Vaults

Secure containers for keys and secrets

Overview

Vaults are secure containers for keys and secrets. Each Vault is created for a specific user_id, organization_id or application_id. Bearer authorization is required.

Each Vault contains many keys and/or secrets. Sensitive key material and secrets are encrypted with the associated Vault master key, which in turn is encrypted with the unsealer key provided when the Vault is unsealed. See Sealing/Unsealing for more information.

List Vaults

List Vaults for the authorized context.

List Vaults

GET https://nchain.provide.services/api/v1/vaults

Returns a list of

Vault

instances in the authorized scope

Headers

Name Type Description

Name	Type	Description
authorization*	string	bearer scoped to `Application` , `Organization` or `User`

authorization*

string

bearer scoped to

Application

Organization

User

[
    {
        "id": "4fe33cf9-f6bf-4f57-9eed-72b182b45767",
        "created_at": "2021-08-16T19:48:47.03024Z",
        "name": "LGT-Columbia Vault",
        "description": "LGT Vault for testing and documentation purposes"
    },
    {
        "id": "3586a5b0-4dc2-43ba-9068-f691b7122f70",
        "created_at": "2021-08-16T18:55:51.608163Z",
        "name": "Demo vault name",
        "description": "Sample vault description"
    }
]

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
    https://vault.provide.services/api/v1/vaults
HTTP/2 200

Response JSON:

[
    {
        "id": "730afe0f-a62d-48e0-9d67-1e07c118fbf8",
        "created_at": "2020-09-10T15:19:00.891891Z",
        "name": "Acme Inc.",
        "description": "Organizational keystore #1"
    },
    {
        "id": "4d9e9c30-b181-44ea-a143-07b94e2b3adf",
        "created_at": "2020-09-10T15:19:11.829375Z",
        "name": "Acme Inc.",
        "description": "Organizational keystore #2"
    }
]

Create Vault

To create a Vault for the authorized context:

Create Vault

POST https://vault.provide.services/api/v1/vaults

Creates a new

Vault

Headers

Name Type Description

Name	Type	Description
authorization*	string	bearer scoped to `Application` , `Organization` or `User`

authorization*

string

bearer scoped to

Application

Organization

User

Request Body

Name Type Description

Name	Type	Description
description	string	description of `Vault` to be created
name*	string	name of `Vault` to be created

description

string

description of

Vault

to be created

name*

string

name of

Vault

to be created

{
    "id": "4fe33cf9-f6bf-4f57-9eed-72b182b45767",
    "created_at": "2021-08-16T19:48:47.0302396Z",
    "name": "LGT-Columbia Vault",
    "description": "LGT Vault for testing and documentation purposes"
}

curl -XPOST -v -H 'content-type: application/json' \
    -H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5ODM1ODEzLCJpYXQiOjE1OTk3NDk0MTMsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjUzMDFhZjAwLTEyNjMtNGMxNC04Mjc0LTI2NWYzOTNlZDJiNSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.fJL7wi5IfZdIZBoTXX0hFDBJuMtfU2Ub03oc0x7lD75MY9JSJ4DRdLCjiBK0DdYAv2D-V3erq9BtuooTkhUEsTAqciBhoxBygFAwvhnlxbdG_L_Fl9IyLQDow7LV7WY5odS4p1h8OAH_mpwfABDsc50uRLeJKtsWsOWzgahciIZgXGJrx-ogX-vEOrLHonytVcNZmWIeRDswO_SoZyc9Msx_Ywt6bMxVSC1ZS8t-5Spq-_xZqbGTDiM6MS0fAEsUidPZRPuZiXn473jj_dqkPbXt8pYHt4H9tdsMRGrFZbMRVxB-ebXeRhgIuTXrxrAmq6oLpw_WZ7pTrODVCeLqkRflkFculO3U1f8izsizXIX41goejOHECuE-VNXKGTr-dtOaDIlXzeejzuO-k4OjP7S2UFl98sNtj_eRjKLh4QTjd4HrPIpwjPUubA-tog76g1edeCHFkKUQzg3HGu1Lh-11tUXJeabdliRCeTrHTCAToAGUrLnihuTZRk7c9-ONeAbeKGALsciZIKMgDM-_wCQLdLbjokw_FlGiWhedp9xqFJJDpkenxElPfOesnmFaHqzAa_eFQuiC7wgdaeb06LdFOV3YmfQkmCHLdxGkRmz1mvjQZnmyoqwmKOBc8vVF9LScH6IsHn0gHn7vWUPnf2HGj3KUWevuoFmi7_2VlsA' \
    -H 'Content-Type: application/json' \
    https://vault.provide.services/api/v1/vaults \
    -d '{"name":"Acme Inc.", "description": "Organizational keystore"}'
HTTP/2 201

