Hi All,
Would like to know the best methods for rotating host API token frequently, can the host rotate itself the API token using API call to the master/ lead, can you suggest how to implement this requirement.
Kr,
Gautam
Hi All,
Would like to know the best methods for rotating host API token frequently, can the host rotate itself the API token using API call to the master/ lead, can you suggest how to implement this requirement.
Kr,
Gautam
Hi,
The host itself can rotate it’s own API key, using the Rotate Personal API Key endpoint.
Please let me know if this answers your question.
Hello Shlomo Heigh,
Thank you, here we have created a host and added to the layer under the policy, while trying to do getting “HTTP/1.1 401 Unauthorized” and below is the policy
Able to rotate the password even authenticated as admin user. Do I miss any privileges for the host here ?
!layer
&Application-resources
!grant
role: !layer
members: *Application-resources
So you’re logged in as hostid-test
and are trying to rotate the api key using PUT /authn/{account}/api_key
. Are you passing the hostid and current API key in the Authorization header using HTTP Basic Auth?
Yes, have authenticated as hostid-test using conjur-cli and trying to rotate its own API token.
Step1 : conjur authn login > use hostid-test login credentails
Step2 :
curl --request PUT --data “”
–user host/hostid-test:xxxxxxxxxxxx!
https:///authn//api_key
The code you show posted work, assuming that the host id is hostid-test
and the current API key is xxxxxxxxxxxx!
, and assuming https:///authn//api_key
is actually https://<conjur_url>/authn/<account>/api_key
. Can you please confirm those values?
Hi,
Here are the things done,
Login as host identity through conjur-cli
$ conjur authn login
Enter your username to log into Conjur: host/xxxxx/hostid-test
Please enter your password (it will not be echoed):
Logged in
API call to change the API token,
$ curl -v --request PUT --data “”
–user host/axxxx/hostid-test:fjklaaaa!
https://conjur-master/authn/abc/api_key
Result:
< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Tue, 07 Mar 2023 08:07:37 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
Kr,
Gautam
Can you please confirm that the !
is part of the api key? The example in the documentation has an exclamation point in it but that’s meant to be part of the password or api key which should be replaced with the actual value.
Hi,
Thanks alot and it has sorted the problem, I did added to the end of the password creating the problem.
Kr,
Gautam