Lesson 8: Fetch a secret

Earlier, you created a Safe and added an account to the Safe in Privilege Cloud, and then synced the Safe to Conjur Cloud, creating three secrets in Conjur Cloud.

In the previous lesson, your workload, myapp, authenticated to Conjur Cloud and received a Conjur access token. The workload uses this token to fetch secrets from Conjur Cloud.

The access token is valid for 8 minutes only. If more than 8 minutes have passed since your workload authenticated, your app needs to authenticate again to get a new token.

In this lesson, you will fetch the /data/vault/secrets-safe/mysecret/password secret.

To fetch the secret:

Send a RESTful request using the access token you received, for example (replace demo-subdomain with your organization's tenant subdomain):

curl -H 'Authorization: Token token="<youraccessToken>"' \https://demo-subdomain.secretsmgr.cyberark.cloud/api/secrets/conjur/variable/data/vault/secrets-safe/mysecret/password

For more information, see Retrieve a secret.

Alternatively, you can fetch secrets using the Conjur Cloud CLI. For more information, see variable.