How to Build Your Secrets Management REST API’s into Postman

Machine-to-machine communication is very important in today’s business-in-the-cloud.

A lot of credentials and secrets are used and shared by non-human users.

CyberArk Conjur makes secrets management simple. When an application requests access to a resource, Conjur authenticates the application, performs an authorization check against the security policy, and then securely distributes the secret.

With the Conjur API you can ‘talk’ to Conjur and manage your Conjur software. Tools like Postman or Insomnia enable you to build your Conjur API and start managing your Conjur software.

This article will show you how you can build your secrets management REST API into Postman.

But first we have to retrieve the Conjur API schema – the blueprint for your Conjur REST API.

This can be done by using the Insomnia REST client.

Retrieve Conjur API schema with Insomnia

First we have to download Insomnia.

Also make sure Conjur is successfully installed on your computer. If not, please follow the steps as shown in the tutorial, ‘Install Conjur Open Source using Docker’.

To create the Conjur Insomnia workspace, follow the steps on this Github page.

The most important thing in this workscape is the JSON-file of the Conjur API scheme.

This API scheme is the foundation of building your Conjur Secrets Management API in Postman.

Building Conjur API in Postman

First, make sure Postman is correctly downloaded on your computer.

Once we have the Conjur API scheme, we can add this scheme to Postman.

Go to the Postman APIs menu:

Drag and drop the Conjur API you retrieved in the previous step. Save the API scheme and verify that it was added to the Postman collection.

Next, we have to generate a Postman collection, which is simply a collection of pre-built requests that can be organized into folders. It can be easily exported and shared with others.

Generate Collection

Fill in the Name and add-fields and click ‘Generate Collection.’

A warning popup appears stating that the specification must contain a semantic version number of the OAS specification.

OAS stands for the OpenAPI specification and defines a standard, language-agnostic interface to RESTful API.

How can we transform the Conjur API scheme we have into a valid OpenAPI specification? By using the online API transform tool from Apimatic.

Transform Conjur API scheme we have into valid OpenAPI

Go to the Apimatic dashboard and click the Transform API button.

Upload the Conjur API scheme, verify that the export-document has version 3,  and click ‘Convert’.

Warning popups could occur, but click proceed and your Conjur API scheme will now be downloaded in the OAS version 3 JSON-format.

Generate Conjur Postman collection

Go back to Postman and delete the ConjurAPI you created earlier, and add the Conjur API OAS version3 scheme you just generated.

Now the collection can be saved and viewed in the Postman Collections menu.

We now have added a Conjur REST API in Postman.

Before we can manage our secrets, we first have to verify if the Conjur server is healthy. Is it working?

Verify if Conjur server is Healthy

To ensure that the Conjur server is working, we have to get an OK message back from the Conjur server.

This can be verified by running the ‘Verify the server is healthy’-testcase.

Click the Send-button, if everything is OK (Conjur server is running) a HTTP-200 OK message will be returned.

This verification shows us the Conjur server is running and we build our first Secrets management REST API in Postman using CyberArk Conjur. 

Learning More About Conjur

You can learn more about Conjur API from the official documentation.

Learning More About Postman

You can learn more about Postman from the documentation, starting with the Postman Learning Centre on the Postman website.

Join the Conversation on the CyberArk Commons

If you’re interested in open source projects like Prometheus and Conjur, you should join the conversation on the CyberArk Commons Community.  Secretless Broker, Conjur and other open source projects are a part of the CyberArk Commons Community, an open community dedicated to developers, engineers, cybersecurity researchers and other technically minded people. To discuss Kubernetes, Secretless Broker, Conjur, CyberArk Threat Research, join me on the CyberArk Commons discussion forum.