Vault

A dictionary of key-values are stored under a given name.

Values can be stored directly (strings) or base64 encoded (binary values). Use base64 when the data contains characters that are not suitable for a string representation.

If a value is mounted as a file by the scheduler, then the decoded value will be used, ie base64 values will be unpacked.

Create a new vault

SecurityaccessToken
Request
query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$
max-versions
integer <uint32>

The maximum number of versions allowed to exist at any given time. Old versions are removed when new are added. Defaults to 1 if unset.

cas-required
boolean

A CAS (check and set) value is required allowing cooperative concurrency. If required, setting a new value requires a CAS value that corresponds to the old version. If the CAS value is missing or differ from the old version, then the set is rejected. Defaults to false if unset

delete-version-after
string <duration>

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

Delete version after the duration. If not set, then the value will remain until explicitly deleted. Not yet implemented.

to (object) or sites (object) or deployments (object)
Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict (instance exists)

503

Service Unavailable (strongbox sealed)

post/v1/config/strongbox/vaults
Request samples
name: some-vault
max-versions: 1
cas-required: false
delete-version-after: 0s
distribute:
  sites:
    - stockholm-sergel
    - gotenburg-bergakungen

Retrieve the configuration of all vaults

SecurityaccessToken
Request
query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
keys
string <enumeration>

Retrieve only the keys for the list

Value: "true"
count
string <enumeration>

Retrieve only the number of elements in the list

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/strongbox/vaults
Response samples
- name: some-vault
  max-versions: 1
  cas-required: false
  delete-version-after: 0s
  distribute:
    sites:
      - stockholm-sergel
      - gotenburg-bergakungen
  

Update a vault

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$
max-versions
integer <uint32>

The maximum number of versions allowed to exist at any given time. Old versions are removed when new are added. Defaults to 1 if unset.

cas-required
boolean

A CAS (check and set) value is required allowing cooperative concurrency. If required, setting a new value requires a CAS value that corresponds to the old version. If the CAS value is missing or differ from the old version, then the set is rejected. Defaults to false if unset

delete-version-after
string <duration>

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

Delete version after the duration. If not set, then the value will remain until explicitly deleted. Not yet implemented.

to (object) or sites (object) or deployments (object)
Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

patch/v1/config/strongbox/vaults/{vault-name}
Request samples
name: some-vault
max-versions: 1
cas-required: false
delete-version-after: 0s
distribute:
  sites:
    - stockholm-sergel
    - gotenburg-bergakungen

Delete a vault

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

delete/v1/config/strongbox/vaults/{vault-name}

Replace or create a new vault

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$
max-versions
integer <uint32>

The maximum number of versions allowed to exist at any given time. Old versions are removed when new are added. Defaults to 1 if unset.

cas-required
boolean

A CAS (check and set) value is required allowing cooperative concurrency. If required, setting a new value requires a CAS value that corresponds to the old version. If the CAS value is missing or differ from the old version, then the set is rejected. Defaults to false if unset

delete-version-after
string <duration>

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

Delete version after the duration. If not set, then the value will remain until explicitly deleted. Not yet implemented.

to (object) or sites (object) or deployments (object)
Responses
201

Created

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

put/v1/config/strongbox/vaults/{vault-name}
Request samples
name: some-vault
max-versions: 1
cas-required: false
delete-version-after: 0s
distribute:
  sites:
    - stockholm-sergel
    - gotenburg-bergakungen

Retrieve the configuration of a vault

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
version-list
string <enumeration>

Retrieve list of old versions

Value: "true"
version
string

Retrieve requested old version of the resource

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/strongbox/vaults/{vault-name}
Response samples
name: some-vault
max-versions: 1
cas-required: false
delete-version-after: 0s
distribute:
  sites:
    - stockholm-sergel
    - gotenburg-bergakungen

Create a new vault secret

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$
object

A dictionary of key-value pairs are stored under a given key. Values should be base64 encoded before being stored.

object

A dictionary of key-value pairs are stored under a given key.

object

If a certificate is specified it will be created on demand, and renewed when needed. Three key-value pairs will appear in the dict list; cert.pem, cert.key, and ca-cert.pem

object

If a ssh certificate is specified it will be created on demand, and renewed when needed. Four key-value pairs will appear in the dict list; ssh-cert, ssh-private-key, ssh-public-key, and ssh-ca-public-key

allow-image-access
Array of strings

Allow listed images to mount the key-value map. The string is the image's hash id.

The special value * indicates that all images have access.

ttl
string <duration>

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

The TTL is not enforced and only serve as indication to the user of the key-value map.

Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict (instance exists)

503

Service Unavailable (strongbox sealed)

post/v1/config/strongbox/vaults/{vault-name}/secrets
Request samples
name: credentials
base64-data:
  xx: eXk=
  yy: aGVg
data:
  password: verysecret
  user: admin
auto-cert:
  issuing-ca: root
  refresh-threshold: 10d
  ttl: 20d
  truncate-ttl: false
  host: www.server.com
  public-key: |
    -----BEGIN PUBLIC KEY-----
    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECMA6yO9x3I3qSjbEZ7nWlAFF/aiA
    puUfIlWEHcTwgiFvCdvV4rnXzdoSxZh5B6oK6KEDA4hqCV9Re8bIQ8VLlA==
    -----END PUBLIC KEY-----
  cert-type: server
  alt-name:
    - type: DNSName
      value: www.server.com
  server-ext-usage: true
  client-ext-usage: true
  code-signing-ext-usage: true
  full-authority-key-identifier: false
  serial-prefix: fe:ed:ba:be
auto-ssh-cert:
  issuing-ca: root
  issuing-role: admin
  public-key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAstFt4AUzsP1iEC9a4tO2G3ISbTSSthvUvWYoq0yWy0dzbnditXgw5rVBTuIC1oltNuAdsol+lOBbZLS2ZE6rDCeAq82AYu3EsdVBiHsZMocEjgg45xxd8+0tzaVZjevQWo9gkIqMesHEYgUGiwFZF4747AILemSwKz+X6HD78fs= joe@acme.com
  refresh-threshold: 10d
  ttl: 15d
  valid-principals:
    - joe
  cert-type: user
  key-id: joe
  critical-options:
    - force-command
  extensions:
    - permit-X11-forwarding
    - permit-agent-forwarding
    - permit-pty
allow-image-access:
  - "*"
ttl: 4h

Retrieve the configuration of all vault secrets

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
keys
string <enumeration>

Retrieve only the keys for the list

Value: "true"
count
string <enumeration>

Retrieve only the number of elements in the list

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/strongbox/vaults/{vault-name}/secrets
Response samples
- name: credentials
  base64-data:
    xx: eXk=
    yy: aGVg
  data:
    password: verysecret
    user: admin
  auto-cert:
    issuing-ca: root
    refresh-threshold: 10d
    ttl: 20d
    truncate-ttl: false
    host: www.server.com
    public-key: |
      -----BEGIN PUBLIC KEY-----
      MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECMA6yO9x3I3qSjbEZ7nWlAFF/aiA
      puUfIlWEHcTwgiFvCdvV4rnXzdoSxZh5B6oK6KEDA4hqCV9Re8bIQ8VLlA==
      -----END PUBLIC KEY-----
    cert-type: server
    alt-name:
      - type: DNSName
        value: www.server.com
    server-ext-usage: true
    client-ext-usage: true
    code-signing-ext-usage: true
    full-authority-key-identifier: false
    serial-prefix: fe:ed:ba:be
  auto-ssh-cert:
    issuing-ca: root
    issuing-role: admin
    public-key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAstFt4AUzsP1iEC9a4tO2G3ISbTSSthvUvWYoq0yWy0dzbnditXgw5rVBTuIC1oltNuAdsol+lOBbZLS2ZE6rDCeAq82AYu3EsdVBiHsZMocEjgg45xxd8+0tzaVZjevQWo9gkIqMesHEYgUGiwFZF4747AILemSwKz+X6HD78fs= joe@acme.com
    refresh-threshold: 10d
    ttl: 15d
    valid-principals:
      - joe
    cert-type: user
    key-id: joe
    critical-options:
      - force-command
    extensions:
      - permit-X11-forwarding
      - permit-agent-forwarding
      - permit-pty
  allow-image-access:
    - "*"
  ttl: 4h
  

Update a vault secret

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

vault-secret-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault-secret

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$
object

A dictionary of key-value pairs are stored under a given key. Values should be base64 encoded before being stored.

object

A dictionary of key-value pairs are stored under a given key.

object

If a certificate is specified it will be created on demand, and renewed when needed. Three key-value pairs will appear in the dict list; cert.pem, cert.key, and ca-cert.pem

object

If a ssh certificate is specified it will be created on demand, and renewed when needed. Four key-value pairs will appear in the dict list; ssh-cert, ssh-private-key, ssh-public-key, and ssh-ca-public-key

allow-image-access
Array of strings

Allow listed images to mount the key-value map. The string is the image's hash id.

The special value * indicates that all images have access.

ttl
string <duration>

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

The TTL is not enforced and only serve as indication to the user of the key-value map.

Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

patch/v1/config/strongbox/vaults/{vault-name}/secrets/{vault-secret-name}
Request samples
name: credentials
base64-data:
  xx: eXk=
  yy: aGVg
data:
  password: verysecret
  user: admin
auto-cert:
  issuing-ca: root
  refresh-threshold: 10d
  ttl: 20d
  truncate-ttl: false
  host: www.server.com
  public-key: |
    -----BEGIN PUBLIC KEY-----
    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECMA6yO9x3I3qSjbEZ7nWlAFF/aiA
    puUfIlWEHcTwgiFvCdvV4rnXzdoSxZh5B6oK6KEDA4hqCV9Re8bIQ8VLlA==
    -----END PUBLIC KEY-----
  cert-type: server
  alt-name:
    - type: DNSName
      value: www.server.com
  server-ext-usage: true
  client-ext-usage: true
  code-signing-ext-usage: true
  full-authority-key-identifier: false
  serial-prefix: fe:ed:ba:be
auto-ssh-cert:
  issuing-ca: root
  issuing-role: admin
  public-key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAstFt4AUzsP1iEC9a4tO2G3ISbTSSthvUvWYoq0yWy0dzbnditXgw5rVBTuIC1oltNuAdsol+lOBbZLS2ZE6rDCeAq82AYu3EsdVBiHsZMocEjgg45xxd8+0tzaVZjevQWo9gkIqMesHEYgUGiwFZF4747AILemSwKz+X6HD78fs= joe@acme.com
  refresh-threshold: 10d
  ttl: 15d
  valid-principals:
    - joe
  cert-type: user
  key-id: joe
  critical-options:
    - force-command
  extensions:
    - permit-X11-forwarding
    - permit-agent-forwarding
    - permit-pty
allow-image-access:
  - "*"
ttl: 4h

Delete a vault secret

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

vault-secret-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault-secret

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

delete/v1/config/strongbox/vaults/{vault-name}/secrets/{vault-secret-name}

Replace or create a new vault secret

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

vault-secret-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault-secret

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$
object

A dictionary of key-value pairs are stored under a given key. Values should be base64 encoded before being stored.

object

A dictionary of key-value pairs are stored under a given key.

object

If a certificate is specified it will be created on demand, and renewed when needed. Three key-value pairs will appear in the dict list; cert.pem, cert.key, and ca-cert.pem

object

If a ssh certificate is specified it will be created on demand, and renewed when needed. Four key-value pairs will appear in the dict list; ssh-cert, ssh-private-key, ssh-public-key, and ssh-ca-public-key

allow-image-access
Array of strings

Allow listed images to mount the key-value map. The string is the image's hash id.

The special value * indicates that all images have access.

ttl
string <duration>

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

The TTL is not enforced and only serve as indication to the user of the key-value map.

Responses
201

Created

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

put/v1/config/strongbox/vaults/{vault-name}/secrets/{vault-secret-name}
Request samples
name: credentials
base64-data:
  xx: eXk=
  yy: aGVg
data:
  password: verysecret
  user: admin
auto-cert:
  issuing-ca: root
  refresh-threshold: 10d
  ttl: 20d
  truncate-ttl: false
  host: www.server.com
  public-key: |
    -----BEGIN PUBLIC KEY-----
    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECMA6yO9x3I3qSjbEZ7nWlAFF/aiA
    puUfIlWEHcTwgiFvCdvV4rnXzdoSxZh5B6oK6KEDA4hqCV9Re8bIQ8VLlA==
    -----END PUBLIC KEY-----
  cert-type: server
  alt-name:
    - type: DNSName
      value: www.server.com
  server-ext-usage: true
  client-ext-usage: true
  code-signing-ext-usage: true
  full-authority-key-identifier: false
  serial-prefix: fe:ed:ba:be
auto-ssh-cert:
  issuing-ca: root
  issuing-role: admin
  public-key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAstFt4AUzsP1iEC9a4tO2G3ISbTSSthvUvWYoq0yWy0dzbnditXgw5rVBTuIC1oltNuAdsol+lOBbZLS2ZE6rDCeAq82AYu3EsdVBiHsZMocEjgg45xxd8+0tzaVZjevQWo9gkIqMesHEYgUGiwFZF4747AILemSwKz+X6HD78fs= joe@acme.com
  refresh-threshold: 10d
  ttl: 15d
  valid-principals:
    - joe
  cert-type: user
  key-id: joe
  critical-options:
    - force-command
  extensions:
    - permit-X11-forwarding
    - permit-agent-forwarding
    - permit-pty
allow-image-access:
  - "*"
ttl: 4h

