Protecting Your Data in DevOps Process with Fortanix APIs in OpenAPI 3.1 Format
Introduction to Fortanix APIs
In our datacentric world, safeguarding sensitive information is not just essential; It is imperative. As data breaches and cyber-attacks continue to rise, data security becomes increasingly critical. Fortanix offers a comprehensive, flexible, and scalable data security platform with APIs that seamlessly integrate into any DevOps workflow. Read on for details.
The Data Security Landscape
The challenges in today's data security landscape are formidable:
Evolving Threats: The cyber threat landscape evolves rapidly, with attackers employing increasingly sophisticated techniques. Protecting data against these evolving threats is an ongoing battle.
Development Agility: In the age of DevOps and rapid development, integrating security seamlessly into the development pipeline is crucial. But finding the right balance between security and agility can be a challenge.
Data Proliferation: Data is generated at an astonishing rate and resides in various environments, from on-premises data centers to the cloud. Securing this dispersed data is a formidable task.
Regulatory Compliance: Organizations are subject to a web of stringent data protection regulations, from GDPR to HIPAA. Non-compliance can lead to significant fines and reputational damage.
The Ideal Data Security Solution
An ideal data security solution must meet specific criteria:
Advanced Key Management: The ability to securely generate, store, and manage cryptographic keys is essential. Keys need to be protected from theft or compromise, preferably within a Hardware Security Module (HSM).
Secrets Management: Securely managing secrets, such as API keys, passwords, and certificates, with robust access controls and auditing is essential. Secrets need to be securely managed throughout the pipeline, from development to deployment.
Tokenization of Sensitive Data: Tokenization is a technique for protecting sensitive data. It replaces sensitive information with non-sensitive placeholders while preserving functionality and usability. Tokenization ensures data remains confidential.
Seamless Integrations: The solution needs to seamlessly integrate into the development and DevOps workflow, ensuring that security is not an afterthought but an integral part of the process.
Fortanix Advantage with OAS 3.1 Compliant APIs
Fortanix offers a cutting-edge data security solution through a suite of APIs in OpenAPI 3.1 format, designed to meet and exceed the criteria for an ideal data security platform.You can review these APIs at Fortanix API References, import the specifications in Postman, or simply configure your client , authenticate and start using the Fortanix APIs.Listed below are a few examples that provide a quick peek into Fortanix APIs covering various use cases such as key management, secrets management, tokenization, detokenization, encryption, and decryption.
Getting Secrets or keys
To get secrets or keys for a given app, you can make a curl call as shown below:
curl --location '<Endpoint URL>/crypto/v1/keys' \
--header 'Authorization: Basic <API Key>’
Importing a Secret
To import a secret into DSM, you can use:
curl --location --request PUT '<Endpoint URL>/crypto/v1/keys' \
--header 'Authorization: Basic <API Key>' \
--header 'Content-Type: text/plain' \
--data '{
"name": "<Name of the secret>",
"obj_type": "SECRET",
"key_ops": [
"EXPORT",
"APPMANAGEABLE"
],
"value": "<Value of the secret in Base64 format>",
"enabled": true
}'
Encryption
Listed below is a sample curl command for encryption:
curl --location '<Endpoint URL>/crypto/v1/encrypt' \
--header 'Authorization: Basic <API Key>' \
--header 'Content-Type: application/json' \
--data '{
"key": {"kid": "<KeyID is the ID of the key created in DSM>"},
"alg": "AES",
"mode": "CBC",
"plain": "SGVsbG8gV29ybGQhCg=="
}'
Plain is the Base64 encoded text string that you want to encrypt (e.g., “Hello World!”).
Decryption
Listed below is a sample curl command for encryption:
curl --location '<Endpoint URL>/crypto/v1/decrypt' \
--header 'Authorization: Basic <API Key>' \
--header 'Content-Type: application/json' \
--data '{
"key": {"kid": "<KeyID is the ID of the key created in DSM>"},
"alg": "AES",
"mode": "CBC",
"cipher": "<Cipher that you obtained from encrypt call>",
"iv": "<Initialization vector obtained from encrypt call>"
}'
Tokenization
Listed below is a sample curl command for Tokenization:
curl --location '<Endpoint URL>/crypto/v1/encrypt' \
--header 'Authorization: Basic <API Key>' \
--header 'Content-Type: text/plain' \
--data '{
"key": {"kid": "<ID of the security object (in DSM) with type set to tokenization>"},
"mode": "FF1",
"alg": "AES",
"plain": "dGVzdEB0ZXN0LmNvbQ=="
}'
Plain is the Base64 encoded text string that you want to tokenize (e.g., “test@test.com”).
Detokenization
Listed below is a sample curl command for Tokenization:
curl --location '<Endpoint URL>/crypto/v1/decrypt' \
--header 'Authorization: Basic <API Key>' \
--header 'Content-Type: text/plain' \
--data '{
"key": {"kid": "<ID of the security object (in DSM) with type set to tokenization>"},
"mode": "FF1",
"alg": "AES",
"cipher": "<Cipher that you obtained from encrypt call>",
}'
Conclusion
To summarize, Fortanix's APIs in OpenAPI 3.1 format deliver robust data security capabilities ensuring the confidentiality and integrity of your data while navigating the complex landscape of technology and regulations.
To explore Fortanix's data security offerings and unleash the power of Fortanix APIs, visit Fortanix API References. Your data protection journey starts here.
Related Read: How to Protect Sensitive Data in Virtual Environments
3910 Freedom Circle, Suite 104,