# Identity ## POST /identity/alias > Create a new alias. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/alias":{"post":{"operationId":"alias-create","summary":"Create a new alias.","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AliasCreateRequest"}}}},"responses":{"200":{"description":"Alias successfully created.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AliasCreateResponse"}}}},"400":{"description":"Invalid request payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Insufficient permissions to create alias.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"AliasCreateRequest":{"type":"object","required":["name","canonical_id","mount_accessor"],"properties":{"name":{"type":"string","description":"Name of the alias."},"canonical_id":{"type":"string","description":"Entity ID the alias should be associated with."},"mount_accessor":{"type":"string","description":"Accessor of the mount that the alias belongs to."},"custom_metadata":{"type":"object","additionalProperties":{"type":"string"},"description":"Optional custom metadata to associate with the alias."}}},"AliasCreateResponse":{"type":"object","properties":{"request_id":{"type":"string"},"lease_id":{"type":"string"},"renewable":{"type":"boolean"},"lease_duration":{"type":"integer"},"data":{"type":"object","properties":{"id":{"type":"string","description":"ID of the created alias."},"name":{"type":"string"},"canonical_id":{"type":"string"},"mount_accessor":{"type":"string"},"custom_metadata":{"type":"object","additionalProperties":{"type":"string"}}}},"warnings":{"type":"array","items":{"type":"string"}},"auth":{"type":"object","nullable":true}}},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/alias/id > List all the alias IDs ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/alias/id":{"get":{"operationId":"alias-list-by-id","summary":"List all the alias IDs","tags":["identity"],"parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `true`","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Successfully listed alias IDs","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AliasListResponse"}}}},"400":{"description":"Bad request – missing or incorrect query param.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/alias/id/{id} > Read an alias by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/alias/id/{id}":{"get":{"operationId":"alias-read-by-id","summary":"Read an alias by ID","tags":["identity"],"responses":{"200":{"description":"Alias details retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AliasReadByIdResponse"}}}},"400":{"description":"Invalid alias ID or malformed request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Permission denied to read alias.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"AliasReadByIdResponse":{"type":"object","properties":{"request_id":{"type":"string"},"lease_id":{"type":"string"},"renewable":{"type":"boolean"},"lease_duration":{"type":"integer"},"data":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"mount_type":{"type":"string"},"canonical_id":{"type":"string"},"custom_metadata":{"type":"object","additionalProperties":true}}},"wrap_info":{"type":"string","nullable":true},"warnings":{"type":"string","nullable":true},"auth":{"type":"string","nullable":true}}},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/alias/id/{id} > Update an alias by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/alias/id/{id}":{"post":{"operationId":"alias-update-by-id","summary":"Update an alias by ID","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AliasUpdateByIdRequest"}}}},"responses":{"200":{"description":"Alias updated successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AliasUpdateByIdResponse"}}}},"400":{"description":"Malformed request or missing fields.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Not authorized to update alias.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error during update.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"AliasUpdateByIdRequest":{"properties":{"canonical_id":{"description":"Entity ID to which this alias should be tied to","type":"string"},"entity_id":{"description":"Entity ID to which this alias should be tied to. This field is deprecated in favor of 'canonical_id'.","type":"string"},"mount_accessor":{"description":"Mount accessor to which this alias belongs to","type":"string"},"name":{"description":"Name of the alias","type":"string"}},"type":"object"},"AliasUpdateByIdResponse":{"type":"object","properties":{"data":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"mount_type":{"type":"string"},"canonical_id":{"type":"string"},"custom_metadata":{"type":"object","additionalProperties":true}}}}},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/alias/id/{id} > Delete an alias by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/alias/id/{id}":{"delete":{"operationId":"alias-delete-by-id","summary":"Delete an alias by ID","tags":["identity"],"responses":{"204":{"description":"Alias deleted successfully. No content is returned."},"400":{"description":"Invalid alias ID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Not authorized to delete alias.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal error during deletion.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/entity > Create a new entity ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity":{"post":{"operationId":"entity-create","summary":"Create a new entity","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityCreateRequest"}}}},"responses":{"200":{"description":"Entity created successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityCreateResponse"}}}},"400":{"description":"Invalid request payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Insufficient permissions to create entity.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"EntityCreateRequest":{"properties":{"disabled":{"description":"If set true, tokens tied to this identity will not be able to be used (but will not be revoked).","type":"boolean"},"id":{"description":"ID of the entity. If set, updates the corresponding existing entity.","type":"string"},"metadata":{"description":"Metadata to be associated with the entity. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"name":{"description":"Name of the entity","type":"string"},"policies":{"description":"Policies to be tied to the entity.","items":{"type":"string"},"type":"array"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/entity-alias > Create a new alias for the entity ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity-alias":{"post":{"operationId":"entity-create-alias","summary":"Create a new alias for the entity","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityCreateAliasRequest"}}}},"responses":{"200":{"description":"Alias successfully created.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityCreateAliasResponse"}}}},"400":{"description":"Invalid request payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Insufficient permissions to create alias.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"EntityCreateAliasRequest":{"properties":{"canonical_id":{"description":"Entity ID to which this alias belongs","type":"string"},"custom_metadata":{"description":"User provided key-value pairs","format":"kvpairs","type":"object"},"entity_id":{"description":"Entity ID to which this alias belongs. This field is deprecated, use canonical_id.","type":"string"},"id":{"description":"ID of the entity alias. If set, updates the corresponding entity alias.","type":"string"},"mount_accessor":{"description":"Mount accessor to which this alias belongs to; unused for a modify","type":"string"},"name":{"description":"Name of the alias; unused for a modify","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/entity-alias/id > List all the alias IDs for the entity ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity-alias/id":{"get":{"operationId":"entity-list-aliases-by-id","summary":"List all the alias IDs for the entity","tags":["identity"],"parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `true`","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Successfully listed alias IDs.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityAliasListResponse"}}}},"400":{"description":"Bad request – missing or incorrect query param.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Insufficient permissions to list aliases.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/entity-alias/id/{id} > Read an alias by ID for the entity ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity-alias/id/{id}":{"get":{"operationId":"entity-read-alias-by-id","summary":"Read an alias by ID for the entity","tags":["identity"],"responses":{"200":{"description":"Alias details retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityAliasReadByIdResponse"}}}},"400":{"description":"Invalid alias ID","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Permission denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/entity-alias/id/{id} > Update an alias by ID for the entity ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity-alias/id/{id}":{"post":{"operationId":"entity-update-alias-by-id","summary":"Update an alias by ID for the entity","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityUpdateAliasByIdRequest"}}}},"responses":{"200":{"description":"Alias updated successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityAliasUpdateByIdResponse"}}}},"400":{"description":"Invalid request payload","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Unauthorized to update alias","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"EntityUpdateAliasByIdRequest":{"properties":{"canonical_id":{"description":"Entity ID to which this alias should be tied to","type":"string"},"custom_metadata":{"description":"User provided key-value pairs","format":"kvpairs","type":"object"},"entity_id":{"description":"Entity ID to which this alias belongs to. This field is deprecated, use canonical_id.","type":"string"},"mount_accessor":{"description":"(Unused)","type":"string"},"name":{"description":"(Unused)","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/entity-alias/id/{id} > Delete an alias by ID for the entity ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity-alias/id/{id}":{"delete":{"operationId":"entity-delete-alias-by-id","summary":"Delete an alias by ID for the entity","tags":["identity"],"responses":{"204":{"description":"Alias deleted successfully. No content returned."