-Type: application/json` header when making a POST or PATCH request.