Files
2025-10-30 18:58:05 +01:00

134 lines
3.4 KiB
Plaintext

---
title: "List Provider Secrets"
api: "GET /api/v1/providers/secrets"
description: "Retrieve a list of all provider secrets with filtering options."
---
Retrieve metadata about all provider secrets. Note that the actual secret values are never returned - only metadata such as names, types, and timestamps.
## Query Parameters
### Filtering
- `filter[provider]`, `filter[provider__in]` - Filter by provider UUID(s)
- `filter[secret_type]`, `filter[secret_type__in]` - Filter by type: `static`, `role`, `service_account`
- `filter[name]`, `filter[name__icontains]` - Filter by secret name
### Pagination
- `page[number]` - Page number to retrieve (default: 1)
- `page[size]` - Number of results per page (default: 20, max: 100)
### Sorting
- `sort` - Field to sort by:
- `inserted_at` - Oldest first
- `-inserted_at` - Newest first (default)
- `name` - Alphabetically
- `-name` - Reverse alphabetically
### Field Selection
- `fields[provider-secrets]` - Specify which fields to return: `inserted_at`, `updated_at`, `name`, `secret_type`, `provider`
### Include Related Resources
- `include` - Include related resources: `provider`
## Example Request
```bash
curl -X GET "https://api.prowler.com/api/v1/providers/secrets?filter[secret_type]=role&include=provider" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/vnd.api+json"
```
## Response
### Success Response (200 OK)
Returns a paginated list of secret metadata:
```json
{
"data": [
{
"type": "provider-secrets",
"id": "secret-uuid-1",
"attributes": {
"name": "Production AWS Role",
"secret_type": "role",
"inserted_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
"relationships": {
"provider": {
"data": {
"type": "providers",
"id": "provider-uuid"
}
}
}
},
{
"type": "provider-secrets",
"id": "secret-uuid-2",
"attributes": {
"name": "GCP Service Account",
"secret_type": "service_account",
"inserted_at": "2024-01-10T08:15:00Z",
"updated_at": "2024-01-10T08:15:00Z"
},
"relationships": {
"provider": {
"data": {
"type": "providers",
"id": "provider-uuid-2"
}
}
}
}
],
"meta": {
"page": {
"number": 1,
"size": 20,
"total": 2,
"total_pages": 1
}
},
"links": {
"self": "https://api.prowler.com/api/v1/providers/secrets?page[number]=1",
"first": "https://api.prowler.com/api/v1/providers/secrets?page[number]=1",
"last": "https://api.prowler.com/api/v1/providers/secrets?page[number]=1"
},
"included": [
{
"type": "providers",
"id": "provider-uuid",
"attributes": {
"provider": "aws",
"uid": "123456789012",
"alias": "Production AWS - US"
}
}
]
}
```
### Response Fields
- `id` (UUID) - Unique identifier for the secret
- `name` (string, nullable) - Descriptive name (3-100 characters)
- `secret_type` (enum) - Type: `role`, `service_account`, or `static`
- `inserted_at` (datetime, read-only) - When secret was created
- `updated_at` (datetime, read-only) - Last modification time
<Note>
Secret values are never returned via the API. Only metadata about secrets is accessible.
</Note>
<Warning>
Regularly audit your secrets list to identify and remove unused credentials.
</Warning>