PAM-SEC-0036 When Trying to View A Secret Through the API
search cancel

PAM-SEC-0036 When Trying to View A Secret Through the API

book

Article ID: 399776

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

When a PAM user is trying to view secrets through the API, they first use the /cspm/ext/rest/vaults/{vaultid} API call to list the secrets, then use the /cspm/ext/rest/vaults/{vaultid}/secrets/{secretid}/view API call to view them.

However, when trying to view some secrets listed in the output of the /cspm/ext/rest/vaults/{vaultid} API call, the following error occurs.

"PAM-SEC-0036: Secret ###### is not found in the vault #######."

Cause

The output of /cspm/ext/rest/vaults/{vaultid} API was listing secret names from other vaults which also contained that vaults name within them. In the output, it showed that the vaultid associated to that secret was different than the id given in the API call.

For example, demovault has an id of 1001 and demovault1 has an id of 2001. When the /cspm/ext/rest/vaults/1001 API call was made, the following output occurred.

{
  "data": [
    {
      "id": 11001,
      "name": "demoVaultSecret1",
      ...
      "vaultId": 1001,
      ...
    }, 
    {
      "id": 12001,
      "name": "demoVaultSecret2",
      ...
      "vaultId": 1001,
      ...
    },
    {
      "id": 13001,
      "name": "demoVault1Secret1",
      ...
      "vaultId": 2001,
      ...
    }
  ],
  "success": true,
  "total": 3,
  "message": null
}

Resolution

The issue will be resolved in the 4.2.3 PAM release. As a workaround, update the vaults to use more unique names.

Powered by Wolken Software