Enclaive Documentation
  • Overview
    • What is Nitride
    • How Nitride Works
  • Install Nitride
    • Using Docker Container
    • Using Helm
  • Tutorials
    • Build a Secure CI/CD Pipeline for Kubernetes Using GitHub Actions and Hashicorp Vault
    • Attesting Workloads
      • Attesting Buckypaper VM
      • Attesting Containers
      • Attesting Serverless Functions
    • Add Audit Trail for Workloads
    • Enable Data Encryption on Your Enclaive DB Instance
  • Use-cases
    • Attested Access to KMS
    • Attested Access to Databases
    • Compliance and Auditing
    • Access Control for Containers
  • Concepts
    • Attestation
    • Auditing and Reporting
    • Authorization
    • enclaivelet
    • Principle of Least Privilege
    • Workload Identity Access Management
  • Troubleshooting
  • Nitride API Reference
    • TOTP
Powered by GitBook
On this page
  • Create a new TOTP
  • Deleting an existing TOTP
  1. Nitride API Reference

TOTP

API for creating and deleting Time-based One-Time Password or TOTP.

PreviousNitride API Reference

Last updated 3 months ago

TOTP are used to generate unique, temporary passwords as an added layer of protection when accessing sensitive keys or credentials from Nitride.

There are 2 API operations available for TOTP:

  1. PUT -

  2. DELETE -

Create a new TOTP

PUT /v1/auth/ratls/totp

If the auth engine is enabled at a different path use /v1/auth/<your-path>/totp

Headers

Name
Value
Required

Content-Type

application/json

Authorization

Bearer <token>

Body

Name
Type
Description
Required

created

integer (int64)

Creation timestamp, generated by the Nitride plugin

expiration

integer (int64)

Expiration timestamp of the TOTP

policy

string

Name of the policy to allow updates for

uuid

string

Identifier for the totp and the token itself, generated by the Nitride plugin.

Request samples

const response = await fetch('/v1/auth/ratls/totp', {
    method: 'PUT',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "created": 0,
      "expiration": 0,
      "policy": "text",
      "uuid": "text"
    }),
});
const data = await response.json();
curl -L \
  -X PUT \
  -H 'Content-Type: application/json' \
  '/v1/auth/ratls/totp' \
  -d '{"created":0,"expiration":0,"policy":"text","uuid":"text"}'
import requests

response = requests.put(
    "/v1/auth/ratls/totp",
    headers={"Content-Type":"application/json"},
    json={"created":0,"expiration":0,"policy":"text","uuid":"text"}
)
data = response.json()
PUT /v1/auth/ratls/totp HTTP/1.1
Host: 
Content-Type: application/json
Content-Length: 58
Accept: */*

{
  "created": 0,
  "expiration": 0,
  "policy": "text",
  "uuid": "text"
}

Response samples

{
  "data": {
    "created": 0,
    "expiration": 0,
    "policy": "text",
    "uuid": "text"
  }
}
{

  "statusCode": 400,

  "message": "Invalid request"

}

Deleting an existing TOTP

DELETE/v1/auth/ratls/totp/{totp-uuid}

If the auth engine is enabled at a different path use /v1/auth/<your-path>/totp/{totp-uuid}

Headers

Name
Value
Required

Authorization

Bearer <token>

Path parameters

Name
Type
Description
Required

totp-uuid

string

Identifier for the TOTP and the token itself, generated by the Nitride plugin.

Request samples

const response = await fetch('/v1/auth/ratls/totp/{totp-uuid}', {
    method: 'DELETE',
    headers: {},
});
const data = await response.json();
curl -L \
  -X DELETE \
  '/v1/auth/ratls/totp/{totp-uuid}'
import requests

response = requests.delete(
    "/v1/auth/ratls/totp/{totp-uuid}",
    headers={},
)
data = response.json()
DELETE /v1/auth/ratls/totp/{totp-uuid} HTTP/1.1
Host: 
Accept: */*

Response samples

OK
{

  "statusCode": 400,

  "message": "Invalid request parameters: 'uuid' is required and must be a string.",

  "errors": {

    "uuid": "Missing required field"

  }

}
Create a new TOTP
Delete an existing TOTP