The /sys/tools endpoints are a general set of tools.

Generate random bytes

This endpoint returns high-quality random bytes of the specified length.

Parameters

• bytes (int: 32) – Specifies the number of bytes to return. This value can be specified either in the request body, or as a part of the URL.

• format (string: "base64") – Specifies the output encoding. Valid options are hex or base64.

• source (string: "platform") - Specifies the source of the requested bytes. platform, the default, sources bytes from the platform's entropy source. seal sources from entropy augmentation (enterprise only). all mixes bytes from all available sources.

Sample payload

{
  "format": "hex"
}

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/tools/random/164

Sample response

{
  "data": {
    "random_bytes": "dGhlIHF1aWNrIGJyb3duIGZveAo="
  }
}

Hash data

This endpoint returns the cryptographic hash of given data using the specified algorithm.

Parameters

• algorithm (string: "sha2-256") – Specifies the hash algorithm to use. This can also be specified as part of the URL. Currently-supported algorithms are:

  • sha2-224

  • sha2-256

  • sha2-384

  • sha2-512

  • sha3-224

  • sha3-256

  • sha3-384

  • sha3-512

  ~> Note: In FIPS 140-2 mode, the following algorithms are not certified and thus should not be used: sha3-224, sha3-256, sha3-384, and sha3-512.

• input (string: <required>) – Specifies the base64 encoded input data.

• format (string: "hex") – Specifies the output encoding. This can be either hex or base64.

Sample payload

{
  "input": "adba32=="
}

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/tools/hash/sha2-512

Sample response

{
  "data": {
    "sum": "dGhlIHF1aWNrIGJyb3duIGZveAo="
  }
}