Virtual HSM
Home
  • Virtual HSM
  • Documentation
    • What is Virtual HSM?
    • Use Case: Attested Secret Provisioning in the Cloud
    • Setup
      • Install
      • vHSM Server Configuration
        • Parameters
        • vHSM Telemetry Parameters
      • vHSM Agent
        • Agent Configuration
      • vHSM Proxy
        • Proxy Configuration
    • Get Started
      • Start the Vault server
      • MariaDB root admin password provisioning on Azure DCXas_v5 VM
    • Supported Cloud Configurations
  • Tutorials
    • Deploying the vhsm Container on an EC2 Instance
    • CLI quickstart
    • vHSM Agent quickstart
    • vHSM Proxy quickstart
    • Passing vHSM secrets using ConfigMaps
    • Provisioning MariaDB Password on Azure DCXas_v5 VM
    • Registering a buckypaper plugin
    • Monitoring vHSM with Grafana
  • Integration with Utimaco SecurityServer
    • Integrate enclaive vHSM with Utimaco HSM
  • API
    • Auth
    • Default
    • Secrets
    • System
    • Identity
    • Models
  • vHSM CLI
    • Server and Infrastructure Management
      • vhsm server
      • vhsm proxy
      • vhsm monitor
      • vhsm status
      • vhsm agent
    • Secret Management
      • vhsm read
      • vhsm write
      • vhsm delete
      • vhsm list
      • vhsm secrets
        • vhsm secrets enable
        • vhsm secrets disable
        • vhsm secrets list
        • vhsm secrets move
        • vhsm secrets tune
      • vhsm unwrap
    • Configuration and Management
      • vhsm plugin
        • vhsm plugin info
        • vhsm plugin deregister
        • vhsm plugin list
        • vhsm plugin register
        • vhsm plugin reload
        • vhsm plugin reload-status
      • vhsm namespace
      • vhsm operator
      • vhsm print
      • vhsm path-help
      • vhsm lease
    • Auditing and Debugging
      • vhsm audit
      • vhsm debug
    • Attestation
    • Security and Encryption
      • vhsm pki
        • vhsm pki health-check
        • vhsm pki issue
        • vhsm pki list-intermediates
        • vhsm pki reissue
        • vhsm pki verify-sign
      • vhsm transit
      • vhsm ssh
      • vhsm transform
    • Authentication and Authorization
      • vhsm login
      • vhsm auth
      • vhsm token
      • vhsm policy
    • Storage and Data Mangement
      • vhsm kv
      • vhsm patch
    • vhsm version
      • vhsm version-history
  • Troubleshooting
    • CA Validity Period
    • CRL Validity Period
    • Root Certificate Issued Non-CA Leaves
    • Role Allows Implicit Localhost Issuance
    • Role Allows Glob-Based Wildcard Issuance
    • Performance Impact
    • Accessibility of Audit Information
    • Allow If-Modified-Since Requests
    • Auto-Tidy Disabled
    • Tidy Hasn't Run
    • Too Many Certificates
    • Enable ACME Issuance
    • ACME Response Headers Configuration
  • Resources
    • Community
    • GitHub
    • Youtube
    • CCx101 wiki
Powered by GitBook
On this page

Was this helpful?

  1. API

Default

PreviousAuthNextSecrets

Was this helpful?

Delete a configuration for the given MFA method

delete
Path parameters
method_idstringRequired

The unique identifier for this MFA method.

Responses
204
Successfully deleted. No content returned.
400
Bad Request – Invalid method ID format.
application/json
403
Forbidden – Insufficient permissions.
application/json
500
Internal Server Error
application/json
delete
DELETE /v1/identity/mfa/method/duo/{method_id} HTTP/1.1
Host: localhost:8200
Accept: */*

No content

Retrieve the configuration of the specified Duo MFA method.

get

This operation retrieves the configuration details of the Duo MFA method identified by the name parameter.

Path parameters
namestringRequired

The name of the Duo MFA method configuration.

Responses
200
Successfully retrieved the Duo MFA method configuration.
application/json
Responseany
404
The specified Duo MFA method configuration was not found.
application/json
500
Internal server error while retrieving the Duo MFA method configuration.
application/json
get
GET /v1/sys/mfa/method/duo/{name} HTTP/1.1
Host: localhost:8200
Accept: */*
{
  "name": "duo",
  "type": "duo",
  "details": {
    "integration_key": "integration_key_value",
    "secret_key": "secret_key_value"
  }
}

Delete the specified Duo MFA method.

delete

This operation deletes the Duo MFA method configuration identified by the name parameter.

Path parameters
namestringRequired

The name of the Duo MFA method configuration.

