Vault

Overview

Vaults are secure containers for keys and secrets. Each Vault is created for a specific user_id, organization_id or application_id. Bearer authorization is required per this

Each Vault contains many keys and/or secrets. Sensitive key material and secrets are encrypted with the associated Vault master key, which in turn is encrypted with the unsealer key provided when the Vault is unsealed. See Sealing/Unsealing for more information.

Vault Operations

There are a number of operations that can be carried out using Vault:

  • Create Vault

  • Delete Vault

  • List Vaults

Create Vault

To create a Vault for the authorized context:

curl -XPOST -v -H 'content-type: application/json' \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5ODM1ODEzLCJpYXQiOjE1OTk3NDk0MTMsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjUzMDFhZjAwLTEyNjMtNGMxNC04Mjc0LTI2NWYzOTNlZDJiNSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.fJL7wi5IfZdIZBoTXX0hFDBJuMtfU2Ub03oc0x7lD75MY9JSJ4DRdLCjiBK0DdYAv2D-V3erq9BtuooTkhUEsTAqciBhoxBygFAwvhnlxbdG_L_Fl9IyLQDow7LV7WY5odS4p1h8OAH_mpwfABDsc50uRLeJKtsWsOWzgahciIZgXGJrx-ogX-vEOrLHonytVcNZmWIeRDswO_SoZyc9Msx_Ywt6bMxVSC1ZS8t-5Spq-_xZqbGTDiM6MS0fAEsUidPZRPuZiXn473jj_dqkPbXt8pYHt4H9tdsMRGrFZbMRVxB-ebXeRhgIuTXrxrAmq6oLpw_WZ7pTrODVCeLqkRflkFculO3U1f8izsizXIX41goejOHECuE-VNXKGTr-dtOaDIlXzeejzuO-k4OjP7S2UFl98sNtj_eRjKLh4QTjd4HrPIpwjPUubA-tog76g1edeCHFkKUQzg3HGu1Lh-11tUXJeabdliRCeTrHTCAToAGUrLnihuTZRk7c9-ONeAbeKGALsciZIKMgDM-_wCQLdLbjokw_FlGiWhedp9xqFJJDpkenxElPfOesnmFaHqzAa_eFQuiC7wgdaeb06LdFOV3YmfQkmCHLdxGkRmz1mvjQZnmyoqwmKOBc8vVF9LScH6IsHn0gHn7vWUPnf2HGj3KUWevuoFmi7_2VlsA' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults \
-d '{"name":"Acme Inc.", "description": "Organizational keystore"}'
HTTP/2 201

Response JSON:

{
"id": "659a9b41-a2c5-4441-a0fd-bf3c94efd1c6",
"created_at": "2020-09-10T15:57:05.897993783+01:00",
"name": "Acme Inc.",
"description": "Organizational keystore"
}

Delete Vault

⚠️ Note: deleting a Vault is not a recoverable operation. Once deleted, the Vault and any Key or Secret which was previously stored will no longer accessible.

To delete a Vault for the authorized context:

curl -X "DELETE" \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5ODM1ODEzLCJpYXQiOjE1OTk3NDk0MTMsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjUzMDFhZjAwLTEyNjMtNGMxNC04Mjc0LTI2NWYzOTNlZDJiNSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.fJL7wi5IfZdIZBoTXX0hFDBJuMtfU2Ub03oc0x7lD75MY9JSJ4DRdLCjiBK0DdYAv2D-V3erq9BtuooTkhUEsTAqciBhoxBygFAwvhnlxbdG_L_Fl9IyLQDow7LV7WY5odS4p1h8OAH_mpwfABDsc50uRLeJKtsWsOWzgahciIZgXGJrx-ogX-vEOrLHonytVcNZmWIeRDswO_SoZyc9Msx_Ywt6bMxVSC1ZS8t-5Spq-_xZqbGTDiM6MS0fAEsUidPZRPuZiXn473jj_dqkPbXt8pYHt4H9tdsMRGrFZbMRVxB-ebXeRhgIuTXrxrAmq6oLpw_WZ7pTrODVCeLqkRflkFculO3U1f8izsizXIX41goejOHECuE-VNXKGTr-dtOaDIlXzeejzuO-k4OjP7S2UFl98sNtj_eRjKLh4QTjd4HrPIpwjPUubA-tog76g1edeCHFkKUQzg3HGu1Lh-11tUXJeabdliRCeTrHTCAToAGUrLnihuTZRk7c9-ONeAbeKGALsciZIKMgDM-_wCQLdLbjokw_FlGiWhedp9xqFJJDpkenxElPfOesnmFaHqzAa_eFQuiC7wgdaeb06LdFOV3YmfQkmCHLdxGkRmz1mvjQZnmyoqwmKOBc8vVF9LScH6IsHn0gHn7vWUPnf2HGj3KUWevuoFmi7_2VlsA' \
https://vault.provide.services/api/v1/vaults/48ff790c-40b0-4bd6-9a5f-8a550ba7b953
HTTP/2 204

204 No Content is returned if the delete operation is successful.

List Vaults

List Vaults for the authorized context.

curl -i \
-H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
https://vault.provide.services/api/v1/vaults
HTTP/2 200

Response JSON:

[
{
"id": "730afe0f-a62d-48e0-9d67-1e07c118fbf8",
"created_at": "2020-09-10T15:19:00.891891Z",
"name": "Acme Inc.",
"description": "Organizational keystore #1"
},
{
"id": "4d9e9c30-b181-44ea-a143-07b94e2b3adf",
"created_at": "2020-09-10T15:19:11.829375Z",
"name": "Acme Inc.",
"description": "Organizational keystore #2"
}
]