Vault Secrets API
This is the API used to manage vaults.
Authentication
To authenticate into the RWX API, create an organization access token or a personal access token and pass it in the authorization header as a bearer token.
Authorization: Bearer <token>
Content Type
The API only accepts and responds with JSON. You will need to pass a content type header
Content-Type: application/json
Create or Update Secrets
POST https://cloud.rwx.com/mint/api/vaults/secrets
You can pass an array of secrets to this endpoint to create or update several secrets at once.
When passing an array of secrets, this endpoint is not atomic. It is possible for some secrets to be set successfully while others could fail due to validation errors.
Request Parameters
| parameter | required | description |
|---|---|---|
| vault_name | ✓ | The name of the vault to set the secret in |
| secrets[].name | ✓ | The name of the secret |
| secrets[].secret | ✓ | The value of the secret |
| secrets[].description | The value of the secret |
Example Request Payload
{
"vault_name": "default",
"secrets": [
{
"name": "the-name",
"secret": "sensitive value",
"description": "Details that may be relevant for other engineers"
}
]
}
Sending this payload would result in setting the secret accessible via the expression for ${{ secrets.the-name }}
Response
| Status Code | Details |
|---|---|
| 200 | All secrets were created or updated successfully |
| 400 | Some secrets could not be set due to a validation error |
| 401 | Invalid authentication token |
| 403 | Missing authentication header |
If you receive a 400 response without a response body, it likely indicates that you forgot to pass the Content-Type header.
When passing an array of secrets and receiving a 400 response, this endpoint is not atomic. It is possible that some of the secrets were successfully set while others failed to be set.
Example 200 Response
| Parameter | Description |
|---|---|
| set_secrets | An array of the keys of the secrets that were set |
| versions | An object where the keys are the secrets that were set and the values are the version |
{
"set_secrets": ["the-name"],
"versions": {
"the-name": 1
}
}
Example 400 Response
If you receive a 400 response without a response body, it likely indicates that you forgot to pass the Content-Type header.
| Parameter | Description |
|---|---|
| error | An error message string |
The error message will contain details on the secrets that could not be set. Unfortunately this is only returned as a human-readable machine. Let us know if you need a machine-readable response.
{
"error": "The following secrets could not be set:\n the-name: an error message"
}
You can test the 400 response by attempting to set a secret to an empty string value.
Create or Update Vars
POST https://cloud.rwx.com/mint/api/vaults/vars
You can pass a var name and value to this endpoint to create or update a var.
Request Parameters
| parameter | required | description |
|---|---|---|
| vault_name | ✓ | The name of the vault to set the var in |
| var.name | ✓ | The name of the var |
| var.value | ✓ | The value of the var |
Example Request Payload
{
"vault_name": "default",
"var": {
"name": "the-name",
"value": "insensitive value"
}
}
Sending this payload would result in setting the var accessible via the expression for ${{ vars.the-name }}
Response
| Status Code | Details |
|---|---|
| 200 | The var was created or updated successfully |
| 400 | The var could not be set due to a validation error |
| 401 | Invalid authentication token |
| 403 | Missing authentication header |
If you receive a 400 response without a response body, it likely indicates that you forgot to pass the Content-Type header.
Example 200 Response
The body of a successful response is an empty object.
{}
Example 400 Response
If you receive a 400 response without a response body, it likely indicates that you forgot to pass the Content-Type header.
| Parameter | Description |
|---|---|
| error | An error message string |
The error message will describe why the var could not be set. Unfortunately this is only returned as a human-readable machine. Let us know if you need a machine-readable response.
{
"error": "an error message"
}
You can test the 400 response by attempting to set a var to an empty string value.