curl --request PATCH \
--url https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId} \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"caCertificate": "<string>",
"allowedCommonNames": "<string>",
"allowedSubjectAltNames": [
"<string>"
],
"accessTokenTrustedIps": [
{
"ipAddress": "<string>"
}
],
"accessTokenTTL": 157680000,
"accessTokenNumUsesLimit": 1,
"accessTokenMaxTTL": 157680000
}
'import requests
url = "https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}"
payload = {
"caCertificate": "<string>",
"allowedCommonNames": "<string>",
"allowedSubjectAltNames": ["<string>"],
"accessTokenTrustedIps": [{ "ipAddress": "<string>" }],
"accessTokenTTL": 157680000,
"accessTokenNumUsesLimit": 1,
"accessTokenMaxTTL": 157680000
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.patch(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'PATCH',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
caCertificate: '<string>',
allowedCommonNames: '<string>',
allowedSubjectAltNames: ['<string>'],
accessTokenTrustedIps: [{ipAddress: '<string>'}],
accessTokenTTL: 157680000,
accessTokenNumUsesLimit: 1,
accessTokenMaxTTL: 157680000
})
};
fetch('https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PATCH",
CURLOPT_POSTFIELDS => json_encode([
'caCertificate' => '<string>',
'allowedCommonNames' => '<string>',
'allowedSubjectAltNames' => [
'<string>'
],
'accessTokenTrustedIps' => [
[
'ipAddress' => '<string>'
]
],
'accessTokenTTL' => 157680000,
'accessTokenNumUsesLimit' => 1,
'accessTokenMaxTTL' => 157680000
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}"
payload := strings.NewReader("{\n \"caCertificate\": \"<string>\",\n \"allowedCommonNames\": \"<string>\",\n \"allowedSubjectAltNames\": [\n \"<string>\"\n ],\n \"accessTokenTrustedIps\": [\n {\n \"ipAddress\": \"<string>\"\n }\n ],\n \"accessTokenTTL\": 157680000,\n \"accessTokenNumUsesLimit\": 1,\n \"accessTokenMaxTTL\": 157680000\n}")
req, _ := http.NewRequest("PATCH", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.patch("https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"caCertificate\": \"<string>\",\n \"allowedCommonNames\": \"<string>\",\n \"allowedSubjectAltNames\": [\n \"<string>\"\n ],\n \"accessTokenTrustedIps\": [\n {\n \"ipAddress\": \"<string>\"\n }\n ],\n \"accessTokenTTL\": 157680000,\n \"accessTokenNumUsesLimit\": 1,\n \"accessTokenMaxTTL\": 157680000\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Patch.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"caCertificate\": \"<string>\",\n \"allowedCommonNames\": \"<string>\",\n \"allowedSubjectAltNames\": [\n \"<string>\"\n ],\n \"accessTokenTrustedIps\": [\n {\n \"ipAddress\": \"<string>\"\n }\n ],\n \"accessTokenTTL\": 157680000,\n \"accessTokenNumUsesLimit\": 1,\n \"accessTokenMaxTTL\": 157680000\n}"
response = http.request(request)
puts response.read_body{
"identityTlsCertAuth": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"encryptedCaCertificate": "<unknown>",
"allowedSubjectAltNames": [
"<string>"
],
"accessTokenTTL": 7200,
"accessTokenMaxTTL": 7200,
"accessTokenNumUsesLimit": 0,
"accessTokenTrustedIps": "<unknown>",
"allowedCommonNames": "<string>"
}
}{
"reqId": "<string>",
"statusCode": 400,
"message": "<string>",
"error": "<string>",
"details": "<unknown>"
}{
"reqId": "<string>",
"statusCode": 401,
"message": "<string>",
"error": "<string>"
}{
"reqId": "<string>",
"statusCode": 403,
"message": "<string>",
"error": "<string>",
"details": "<unknown>"
}{
"reqId": "<string>",
"statusCode": 404,
"message": "<string>",
"error": "<string>"
}{
"reqId": "<string>",
"statusCode": 422,
"error": "<string>",
"message": "<unknown>"
}{
"reqId": "<string>",
"statusCode": 500,
"message": "<string>",
"error": "<string>"
}Update
Update TLS Certificate Auth configuration on machine identity
curl --request PATCH \
--url https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId} \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"caCertificate": "<string>",
"allowedCommonNames": "<string>",
"allowedSubjectAltNames": [
"<string>"
],
"accessTokenTrustedIps": [
{
"ipAddress": "<string>"
}
],
"accessTokenTTL": 157680000,
"accessTokenNumUsesLimit": 1,
"accessTokenMaxTTL": 157680000
}
'import requests
