POST SecretStore/Dissociate

Dissociates name(s) and/or value pairs from the specified vault entry.

Requirements

  • PermissionsWrite permission to the owner.
  • Token scope:  Restricted:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

IntValue

(Optional) Retains the Name attribute and removes only the number that requires dissociation from the VaultID.

Name

(Optional). Removes just the data from the attribute Name that is associated with the VaultID. If there are multiple values associated with a single Name, specify a corresponding DateValue, StringValue, or IntValue.

WARNING!  If Name is missing, SecretStore/Dissociate removes all associations on the vault entry.

Name (use with the IntValueparameter)

(Optional) If the name from this list (below) has multiple values, specify an IntValue:

  • Certificate Type: The type of certificate. Specify 1= End Entity, 2 = Intermediate Root, or 3 = Root, 4 = Self Signed. For example, Certificate Type:1.
  • Key Size: The key size of the certificate.
  • Parent ID: The Distinguished Name (DN) for the parent identifier node.
  • Template Major Version: The template version used to issue a certificate.

Name (use with the StringValue parameter)

(Optional) If the name from this list (below) has multiple values, specify a StringValue:

  • AIA CaIssuer:URI: The URI of a Authority Information Access (AIA) certificate chain distribution point of the certificate.
  • AIA OCSP:URI: The URI of an OCSP responder of the certificate.
  • AKI Authority Cert Issuer: The Authority Cert Issuer of an Authority Key Identifier (AKI) extension.
  • AKI Authority Cert SerialNumber: The certificate authority serial number of an Authority Key Identifier (AKI) extension.
  • AKI Key Identifier: The key identifier of an Authority Key Identifier (AKI) extension. Remove any spaces from the identifier.
  • Archived: The certificate is no longer active and should not be renewed.

  • Cached CRL URI: The URI provider of the Certificate Revocation List (CRL).

  • CDP:URI: The URI of a CRL distribution point of the certificate.
  • Delta CDP:URI: The URI of a delta CRL distribution point of the certificate.
  • Enhanced Key Usage: The enhanced key usage for the certificate.
  • Hash: The hash of the certificate.
  • Issuer: The issuer of the certificate.
  • Key Algorithm OID: The key algorithm OID of the certificate.
  • Key Algorithm: The key algorithm of the certificate.
  • Key Usage: The purpose of the key for the certificate.
  • ParentId: The Vault ID for the parent/issuing authority.
  • Public Key Hash: The hash of the Public Key.
  • Requested From: The machine name that requested a certificate.
  • Revocation Error: The error for a failed revocation.
  • Revocation Initiated By: The prefixed universal id of the user who initiated the revocation request.
  • Revocation Reason: The reason of a certificate being revoked.
  • Revocation Status: The status of a certificate being revoked.
  • SAN:DNS: The DNS Subject Alt Name of the certificate.
  • SAN:Email: The email Subject Alt Name of the certificate.
  • SAN:IPAddress: The IP Address Subject Alt Name of the certificate.
  • SAN:OtherName:<IP Address or name>: The Other Name Subject Alt Name of the certificate.

  • SAN:OtherName:<OID>: The Other Name Subject Alt Name of the certificate.

  • SAN:URI: The URI Subject Alt Name of the certificate.
  • Serial: The serial number of the certificate.
  • Signature Algorithm OID: The signature algorithm Object ID (OID) of the certificate.
  • Signature Algorithm: The signature algorithm of the certificate.
  • SKI Key Identifier: The key identifier of a Subject Key Identifier (SKI) extension. Remove any spaces from the identifier.
  • Subject: The subject of the certificate.
  • Template Minor Version: The Template version used to issue a certificate.
  • Template Name: The friendly template name used to issue a certificate.
  • Template Oid: The object ID (OID) of the template used to issue a certificate.

Name (use with the ValueDate parameter)

(Optional) If the name from this list (below) has multiple values, specify a ValueDate:

  • Cached CRL Next Update: The next date and time for an update to the Certificate Revocation List (CRL).
  • Create Date: The creation date of the certificate.
  • Revocation Check Date: The date of the last check for revocation of a certificate.
  • Revocation Date: The date of the revocation of a certificate.
  • Store Added: The creation date of the vault entry.

StringValue

(Optional) Retains the Name attribute and removes only the number that requires dissociation from the VaultID.

ValueDate

(Optional) Retains the Name attribute and removes only the number that requires dissociation from the VaultID. Use Universal Time Coordinated (UTC) in the ISO 8601 format, for example YYYY-MM-DDTHH:MM:SS.mmmmmmmZ.

VaultID

Required. The integer that uniquely identifies the vault entry to alter. To get the correct VaultID, use the POST SecretStore/LookupByOwner method.

Returns

Upon success SecretStore/Dissociate returns a HTTP 200 message. If successful, the event information appears in the Trust Protection Platform log.

Response description

Name

Description

Result

A number indicating the status:

Example

Request

POST https://tpp.venafi.example/vedsdk/SecretStore/Dissociate
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "VaultID":376,
   "Name":"Key Size",
   "IntValue":512
}

Response

HTTP/1.1 200 OK
{
   "Result":0
}