Retrieve the configuration of a vault secret

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

vault-secret-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault-secret

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
version-list
string <enumeration>

Retrieve list of old versions

Value: "true"
version
string

Retrieve requested old version of the resource

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/strongbox/vaults/{vault-name}/secrets/{vault-secret-name}
Response samples
name: credentials
base64-data:
  xx: eXk=
  yy: aGVg
data:
  password: verysecret
  user: admin
auto-cert:
  issuing-ca: root
  refresh-threshold: 10d
  ttl: 20d
  truncate-ttl: false
  host: www.server.com
  public-key: |
    -----BEGIN PUBLIC KEY-----
    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECMA6yO9x3I3qSjbEZ7nWlAFF/aiA
    puUfIlWEHcTwgiFvCdvV4rnXzdoSxZh5B6oK6KEDA4hqCV9Re8bIQ8VLlA==
    -----END PUBLIC KEY-----
  cert-type: server
  alt-name:
    - type: DNSName
      value: www.server.com
  server-ext-usage: true
  client-ext-usage: true
  code-signing-ext-usage: true
  full-authority-key-identifier: false
  serial-prefix: fe:ed:ba:be
auto-ssh-cert:
  issuing-ca: root
  issuing-role: admin
  public-key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAstFt4AUzsP1iEC9a4tO2G3ISbTSSthvUvWYoq0yWy0dzbnditXgw5rVBTuIC1oltNuAdsol+lOBbZLS2ZE6rDCeAq82AYu3EsdVBiHsZMocEjgg45xxd8+0tzaVZjevQWo9gkIqMesHEYgUGiwFZF4747AILemSwKz+X6HD78fs= joe@acme.com
  refresh-threshold: 10d
  ttl: 15d
  valid-principals:
    - joe
  cert-type: user
  key-id: joe
  critical-options:
    - force-command
  extensions:
    - permit-X11-forwarding
    - permit-agent-forwarding
    - permit-pty
allow-image-access:
  - "*"
ttl: 4h

Retrieve the state of all vaults

SecurityaccessToken
Request
query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

site
string

Send the request to the specfifed site

content
string <enumeration>

Filter descendant nodes in the response

Enum: "config" "nonconfig"
keys
string <enumeration>

Retrieve only the keys for the list

Value: "true"
count
string <enumeration>

Retrieve only the number of elements in the list

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/strongbox/vaults
Response samples
- name: some-vault
  max-versions: 1
  cas-required: false
  delete-version-after: 0s
  distribute:
    sites:
      - stockholm-sergel
      - gotenburg-bergakungen
  distribution-status:
    sites:
      - stockholm-sergel
      - gotenburg-bergakungen
  

Retrieve the state of a vault

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

site
string

Send the request to the specfifed site

content
string <enumeration>

Filter descendant nodes in the response

Enum: "config" "nonconfig"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/strongbox/vaults/{vault-name}
Response samples
name: some-vault
max-versions: 1
cas-required: false
delete-version-after: 0s
distribute:
  sites:
    - stockholm-sergel
    - gotenburg-bergakungen
distribution-status:
  sites:
    - stockholm-sergel
    - gotenburg-bergakungen

