/sys/raw

The /sys/raw endpoint is used to access the raw underlying store in Vault.

This endpoint is off by default. See the Vault configuration documentation to enable.

Read raw

This endpoint reads the value of the key at the given path. This is the raw path in the storage backend and not the logical path that is exposed via the mount system.

Method

Path

GET

/sys/raw/:path

Parameters

path (string: <required>) – Specifies the raw path in the storage backend. This is specified as part of the URL.
compressed (bool: true) - Attempt to decompress the value.
encoding (string: "") - Specifies the encoding of the returned data. Defaults to no encoding. "base64" returns the value encoded in base64.

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/sys/raw/secret/foo

Sample response

{
  "value": "{'foo':'bar'}"
}

Create/Update raw

This endpoint updates the value of the key at the given path. This is the raw path in the storage backend and not the logical path that is exposed via the mount system.

Method

Path

POST

/sys/raw/:path

Parameters

path (string: <required>) – Specifies the raw path in the storage backend. This is specified as part of the URL.
value (string: <required>) – Specifies the value of the key.
compression_type (string: "") - Create/update using the compressed form of value. Supported compression_type values are gzip, lzw, lz4, snappy, or "". "" means no compression is used. If omitted and key already exists, update uses the same compression (or no compression) as the existing value.
encoding (string: "") - Specifies the encoding of value. Defaults to no encoding. Use "base64" if value is encoded in base64.

Sample payload

{
  "value": "{\"foo\": \"bar\"}"
}

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/raw/secret/foo

List raw

This endpoint returns a list keys for a given path prefix.

This endpoint requires 'sudo' capability.

Method

Path

LIST

/sys/raw/:prefix

GET

/sys/raw/:prefix?list=true

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/sys/raw/logical

Sample response

{
  "data": {
    "keys": ["abcd-1234...", "efgh-1234...", "ijkl-1234..."]
  }
}

Delete raw

This endpoint deletes the key with given path. This is the raw path in the storage backend and not the logical path that is exposed via the mount system.

Method

Path

DELETE

/sys/raw/:path

Parameters

path (string: <required>) – Specifies the raw path in the storage backend. This is specified as part of the URL.

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/sys/raw/secret/foo

Previous/sys/quotas/lease-count Next/sys/rekey

Last updated 1 year ago

/sys/raw

The /sys/raw endpoint is used to access the raw underlying store in Vault.

This endpoint is off by default. See the Vault configuration documentation to enable.

Read raw

This endpoint reads the value of the key at the given path. This is the raw path in the storage backend and not the logical path that is exposed via the mount system.

Method

Path

GET

/sys/raw/:path

Parameters

path (string: <required>) – Specifies the raw path in the storage backend. This is specified as part of the URL.
compressed (bool: true) - Attempt to decompress the value.
encoding (string: "") - Specifies the encoding of the returned data. Defaults to no encoding. "base64" returns the value encoded in base64.

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/sys/raw/secret/foo

Sample response

{
  "value": "{'foo':'bar'}"
}

Create/Update raw

This endpoint updates the value of the key at the given path. This is the raw path in the storage backend and not the logical path that is exposed via the mount system.

Method

Path

POST

/sys/raw/:path

Parameters

path (string: <required>) – Specifies the raw path in the storage backend. This is specified as part of the URL.
value (string: <required>) – Specifies the value of the key.
compression_type (string: "") - Create/update using the compressed form of value. Supported compression_type values are gzip, lzw, lz4, snappy, or "". "" means no compression is used. If omitted and key already exists, update uses the same compression (or no compression) as the existing value.
encoding (string: "") - Specifies the encoding of value. Defaults to no encoding. Use "base64" if value is encoded in base64.

Sample payload

{
  "value": "{\"foo\": \"bar\"}"
}

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/raw/secret/foo

List raw

This endpoint returns a list keys for a given path prefix.

This endpoint requires 'sudo' capability.

Method

Path

LIST

/sys/raw/:prefix

GET

/sys/raw/:prefix?list=true

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/sys/raw/logical

Sample response

{
  "data": {
    "keys": ["abcd-1234...", "efgh-1234...", "ijkl-1234..."]
  }
}

Delete raw

This endpoint deletes the key with given path. This is the raw path in the storage backend and not the logical path that is exposed via the mount system.

Method

Path

DELETE

/sys/raw/:path

Parameters

path (string: <required>) – Specifies the raw path in the storage backend. This is specified as part of the URL.

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/sys/raw/secret/foo

Previous/sys/quotas/lease-count Next/sys/rekey

Last updated 1 year ago