Responses
204
Successfully deleted the Duo MFA method configuration. The body is empty.
400
Bad request. The `name` parameter is invalid.
application/json
404
The specified Duo MFA method configuration was not found.
application/json
500
Internal server error while deleting the Duo MFA method configuration.
application/json
delete
DELETE /v1/sys/mfa/method/duo/{name} HTTP/1.1
Host: localhost:8200
Accept: */*

No content

Lock the API at a specific namespace path.

post
Path parameters
pathstringRequired
Body
Responses
200
OK
application/json
400
Bad Request
application/json
500
Internal Server Error
application/json
post
POST /v1/sys/namespaces/api-lock/lock/{path} HTTP/1.1
Host: localhost:8200
Accept: */*
{
  "success": true
}
  • POSTCreate Token
  • GETRead the current configuration for the given MFA method
  • DELETEDelete a configuration for the given MFA method
  • GETRetrieve the configuration of the specified Duo MFA method.
  • POSTModify the specified Duo MFA method configuration.
  • DELETEDelete the specified Duo MFA method.
  • POSTLock the API at a specific namespace path.

Read the current configuration for the given MFA method

get
Path parameters
method_idstringRequired

The unique identifier for this MFA method.

Responses
200
Successfully retrieved Duo MFA configuration
application/json
Responseany
400
Bad Request – Invalid method ID format.
application/json
403
Forbidden – Access denied to this configuration.
application/json
500
Internal Server Error
application/json
tags
get
GET /v1/identity/mfa/method/duo/{method_id} HTTP/1.1
Host: localhost:8200
Accept: */*
{
  "method_id": "duo-primary",
  "method": "duo",
  "enabled": true,
  "integration_key": "DIXXXXXXXXXXXXXXXXXX",
  "api_hostname": "api-XXXXXXX.duosecurity.com",
  "description": "Primary Duo MFA config for admins"
}

Create Token

post

Creates a new token. Certain options are only available when called by a root or sudo-capable token. If used with a role name in the path, the token will be created against the specified role name.

Body
idstringOptional

Custom client token ID (root only). Cannot contain "." or start with "s.".

role_namestringOptional

Name of the token role.

policiesstring[]Optional

Policies to assign to the token.

no_parentbooleanOptional

If true, creates an orphan token. Requires root or sudo.

Default: false
no_default_policybooleanOptional

If true, excludes the default policy.

Default: false
renewablebooleanOptional

Whether the token can be renewed.

Default: true
leasestringOptionalDeprecated

Deprecated. Use ttl instead.

ttlstringOptional

TTL (e.g., "1h").

typestring · enumOptional

Token type.

Possible values:
explicit_max_ttlstringOptional

Explicit max TTL that cannot be exceeded.

display_namestringOptional

Display name for the token.

Default: token
num_usesintegerOptional

Max number of uses. 0 means unlimited.

Default: 0
periodstringOptional

Periodic renewal interval. Requires root or sudo.

entity_aliasstringOptional

Entity alias to associate with (must be allowed in role).

Responses
200
Token created successfully
application/json
400
Bad Request – The input is malformed or missing required fields.
application/json
403
Forbidden – The requester's token lacks sufficient privileges
application/json
post
POST /v1/auth/token/create HTTP/1.1
Host: localhost:8200
Content-Type: application/json
Accept: */*
Content-Length: 80

{
  "policies": [
    "web",
    "stage"
  ],
  "meta": {
    "user": "armon"
  },
  "ttl": "1h",
  "renewable": true
}
{
  "request_id": "f00341c1-fad5-f6e6-13fd-235617f858a1",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": null,
  "wrap_info": null,
  "warnings": [
    "Policy \"stage\" does not exist",
    "Policy \"web\" does not exist"
  ],
  "auth": {
    "client_token": "s.wOrq9dO9kzOcuvB06CMviJhZ",
    "accessor": "B6oixijqmeR4bsLOJH88Ska9",
    "policies": [
      "default",
      "stage",
      "web"
    ],
    "token_policies": [
      "default",
      "stage",
      "web"
    ],
    "metadata": {
      "user": "armon"
    },
    "lease_duration": 3600,
    "renewable": true,
    "entity_id": "",
    "token_type": "service",
    "orphan": false,
    "num_uses": 0
  }
}

Modify the specified Duo MFA method configuration.

post

This operation modifies the configuration of the Duo MFA method identified by the name parameter. It requires the user to provide the new configuration details in the request body.

Path parameters
namestringRequired

The name of the Duo MFA method configuration.

Body
anyOptional
Responses
200
Successfully updated the Duo MFA method configuration.
400
Bad request. The provided configuration is invalid.
application/json
404
The specified Duo MFA method configuration was not found.
application/json
500
Internal server error while modifying the Duo MFA method configuration.
application/json
post
POST /v1/sys/mfa/method/duo/{name} HTTP/1.1
Host: localhost:8200
Content-Type: application/json
Accept: */*
Content-Length: 109

{
  "name": "duo",
  "type": "duo",
  "details": {
    "integration_key": "new_integration_key",
    "secret_key": "new_secret_key"
  }
}

No content