url = "https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}"
payload = {
"caCertificate": "<string>",
"allowedCommonNames": "<string>",
"allowedSubjectAltNames": ["<string>"],
"accessTokenTrustedIps": [{ "ipAddress": "<string>" }],
"accessTokenTTL": 157680000,
"accessTokenNumUsesLimit": 1,
"accessTokenMaxTTL": 157680000
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.patch(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'PATCH',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
caCertificate: '<string>',
allowedCommonNames: '<string>',
allowedSubjectAltNames: ['<string>'],
accessTokenTrustedIps: [{ipAddress: '<string>'}],
accessTokenTTL: 157680000,
accessTokenNumUsesLimit: 1,
accessTokenMaxTTL: 157680000
})
};
fetch('https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PATCH",
CURLOPT_POSTFIELDS => json_encode([
'caCertificate' => '<string>',
'allowedCommonNames' => '<string>',
'allowedSubjectAltNames' => [
'<string>'
],
'accessTokenTrustedIps' => [
[
'ipAddress' => '<string>'
]
],
'accessTokenTTL' => 157680000,
'accessTokenNumUsesLimit' => 1,
'accessTokenMaxTTL' => 157680000
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}"
payload := strings.NewReader("{\n \"caCertificate\": \"<string>\",\n \"allowedCommonNames\": \"<string>\",\n \"allowedSubjectAltNames\": [\n \"<string>\"\n ],\n \"accessTokenTrustedIps\": [\n {\n \"ipAddress\": \"<string>\"\n }\n ],\n \"accessTokenTTL\": 157680000,\n \"accessTokenNumUsesLimit\": 1,\n \"accessTokenMaxTTL\": 157680000\n}")
req, _ := http.NewRequest("PATCH", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.patch("https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"caCertificate\": \"<string>\",\n \"allowedCommonNames\": \"<string>\",\n \"allowedSubjectAltNames\": [\n \"<string>\"\n ],\n \"accessTokenTrustedIps\": [\n {\n \"ipAddress\": \"<string>\"\n }\n ],\n \"accessTokenTTL\": 157680000,\n \"accessTokenNumUsesLimit\": 1,\n \"accessTokenMaxTTL\": 157680000\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Patch.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"caCertificate\": \"<string>\",\n \"allowedCommonNames\": \"<string>\",\n \"allowedSubjectAltNames\": [\n \"<string>\"\n ],\n \"accessTokenTrustedIps\": [\n {\n \"ipAddress\": \"<string>\"\n }\n ],\n \"accessTokenTTL\": 157680000,\n \"accessTokenNumUsesLimit\": 1,\n \"accessTokenMaxTTL\": 157680000\n}"
response = http.request(request)
puts response.read_body{
"identityTlsCertAuth": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"encryptedCaCertificate": "<unknown>",
"allowedSubjectAltNames": [
"<string>"
],
"accessTokenTTL": 7200,
"accessTokenMaxTTL": 7200,
"accessTokenNumUsesLimit": 0,
"accessTokenTrustedIps": "<unknown>",
"allowedCommonNames": "<string>"
}
}{
"reqId": "<string>",
"statusCode": 400,
"message": "<string>",
"error": "<string>",
"details": "<unknown>"
}{
"reqId": "<string>",
"statusCode": 401,
"message": "<string>",
"error": "<string>"
}{
"reqId": "<string>",
"statusCode": 403,
"message": "<string>",
"error": "<string>",
"details": "<unknown>"
}{
"reqId": "<string>",
"statusCode": 404,
"message": "<string>",
"error": "<string>"
}{
"reqId": "<string>",
"statusCode": 422,
"error": "<string>",
"message": "<unknown>"
}{
"reqId": "<string>",
"statusCode": 500,
"message": "<string>",
"error": "<string>"
}Authorizations
An access token in Infisical
Path Parameters
The ID of the machine identity to update the auth method for.
Body
The PEM-encoded CA certificate to validate client certificates.
1 - 10240The comma-separated list of trusted common names that are allowed to authenticate with Infisical.
1The comma-separated list of trusted subject alternative names that are allowed to authenticate with Infisical. Prefix entries by type (URI:, DNS:, IP:, EMAIL:). Bare entries are treated as DNS names.
1The new IPs or CIDR ranges that access tokens can be used from.
1Show child attributes
Show child attributes
The new lifetime for an access token in seconds.
0 <= x <= 315360000The new maximum number of times that an access token can be used.
x >= 0The new maximum lifetime for an access token in seconds.
0 <= x <= 315360000Response
Default Response
Show child attributes
Show child attributes
Was this page helpful?