Retrieve the state of all vault secrets

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

site
string

Send the request to the specfifed site

content
string <enumeration>

Filter descendant nodes in the response

Enum: "config" "nonconfig"
keys
string <enumeration>

Retrieve only the keys for the list

Value: "true"
count
string <enumeration>

Retrieve only the number of elements in the list

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/strongbox/vaults/{vault-name}/secrets
Response samples
- name: credentials
  base64-data:
    xx: eXk=
    yy: aGVg
  data:
    password: verysecret
    user: admin
  auto-cert:
    issuing-ca: root
    refresh-threshold: 10d
    ttl: 20d
    truncate-ttl: false
    host: www.server.com
    public-key: |
      -----BEGIN PUBLIC KEY-----
      MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECMA6yO9x3I3qSjbEZ7nWlAFF/aiA
      puUfIlWEHcTwgiFvCdvV4rnXzdoSxZh5B6oK6KEDA4hqCV9Re8bIQ8VLlA==
      -----END PUBLIC KEY-----
    cert-type: server
    alt-name:
      - type: DNSName
        value: www.server.com
    server-ext-usage: true
    client-ext-usage: true
    code-signing-ext-usage: true
    full-authority-key-identifier: false
    serial-prefix: fe:ed:ba:be
  cert:
    cert.pem: |
      -----BEGIN CERTIFICATE-----
      MIICeTCCAiCgAwIBAgITAJoov8FFieL9BHIIv+WenC4f8jAKBggqhkjOPQQDAjBa
      MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC
      U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw
      MjIwMTEyMTEwMzM2WhgPMjAyMjAyMDExNTUxMzZaMGIxFzAVBgNVBAMTDnd3dy5z
      ZXJ2ZXIuY29tMRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD
      VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMGByqGSM49AgEG
      CCqGSM49AwEHA0IABGVqGAt14O1helv02eAi3510lAoMNnyQCYl+fj+AI0aj2OqJ
      2pfACv+1D/8SS0EeBNOpuyK31wJUBMAvfbNVsMWjgbgwgbUwfQYDVR0jBHYwdKFe
      pFwwWjEPMA0GA1UEAxMGQXZhc3NhMRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNV
      BAYTAlNFMQ8wDQYDVQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvboIS
      LL8LSoDJCZYPbe4M+XG6StKZMBkGA1UdEQQSMBCCDnd3dy5zZXJ2ZXIuY29tMAsG
      A1UdDwQEAwIDiDAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0cAMEQCIAqAfJK+
      8Duk8Qrj55YwkuRyt97Cv4/bbIpRwaNJxafIAiAn7GO/fkOjhWZCYfB8yx92Kl3Y
      Tl0y+hIVaLkKoXuMhg==
      -----END CERTIFICATE-----
    cert.key: |
      -----BEGIN EC PRIVATE KEY-----
      MHcCAQEEIOtZk70H7MTVQOPOJFQPVzM0Kjc0B8wXj7OtrjtyBYVLoAoGCCqGSM49
      AwEHoUQDQgAEZWoYC3Xg7WF6W/TZ4CLfnXSUCgw2fJAJiX5+P4AjRqPY6onal8AK
      /7UP/xJLQR4E06m7IrfXAlQEwC99s1WwxQ==
      -----END EC PRIVATE KEY-----
    ca-cert.pem: |
      -----BEGIN CERTIFICATE-----
      MIICAzCCAaqgAwIBAgISLL8LSoDJCZYPbe4M+XG6StKZMAoGCCqGSM49BAMCMFox
      DzANBgNVBAMTBkF2YXNzYTESMBAGA1UEBxMJU3RvY2tob2xtMQswCQYDVQQGEwJT
      RTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmlidXRpb24wIhgPMjAy
      MjAxMDkwMDEzMDZaGA8yMDIzMDExMjE1NDkwNlowWjEPMA0GA1UEAxMGQXZhc3Nh
      MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZBdmFz
      c2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMGByqGSM49AgEGCCqGSM49AwEH
      A0IABAjAOsjvcdyN6ko2xGe51pQBRf2ogKblHyJVhB3E8IIhbwnb1eK5183aEsWY
      eQeqCuihAwOIaglfUXvGyEPFS5SjTDBKMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMB
      Af8EBTADAQH/MCcGA1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly9jcmwuYXZhc3NhLm5l
      dC8wCgYIKoZIzj0EAwIDRwAwRAIgGMkKpCKX1zpsdKY7SuB2sPvM1i1eAJtR10PE
