Manage lockers

Use the Credential Vault API to manage lockers, consumers, members, and credentials in the lockers.

Permissions

Users with an AAE_Locker_Admin role can view and manage all lockers. By default, non-admin users have permissions to create and manage their own lockers. Non-admin users can also be given permissions to access other lockers.
The roles and permissions related to locker management are:
  • Locker Owner: A locker owner can edit, view, and delete a locker, and can add or remove other owners.

  • Locker Manager: A locker manager has access to all the functions of a locker owner, but does not have permission to add owners, managers, or participants to the locker.

  • Locker Participants: A locker participant has access to view a locker and its participants, and can also add their own credentials to a locker. A locker participant can not access or view credentials created by other users.

  • Locker Consumers: Locker consumers have access to view a locker and input a credential attribute value (if the attribute is configured for user-input). When you select one or more user-defined roles, the users who have these selected roles become consumers of the locker.

Lockers URLS

Create a new instance of a locker
POST http://<your_control_room_url>/v2/credentialvault/lockers
Body parameters:
Field Required Description Notes
name Required New locker name String (50 max); cannot contain special characters
description Optional New locker description String (255 max)
Response body: This response body contains information on the new locker.
{
  "id": "lockerIdNumber",
  "name": "lockerName",
  "description": "lockerDescription",
  "createdBy": "userIdNumber",
  "createdOn": "dateTime",
  "updatedBy": "userIdNumber",
  "updatedOn": "dateTime",
  "version": "numberOfTimesUpdated"
}
Use the following URLs as part of creating a new locker:
Search for lockers
Returns a list of lockers where the user is a member (owner, manager, or participant) or has usage permission (consumer). If the user has AAE_Locker Admin permission, this URL returns a list of all the lockers in the system.
POST http://<your_control_room_url>/v2/credentialvault/lockers/list
Body parameters: This request body example includes filters, sorting, and page control to refine the response.
{
  "filter": {
    "operator": "NONE",
    "operands": [
      null
    ],
    "field": "string",
    "value": "string"
  },
  "sort": [
    {
      "field": "string",
      "direction": "asc"
    }
  ],
  "page": {
    "offset": 0,
    "length": 0
  }
}

Filters allow you to refine what is returned in the response body. Read more about filters in Filters in an API request body.

Response body: This response body contains information on the lockers. It also returns the members, their permissions, and number of credentials for each locker.
{
  "page": {
    "offset": 0,
    "total": 0,
    "totalFilter": 0
  },
  "list": [
    {
      "id": "lockerIdNumber",
      "name": "lockerName",
      "description": "lockerDescription",
      "createdBy": "userIdNumber",
      "createdOn": "dateTime",
      "updatedBy": "userIdNumber",
      "updatedOn": "dateTime",
      "version": "numberOfTimesUpdated",
      "members": [
        {
          "id": "userIdNumber",
          "permissions": [
            "participate/own/manage/consume"
          ]
        }
      ],
      "countOfCredentials": numberOfCredentialsInLocker
    }
  ]
}
Search example: Search for lockers using filters
Retrieve a specific locker by id
GET http://<your_control_room_url>/v2/credentialvault/lockers/{id}
Path parameter:
Field Required Description Notes
id Required Identifies the locker String
Response body:
{
  "id": "lockerIdNumber",
  "name": "lockerName",
  "description": "lockerDescription",
  "createdBy": "userIdNumber",
  "createdOn": "dateTime",
  "updatedBy": "userIdNumber",
  "updatedOn": "dateTime",
  "version": "numberOfTimesUpdated"
}
Update an existing locker
PUT http://<your_control_room_url>/v2/credentialvault/lockers/{id}
Path parameter:
Field Required Description Notes
id Required Identifies the locker String

Body parameters: This request body includes all the possible fields to update.