},"400":{"description":"Invalid alias ID","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Unauthorized to delete alias","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/entity/batch-delete > Delete all of the entities ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity/batch-delete":{"post":{"operationId":"entity-batch-delete","summary":"Delete all of the entities","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityBatchDeleteRequest"}}}},"responses":{"200":{"description":"Entities deleted successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityBatchDeleteResponse"}}}},"400":{"description":"Bad request due to invalid input.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Permission denied.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"EntityBatchDeleteRequest":{"properties":{"entity_ids":{"description":"Entity IDs to delete","items":{"type":"string"},"type":"array"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/entity/id > List all the entity IDs ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity/id":{"get":{"operationId":"entity-list-by-id","summary":"List all the entity IDs","tags":["identity"],"parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `true`","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Successfully retrieved the list of entity IDs.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityListResponse"}}}},"400":{"description":"Invalid or missing query parameter.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Access denied due to insufficient permissions.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server encountered an unexpected condition.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/entity/id/{id} > Read an entity by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity/id/{id}":{"get":{"operationId":"entity-read-by-id","summary":"Read an entity by ID","tags":["identity"],"responses":{"200":{"description":"Entity details retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityReadByIdResponse"}}}},"400":{"description":"Invalid request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden. You don’t have permission to perform this action.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/entity/id/{id} > Update an entity by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity/id/{id}":{"post":{"operationId":"entity-update-by-id","summary":"Update an entity by ID","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityUpdateByIdRequest"}}}},"responses":{"200":{"description":"Entity updated successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityUpdateByIdResponse"}}}},"400":{"description":"Invalid request body.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Unauthorized request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"EntityUpdateByIdRequest":{"properties":{"disabled":{"description":"If set true, tokens tied to this identity will not be able to be used (but will not be revoked).","type":"boolean"},"metadata":{"description":"Metadata to be associated with the entity. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"name":{"description":"Name of the entity","type":"string"},"policies":{"description":"Policies to be tied to the entity.","items":{"type":"string"},"type":"array"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/entity/id/{id} > Delete an entity by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity/id/{id}":{"delete":{"operationId":"entity-delete-by-id","summary":"Delete an entity by ID","tags":["identity"],"responses":{"204":{"description":"Entity deleted successfully. No content is returned."},"400":{"description":"Invalid entity ID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Access denied.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error during deletion.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/entity/merge > Merge two or more entities together ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity/merge":{"post":{"operationId":"entity-merge","summary":"Merge two or more entities together","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityMergeRequest"}}}},"responses":{"200":{"description":"Entities merged successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityMergeResponse"}}}},"400":{"description":"Invalid merge request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Access denied.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"EntityMergeRequest":{"properties":{"conflicting_alias_ids_to_keep":{"description":"Alias IDs to keep in case of conflicting aliases. Ignored if no conflicting aliases found","items":{"type":"string"},"type":"array"},"force":{"description":"Setting this will follow the 'mine' strategy for merging MFA secrets. If there are secrets of the same type both in entities that are merged from and in entity into which all others are getting merged, secrets in the destination will be unaltered. If not set, this API will throw an error containing all the conflicts.","type":"boolean"},"from_entity_ids":{"description":"Entity IDs which need to get merged","items":{"type":"string"},"type":"array"},"to_entity_id":{"description":"Entity ID into which all the other entities need to get merged","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/entity/name > List all the entity names ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity/name":{"get":{"operationId":"entity-list-by-name","summary":"List all the entity names","tags":["identity"],"parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `true`","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"A list of entity names was successfully retrieved.","content":{"application/json":{"schema":{"type":"object","properties":{"request_id":{"type":"string"},"data":{"type":"object","properties":{"keys":{"type":"array","items":{"type":"string"}}}}}}}}},"400":{"description":"Bad request due to missing or invalid query parameter.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden. The user does not have permission to access this resource.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error occurred while processing the request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/entity/name/{name} > Read an entity by name ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity/name/{name}":{"get":{"operationId":"entity-read-by-name","summary":"Read an entity by name","tags":["identity"],"responses":{"200":{"description":"Entity retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityReadByNameResponse"}}}},"400":{"description":"Bad request due to invalid input.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden. Access denied.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/entity/name/{name} > Update an entity by name ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity/name/{name}":{"post":{"operationId":"entity-update-by-name","summary":"Update an entity by name","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityUpdateByNameRequest"}}}},"responses":{"200":{"description":"Entity updated successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityUpdateByNameResponse"}}}},"400":{"description":"Invalid request data.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Unauthorized request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"EntityUpdateByNameRequest":{"properties":{"disabled":{"description":"If set true, tokens tied to this identity will not be able to be used (but will not be revoked).","type":"boolean"},"id":{"description":"ID of the entity. If set, updates the corresponding existing entity.","type":"string"},"metadata":{"description":"Metadata to be associated with the entity. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"policies":{"description":"Policies to be tied to the entity.","items":{"type":"string"},"type":"array"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/entity/name/{name} > Delete an entity by name ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/entity/name/{name}":{"delete":{"operationId":"entity-delete-by-name","summary":"Delete an entity by name","tags":["identity"],"responses":{"204":{"description":"Entity deleted successfully. No content returned."},"400":{"description":"Bad request.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/group > Create a new group ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group":{"post":{"operationId":"group-create","summary":"Create a new group","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupCreateRequest"}}}},"responses":{"200":{"description":"Group created successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupCreateResponse"}}}},"400":{"description":"Bad request due to missing or invalid fields.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden. You do not have permission to create a group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"GroupCreateRequest":{"properties":{"id":{"description":"ID of the group. If set, updates the corresponding existing group.","type":"string"},"member_entity_ids":{"description":"Entity IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"member_group_ids":{"description":"Group IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"metadata":{"description":"Metadata to be associated with the group. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"name":{"description":"Name of the group.","type":"string"},"policies":{"description":"Policies to be tied to the group.","items":{"type":"string"},"type":"array"},"type":{"description":"Type of the group, 'internal' or 'external'. Defaults to 'internal'","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/group-alias > Create a new group alias, or update an existing one ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group-alias":{"post":{"operationId":"group-create-alias","summary":"Create a new group alias, or update an existing one","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupCreateAliasRequest"}}}},"responses":{"200":{"description":"Group alias created or updated successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupCreateAliasResponse"}}}},"400":{"description":"Bad request due to missing or invalid fields.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden. You do not have permission to create or update a group alias.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"GroupCreateAliasRequest":{"properties":{"canonical_id":{"description":"ID of the group to which this is an alias.","type":"string"},"id":{"description":"ID of the group alias.","type":"string"},"mount_accessor":{"description":"Mount accessor to which this alias belongs to.","type":"string"},"name":{"description":"Alias of the group.","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/group-alias/id > List all the group alias IDs ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group-alias/id":{"get":{"operationId":"group-list-aliases-by-id","parameters":[{"description":"Must be set to `true`","in":"query","name":"list","required":true,"schema":{"enum":["true"],"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupAliasList"}}}},"400":{"description":"Bad Request - The request is malformed or invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - The user does not have permission to access the resource.