Skip to main content
POST
/
api
/
v1
/
secrets
/
{vault_id}
/
view
GetContent
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.PaperSecret.GetContent(ctx, operations.C1APISecretsV1PaperSecretServiceGetContentRequest{
        VaultID: "<id>",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.PaperSecretServiceGetContentResponse != nil {
        // handle response
    }
}
{
  "createdAt": "2023-11-07T05:31:56Z",
  "creatorUserId": "<string>",
  "downloadUrl": "<string>",
  "encryptedContent": "aSDinaTvuI8gbWludGxpZnk=",
  "filename": "<string>",
  "inputFormat": "SECRET_INPUT_FORMAT_UNSPECIFIED",
  "secretType": "SECRET_TYPE_UNSPECIFIED",
  "viewsRemaining": 123
}

Documentation Index

Fetch the complete documentation index at: https://conductorone-groman-network-requirements-updates.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Path Parameters

vault_id
string
required

The vaultId field.

Body

application/json

The PaperSecretServiceGetContentRequest message.

readerRecipient
string

Client's ephemeral Age recipient (age1...) for re-encryption Server re-encrypts the content to this recipient

Response

200 - application/json

Successful response

The PaperSecretServiceGetContentResponse message.

This message contains a oneof named content. Only a single field of the following list may be set at a time:

  • encryptedContent
  • downloadUrl
createdAt
string<date-time>
creatorUserId
string

The creatorUserId field.

downloadUrl
string | null

For file secrets: presigned S3 download URL (5 minute expiry) File is still E2E encrypted - client must decrypt after download This field is part of the content oneof. See the documentation for c1.api.secrets.v1.PaperSecretServiceGetContentResponse for more details.

encryptedContent
file | null

For text secrets: Age-encrypted content (encrypted to reader's recipient) This field is part of the content oneof. See the documentation for c1.api.secrets.v1.PaperSecretServiceGetContentResponse for more details.

filename
string

Original filename (file secrets only)

inputFormat
enum<string>

Input format hint for rendering (text secrets only)

Available options:
SECRET_INPUT_FORMAT_UNSPECIFIED,
SECRET_INPUT_FORMAT_PLAINTEXT,
SECRET_INPUT_FORMAT_JSON,
SECRET_INPUT_FORMAT_YAML,
SECRET_INPUT_FORMAT_KEY_VALUE
secretType
enum<string>

Secret metadata

Available options:
SECRET_TYPE_UNSPECIFIED,
SECRET_TYPE_TEXT,
SECRET_TYPE_FILE
viewsRemaining
integer<int32>

Views remaining after this view (-1 = unlimited)