Field Required Description Notes
id Required Identifies the locker String
name Required Confirms or updates the locker name String
description Optional Describes the locker String
createdBy Optional Identifies the creator by ID String
createdOn Optional YYYY-MM-DD HH:MM:SS.MS Date Time
updatedBy Optional Identifies the user who last modified the locker by ID String
updatedOn Optional YYYY-MM-DD HH:MM:SS.MS Date Time
version Optional Represents the number of times the locker was updated Number
Response body: This response body contains information on the updated locker.
{
  "id": "lockerIdNumber",
  "name": "lockerName",
  "description": "lockerDescription",
  "createdBy": "userIdNumber",
  "createdOn": "dateTime",
  "updatedBy": "userIdNumber",
  "updatedOn": "dateTime",
  "version": "numberOfTimesUpdated"
}
Delete locker
DELETE http://<your_control_room_url>/v2/credentialvault/lockers/{id}
Path parameter:
Field Required Description Notes
id Required Identifies the locker String

Locker consumers URLS

These URLs accept role not user IDs. Use the Role APIs to manage roles. See User management API overview.

Retrieve a list of consumers of a locker
GET http://<your_control_room_url>/v2/credentialvault/lockers/{id}/consumers
Path parameter:
Field Required Description Notes
id Required Identifies the locker String
Response body: This response contains a list of all the roles that can access the credentials inside the locker.
{
  "list": [
    {
      "id": "roleIdNumber"
    }
  ]
}
Add a consumer to a locker
POST http://<your_control_room_url>/v2/credentialvault/lockers/{id}/consumers
Path parameter:
Field Required Description Notes
id Required Identifies the locker String
Body parameters:
Field Required Description Notes
id Required Identifies the role String
Delete a consumer from a specific locker
DELETE http://<your_control_room_url>/v2/credentialvault/lockers/{id}/consumers/{roleId}
Path parameters:
Field Required Description Notes
id Required Identifies the locker String
roleId Required Identifies the role String

Locker members URLS

Retrieve a list of locker members
GET http://<your_control_room_url>/v2/credentialvault/lockers/{id}/members
Path parameter:
Field Required Description Notes
id Required Identifies the locker String
Response body: The response contains a list of all the locker members and their permissions (participate, manage, or own).
{
  "list": [
    {
      "id": "userIdNumber",
      "permissions": [
        "participate/manage/own"
      ]
    }
  ]
}
Add or updates a member of a locker
PUT http://<your_control_room_url>/v2/credentialvault/lockers/{id}/members/{userId}
Path parameters:
Field Required Description Notes
id Required Identifies the locker String
userId Required Identifies the user String
Body parameters:
Field Required Description Notes
permissions Required Possible values: participate, manage, own

RBAC for Credential Vault credentials management in Enterprise 11.

String
Delete a member from a locker
DELETE http://<your_control_room_url>/v2/credentialvault/lockers/{id}/members/{userId}
Path parameters:
Field Required Description Notes
id Required Identifies the locker String
userId Required Identifies the user String

Locker credentials URLS

Retrieve a list of all credentials in a locker
GET http://<your_control_room_url>/v2/credentialvault/lockers/{id}/credentials
Path parameter:
Field Required Description Notes
id Required Identifies the locker String
Response body: The response contains a list of all credentials and their attributes that belong to the locker, based on the permissions for the current user.
{
  "list": [
    {
      "id": "credentialIdNumber",
      "name": "credentialName",
      "description": "credentialDescription",
      "completed": true/false,
      "lockerId": "lockerIdNumber",
      "ownerId": "userIdNumber",
      "attributes": [
        {
          "id": "attributeIdNumber",
          "name": "attributeName",
          "description": "attributeDescription",
          "userProvided": true/false,
          "masked": true/false,
          "passwordFlag": true/false,
          "createdBy": "userIdNumber",
          "createdOn": "dateTime",
          "updatedBy": "userIdNumber",
          "updatedOn": "dateTime",
          "version": "numberOfTimesUpdated"
        }
      ],
      "createdBy": "userIdNumber",
      "createdOn": "dateTime",
      "updatedBy": "userIdNumber",
      "updatedOn": "dateTime",
      "version": "numberOfTimesUpdated"
    }
  ]
}
Add your credential to the locker
Note: You must be an owner, manager, or participant of the locker.
PUT http://<your_control_room_url>/v2/credentialvault/lockers/{id}/credentials/{credentialId}
Path parameter:
Field Required Description Notes
id Required Identifies the locker String
credentialId Required Identifies the credential String
Delete a credential from the locker
Note: You must be an owner, manager, or participant of the locker.
DELETE http://<your_control_room_url>/v2/credentialvault/lockers/{id}/credentials/{credentialId}
Path parameter:
Field Required Description Notes
id Required Identifies the locker String
credentialId Required Identifies the credential String