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - An error occurred on the server.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"summary":"List all the group alias IDs","tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/group-alias/id/{id} > Read a group alias by its ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group-alias/id/{id}":{"get":{"operationId":"group-read-alias-by-id","summary":"Read a group alias by its ID","parameters":[{"description":"ID of the group alias.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupAlias"}}}},"400":{"description":"Bad Request - Invalid alias ID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - Access to the alias is not allowed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/group-alias/id/{id} > Update a group alias by its ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group-alias/id/{id}":{"post":{"operationId":"group-update-alias-by-id","summary":"Update a group alias by its ID","parameters":[{"description":"ID of the group alias.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupUpdateAliasByIdRequest"}}},"required":true},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupAlias"}}}},"400":{"description":"Bad Request - Invalid input data.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - User lacks permission to update alias.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"GroupUpdateAliasByIdRequest":{"properties":{"canonical_id":{"description":"ID of the group to which this is an alias.","type":"string"},"mount_accessor":{"description":"Mount accessor to which this alias belongs to.","type":"string"},"name":{"description":"Alias of the group.","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/group-alias/id/{id} > Delete a group alias by its ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group-alias/id/{id}":{"delete":{"operationId":"group-delete-alias-by-id","summary":"Delete a group alias by its ID","parameters":[{"description":"ID of the group alias.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"No content - The alias was successfully deleted."},"400":{"description":"Bad Request - Invalid alias ID format.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - Insufficient permissions to delete the alias.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/group/id > List all the group IDs ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group/id":{"get":{"summary":"List all the group IDs","operationId":"group-list-by-id","parameters":[{"name":"list","in":"query","description":"Must be set to `true`","required":true,"schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"List of group IDs retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupIdListResponse"}}}},"400":{"description":"Bad Request - Missing or invalid query parameter.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - You are not authorized to list group IDs.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - Unexpected failure while retrieving groups.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/group/id/{id} > Read group details by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group/id/{id}":{"get":{"summary":"Read group details by ID","operationId":"group-read-by-id","responses":{"200":{"description":"Group retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Group"}}}},"400":{"description":"Bad Request - Invalid ID format.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - Access denied to group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/group/id/{id} > Update an existing group by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group/id/{id}":{"post":{"summary":"Update an existing group by ID","operationId":"group-update-by-id","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupUpdateByIdRequest"}}}},"responses":{"200":{"description":"Group updated successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Group"}}}},"400":{"description":"Bad Request - Invalid input data.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - Not authorized to update group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"GroupUpdateByIdRequest":{"properties":{"member_entity_ids":{"description":"Entity IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"member_group_ids":{"description":"Group IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"metadata":{"description":"Metadata to be associated with the group. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"name":{"description":"Name of the group.","type":"string"},"policies":{"description":"Policies to be tied to the group.","items":{"type":"string"},"type":"array"},"type":{"description":"Type of the group, 'internal' or 'external'. Defaults to 'internal'","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/group/id/{id} > Delete a group by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group/id/{id}":{"delete":{"summary":"Delete a group by ID","operationId":"group-delete-by-id","responses":{"204":{"description":"No content - The group was deleted successfully."},"400":{"description":"Bad Request - Invalid group ID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - Not authorized to delete group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/group/name > List all group names ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group/name":{"get":{"summary":"List all group names","operationId":"group-list-by-name","parameters":[{"name":"list","in":"query","description":"Must be set to `true`","required":true,"schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Successfully retrieved list of group names.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupNameListResponse"}}}},"400":{"description":"Bad Request - Missing or invalid query parameter.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - Access denied to list group names.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - Unexpected failure.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/group/name/{name} > Read a group by its name ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group/name/{name}":{"get":{"summary":"Read a group by its name","operationId":"group-read-by-name","responses":{"200":{"description":"Group retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Group"}}}},"400":{"description":"Bad Request - Invalid group name.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - You are not authorized to access this group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - Failed to retrieve group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/group/name/{name} > Update an existing group by its name ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group/name/{name}":{"post":{"summary":"Update an existing group by its name","operationId":"group-update-by-name","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupUpdateByNameRequest"}}}},"responses":{"200":{"description":"Group updated successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Group"}}}},"400":{"description":"Bad Request - Invalid input.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - You are not authorized to update this group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - Failed to update group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"GroupUpdateByNameRequest":{"properties":{"id":{"description":"ID of the group. If set, updates the corresponding existing group.","type":"string"},"member_entity_ids":{"description":"Entity IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"member_group_ids":{"description":"Group IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"metadata":{"description":"Metadata to be associated with the group. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"policies":{"description":"Policies to be tied to the group.","items":{"type":"string"},"type":"array"},"type":{"description":"Type of the group, 'internal' or 'external'. Defaults to 'internal'","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/group/name/{name} > Delete a group by its name ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/group/name/{name}":{"delete":{"summary":"Delete a group by its name","operationId":"group-delete-by-name","responses":{"204":{"description":"No content - The group was deleted successfully."},"400":{"description":"Bad Request - Invalid group name.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - You are not authorized to delete this group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - Failed to delete group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/lookup/entity > Query entities based on various properties ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/lookup/entity":{"post":{"summary":"Query entities based on various properties","operationId":"entity-look-up","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityLookUpRequest"}}}},"responses":{"200":{"description":"Matching entities retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EntityLookUpResponse"}}}},"400":{"description":"Bad Request - Invalid input format.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - You do not have permission to perform this lookup.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - Unexpected failure during lookup.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"EntityLookUpRequest":{"properties":{"alias_id":{"description":"ID of the alias.","type":"string"},"alias_mount_accessor":{"description":"Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with 'alias_name'.","type":"string"},"alias_name":{"description":"Name of the alias. This should be supplied in conjunction with 'alias_mount_accessor'.","type":"string"},"id":{"description":"ID of the entity.","type":"string"},"name":{"description":"Name of the entity.","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/lookup/group > Query groups based on various properties ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/lookup/group":{"post":{"summary":"Query groups based on various properties","operationId":"group-look-up","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupLookUpRequest"}}}},"responses":{"200":{"description":"Matching groups retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupLookUpResponse"}}}},"400":{"description":"Bad Request - Invalid or missing lookup parameter.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - You are not authorized to perform this operation.