# /sys/raw The `/sys/raw` endpoint is used to access the raw underlying store in Vault. This endpoint is off by default. See the Vault configuration documentation to enable. ### Read raw This endpoint reads the value of the key at the given path. This is the raw path in the storage backend and not the logical path that is exposed via the mount system. | Method | Path | | ------ | ---------------- | | `GET` | `/sys/raw/:path` | #### Parameters * `path` `(string: )` – Specifies the raw path in the storage backend. This is specified as part of the URL. * `compressed` `(bool: true)` - Attempt to decompress the value. * `encoding` `(string: "")` - Specifies the encoding of the returned data. Defaults to no encoding. "base64" returns the value encoded in base64. #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ http://127.0.0.1:8200/v1/sys/raw/secret/foo ``` #### Sample response ```json { "value": "{'foo':'bar'}" } ``` ### Create/Update raw This endpoint updates the value of the key at the given path. This is the raw path in the storage backend and not the logical path that is exposed via the mount system. | Method | Path | | ------ | ---------------- | | `POST` | `/sys/raw/:path` | #### Parameters * `path` `(string: )` – Specifies the raw path in the storage backend. This is specified as part of the URL. * `value` `(string: )` – Specifies the value of the key. * `compression_type` `(string: "")` - Create/update using the compressed form of `value`. Supported `compression_type` values are `gzip`, `lzw`, `lz4`, `snappy`, or `""`. `""` means no compression is used. If omitted and key already exists, update uses the same compression (or no compression) as the existing value. * `encoding` `(string: "")` - Specifies the encoding of `value`. Defaults to no encoding. Use "base64" if `value` is encoded in base64. #### Sample payload ```json { "value": "{\"foo\": \"bar\"}" } ``` #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/sys/raw/secret/foo ``` ### List raw This endpoint returns a list keys for a given path prefix. **This endpoint requires 'sudo' capability.** | Method | Path | | ------ | ---------------------------- | | `LIST` | `/sys/raw/:prefix` | | `GET` | `/sys/raw/:prefix?list=true` | #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request LIST \ http://127.0.0.1:8200/v1/sys/raw/logical ``` #### Sample response ```json { "data": { "keys": ["abcd-1234...", "efgh-1234...", "ijkl-1234..."] } } ``` ### Delete raw This endpoint deletes the key with given path. This is the raw path in the storage backend and not the logical path that is exposed via the mount system. | Method | Path | | -------- | ---------------- | | `DELETE` | `/sys/raw/:path` | #### Parameters * `path` `(string: )` – Specifies the raw path in the storage backend. This is specified as part of the URL. #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request DELETE \ http://127.0.0.1:8200/v1/sys/raw/secret/foo ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/vault/api/system-backend/sys-raw.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.