      /x29sRsCIF/jigjXX52APfotfWAhRmcd3Cp1D1/oKai03cnSM/K8
      -----END CERTIFICATE-----
  auto-ssh-cert:
    issuing-ca: root
    issuing-role: admin
    public-key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAstFt4AUzsP1iEC9a4tO2G3ISbTSSthvUvWYoq0yWy0dzbnditXgw5rVBTuIC1oltNuAdsol+lOBbZLS2ZE6rDCeAq82AYu3EsdVBiHsZMocEjgg45xxd8+0tzaVZjevQWo9gkIqMesHEYgUGiwFZF4747AILemSwKz+X6HD78fs= joe@acme.com
    refresh-threshold: 10d
    ttl: 15d
    valid-principals:
      - joe
    cert-type: user
    key-id: joe
    critical-options:
      - force-command
    extensions:
      - permit-X11-forwarding
      - permit-agent-forwarding
      - permit-pty
  dict:
    xx: eXk=
    cert.pem: |
      -----BEGIN CERTIFICATE-----
      MIICeTCCAiCgAwIBAgITAJoov8FFieL9BHIIv+WenC4f8jAKBggqhkjOPQQDAjBa
      MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC
      U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw
      MjIwMTEyMTEwMzM2WhgPMjAyMjAyMDExNTUxMzZaMGIxFzAVBgNVBAMTDnd3dy5z
      ZXJ2ZXIuY29tMRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD
      VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMGByqGSM49AgEG
      CCqGSM49AwEHA0IABGVqGAt14O1helv02eAi3510lAoMNnyQCYl+fj+AI0aj2OqJ
      2pfACv+1D/8SS0EeBNOpuyK31wJUBMAvfbNVsMWjgbgwgbUwfQYDVR0jBHYwdKFe
      pFwwWjEPMA0GA1UEAxMGQXZhc3NhMRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNV
      BAYTAlNFMQ8wDQYDVQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvboIS
      LL8LSoDJCZYPbe4M+XG6StKZMBkGA1UdEQQSMBCCDnd3dy5zZXJ2ZXIuY29tMAsG
      A1UdDwQEAwIDiDAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0cAMEQCIAqAfJK+
      8Duk8Qrj55YwkuRyt97Cv4/bbIpRwaNJxafIAiAn7GO/fkOjhWZCYfB8yx92Kl3Y
      Tl0y+hIVaLkKoXuMhg==
      -----END CERTIFICATE-----
    cert.key: |
      -----BEGIN EC PRIVATE KEY-----
      MHcCAQEEIOtZk70H7MTVQOPOJFQPVzM0Kjc0B8wXj7OtrjtyBYVLoAoGCCqGSM49
      AwEHoUQDQgAEZWoYC3Xg7WF6W/TZ4CLfnXSUCgw2fJAJiX5+P4AjRqPY6onal8AK
      /7UP/xJLQR4E06m7IrfXAlQEwC99s1WwxQ==
      -----END EC PRIVATE KEY-----
    ca-cert.pem: |
      -----BEGIN CERTIFICATE-----
      MIICAzCCAaqgAwIBAgISLL8LSoDJCZYPbe4M+XG6StKZMAoGCCqGSM49BAMCMFox
      DzANBgNVBAMTBkF2YXNzYTESMBAGA1UEBxMJU3RvY2tob2xtMQswCQYDVQQGEwJT
      RTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmlidXRpb24wIhgPMjAy
      MjAxMDkwMDEzMDZaGA8yMDIzMDExMjE1NDkwNlowWjEPMA0GA1UEAxMGQXZhc3Nh
      MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZBdmFz
      c2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMGByqGSM49AgEGCCqGSM49AwEH
      A0IABAjAOsjvcdyN6ko2xGe51pQBRf2ogKblHyJVhB3E8IIhbwnb1eK5183aEsWY
      eQeqCuihAwOIaglfUXvGyEPFS5SjTDBKMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMB
      Af8EBTADAQH/MCcGA1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly9jcmwuYXZhc3NhLm5l
      dC8wCgYIKoZIzj0EAwIDRwAwRAIgGMkKpCKX1zpsdKY7SuB2sPvM1i1eAJtR10PE
      /x29sRsCIF/jigjXX52APfotfWAhRmcd3Cp1D1/oKai03cnSM/K8
      -----END CERTIFICATE-----
    password: verysecret
    yy: aGVg
    user: admin
  allow-image-access:
    - "*"
  creation-time: 2022-01-12T14:56:10.018462Z
  deletion-time: 2022-01-12T14:56:10.018462Z
  destroyed: false
  cert-refresh-time: 2022-01-13T01:51:34.308328Z
  version: 1
  metadata:
    current-version: 1
    modified-time: 2022-01-12T14:56:10.018463Z
    creation-time: 2022-01-12T14:56:10.018462Z
    oldest-version: 1
  ttl: 4h
  error: tls CA does not exist
  