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - Lookup operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"GroupLookUpRequest":{"properties":{"alias_id":{"description":"ID of the alias.","type":"string"},"alias_mount_accessor":{"description":"Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with 'alias_name'.","type":"string"},"alias_name":{"description":"Name of the alias. This should be supplied in conjunction with 'alias_mount_accessor'.","type":"string"},"id":{"description":"ID of the group.","type":"string"},"name":{"description":"Name of the group.","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/mfa/login-enforcement > List login enforcement rules ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/login-enforcement":{"get":{"summary":"List login enforcement rules","operationId":"mfa-list-login-enforcements","parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `true`","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"MFA login enforcements retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaLoginEnforcementListResponse"}}}},"400":{"description":"Bad Request - Invalid query parameters.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - You are not authorized to view this information.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - Unable to retrieve enforcement list.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## Read a login enforcement configuration > Retrieve details of a specific MFA login enforcement rule by name. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/login-enforcement/{name}":{"get":{"description":"Retrieve details of a specific MFA login enforcement rule by name.","summary":"Read a login enforcement configuration","operationId":"mfa-read-login-enforcement","responses":{"200":{"description":"Login enforcement rule retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaLoginEnforcement"}}}},"400":{"description":"Bad Request - Invalid rule name.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - Not authorized to access the rule.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## Create or update a login enforcement configuration > Create a new or update an existing MFA login enforcement rule. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/login-enforcement/{name}":{"post":{"summary":"Create or update a login enforcement configuration","description":"Create a new or update an existing MFA login enforcement rule.","operationId":"mfa-write-login-enforcement","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaWriteLoginEnforcementRequest"}}}},"responses":{"200":{"description":"Login enforcement rule created or updated successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaLoginEnforcement"}}}},"400":{"description":"Bad Request - Invalid request body.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - You do not have permission to modify this rule.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - Failure during write.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"MfaWriteLoginEnforcementRequest":{"properties":{"auth_method_accessors":{"description":"Array of auth mount accessor IDs","items":{"type":"string"},"type":"array"},"auth_method_types":{"description":"Array of auth mount types","items":{"type":"string"},"type":"array"},"identity_entity_ids":{"description":"Array of identity entity IDs","items":{"type":"string"},"type":"array"},"identity_group_ids":{"description":"Array of identity group IDs","items":{"type":"string"},"type":"array"},"mfa_method_ids":{"description":"Array of Method IDs that determine what methods will be enforced","items":{"type":"string"},"type":"array"}},"required":["mfa_method_ids"],"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## Delete a login enforcement configuration > Remove an existing MFA login enforcement rule identified by its name. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/login-enforcement/{name}":{"delete":{"description":"Remove an existing MFA login enforcement rule identified by its name.","summary":"Delete a login enforcement configuration","operationId":"mfa-delete-login-enforcement","responses":{"204":{"description":"Login enforcement deleted successfully. No content returned."},"400":{"description":"Bad Request - Invalid rule name.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden - You are not authorized to delete this rule.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error - Failed to delete rule.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## List MFA method configurations for all MFA methods > Retrieve a list of all configured Multi-Factor Authentication (MFA) methods in the system. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method":{"get":{"summary":"List MFA method configurations for all MFA methods","description":"Retrieve a list of all configured Multi-Factor Authentication (MFA) methods in the system.","operationId":"mfa-list-methods","parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `true`","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"A list of configured MFA methods","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaMethodListResponse"}}}},"400":{"description":"Bad Request – The query parameter is missing or invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden – The client does not have access rights to the content.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error – Something went wrong on the server.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## List Duo MFA method configurations > Retrieve the configuration for the Duo MFA method if it is enabled and configured. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/duo":{"get":{"summary":"List Duo MFA method configurations","description":"Retrieve the configuration for the Duo MFA method if it is enabled and configured.","operationId":"mfa-list-duo-methods","parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `true`","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Duo MFA configuration details","content":{"application/json":{"schema":{"$ref":"#/components/schemas/DuoMfaMethodResponse"}}}},"400":{"description":"Bad Request – Missing or incorrect query parameter.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden – Access denied to Duo configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error – Failed to fetch Duo configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/mfa/method/duo/{method\_id} > Delete a configuration for the given MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/duo/{method_id}":{"delete":{"operationId":"mfa-delete-duo-method","summary":"Delete a configuration for the given MFA method","responses":{"204":{"description":"Successfully deleted. No content returned."},"400":{"description":"Bad Request – Invalid method ID format.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden – Insufficient permissions.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/mfa/method/okta > List MFA method configurations for the given MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/okta":{"get":{"operationId":"mfa-list-okta-methods","summary":"List MFA method configurations for the given MFA method","parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `true`","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Successfully retrieved Okta MFA method configurations","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/OktaMfaMethodResponse"}}}}},"400":{"description":"Bad Request – Invalid query parameter.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden – Insufficient permissions.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error – Something went wrong.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/mfa/method/okta/{method\_id} > Read the current configuration for the given MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/okta/{method_id}":{"get":{"operationId":"mfa-read-okta-method-configuration","summary":"Read the current configuration for the given MFA method","responses":{"200":{"description":"Successfully retrieved the Okta MFA configuration","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OktaMfaMethodResponse"}}}},"400":{"description":"Invalid method_id provided","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden – You don’t have permission","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/mfa/method/okta/{method\_id} > Update or create a configuration for the given MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/okta/{method_id}":{"post":{"operationId":"mfa-configure-okta-method","summary":"Update or create a configuration for the given MFA method","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaConfigureOktaMethodRequest"}}}},"responses":{"200":{"description":"Successfully configured the Okta MFA method","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OktaMfaMethodResponse"}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Unauthorized to update method","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Configuration error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"MfaConfigureOktaMethodRequest":{"properties":{"api_token":{"description":"Okta API key.","type":"string"},"base_url":{"description":"The base domain to use for the Okta API. When not specified in the configuration, \"okta.com\" is used.","type":"string"},"method_name":{"description":"The unique name identifier for this MFA method.","type":"string"},"org_name":{"description":"Name of the organization to be used in the Okta API.","type":"string"},"primary_email":{"description":"If true, the username will only match the primary email for the account. Defaults to false.","type":"boolean"},"production":{"description":"(DEPRECATED) Use base_url instead.","type":"boolean"},"username_format":{"description":"A template string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}. For example, \"{{entity.name}}@example.com\". If blank, the Entity's name field will be used as-is.","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/mfa/method/okta/{method\_id} > Delete a configuration for the given MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/okta/{method_id}":{"delete":{"operationId":"mfa-delete-okta-method","summary":"Delete a configuration for the given MFA method","responses":{"204":{"description":"Configuration deleted successfully"},"400":{"description":"Invalid method_id","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden – You do not have permission","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/mfa/method/pingid > List MFA method configurations for PingID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/pingid":{"get":{"operationId":"mfa-list-ping-id-methods","summary":"List MFA method configurations for