cURL JavaScript


The Vault allows a user to store secret values, encrypted at rest. Performing operations on the Vault require you to be authenticated.

Vault uses a 256-bit Advanced Encryption Standard (AES) cipher in the Galois Counter Mode (GCM) with 96-bit initialization vectors. The initialization vector is randomly generated for every encrypted object.

When data is read the GCM authentication tag is verified during the decryption process to detect any tampering.

You find the multitenant service at

Creating / updating a secret

Creating a secret requires the following:

Vault supports the following MIME types:




Any other unrecognized MIME type is stored as a binary buffer, and will be returned as such.

$ curl -X PUT "" \
  -H "Content-Type: text/plain" \
  -d "this is a test"
$ curl -X PUT "" \
  -H "Content-Type: application/json" \
  -d '{ "hello": "world" }'

Retrieving a secret

If you"ve used the correct Content-Type header, you will receive your content exactly how Vault received it.

$ curl ""

Removing a secret

Simply send a DELETE request to the key you want to remove.

$ curl -X DELETE ""

Listing all secrets

$ curl ""
  { "key": "my-text-secret" },
  { "key": "my-secret" }