Vault Secrets API
This is the API used to manage vaults.
Authentication
To authenticate into the RWX API, create an organization access token or a personal access token and pass it in the authorization header as a bearer token.
Authorization: Bearer <token>
Content Type
The API only accepts and responds with JSON. You will need to pass a content type header
Content-Type: application/json
Create or Update Secrets
POST https://cloud.rwx.com/mint/api/vaults/secrets
You can pass an array of secrets to this endpoint to create or update several secrets at once.
When passing an array of secrets, this endpoint is not atomic. It is possible for some secrets to be set successfully while others could fail due to validation errors.
Request Parameters
| parameter | required | description |
|---|---|---|
| vault_name | ✓ | The name of the vault to set the secret in |
| secrets[].name | ✓ | The name of the secret |
| secrets[].secret | ✓ | The value of the secret |
| secrets[].description | The value of the secret |
Example Request Payload
{
"vault_name": "default",
"secrets": [
{
"name": "the-name",
"secret": "sensitive value",
"description": "Details that may be relevant for other engineers"
}
]
}
Sending this payload would result in setting the secret accessible via the expression for ${{ secrets.the-name }}
Response
| Status Code | Details |
|---|---|
| 200 | All secrets were created or updated successfully |
| 400 | Some secrets could not be set due to a validation error |
| 401 | Invalid authentication token |
| 403 | Missing authentication header |
If you receive a 400 response without a response body, it likely indicates that you forgot to pass the Content-Type header.
When passing an array of secrets and receiving a 400 response, this endpoint is not atomic. It is possible that some of the secrets were successfully set while others failed to be set.
Example 200 Response
| Parameter | Description |
|---|---|
| set_secrets | An array of the keys of the secrets that were set |
| versions | An object where the keys are the secrets that were set and the values are the version |
{
"set_secrets": ["the-name"],
"versions": {
"the-name": 1
}
}
Example 400 Response
If you receive a 400 response without a response body, it likely indicates that you forgot to pass the Content-Type header.
| Parameter | Description |
|---|---|
| error | An error message string |
The error message will contain details on the secrets that could not be set. Unfortunately this is only returned as a human-readable machine. Let us know if you need a machine-readable response.
{
"error": "The following secrets could not be set:\n the-name: an error message"
}
You can test the 400 response by attempting to set a secret to an empty string value.