PingID","parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `true`","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Successfully retrieved PingID MFA method configurations","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PingIdMfaMethodsResponse"}}}},"400":{"description":"Invalid request parameter","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/mfa/method/pingid/{method\_id} > Read the current configuration for the given PingID MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/pingid/{method_id}":{"get":{"operationId":"mfa-read-pingid-method-configuration","summary":"Read the current configuration for the given PingID MFA method","responses":{"200":{"description":"Successfully retrieved the PingID method configuration","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PingIdMfaMethod"}}}},"404":{"description":"Configuration not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/mfa/method/pingid/{method\_id} > Create or update a configuration for the given PingID MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/pingid/{method_id}":{"post":{"operationId":"mfa-configure-pingid-method","summary":"Create or update a configuration for the given PingID MFA method","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaConfigurePingIdMethodRequest"}}}},"responses":{"200":{"description":"PingID MFA method configuration updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PingIdMfaMethod"}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"MfaConfigurePingIdMethodRequest":{"properties":{"method_name":{"description":"The unique name identifier for this MFA method.","type":"string"},"settings_file_base64":{"description":"The settings file provided by Ping, Base64-encoded. This must be a settings file suitable for third-party clients, not the PingID SDK or PingFederate.","type":"string"},"username_format":{"description":"A template string for mapping Identity names to MFA method names. Values to subtitute should be placed in {{}}. For example, \"{{alias.name}}@example.com\". Currently-supported mappings: alias.name: The name returned by the mount configured via the mount_accessor parameter If blank, the Alias's name field will be used as-is.","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/mfa/method/pingid/{method\_id} > Delete a configuration for the given PingID MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/pingid/{method_id}":{"delete":{"operationId":"mfa-delete-pingid-method","summary":"Delete a configuration for the given PingID MFA method","responses":{"204":null,"404":{"description":"Configuration not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Failed to delete configuration","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"description":"Configuration deleted successfully (empty body)"},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/mfa/method/totp > List MFA method configurations for the TOTP method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/totp":{"get":{"operationId":"mfa-list-totp-methods","summary":"List MFA method configurations for the TOTP method","parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `'true'` to list configurations","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"List of TOTP MFA method configurations","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TotpMfaMethod"}}}}},"400":{"description":"Invalid query parameter","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/mfa/method/totp/admin-destroy > Delete a TOTP secret for the given MFA method ID on the given entity ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/totp/admin-destroy":{"post":{"operationId":"mfa-admin-destroy-totp-secret","summary":"Delete a TOTP secret for the given MFA method ID on the given entity","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaAdminDestroyTotpSecretRequest"}}}},"responses":{"200":{"description":"Secret destroyed successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaAdminDestroyTotpSecretResponse"}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Entity or secret not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"MfaAdminDestroyTotpSecretRequest":{"properties":{"entity_id":{"description":"Identifier of the entity from which the MFA method secret needs to be removed.","type":"string"},"method_id":{"description":"The unique identifier for this MFA method.","type":"string"}},"required":["entity_id","method_id"],"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/mfa/method/totp/admin-generate > Update or create TOTP secret for the given method ID as admin on the given entity. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/totp/admin-generate":{"post":{"operationId":"mfa-admin-generate-totp-secret","summary":"Update or create TOTP secret for the given method ID as admin on the given entity.","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaAdminGenerateTotpSecretRequest"}}}},"responses":{"200":{"description":"TOTP secret created or updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaAdminGenerateTotpSecretResponse"}}}},"400":{"description":"Invalid request payload","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Entity not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"MfaAdminGenerateTotpSecretRequest":{"properties":{"entity_id":{"description":"Entity ID on which the generated secret needs to get stored.","type":"string"},"method_id":{"description":"The unique identifier for this MFA method.","type":"string"}},"required":["entity_id","method_id"],"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/mfa/method/totp/generate > Update or create TOTP secret for the given method ID on the given entity. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/totp/generate":{"post":{"operationId":"mfa-generate-totp-secret","summary":"Update or create TOTP secret for the given method ID on the given entity.","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaGenerateTotpSecretRequest"}}}},"responses":{"200":{"description":"TOTP secret created or updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaGenerateTotpSecretResponse"}}}},"400":{"description":"Invalid request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Entity not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"MfaGenerateTotpSecretRequest":{"properties":{"method_id":{"description":"The unique identifier for this MFA method.","type":"string"}},"required":["method_id"],"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/mfa/method/totp/{method\_id} > Read the current configuration for the given TOTP MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/totp/{method_id}":{"get":{"operationId":"mfa-read-totp-method-configuration","summary":"Read the current configuration for the given TOTP MFA method","responses":{"200":{"description":"Configuration retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaConfigureTotpMethodResponse"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Configuration not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/mfa/method/totp/{method\_id} > Create or update the configuration for the given TOTP MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/totp/{method_id}":{"post":{"operationId":"mfa-configure-totp-method","summary":"Create or update the configuration for the given TOTP MFA method","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaConfigureTotpMethodRequest"}}}},"responses":{"200":{"description":"Configuration created or updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaConfigureTotpMethodResponse"}}}},"400":{"description":"Invalid request body","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"MfaConfigureTotpMethodRequest":{"properties":{"algorithm":{"default":"SHA1","description":"The hashing algorithm used to generate the TOTP token. Options include SHA1, SHA256 and SHA512.","type":"string"},"digits":{"default":6,"description":"The number of digits in the generated TOTP token. This value can either be 6 or 8.","type":"integer"},"issuer":{"description":"The name of the key's issuing organization.","type":"string"},"key_size":{"default":20,"description":"Determines the size in bytes of the generated key.","type":"integer"},"max_validation_attempts":{"description":"Max number of allowed validation attempts.","type":"integer"},"method_name":{"description":"The unique name identifier for this MFA method.","type":"string"},"period":{"default":30,"description":"The length of time used to generate a counter for the TOTP token calculation.","format":"seconds","type":"integer"},"qr_size":{"default":200,"description":"The pixel size of the generated square QR code.","type":"integer"},"skew":{"default":1,"description":"The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1.","type":"integer"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/mfa/method/totp/{method\_id} > Delete the configuration for the given TOTP MFA method ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/totp/{method_id}":{"delete":{"operationId":"mfa-delete-totp-method","summary":"Delete the configuration for the given TOTP MFA method","responses":{"204":{"description":"Configuration deleted successfully (no content)"},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Configuration not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/mfa/method/{method\_id} > Read the current configuration for the given ID regardless of the MFA method type ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/mfa/method/{method_id}":{"get":{"operationId":"mfa-read-method-configuration","summary":"Read the current configuration for the given ID regardless of the MFA method type","responses":{"200":{"description":"Successfully retrieved configuration","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MfaMethodConfigurationResponse"}}}},"400":{"description":"Invalid request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Configuration not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}},"tags":["identity"]}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/.well-known/keys > Retrieve public keys ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/.well-known/keys":{"get":{"operationId":"oidc-read-public-keys","summary":"Retrieve public keys","tags":["identity"],"responses":{"200":{"description":"Successfully retrieved OIDC public keys","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcPublicKeysResponse"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/.well-known/openid-configuration > Retrieve the OIDC discovery document ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/.well-known/openid-configuration":{"get":{"operationId":"oidc-read-open-id-configuration","summary":"Retrieve the OIDC discovery document","tags":["identity"],"responses":{"200":{"description":"Successfully retrieved OIDC