Java SDK Integration¶
Help Documentation¶
Securden SDK provides a secure, seamless and an efficient way for developers to integrate Securden’s powerful password management abilities into their applications. Using functions which use Securden APIs, developers can retrieve credentials programmatically.
This guide will take you through the process of installing and integrating Securden Java SDK for secure programmatic access to credentials.
Summary of steps:
-
Installation of Securden SDK
-
Import the SDK to your Code Base
-
Configuring access to the Securden Server
-
Authentication using Auth token
-
Retrieving credentials using APIs
Step 1: Installation of Securden SDK¶
1.1 For Maven projects: Add the following dependency to your pom.xml to install the SDK:
<dependency>
<groupId>org.securden</groupId>
<artifactId>securden-java-client</artifactId>
<version>{version}</version>
</dependency>
1.2 For Gradle: Add the following dependency to your pom.xml to install the SDK:
implementaion group: ‘org.securden', name: ‘securden-java-client', version: '{version}'
go get github.com/SecurdenDevOps/securden-sdk
npm install @securden/sdk
pip install securden_sdk
Step 2: Importing Securden SDK to your Code¶
Once the Securden SDK is installed, you can import the SDK to your Java file. Add the following statement in Java file to import the SDK:
import org.securden.client.ApiClient;
import org.securden.client.ApiException;
import org.securden.client.Configuration;
import org.securden.client.api.DefaultApi;
import org.securden.client.model.GetPassword200Response;
import (
securden "github.com/SecurdenDevOps/securden-sdk"
)
import { DefaultApi, ApiClient } from '@securden/sdk';
import securden_sdk
Step 3: Configuring Connectivity with the Securden Server¶
Once the SDK is imported, you need to configure access to the Securden server. You need to provide server connectivity details using which the client will communicate with the server to fetch credentials.
You have three options here.
-
Auto-fetch the SSL certificate
-
Manually specify the SSL certificate file path
-
Bypass SSL Certificate Verification (Not Recommended)
You can get the ‘server-url’ from the Securden web interface.
1) Auto-fetch the SSL Certificate (CA Certified Server)
Note
If the server is CA certified, an SSL certificate is not required and will throw an Exception if it is included.
In your Java, enter the code shown below.
ApiClient apiClient = Configuration.getDefaultApiClient()
.setBasePath("<server-url>")
.authtoken("<api-authtoken>");
BaseURL := "<server-url>"
cfg := securden.NewConfiguration(BaseURL)
cfg.SetAuthToken("<api-authtoken>")
err := cfg.SetSSLConfig()
const apiClient = new ApiClient();
apiClient.basePath = '<server-url>';
from securden_sdk import ApiClient
from securden_sdk import Configuration
config = Configuration(
host="<server-url>",
)
api = ApiClient(configuration=config)
2) By manually adding the SSL Certificate
In your Java file, enter the code shown below.
ApiClient apiClient = Configuration.getDefaultApiClient()
.setBasePath("<server-url>")
.setSslCaCert("<cert-path>")
.authtoken("<api-authtoken>");
BaseURL := "<server-url>"
cfg := securden.NewConfiguration(BaseURL)
cfg.SetAuthToken("<api-authtoken>")
cfg.SSLCert = `<ssL-cert-path>`
err := cfg.SetSSLConfig()
const apiClient = new ApiClient();
apiClient.basePath = '<server-url>'
apiClient.sslCert = "<ssl-cert-path>";
from securden_sdk import ApiClient
from securden_sdk import Configuration
config = Configuration(
host="<server-url>",
ssl_ca_cert='<your-cert-path>',
)
api = ApiClient(configuration=config)
3) Bypass the SSL Certificate
Note
If your server is running over HTTP, this would be your only option.
Important
You have the option to use an SSL certificate. Since communication between the SDK and Securden is over HTTPS, data always remains encrypted in transit. Without SSL, the verification (issued by a trusted CA) will be skipped, and server authentication will not take place.
Using the option to bypass SSL certificate verification must only be done for testing purposes and is not recommended on development set ups due to security concerns.
In your Java file, enter the code shown below.
ApiClient apiClient = Configuration.getDefaultApiClient()
.setBasePath("<server-url>")
.authtoken("<api-authtoken>")
.setVerifyingSsl(false);
BaseURL := "<server-url>"
cfg := securden.NewConfiguration(BaseURL)
cfg.SetAuthToken("<api-authtoken>")
cfg.InsecureSkiplVerify = true
err := cfg.SetSSLConfig()
const apiClient = new ApiClient();
apiClient.basePath = '<server-url>';
apiClient.rejectUnauthorized = false;
from securden_sdk import ApiClient
from securden_sdk import Configuration
config = Configuration(
host="<server-url>",
verify_ssl=False
)
api = ApiClient(configuration=config)
In your Python code use the following to specify the auth-token.
api.authtoken = "<api-authtoken>"
Step 4: API Token for Authentication¶
Securden server supports API token-based authentication for programmatic access to credentials. You can generate and copy the auth token from the Securden web interface.
-
You need to specify the API reference name and description for identification purposes.
-
You need to specify the IP addresses or a range of IP from which this token can be used.
-
You can create a static (with a permanent or a time limited validity) or a dynamic auth token.
-
You can specify the scope of the actions this auth token by selecting the required capabilities from the list.
-
Once the preferences are set, click on Create Token.
-
Now copy this authentication token.
Step 5: Using SDKs to Access Passwords in Securden¶
Once connectivity between the server and the client is configured and authentication is taken care of, you can safely start using Java functions to perform operations like fetching credentials. Follow the steps below to configure the instance and refer to the sections below for instructions on using SDKs to access the Securden repository.
Configuring the Instance¶
You need to configure the SDK to use the default function to communicate with the Securden server before fetching credentials.
Use the following command to configure Securden as the API client.
In your Java file, enter the code shown below.
DefaultApi api = new DefaultApi();
api.setApiClient(apiClient);
client := securden.NewAPIClient(cfg)
const securden_instance = new DefaultApi(apiClient);
from securden_sdk.api import DefaultApi
securden_instance = DefaultApi(api)
Retrieving Passwords via SDK as functions¶
You can retrieve the credentials of a specific account by passing the attributes of the account as parameters. All the parameters that can be passed are listed in this snippet:
Generally, using the account id is the preferred attribute as the rate of success is very high and the process is efficient. You may refer to the example below.
Passing account ID to get the password:¶
In your Java file, enter the code shown below.
GetPassword200Response response = api.getPassword(
"1234",
"sql_db",
"database",
"sql",
api.workAccountType,
"for development purpose",
"9088" // Only for Securden PAM users
);
ctx := context.Background()
resp, httpResp, err := client.DefaultAPI.GetPassword(ctx).
AccountId(<account_id>).Execute()
const response = await securden_instance.getPassword({
accountId: <account-id>,
});
password = securden_instance.get_password(account_id<account_id>)
Passing other attributes as the parameter for password:¶
Note
The Ticket ID attribute will only be valid for Securden Unified PAM users. As this field cannot be left empty, other users can pass a NULL value for this parameter.
In your Java file, enter the code shown below.
GetPassword200Response response = api.getPassword(
"null",
"sql_db",
"database",
"sql",
api.workAccountType,
"for development purpose",
"9088" // Only for Securden PAM users
);
resp, httpResp, err := client.DefaultAPI.GetPassword(ctx).
AccountTitle("<account_title>");
AccountCategory(<mentioned_category>).
AccountType("<account_type>");
TicketId("<your_ticket_id>"). //only for Securden Unified PAM users
Reason("<reason_for_password_retrieval>");
AccountName("<account_name>").Execute()
const response = await securden_instance.getPassword({
accountName: "sql_db",
accountTitle: "database",
accountType: "sql",
accountCategory: apiClient.workAccountType,
reason: "development purpose"
ticketId: "9877" //Only for Securden Unified PAM users.
});
password = securedm_instance.get_password(
account_title="<account_title>",
account_type="<account_type>",
account_name="<account_name>",
account_category=<mentioned_category>,
reason="<reason_for_password_retrieval>",
ticket_id="<ticket_id>", //only for Securden Unified PAM users
)
Account Category: In Securden, there are two categories for classifying accounts: Work, and Personal
-
Work Account -> ( workAccountType )
-
Personal Account -> ( personalAccountType )
The value for account category would be api.workAccountType by default, unless other types are specified.
Examples of Code Snippets for Password Retrieval
Note
The API token, host URL and other values provided in the snippets are just examples – you will have to provide the actual values based on your setup.
1) When you pass the account id as the only parameter, the snippet would look like this:
In your Java file, enter the code shown below.
package com.example;
import org.securden.client.ApiClient;
import org.securden.client.ApiException;
import org.securden.client.Configuration;
import org.securden.client.api.DefaultApi;
import org.securden.client.model.GetPassword200Response;
public class App
{
public static void main(String[] args) throws ApiException {
try {
ApiClient apiClient = Configuration.getDefaultApiClient()
.setBasePath("https://localhost:5454")
.setSslCaCert("C:\\Cert_Vault\\securden-cert.pem")
.authtoken("1700cafd-584c-4634-b3d1-892433abf9eb");
DefaultApi api = new DefaultApi();
api.setApiClient(apiClient);
GetPassword200Response response = api.getPassword(
20000067992,
null,
null,
null,
apt.workAccountType,
null,
null
);
System.out.println("Password: " + response.getPassword());
}
} catch (ApiException e) {
System.err.println("API Exception occurred: " + e.getResponseBody());
e.printStackTrace();
} catch (Exception e) {
System.err.println("General Exception occurred: " + e.getMessage());
e.printStackTrace();
}
}
Let's look at how our example snippet looks when you pass parameters other than account id.
package com.example;
import org.securden.client.ApiClient;
import org.securden.client.ApiException;
import org.securden.client.Configuration;
import org.securden.client.api.DefaultApi;
import org.securden.client.model.GetPassword200Response;
public class App {
public static void main(String[] args) throws ApiException {
try {
ApiClient apiClient = Configuration.getDefaultApiClient()
.setBasePath("https://localhost:5454")
.setSslCaCert("C:\Cert_Vault\Securden-cert.pem")
.authtoken("f8c380ee-3d17-4843-aae6-lad95f9c7bc2");
DefaultApi api = new DefaultApi();
api.setApiClient(apiClient);
GetPassword200Response response = api.getPassword(
null,
"sql_db",
"database",
"sql",
apiClient.personalAccountType,
"for development purpose",
"9877" // Only for Securden Unified PAM users
);
System.out.println("Password: " + response.getPassword());
}
} catch (ApiException e) {
System.err.println("API Exception occurred: " + e.getResponseBody());
e.printStackTrace();
}
} catch (Exception e) {
System.err.println("General Exception occurred: " + e.getMessage());
e.printStackTrace();
}
1) When you pass the account id as the only parameter, the snippet would look like this:
package secureden_sdk
import {
"context"
"fmt"
"log"
"testing"
secureden "github.com/SecurdenDevOps/securden-sdk"
}
func main() {
BaseURL := "https://localhost:5454"
cfg := secureden.NewConfiguration(BaseURL)
cfg.SetAuthToken("de30c23c-fa12-43dd-bb58-2b8cbfa9750a")
cfg.SSLCert = "C:\Vert_Vault\\securden-cert.pem"
err := cfg.SetSSLConfig()
if err ≠ nil {
log.Fatalf("Failed to read certificate file: %v", err)
}
client := secureden.NewAPIClient(cfg)
ctx := context.Background()
resp, httpResp, err := client.DefaultAPI.GetPassword(ctx).
AccountId(20000009087).Execute()
if err ≠ nil {
log.Fatalf("Error calling API: %v\nHTTP Response: %v", err, httpsResp)
}
fmt.Printf("Password response: %+v\n", resp.GetPassword())
}
Let’s look at how our example snippet looks when you pass parameters other than account id.
package securden_sdk
import (
"context"
"fmt"
"log"
"testing"
securden "$ithub.com/SecurdenDevOps/Securden-sdk"
)
func main() {
BaseURL := "https://localhost:5454"
cfg := securden.NewConfiguration(BaseURL)
cfg.SetAuthToken("de3cc23c-fa12-43dd-bb58-2B8cbfa9750a")
cfg.SSLCert = 'C:\Cert_Vault\>securden-cert.pem'
err := cfg.SetSSLConfig()
if err ≠ nil {
log.Fatalf("Failed to read certificate file: %v", err)
}
client := securden.NewAPIClient(cfg)
ctx := context.Background()
resp, httpsesp, err := client.DefaultAPI.GetPassword(ctx).