Response JSON:

{
    "id": "659a9b41-a2c5-4441-a0fd-bf3c94efd1c6",
    "created_at": "2020-09-10T15:57:05.897993783+01:00",
    "name": "Acme Inc.",
    "description": "Organizational keystore"
}

Delete Vault

Deleting a Vault is not a recoverable operation. Once deleted, the Vault and any Key or Secret which was previously stored will no longer accessible.

To delete a Vault for the authorized context:

Delete Vault

DELETE https://vault.provide.services/api/v1/vaults/:id

Deletes a specified

Vault

Path Parameters

Name Type Description

Name	Type	Description
id*	uuid	id of `Vault` to be deleted

id*

uuid

id of

Vault

to be deleted

Headers

Name Type Description

Name	Type	Description
authorization*	string	bearer scoped to `Application` , `Organization` or `User`

authorization*

string

bearer scoped to

Application

Organization

User

{
    "id": "4fe33cf9-f6bf-4f57-9eed-72b182b45767",
    "created_at": "2021-08-16T19:48:47.0302396Z",
    "name": "LGT-Columbia Vault",
    "description": "LGT Vault for testing and documentation purposes"
}

curl -X "DELETE" \
    -H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5ODM1ODEzLCJpYXQiOjE1OTk3NDk0MTMsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjUzMDFhZjAwLTEyNjMtNGMxNC04Mjc0LTI2NWYzOTNlZDJiNSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.fJL7wi5IfZdIZBoTXX0hFDBJuMtfU2Ub03oc0x7lD75MY9JSJ4DRdLCjiBK0DdYAv2D-V3erq9BtuooTkhUEsTAqciBhoxBygFAwvhnlxbdG_L_Fl9IyLQDow7LV7WY5odS4p1h8OAH_mpwfABDsc50uRLeJKtsWsOWzgahciIZgXGJrx-ogX-vEOrLHonytVcNZmWIeRDswO_SoZyc9Msx_Ywt6bMxVSC1ZS8t-5Spq-_xZqbGTDiM6MS0fAEsUidPZRPuZiXn473jj_dqkPbXt8pYHt4H9tdsMRGrFZbMRVxB-ebXeRhgIuTXrxrAmq6oLpw_WZ7pTrODVCeLqkRflkFculO3U1f8izsizXIX41goejOHECuE-VNXKGTr-dtOaDIlXzeejzuO-k4OjP7S2UFl98sNtj_eRjKLh4QTjd4HrPIpwjPUubA-tog76g1edeCHFkKUQzg3HGu1Lh-11tUXJeabdliRCeTrHTCAToAGUrLnihuTZRk7c9-ONeAbeKGALsciZIKMgDM-_wCQLdLbjokw_FlGiWhedp9xqFJJDpkenxElPfOesnmFaHqzAa_eFQuiC7wgdaeb06LdFOV3YmfQkmCHLdxGkRmz1mvjQZnmyoqwmKOBc8vVF9LScH6IsHn0gHn7vWUPnf2HGj3KUWevuoFmi7_2VlsA' \
    https://vault.provide.services/api/v1/vaults/48ff790c-40b0-4bd6-9a5f-8a550ba7b953
HTTP/2 204

204 No Content is returned if the delete operation is successful.

PreviousSecrets NextHigh Availability

Last updated 2 years ago