Get started
Yandex Lockbox

Method get

Returns the specified secret.

To get the list of all available secrets, make a list request.
Use get to get the payload (confidential data themselves) of the secret.

HTTP request

GET https://lockbox.api.cloud.yandex.net/lockbox/v1/secrets/{secretId}

Path parameters

Parameter Description
secretId Required. ID of the secret to return. To get a secret ID make a [List] request. The maximum string length in characters is 50.

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "folderId": "string",
  "createdAt": "string",
  "name": "string",
  "description": "string",
  "labels": "object",
  "kmsKeyId": "string",
  "status": "string",
  "currentVersion": {
    "id": "string",
    "secretId": "string",
    "createdAt": "string",
    "destroyAt": "string",
    "description": "string",
    "status": "string",
    "payloadEntryKeys": [
      "string"
    ]
  },
  "deletionProtection": true
}

A secret that may contain several versions of the payload.

Field Description
id string

ID of the secret.
folderId string

ID of the folder that the secret belongs to.
createdAt string (date-time)

Creation timestamp.

String in RFC3339 text format.
name string

Name of the secret.
description string

Description of the secret.
labels object

Custom labels for the secret as key:value pairs. Maximum 64 per key.
kmsKeyId string

Optional ID of the KMS key will be used to encrypt and decrypt the secret.
status string

Status of the secret.

  • CREATING: The secret is being created.
  • ACTIVE: The secret is active and the secret payload can be accessed.

Can be set to INACTIVE using the deactivate method.

  • INACTIVE: The secret is inactive and unusable.

Can be set to ACTIVE using the deactivate method.
currentVersion object

Current (i.e. the latest) version of the secret.
currentVersion.
id		 string

ID of the version.
currentVersion.
secretId		 string

ID of the secret that the version belongs to.
currentVersion.
createdAt		 string (date-time)

Time when the version was created.

String in RFC3339 text format.
currentVersion.
destroyAt		 string (date-time)

Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

String in RFC3339 text format.
currentVersion.
description		 string

Description of the version.
currentVersion.
status		 string

Status of the secret.

  • ACTIVE: The version is active and the secret payload can be accessed.
  • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the destroyAt field.
  • DESTROYED: The version is destroyed and cannot be recovered.
currentVersion.
payloadEntryKeys[]		 string

Keys of the entries contained in the version payload.
deletionProtection boolean (boolean)

Flag that inhibits deletion of the secret.
In this article: