Skip to content

Java SDK Integration

Help Documentation

Securden SDK provides a secure, seamless and an efficient way for developers to integrate Securden’s powerful password management abilities into their applications. Using functions which use Securden APIs, developers can retrieve credentials programmatically.

This guide will take you through the process of installing and integrating Securden Java SDK for secure programmatic access to credentials.

Summary of steps:

  • Installation of Securden SDK

  • Import the SDK to your Code Base

  • Configuring access to the Securden Server

  • Authentication using Auth token

  • Retrieving credentials using APIs

Step 1: Installation of Securden SDK

1.1 For Maven projects: Add the following dependency to your pom.xml to install the SDK:

<dependency>
    <groupId>org.securden</groupId>
    <artifactId>securden-java-client</artifactId>
    <version>{version}</version>
</dependency>

1.2 For Gradle: Add the following dependency to your pom.xml to install the SDK:

implementaion group: org.securden', name: securden-java-client', version: '{version}'
go get github.com/SecurdenDevOps/securden-sdk
npm install @securden/sdk
pip install securden_sdk

Step 2: Importing Securden SDK to your Code

Once the Securden SDK is installed, you can import the SDK to your Java file. Add the following statement in Java file to import the SDK:

import org.securden.client.ApiClient;
import org.securden.client.ApiException;
import org.securden.client.Configuration;
import org.securden.client.api.DefaultApi;
import org.securden.client.model.GetPassword200Response;
import (
securden "github.com/SecurdenDevOps/securden-sdk"
)
import { DefaultApi, ApiClient } from '@securden/sdk';
import securden_sdk

Step 3: Configuring Connectivity with the Securden Server

Once the SDK is imported, you need to configure access to the Securden server. You need to provide server connectivity details using which the client will communicate with the server to fetch credentials.

You have three options here.

  • Auto-fetch the SSL certificate

  • Manually specify the SSL certificate file path

  • Bypass SSL Certificate Verification (Not Recommended)

You can get the ‘server-url’ from the Securden web interface.

1) Auto-fetch the SSL Certificate (CA Certified Server)

Note

If the server is CA certified, an SSL certificate is not required and will throw an Exception if it is included.

In your Java, enter the code shown below.

ApiClient apiClient = Configuration.getDefaultApiClient()
.setBasePath("<server-url>")
.authtoken("<api-authtoken>");
BaseURL := "<server-url>"
cfg := securden.NewConfiguration(BaseURL)
cfg.SetAuthToken("<api-authtoken>")
err := cfg.SetSSLConfig()
const apiClient = new ApiClient();
apiClient.basePath = '<server-url>';
from securden_sdk import ApiClient
from securden_sdk import Configuration

config = Configuration(
    host="<server-url>",
)
api = ApiClient(configuration=config)

2) By manually adding the SSL Certificate

In your Java file, enter the code shown below.

ApiClient apiClient = Configuration.getDefaultApiClient()
.setBasePath("<server-url>")
.setSslCaCert("<cert-path>")
.authtoken("<api-authtoken>");
BaseURL := "<server-url>"
cfg := securden.NewConfiguration(BaseURL)
cfg.SetAuthToken("<api-authtoken>")
cfg.SSLCert = `<ssL-cert-path>`
err := cfg.SetSSLConfig()
const apiClient = new ApiClient();
apiClient.basePath = '<server-url>'
apiClient.sslCert = "<ssl-cert-path>";
from securden_sdk import ApiClient
from securden_sdk import Configuration

config = Configuration(
    host="<server-url>",
    ssl_ca_cert='<your-cert-path>',
)
api = ApiClient(configuration=config)

3) Bypass the SSL Certificate

Note

If your server is running over HTTP, this would be your only option.

Important

You have the option to use an SSL certificate. Since communication between the SDK and Securden is over HTTPS, data always remains encrypted in transit. Without SSL, the verification (issued by a trusted CA) will be skipped, and server authentication will not take place.

Using the option to bypass SSL certificate verification must only be done for testing purposes and is not recommended on development set ups due to security concerns.

In your Java file, enter the code shown below.

ApiClient apiClient = Configuration.getDefaultApiClient()
.setBasePath("<server-url>")
.authtoken("<api-authtoken>")
.setVerifyingSsl(false);
BaseURL := "<server-url>"  
cfg := securden.NewConfiguration(BaseURL)  
cfg.SetAuthToken("<api-authtoken>")  
cfg.InsecureSkiplVerify = true  
err := cfg.SetSSLConfig()
const apiClient = new ApiClient();
apiClient.basePath = '<server-url>';
apiClient.rejectUnauthorized = false;
from securden_sdk import ApiClient
from securden_sdk import Configuration

config = Configuration(
    host="<server-url>",
    verify_ssl=False
)
api = ApiClient(configuration=config)

In your Python code use the following to specify the auth-token.

api.authtoken = "<api-authtoken>"

SDK Image 1

SDK Image 2

Step 4: API Token for Authentication

Securden server supports API token-based authentication for programmatic access to credentials. You can generate and copy the auth token from the Securden web interface.

  • You need to specify the API reference name and description for identification purposes.

  • You need to specify the IP addresses or a range of IP from which this token can be used.

  • You can create a static (with a permanent or a time limited validity) or a dynamic auth token.

  • You can specify the scope of the actions this auth token by selecting the required capabilities from the list.

  • Once the preferences are set, click on Create Token.

  • Now copy this authentication token.

Step 5: Using SDKs to Access Passwords in Securden

Once connectivity between the server and the client is configured and authentication is taken care of, you can safely start using Java functions to perform operations like fetching credentials. Follow the steps below to configure the instance and refer to the sections below for instructions on using SDKs to access the Securden repository.

Configuring the Instance

You need to configure the SDK to use the default function to communicate with the Securden server before fetching credentials.

Use the following command to configure Securden as the API client.

In your Java file, enter the code shown below.

DefaultApi api = new DefaultApi();
api.setApiClient(apiClient);
client := securden.NewAPIClient(cfg)
const securden_instance = new DefaultApi(apiClient);
from securden_sdk.api import DefaultApi
securden_instance = DefaultApi(api)

Retrieving Passwords via SDK as functions

You can retrieve the credentials of a specific account by passing the attributes of the account as parameters. All the parameters that can be passed are listed in this snippet:

Generally, using the account id is the preferred attribute as the rate of success is very high and the process is efficient. You may refer to the example below.

Passing account ID to get the password:

In your Java file, enter the code shown below.

GetPassword200Response response = api.getPassword(
"1234",
"sql_db",
"database",
"sql",
api.workAccountType,
"for development purpose",
"9088" // Only for Securden PAM users
);
ctx := context.Background()

resp, httpResp, err := client.DefaultAPI.GetPassword(ctx).
AccountId(<account_id>).Execute()
const response = await securden_instance.getPassword({
accountId: <account-id>,
});
password = securden_instance.get_password(account_id<account_id>)

Passing other attributes as the parameter for password:

Note

The Ticket ID attribute will only be valid for Securden Unified PAM users. As this field cannot be left empty, other users can pass a NULL value for this parameter.

In your Java file, enter the code shown below.

GetPassword200Response response = api.getPassword(
"null",
"sql_db",
"database",
"sql",
api.workAccountType,
"for development purpose",
"9088" // Only for Securden PAM users
);
resp, httpResp, err := client.DefaultAPI.GetPassword(ctx).
AccountTitle("<account_title>");
AccountCategory(<mentioned_category>).
AccountType("<account_type>");
TicketId("<your_ticket_id>"). //only for Securden Unified PAM users
Reason("<reason_for_password_retrieval>");
AccountName("<account_name>").Execute()
 const response = await securden_instance.getPassword({
            accountName: "sql_db",
            accountTitle: "database",
            accountType: "sql",
            accountCategory: apiClient.workAccountType,
            reason: "development purpose"
            ticketId: "9877" //Only for Securden Unified PAM users.
    });
password = securedm_instance.get_password(
account_title="<account_title>",
account_type="<account_type>",
account_name="<account_name>",
account_category=<mentioned_category>,
reason="<reason_for_password_retrieval>",
ticket_id="<ticket_id>", //only for Securden Unified PAM users
)

Account Category: In Securden, there are two categories for classifying accounts: Work, and Personal

  • Work Account -> ( workAccountType )

  • Personal Account -> ( personalAccountType )

The value for account category would be api.workAccountType by default, unless other types are specified.

Examples of Code Snippets for Password Retrieval

Note

The API token, host URL and other values provided in the snippets are just examples – you will have to provide the actual values based on your setup.

1) When you pass the account id as the only parameter, the snippet would look like this:

In your Java file, enter the code shown below.

package com.example;
import org.securden.client.ApiClient;
import org.securden.client.ApiException;
import org.securden.client.Configuration;
import org.securden.client.api.DefaultApi;
import org.securden.client.model.GetPassword200Response;

public class App
{
    public static void main(String[] args) throws ApiException {
    try {
    ApiClient apiClient = Configuration.getDefaultApiClient()
    .setBasePath("https://localhost:5454")
    .setSslCaCert("C:\\Cert_Vault\\securden-cert.pem")
    .authtoken("1700cafd-584c-4634-b3d1-892433abf9eb");

    DefaultApi api = new DefaultApi();
    api.setApiClient(apiClient);

    GetPassword200Response response = api.getPassword(
    20000067992,
    null,
    null,
    null,
    apt.workAccountType,
    null,
    null
    );
    System.out.println("Password: " + response.getPassword());
}

} catch (ApiException e) {
    System.err.println("API Exception occurred: " + e.getResponseBody());
    e.printStackTrace();
} catch (Exception e) {
    System.err.println("General Exception occurred: " + e.getMessage());
    e.printStackTrace();
}
}

Let's look at how our example snippet looks when you pass parameters other than account id.

package com.example;
import org.securden.client.ApiClient;
import org.securden.client.ApiException;
import org.securden.client.Configuration;
import org.securden.client.api.DefaultApi;
import org.securden.client.model.GetPassword200Response;

public class App {
    public static void main(String[] args) throws ApiException {
    try {
    ApiClient apiClient = Configuration.getDefaultApiClient()
    .setBasePath("https://localhost:5454")
    .setSslCaCert("C:\Cert_Vault\Securden-cert.pem")
    .authtoken("f8c380ee-3d17-4843-aae6-lad95f9c7bc2");

    DefaultApi api = new DefaultApi();
    api.setApiClient(apiClient);

    GetPassword200Response response = api.getPassword(
    null,
    "sql_db",
    "database",
    "sql",
    apiClient.personalAccountType,
    "for development purpose",
    "9877" // Only for Securden Unified PAM users
    );
    System.out.println("Password: " + response.getPassword());
}

} catch (ApiException e) {
    System.err.println("API Exception occurred: " + e.getResponseBody());
    e.printStackTrace();
}
} catch (Exception e) {
    System.err.println("General Exception occurred: " + e.getMessage());
    e.printStackTrace();
}

1) When you pass the account id as the only parameter, the snippet would look like this:

package secureden_sdk

import {
    "context"
    "fmt"
    "log"
    "testing"

    secureden "github.com/SecurdenDevOps/securden-sdk"
}

func main() {
    BaseURL := "https://localhost:5454"
    cfg := secureden.NewConfiguration(BaseURL)
    cfg.SetAuthToken("de30c23c-fa12-43dd-bb58-2b8cbfa9750a")
    cfg.SSLCert = "C:\Vert_Vault\\securden-cert.pem"
    err := cfg.SetSSLConfig()

    if err  nil {
    log.Fatalf("Failed to read certificate file: %v", err)
    }

    client := secureden.NewAPIClient(cfg)

    ctx := context.Background()

    resp, httpResp, err := client.DefaultAPI.GetPassword(ctx).
    AccountId(20000009087).Execute()
    if err  nil {
    log.Fatalf("Error calling API: %v\nHTTP Response: %v", err, httpsResp)
    }
    fmt.Printf("Password response: %+v\n", resp.GetPassword())
}

Let’s look at how our example snippet looks when you pass parameters other than account id.

package securden_sdk

import (
    "context"
    "fmt"
    "log"
    "testing"

    securden "$ithub.com/SecurdenDevOps/Securden-sdk"
)

func main() {
    BaseURL := "https://localhost:5454"
    cfg := securden.NewConfiguration(BaseURL)
    cfg.SetAuthToken("de3cc23c-fa12-43dd-bb58-2B8cbfa9750a")
    cfg.SSLCert = 'C:\Cert_Vault\>securden-cert.pem'
    err := cfg.SetSSLConfig()

    if err  nil {
    log.Fatalf("Failed to read certificate file: %v", err)
    }

    client := securden.NewAPIClient(cfg)

    ctx := context.Background()

    resp, httpsesp, err := client.DefaultAPI.GetPassword(ctx).
    AccountTitle("database"),
    AccountCategory(client.WorkAccountType),
    AccountType("sql"),
    Reason("For development purpose"),
    TicketId("9877"), // only for Securden PAW users
    AccountName("sql_db").Execute()

    if err  nil {
    log.Fatalf("Error calling API: %v\nHTTP Response: %v", err, httpsesp)
    }

    fmt.Printf("Password response: %+v\n", resp.GetPassword())
}

The Ticket ID attribute will only be valid for Securden Unified PAM users.

The API token, host URL and other values provided in the snippets are just examples – you will have to provide the actual values based on your setup.

1) When you pass the account id as the only parameter, the snippet would look like this:

import { DefaultApi, ApiClient } from '@securden/sdk';

const apiClient = new ApiClient();
apiClient.basePath = 'https://localhost:5454'
apiClient.authtoken = "efc87e34-5d9a-4822-9492-1326d377d629"
apiClient.sslCert = "C:\Cert_Vault\Securden-cert.pem";

const securden_instance = new DefaultApi(apiClient);

async () => {
    try {
        const response = await securden_instance.getPassword({
            accountId: 2000000002720,
        });
        var password = response.data.password
        console.log("Password: ", password);
    } catch (error) {
        console.error(error);
    }
})();

2) How our example snippet looks when you pass parameters other than account id.

import { DefaultApi, ApiClient } from '@securden/sdk';

const apiClient = new ApiClient();
apiClient.basePath = 'https://localhost:5454'
apiClient.authtoken = "efc87e34-5d9a-4822-9492-1326d377dc29"
apiClient.sslCert = "C:\Vert_Vault\securden-cert.pem";

const securden_instance = new DefaultApi(apiClient);

async () => {
    try {
        const response = await securden_instance.getPassword({
            accountName: "sql_db",
            accountTitle: "database",
            accountType: "sql",
            accountCategory: apiClient.workAccountType,
            reason: "development purpose"
            ticketId: "9877" //Only for Securden Unified PAM users.
        });
        var password = response.data.password
        console.log("Password: ", password);
    } catch (error) {
        console.error(error);
    }
} )();

1) When you pass the account id as the only parameter, the snippet would look like this:

from securden_sdk import ApiClient
from securden_sdk import Configuration
from securden_sdk.api import DefaultApi

config = Configuration(
    host="https://localhost:5454",
    ssl_ca_cert='C:\Cert_Vault\conf\securden-cert.pem',
)
api = ApiClient(configuration=config)
api.authtoken = "ae7b8820-4be8-4fc0-8b00-bbf13abac49c"

securden_instance = DefaultApi(api)

try:
    password = securden_instance.get_password(
    account_id=200001987223
    )
    print("Response:", password)
except Exception as e:
    print(e)

2) How our example snippet looks when you pass parameters other than account id.

from securden_sdk import ApiClient
from securden_sdk import Configuration
from securden_sdk.api import DefaultApi

config = Configuration(
    host="https://localhost:5454",
    ssL_ca_cert='C:\Cert_Vault\securden-cert.pem',
)
api = ApiClient(configuration=config)
api.authtoken = "ae7b8820-4be8-4fc0-8b00-bbf13abac49c"

securden_instance = DefaultApi(api)

try:
    password = securden_instance.get_password(
    account_title="database",
    account_type="sql",
    account_name="sql_db",
    account_category=api.workAccountType,
    reason="for development",
    ticket_id="9977", //only for Securden Unified-PAM users
)
    print("Response:", password)
except Exception as e:
    print(e)

3) To check more details of the API response you can use the following command:

password = secureden_instance.get_password_with_additional_info(account_id=<account_id>)

In some cases, such as the account not being present in the database, you will get a corresponding response.

Response: status_code=200 data.GetPassword200Response(password=None) raw_data=b {"message": "Invalid ID. No such Account found in the database."}

Note

The Ticket ID attribute will only be valid for Securden Unified PAM users. As this field cannot be left empty, other users can pass a NULL value for this parameter.

Securden Help Assistant
What's next?
Request a Demo Get a Price Quote
Thank you message

Thanks for sharing your details.
We will be in touch with you shortly

Thanks for sharing your details.
We will be in touch with you shortly.