AccountTitle("database"),
AccountCategory(client.WorkAccountType),
AccountType("sql"),
Reason("For development purpose"),
TicketId("9877"), // only for Securden PAW users
AccountName("sql_db").Execute()
if err ≠ nil {
log.Fatalf("Error calling API: %v\nHTTP Response: %v", err, httpsesp)
}
fmt.Printf("Password response: %+v\n", resp.GetPassword())
}
The Ticket ID attribute will only be valid for Securden Unified PAM users.
The API token, host URL and other values provided in the snippets are just examples – you will have to provide the actual values based on your setup.
1) When you pass the account id as the only parameter, the snippet would look like this:
import { DefaultApi, ApiClient } from '@securden/sdk';
const apiClient = new ApiClient();
apiClient.basePath = 'https://localhost:5454'
apiClient.authtoken = "efc87e34-5d9a-4822-9492-1326d377d629"
apiClient.sslCert = "C:\Cert_Vault\Securden-cert.pem";
const securden_instance = new DefaultApi(apiClient);
async () => {
try {
const response = await securden_instance.getPassword({
accountId: 2000000002720,
});
var password = response.data.password
console.log("Password: ", password);
} catch (error) {
console.error(error);
}
})();
2) How our example snippet looks when you pass parameters other than account id.
import { DefaultApi, ApiClient } from '@securden/sdk';
const apiClient = new ApiClient();
apiClient.basePath = 'https://localhost:5454'
apiClient.authtoken = "efc87e34-5d9a-4822-9492-1326d377dc29"
apiClient.sslCert = "C:\Vert_Vault\securden-cert.pem";
const securden_instance = new DefaultApi(apiClient);
async () => {
try {
const response = await securden_instance.getPassword({
accountName: "sql_db",
accountTitle: "database",
accountType: "sql",
accountCategory: apiClient.workAccountType,
reason: "development purpose"
ticketId: "9877" //Only for Securden Unified PAM users.
});
var password = response.data.password
console.log("Password: ", password);
} catch (error) {
console.error(error);
}
} )();
1) When you pass the account id as the only parameter, the snippet would look like this:
from securden_sdk import ApiClient
from securden_sdk import Configuration
from securden_sdk.api import DefaultApi
config = Configuration(
host="https://localhost:5454",
ssl_ca_cert='C:\Cert_Vault\conf\securden-cert.pem',
)
api = ApiClient(configuration=config)
api.authtoken = "ae7b8820-4be8-4fc0-8b00-bbf13abac49c"
securden_instance = DefaultApi(api)
try:
password = securden_instance.get_password(
account_id=200001987223
)
print("Response:", password)
except Exception as e:
print(e)
2) How our example snippet looks when you pass parameters other than account id.
from securden_sdk import ApiClient
from securden_sdk import Configuration
from securden_sdk.api import DefaultApi
config = Configuration(
host="https://localhost:5454",
ssL_ca_cert='C:\Cert_Vault\securden-cert.pem',
)
api = ApiClient(configuration=config)
api.authtoken = "ae7b8820-4be8-4fc0-8b00-bbf13abac49c"
securden_instance = DefaultApi(api)
try:
password = securden_instance.get_password(
account_title="database",
account_type="sql",
account_name="sql_db",
account_category=api.workAccountType,
reason="for development",
ticket_id="9977", //only for Securden Unified-PAM users
)
print("Response:", password)
except Exception as e:
print(e)
3) To check more details of the API response you can use the following command:
password = secureden_instance.get_password_with_additional_info(account_id=<account_id>)
In some cases, such as the account not being present in the database, you will get a corresponding response.
Response: status_code=200 data.GetPassword200Response(password=None) raw_data=b {"message": "Invalid ID. No such Account found in the database."}
Note
The Ticket ID attribute will only be valid for Securden Unified PAM users. As this field cannot be left empty, other users can pass a NULL value for this parameter.