configuration","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OpenIdConfigurationResponse"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/assignment > List OIDC assignments ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/assignment":{"get":{"operationId":"oidc-list-assignments","summary":"List OIDC assignments","tags":["identity"],"parameters":[{"name":"list","in":"query","description":"Must be set to `true` to trigger the listing functionality","required":true,"schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Successfully retrieved the list of OIDC assignments","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcAssignmentListResponse"}}}},"400":{"description":"Bad request due to missing or invalid parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden due to insufficient permissions","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/assignment/{name} > Read a specific OIDC assignment ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/assignment/{name}":{"get":{"operationId":"oidc-read-assignment","summary":"Read a specific OIDC assignment","tags":["identity"],"responses":{"200":{"description":"Assignment details retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcReadAssignmentResponse"}}}},"400":{"description":"Invalid assignment name","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Assignment not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/assignment/{name} > Create or update an OIDC assignment ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/assignment/{name}":{"post":{"operationId":"oidc-write-assignment","summary":"Create or update an OIDC assignment","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcWriteAssignmentRequest"}}}},"responses":{"200":{"description":"Assignment created or updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcWriteAssignmentResponse"}}}},"400":{"description":"Bad request due to missing or invalid fields","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcWriteAssignmentRequest":{"properties":{"entity_ids":{"description":"Comma separated string or array of identity entity IDs","items":{"type":"string"},"type":"array"},"group_ids":{"description":"Comma separated string or array of identity group IDs","items":{"type":"string"},"type":"array"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/oidc/assignment/{name} > Delete a specific OIDC assignment ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/assignment/{name}":{"delete":{"operationId":"oidc-delete-assignment","summary":"Delete a specific OIDC assignment","tags":["identity"],"responses":{"204":{"description":"Assignment deleted successfully"},"400":{"description":"Invalid assignment name","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Assignment not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/client > List all OIDC clients ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/client":{"get":{"operationId":"oidc-list-clients","summary":"List all OIDC clients","tags":["identity"],"parameters":[{"name":"list","in":"query","description":"Must be set to `true`","required":true,"schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"List of clients","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcListClientsResponse"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/client/{name} > Read OIDC client configuration ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/client/{name}":{"get":{"operationId":"oidc-read-client","summary":"Read OIDC client configuration","tags":["identity"],"responses":{"200":{"description":"Client configuration","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcReadClientResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Client not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/client/{name} > Create or update an OIDC client ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/client/{name}":{"post":{"operationId":"oidc-write-client","summary":"Create or update an OIDC client","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcWriteClientRequest"}}}},"responses":{"200":{"description":"Client created or updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcWriteClientResponse"}}}},"400":{"description":"Validation error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcWriteClientRequest":{"properties":{"access_token_ttl":{"default":"24h","description":"The time-to-live for access tokens obtained by the client.","format":"seconds","type":"integer"},"assignments":{"description":"Comma separated string or array of assignment resources.","items":{"type":"string"},"type":"array"},"client_type":{"default":"confidential","description":"The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: 'confidential', 'public'. Defaults to 'confidential'.","type":"string"},"id_token_ttl":{"default":"24h","description":"The time-to-live for ID tokens obtained by the client.","format":"seconds","type":"integer"},"key":{"default":"default","description":"A reference to a named key resource. Cannot be modified after creation. Defaults to the 'default' key.","type":"string"},"redirect_uris":{"description":"Comma separated string or array of redirect URIs used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.","items":{"type":"string"},"type":"array"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/oidc/client/{name} > Delete an OIDC client ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/client/{name}":{"delete":{"operationId":"oidc-delete-client","summary":"Delete an OIDC client","tags":["identity"],"responses":{"204":{"description":"Client deleted successfully"},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Client not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/config > Read OIDC configuration ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/config":{"get":{"operationId":"oidc-read-configuration","summary":"Read OIDC configuration","tags":["identity"],"responses":{"200":{"description":"OIDC configuration retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcReadConfigurationResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Configuration not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/config > Create or update OIDC configuration ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/config":{"post":{"operationId":"oidc-configure","summary":"Create or update OIDC configuration","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcConfigureRequest"}}}},"responses":{"200":{"description":"Configuration updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcConfigureResponse"}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcConfigureRequest":{"properties":{"issuer":{"description":"Issuer URL to be used in the iss claim of the token. If not set, Vault's app_addr will be used.","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/introspect > Verify the authenticity of an OIDC token ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/introspect":{"post":{"operationId":"oidc-introspect","summary":"Verify the authenticity of an OIDC token","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcIntrospectRequest"}}}},"responses":{"200":{"description":"Token introspection successful","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcIntrospectResponse"}}}},"400":{"description":"Invalid request body","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcIntrospectRequest":{"properties":{"client_id":{"description":"Optional client_id to verify","type":"string"},"token":{"description":"Token to verify","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/key > List OIDC keys ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/key":{"get":{"operationId":"oidc-list-keys","summary":"List OIDC keys","tags":["identity"],"parameters":[{"name":"list","in":"query","description":"Must be set to `true`","required":true,"schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"OIDC keys listed successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcListKeysResponse"}}}},"400":{"description":"Invalid query parameter","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/key/{name} > Read OIDC key ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/key/{name}":{"get":{"operationId":"oidc-read-key","summary":"Read OIDC key","tags":["identity"],"responses":{"200":{"description":"OIDC key retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcReadKeyResponse"}}}},"400":{"description":"Invalid key name","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Key not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/key/{name} > Create or update OIDC key ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/key/{name}":{"post":{"operationId":"oidc-write-key","summary":"Create or update OIDC key","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcWriteKeyRequest"}}}},"responses":{"200":{"description":"Key created or updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcWriteKeyResponse"}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcWriteKeyRequest":{"properties":{"algorithm":{"default":"RS256","description":"Signing algorithm to use. This will default to RS256.","type":"string"},"allowed_client_ids":{"description":"Comma separated string or array of role client ids allowed to use this key for signing. If empty no roles are allowed. If \"*\" all roles are allowed.","items":{"type":"string"},"type":"array"},"rotation_period":{"default":"24h","description":"How often to generate a new keypair.","format":"seconds","type":"integer"},"verification_ttl":{"default":"24h","description":"Controls how long the public portion of a key will be available for verification after being rotated.","format":"seconds","type":"integer"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/oidc/key/{name} > Delete OIDC key ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/key/{name}":{"delete":{"operationId":"oidc-delete-key","summary":"Delete OIDC key","tags":["identity"],"responses":{"204":{"description":"Key deleted successfully (empty body)"},"400":{"description":"Invalid key name","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Key not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/key/{name}/rotate > Rotate a named OIDC key. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/key/{name}/rotate":{"post":{"operationId":"oidc-rotate-key","summary":"Rotate a named OIDC key.","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcRotateKeyRequest"}}}},"responses":{"200":{"description":"Key rotated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcRotateKeyResponse"}}}},"400":{"description":"Invalid request data","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Key not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcRotateKeyRequest":{"properties":{"verification_ttl":{"description":"Controls how long the public portion of a key will be available for verification after being rotated. Setting verification_ttl here will override the verification_ttl set on the key.","format":"seconds","type":"integer"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/provider > List OIDC providers ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider":{"get":{"operationId":"oidc-list-providers","summary":"List OIDC providers","tags":["identity"],"parameters":[{"name":"list","in":"query","description":"Must be set to `true`","required":true,"schema":{"type":"string","enum":["true"]}},{"name":"allowed_client_id","in":"query","description":"Filters the list of OIDC providers to those that allow the given client ID in their set of allowed_client_ids.","required":false,"schema":{"type":"string","default":""}}],"responses":{"200":{"description":"List of OIDC providers retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcListProvidersResponse"}}}},"400":{"description":"Invalid query parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Access forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Resource not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/provider/{name} > Read the OIDC provider configuration ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider/{name}":{"get":{"operationId":"oidc-read-provider","summary":"Read the OIDC provider configuration","tags":["identity"],"responses":{"200":{"description":"OIDC provider configuration retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcProvider"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Access forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Provider not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/provider/{name} > Create or update an OIDC provider ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider/{name}":{"post":{"operationId":"oidc-write-provider","summary":"Create or update an OIDC provider","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcWriteProviderRequest"}}}},"responses":{"200":{"description":"Provider successfully created or updated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcProvider"}}}},"400":{"description":"Validation error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcWriteProviderRequest":{"properties":{"allowed_client_ids":{"description":"The client IDs that are permitted to use the provider","items":{"type":"string"},"type":"array"},"issuer":{"description":"Specifies what will be used for the iss claim of ID tokens.","type":"string"},"scopes_supported":{"description":"The scopes supported for requesting on the provider","items":{"type":"string"},"type":"array"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/oidc/provider/{name} > Delete an OIDC provider ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider/{name}":{"delete":{"operationId":"oidc-delete-provider","summary":"Delete an OIDC provider","tags":["identity"],"responses":{"204":{"description":"Provider deleted successfully (no content)"},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Provider not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/provider/{name}/.well-known/keys > Retrieve public keys ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider/{name}/.well-known/keys":{"get":{"summary":"Retrieve public keys","operationId":"oidc-read-provider-public-keys","tags":["identity"],"parameters":[{"name":"name","in":"path","required":true,"description":"Name of the OIDC provider","schema":{"type":"string"}}],"responses":{"200":{"description":"Successfully retrieved public keys","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcProviderPublicKeys"}}}},"400":{"description":"Bad request (e.g., missing or malformed provider name)","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized (if incorrectly marked unauthenticated)","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden (access denied)","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Provider not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/provider/{name}/.well-known/openid-configuration > Query OIDC provider configuration ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider/{name}/.well-known/openid-configuration":{"get":{"summary":"Query OIDC provider configuration","operationId":"oidc-read-provider-open-id-configuration","tags":["identity"],"parameters":[{"name":"name","in":"path","required":true,"description":"Name of the OIDC provider","schema":{"type":"string"}}],"responses":{"200":{"description":"Successfully retrieved the OIDC configuration","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcProviderConfiguration"}}}},"400":{"description":"Invalid request or malformed provider name","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Provider not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/provider/{name}/authorize > Initiate the OIDC authorization flow using query parameters ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider/{name}/authorize":{"get":{"operationId":"oidc-provider-authorize","tags":["identity"],"summary":"Initiate the OIDC authorization flow using query parameters","parameters":[{"in":"query","name":"response_type","schema":{"type":"string"},"required":true,"description":"OAuth 2.0 response type"},{"in":"query","name":"client_id","schema":{"type":"string"},"required":true,"description":"Client identifier"},{"in":"query","name":"redirect_uri","schema":{"type":"string"},"required":true,"description":"Callback URI after successful authorization"},{"in":"query","name":"scope","schema":{"type":"string"},"description":"Requested scopes"},{"in":"query","name":"state","schema":{"type":"string"},"description":"Client state to be returned after auth"}],"responses":{"200":{"description":"Authorization parameters validated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcAuthorizationRedirectResponse"}}}},"400":{"description":"Bad request or missing parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"OIDC provider not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/provider/{name}/authorize > Initiate OIDC authorization flow using POST body instead of query params ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider/{name}/authorize":{"post":{"operationId":"oidc-provider-authorize-with-parameters","summary":"Initiate OIDC authorization flow using POST body instead of query params","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcProviderAuthorizeWithParametersRequest"}}}},"responses":{"200":{"description":"Authorization initiated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcAuthorizationRedirectResponse"}}}},"400":{"description":"Invalid request body or missing fields","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"OIDC provider not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error during authorization","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcProviderAuthorizeWithParametersRequest":{"properties":{"client_id":{"description":"The ID of the requesting client.","type":"string"},"code_challenge":{"description":"The code challenge derived from the code verifier.","type":"string"},"code_challenge_method":{"default":"plain","description":"The method that was used to derive the code challenge. The following methods are supported: 'S256', 'plain'. Defaults to 'plain'.","type":"string"},"max_age":{"description":"The allowable elapsed time in seconds since the last time the end-user was actively authenticated.","type":"integer"},"nonce":{"description":"The value that will be returned in the ID token nonce claim after a token exchange.","type":"string"},"redirect_uri":{"description":"The redirection URI to which the response will be sent.","type":"string"},"response_type":{"description":"The OIDC authentication flow to be used. The following response types are supported: 'code'","type":"string"},"scope":{"description":"A space-delimited, case-sensitive list of scopes to be requested. The 'openid' scope is required.","type":"string"},"state":{"description":"The value used to maintain state between the authentication request and client.","type":"string"}},"required":["client_id","redirect_uri","response_type","scope"],"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/provider/{name}/token > Exchange an authorization code for a token using the OIDC Token endpoint ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider/{name}/token":{"post":{"operationId":"oidc-provider-token","tags":["identity"],"summary":"Exchange an authorization code for a token using the OIDC Token endpoint","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcProviderTokenRequest"}}}},"responses":{"200":{"description":"Token successfully issued","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcTokenResponse"}}}},"400":{"description":"Invalid request, missing or malformed parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – Invalid client credentials","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden – Client not allowed to obtain token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Provider not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcProviderTokenRequest":{"properties":{"client_id":{"description":"The ID of the requesting client.","type":"string"},"client_secret":{"description":"The secret of the requesting client.","type":"string"},"code":{"description":"The authorization code received from the provider's authorization endpoint.","type":"string"},"code_verifier":{"description":"The code verifier associated with the authorization code.","type":"string"},"grant_type":{"description":"The authorization grant type. The following grant types are supported: 'authorization_code'.","type":"string"},"redirect_uri":{"description":"The callback location where the authentication response was sent.","type":"string"}},"required":["code","grant_type","redirect_uri"],"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/provider/{name}/userinfo > Retrieve user information from the OIDC provider using the access token ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider/{name}/userinfo":{"get":{"operationId":"oidc-provider-user-info","tags":["identity"],"summary":"Retrieve user information from the OIDC provider using the access token","responses":{"200":{"description":"Successfully retrieved user information","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcUserInfoResponse"}}}},"400":{"description":"Invalid request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – Invalid or expired token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden – Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"OIDC provider not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/provider/{name}/userinfo > Retrieve user information by posting the access token