Retrieve the state of a vault secret

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

vault-secret-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault-secret

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

site
string

Send the request to the specfifed site

content
string <enumeration>

Filter descendant nodes in the response

Enum: "config" "nonconfig"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/strongbox/vaults/{vault-name}/secrets/{vault-secret-name}
Response samples
name: credentials
base64-data:
  xx: eXk=
  yy: aGVg
data:
  password: verysecret
  user: admin
auto-cert:
  issuing-ca: root
  refresh-threshold: 10d
  ttl: 20d
  truncate-ttl: false
  host: www.server.com
  public-key: |
    -----BEGIN PUBLIC KEY-----
    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECMA6yO9x3I3qSjbEZ7nWlAFF/aiA
    puUfIlWEHcTwgiFvCdvV4rnXzdoSxZh5B6oK6KEDA4hqCV9Re8bIQ8VLlA==
    -----END PUBLIC KEY-----
  cert-type: server
  alt-name:
    - type: DNSName
      value: www.server.com
  server-ext-usage: true
  client-ext-usage: true
  code-signing-ext-usage: true
  full-authority-key-identifier: false
  serial-prefix: fe:ed:ba:be
cert:
  cert.pem: |
    -----BEGIN CERTIFICATE-----
    MIICeTCCAiCgAwIBAgITAJoov8FFieL9BHIIv+WenC4f8jAKBggqhkjOPQQDAjBa
    MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC
    U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw
    MjIwMTEyMTEwMzM2WhgPMjAyMjAyMDExNTUxMzZaMGIxFzAVBgNVBAMTDnd3dy5z
    ZXJ2ZXIuY29tMRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD
    VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMGByqGSM49AgEG
    CCqGSM49AwEHA0IABGVqGAt14O1helv02eAi3510lAoMNnyQCYl+fj+AI0aj2OqJ
    2pfACv+1D/8SS0EeBNOpuyK31wJUBMAvfbNVsMWjgbgwgbUwfQYDVR0jBHYwdKFe
    pFwwWjEPMA0GA1UEAxMGQXZhc3NhMRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNV
    BAYTAlNFMQ8wDQYDVQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvboIS
    LL8LSoDJCZYPbe4M+XG6StKZMBkGA1UdEQQSMBCCDnd3dy5zZXJ2ZXIuY29tMAsG
    A1UdDwQEAwIDiDAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0cAMEQCIAqAfJK+
    8Duk8Qrj55YwkuRyt97Cv4/bbIpRwaNJxafIAiAn7GO/fkOjhWZCYfB8yx92Kl3Y
    Tl0y+hIVaLkKoXuMhg==
    -----END CERTIFICATE-----
  cert.key: |
    -----BEGIN EC PRIVATE KEY-----
    MHcCAQEEIOtZk70H7MTVQOPOJFQPVzM0Kjc0B8wXj7OtrjtyBYVLoAoGCCqGSM49
    AwEHoUQDQgAEZWoYC3Xg7WF6W/TZ4CLfnXSUCgw2fJAJiX5+P4AjRqPY6onal8AK
    /7UP/xJLQR4E06m7IrfXAlQEwC99s1WwxQ==
    -----END EC PRIVATE KEY-----
  ca-cert.pem: |
    -----BEGIN CERTIFICATE-----
    MIICAzCCAaqgAwIBAgISLL8LSoDJCZYPbe4M+XG6StKZMAoGCCqGSM49BAMCMFox
    DzANBgNVBAMTBkF2YXNzYTESMBAGA1UEBxMJU3RvY2tob2xtMQswCQYDVQQGEwJT
    RTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmlidXRpb24wIhgPMjAy
    MjAxMDkwMDEzMDZaGA8yMDIzMDExMjE1NDkwNlowWjEPMA0GA1UEAxMGQXZhc3Nh
    MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZBdmFz
    c2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMGByqGSM49AgEGCCqGSM49AwEH
    A0IABAjAOsjvcdyN6ko2xGe51pQBRf2ogKblHyJVhB3E8IIhbwnb1eK5183aEsWY
    eQeqCuihAwOIaglfUXvGyEPFS5SjTDBKMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMB
    Af8EBTADAQH/MCcGA1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly9jcmwuYXZhc3NhLm5l
    dC8wCgYIKoZIzj0EAwIDRwAwRAIgGMkKpCKX1zpsdKY7SuB2sPvM1i1eAJtR10PE
    /x29sRsCIF/jigjXX52APfotfWAhRmcd3Cp1D1/oKai03cnSM/K8
    -----END CERTIFICATE-----
auto-ssh-cert:
  issuing-ca: root
  issuing-role: admin
  public-key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAstFt4AUzsP1iEC9a4tO2G3ISbTSSthvUvWYoq0yWy0dzbnditXgw5rVBTuIC1oltNuAdsol+lOBbZLS2ZE6rDCeAq82AYu3EsdVBiHsZMocEjgg45xxd8+0tzaVZjevQWo9gkIqMesHEYgUGiwFZF4747AILemSwKz+X6HD78fs= joe@acme.com
  refresh-threshold: 10d
  ttl: 15d
  valid-principals:
    - joe
  cert-type: user
  key-id: joe
  critical-options:
    - force-command
  extensions:
    - permit-X11-forwarding
    - permit-agent-forwarding
    - permit-pty
dict:
  xx: eXk=
  cert.pem: |
    -----BEGIN CERTIFICATE-----
    MIICeTCCAiCgAwIBAgITAJoov8FFieL9BHIIv+WenC4f8jAKBggqhkjOPQQDAjBa
    MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC
    U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw
    MjIwMTEyMTEwMzM2WhgPMjAyMjAyMDExNTUxMzZaMGIxFzAVBgNVBAMTDnd3dy5z
    ZXJ2ZXIuY29tMRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD
    VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMGByqGSM49AgEG
    CCqGSM49AwEHA0IABGVqGAt14O1helv02eAi3510lAoMNnyQCYl+fj+AI0aj2OqJ
    2pfACv+1D/8SS0EeBNOpuyK31wJUBMAvfbNVsMWjgbgwgbUwfQYDVR0jBHYwdKFe
    pFwwWjEPMA0GA1UEAxMGQXZhc3NhMRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNV
    BAYTAlNFMQ8wDQYDVQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvboIS
    LL8LSoDJCZYPbe4M+XG6StKZMBkGA1UdEQQSMBCCDnd3dy5zZXJ2ZXIuY29tMAsG
    A1UdDwQEAwIDiDAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0cAMEQCIAqAfJK+
    8Duk8Qrj55YwkuRyt97Cv4/bbIpRwaNJxafIAiAn7GO/fkOjhWZCYfB8yx92Kl3Y
    Tl0y+hIVaLkKoXuMhg==
    -----END CERTIFICATE-----
  cert.key: |
    -----BEGIN EC PRIVATE KEY-----
    MHcCAQEEIOtZk70H7MTVQOPOJFQPVzM0Kjc0B8wXj7OtrjtyBYVLoAoGCCqGSM49
    AwEHoUQDQgAEZWoYC3Xg7WF6W/TZ4CLfnXSUCgw2fJAJiX5+P4AjRqPY6onal8AK
    /7UP/xJLQR4E06m7IrfXAlQEwC99s1WwxQ==
    -----END EC PRIVATE KEY-----
  ca-cert.pem: |
    -----BEGIN CERTIFICATE-----
    MIICAzCCAaqgAwIBAgISLL8LSoDJCZYPbe4M+XG6StKZMAoGCCqGSM49BAMCMFox
    DzANBgNVBAMTBkF2YXNzYTESMBAGA1UEBxMJU3RvY2tob2xtMQswCQYDVQQGEwJT
    RTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmlidXRpb24wIhgPMjAy
    MjAxMDkwMDEzMDZaGA8yMDIzMDExMjE1NDkwNlowWjEPMA0GA1UEAxMGQXZhc3Nh
    MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZBdmFz
    c2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMGByqGSM49AgEGCCqGSM49AwEH
    A0IABAjAOsjvcdyN6ko2xGe51pQBRf2ogKblHyJVhB3E8IIhbwnb1eK5183aEsWY
    eQeqCuihAwOIaglfUXvGyEPFS5SjTDBKMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMB
    Af8EBTADAQH/MCcGA1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly9jcmwuYXZhc3NhLm5l
    dC8wCgYIKoZIzj0EAwIDRwAwRAIgGMkKpCKX1zpsdKY7SuB2sPvM1i1eAJtR10PE
    /x29sRsCIF/jigjXX52APfotfWAhRmcd3Cp1D1/oKai03cnSM/K8
    -----END CERTIFICATE-----
  password: verysecret
  yy: aGVg
  user: admin
allow-image-access:
  - "*"
creation-time: 2022-01-12T14:56:10.018462Z
deletion-time: 2022-01-12T14:56:10.018462Z
destroyed: false
cert-refresh-time: 2022-01-13T01:51:34.308328Z
version: 1
metadata:
  current-version: 1
  modified-time: 2022-01-12T14:56:10.018463Z
  creation-time: 2022-01-12T14:56:10.018462Z
  oldest-version: 1
ttl: 4h
error: tls CA does not exist

Invoke the delete operation

Deletes one or more versions of a secret. The version can later be un-deleted using the undelete operation.

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

vault-secret-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault-secret

Request Body schema:
versions
Array of integers <uint32>

If not present, soft-delete the latest version.

Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/vaults/{vault-name}/secrets/{vault-secret-name}/delete
Request samples
versions:
  - 1

Invoke the destroy operation

Completely removes one or more versions of a secret. When the last version is removed, the entire secret is removed.

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

vault-secret-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault-secret

Request Body schema:
One of:
versions
Array of integers <uint32>

If not present, destroy the entire map.

Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/vaults/{vault-name}/secrets/{vault-secret-name}/destroy
Request samples
versions:
  - 1

Invoke the undelete operation

Restores one or more versions of a secret.

SecurityaccessToken
Request
path Parameters
vault-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault

vault-secret-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

name of vault-secret

Request Body schema:
versions
Array of integers <uint32>

If not present, undelete the latest version.

Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/vaults/{vault-name}/secrets/{vault-secret-name}/undelete
Request samples
versions:
  - 1