in the request body ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/provider/{name}/userinfo":{"post":{"operationId":"oidc-provider-user-info2","tags":["identity"],"summary":"Retrieve user information by posting the access token in the request body","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcUserInfoRequest"}}}},"responses":{"200":{"description":"Successfully retrieved user information","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcUserInfoResponse"}}}},"400":{"description":"Invalid request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – Invalid or expired token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden – Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"OIDC provider not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/role > List configured OIDC roles ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/role":{"get":{"operationId":"oidc-list-roles","summary":"List configured OIDC roles","tags":["identity"],"parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `'true'` to list configured roles","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Successfully retrieved list of OIDC roles","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcListRolesResponse"}}}},"400":{"description":"Invalid request parameter","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – missing or invalid token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/role/{name} > Read an OIDC role ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/role/{name}":{"get":{"operationId":"oidc-read-role","summary":"Read an OIDC role","tags":["identity"],"responses":{"200":{"description":"Successfully retrieved OIDC role configuration","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcReadRoleResponse"}}}},"400":{"description":"Invalid request format","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Role not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/role/{name} > Create or update an OIDC role ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/role/{name}":{"post":{"operationId":"oidc-write-role","summary":"Create or update an OIDC role","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcWriteRoleRequest"}}}},"responses":{"200":{"description":"Successfully created or updated the role","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcWriteRoleResponse"}}}},"400":{"description":"Validation error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcWriteRoleRequest":{"properties":{"client_id":{"description":"Optional client_id","type":"string"},"key":{"description":"The OIDC key to use for generating tokens. The specified key must already exist.","type":"string"},"template":{"description":"The template string to use for generating tokens. This may be in string-ified JSON or base64 format.","type":"string"},"ttl":{"default":"24h","description":"TTL of the tokens generated against the role.","format":"seconds","type":"integer"}},"required":["key"],"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/oidc/role/{name} > Delete an OIDC role ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/role/{name}":{"delete":{"operationId":"oidc-delete-role","summary":"Delete an OIDC role","tags":["identity"],"responses":{"204":{"description":"Role successfully deleted (no content)"},"400":{"description":"Invalid role name","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Role not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/scope > List configured OIDC scopes ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/scope":{"get":{"operationId":"oidc-list-scopes","summary":"List configured OIDC scopes","tags":["identity"],"parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `'true'` to list configured scopes","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Successfully retrieved list of OIDC scopes","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcListScopesResponse"}}}},"400":{"description":"Invalid request parameter","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – missing or invalid token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/scope/{name} > Read an OIDC scope ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/scope/{name}":{"get":{"operationId":"oidc-read-scope","summary":"Read an OIDC scope","tags":["identity"],"responses":{"200":{"description":"Successfully retrieved OIDC scope configuration","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcScopeResponse"}}}},"400":{"description":"Invalid request format","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Scope not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/oidc/scope/{name} > Create or update an OIDC scope ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/scope/{name}":{"post":{"operationId":"oidc-write-scope","summary":"Create or update an OIDC scope","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcWriteScopeRequest"}}}},"responses":{"200":{"description":"Successfully created or updated the scope","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcScopeResponse"}}}},"400":{"description":"Validation error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"OidcWriteScopeRequest":{"properties":{"description":{"description":"The description of the scope","type":"string"},"template":{"description":"The template string to use for the scope. This may be in string-ified JSON or base64 format.","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/oidc/scope/{name} > Delete an OIDC scope ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/scope/{name}":{"delete":{"operationId":"oidc-delete-scope","summary":"Delete an OIDC scope","tags":["identity"],"responses":{"204":{"description":"Scope successfully deleted (no content)"},"400":{"description":"Invalid scope name","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Scope not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/oidc/token/{name} > Generate an OIDC token ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/oidc/token/{name}":{"get":{"operationId":"oidc-generate-token","summary":"Generate an OIDC token","tags":["identity"],"responses":{"200":{"description":"Successfully generated OIDC token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OidcTokenResponse"}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – missing or invalid token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Role not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/persona > Create a new persona alias. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/persona":{"post":{"operationId":"persona-create","summary":"Create a new persona alias.","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PersonaCreateRequest"}}}},"responses":{"200":{"description":"Successfully created a new alias","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PersonaResponse"}}}},"400":{"description":"Invalid request body","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – missing or invalid token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"PersonaCreateRequest":{"properties":{"entity_id":{"description":"Entity ID to which this persona belongs to","type":"string"},"id":{"description":"ID of the persona","type":"string"},"metadata":{"description":"Metadata to be associated with the persona. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"mount_accessor":{"description":"Mount accessor to which this persona belongs to","type":"string"},"name":{"description":"Name of the persona","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/persona/id > List all the alias IDs. ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/persona/id":{"get":{"operationId":"persona-list-by-id","summary":"List all the alias IDs.","tags":["identity"],"parameters":[{"name":"list","in":"query","required":true,"description":"Must be set to `'true'` to list all alias IDs","schema":{"type":"string","enum":["true"]}}],"responses":{"200":{"description":"Successfully retrieved list of alias IDs","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PersonaListResponse"}}}},"400":{"description":"Invalid request parameter","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – missing or invalid token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## GET /identity/persona/id/{id} > Read an alias by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/persona/id/{id}":{"get":{"operationId":"persona-read-by-id","summary":"Read an alias by ID","tags":["identity"],"responses":{"200":{"description":"Successfully retrieved alias details","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PersonaResponse"}}}},"400":{"description":"Invalid ID format","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – missing or invalid credentials","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Persona ID not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## POST /identity/persona/id/{id} > Update an alias by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/persona/id/{id}":{"post":{"operationId":"persona-update-by-id","summary":"Update an alias by ID","tags":["identity"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PersonaUpdateByIdRequest"}}}},"responses":{"200":{"description":"Successfully updated the alias","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PersonaResponse"}}}},"400":{"description":"Invalid update payload","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – authentication required","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Persona ID not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"PersonaUpdateByIdRequest":{"properties":{"entity_id":{"description":"Entity ID to which this persona should be tied to","type":"string"},"metadata":{"description":"Metadata to be associated with the persona. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"mount_accessor":{"description":"Mount accessor to which this persona belongs to","type":"string"},"name":{"description":"Name of the persona","type":"string"}},"type":"object"},"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## DELETE /identity/persona/id/{id} > Delete an alias by ID ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"servers":[{"url":"http://localhost:8200/v1","description":"Local Vault Server"}],"paths":{"/identity/persona/id/{id}":{"delete":{"operationId":"persona-delete-by-id","summary":"Delete an alias by ID","tags":["identity"],"responses":{"204":{"description":"Successfully deleted. No content returned."},"400":{"description":"Invalid ID format","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized – authentication required","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Persona ID not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/virtual-hsm/api/identity.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.