# Models ## The AliasCreateRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AliasCreateRequest":{"type":"object","required":["name","canonical_id","mount_accessor"],"properties":{"name":{"type":"string","description":"Name of the alias."},"canonical_id":{"type":"string","description":"Entity ID the alias should be associated with."},"mount_accessor":{"type":"string","description":"Accessor of the mount that the alias belongs to."},"custom_metadata":{"type":"object","additionalProperties":{"type":"string"},"description":"Optional custom metadata to associate with the alias."}}}}}} ``` ## The AliasCreateResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AliasCreateResponse":{"type":"object","properties":{"request_id":{"type":"string"},"lease_id":{"type":"string"},"renewable":{"type":"boolean"},"lease_duration":{"type":"integer"},"data":{"type":"object","properties":{"id":{"type":"string","description":"ID of the created alias."},"name":{"type":"string"},"canonical_id":{"type":"string"},"mount_accessor":{"type":"string"},"custom_metadata":{"type":"object","additionalProperties":{"type":"string"}}}},"warnings":{"type":"array","items":{"type":"string"}},"auth":{"type":"object","nullable":true}}}}}} ``` ## The AliasReadByIdResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AliasReadByIdResponse":{"type":"object","properties":{"request_id":{"type":"string"},"lease_id":{"type":"string"},"renewable":{"type":"boolean"},"lease_duration":{"type":"integer"},"data":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"mount_type":{"type":"string"},"canonical_id":{"type":"string"},"custom_metadata":{"type":"object","additionalProperties":true}}},"wrap_info":{"type":"string","nullable":true},"warnings":{"type":"string","nullable":true},"auth":{"type":"string","nullable":true}}}}}} ``` ## The AliasUpdateByIdResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AliasUpdateByIdResponse":{"type":"object","properties":{"data":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"mount_type":{"type":"string"},"canonical_id":{"type":"string"},"custom_metadata":{"type":"object","additionalProperties":true}}}}}}}} ``` ## The AliasUpdateByIdRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AliasUpdateByIdRequest":{"properties":{"canonical_id":{"description":"Entity ID to which this alias should be tied to","type":"string"},"entity_id":{"description":"Entity ID to which this alias should be tied to. This field is deprecated in favor of 'canonical_id'.","type":"string"},"mount_accessor":{"description":"Mount accessor to which this alias belongs to","type":"string"},"name":{"description":"Name of the alias","type":"string"}},"type":"object"}}}} ``` ## The AuditingCalculateHashRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AuditingCalculateHashRequest":{"properties":{"input":{"type":"string"}},"type":"object"}}}} ``` ## The AuditingCalculateHashResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AuditingCalculateHashResponse":{"properties":{"hash":{"type":"string"}},"type":"object"}}}} ``` ## The AuditingEnableDeviceRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AuditingEnableDeviceRequest":{"properties":{"description":{"description":"User-friendly description for this audit backend.","type":"string"},"local":{"default":false,"description":"Mark the mount as a local mount, which is not replicated and is unaffected by replication.","type":"boolean"},"options":{"description":"Configuration options for the audit backend.","format":"kvpairs","type":"object"},"type":{"description":"The type of the backend. Example: \"mysql\"","type":"string"}},"type":"object"}}}} ``` ## The AuditingEnableRequestHeaderRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AuditingEnableRequestHeaderRequest":{"properties":{"hmac":{"type":"boolean"}},"type":"object"}}}} ``` ## The AuditingListRequestHeadersResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AuditingListRequestHeadersResponse":{"properties":{"headers":{"format":"map","type":"object"}},"type":"object"}}}} ``` ## The AuthEnableMethodRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AuthEnableMethodRequest":{"properties":{"config":{"description":"Configuration for this mount, such as plugin_name.","format":"map","type":"object"},"description":{"description":"User-friendly description for this credential backend.","type":"string"},"external_entropy_access":{"default":false,"description":"Whether to give the mount access to Vault's external entropy.","type":"boolean"},"local":{"default":false,"description":"Mark the mount as a local mount, which is not replicated and is unaffected by replication.","type":"boolean"},"options":{"description":"The options to pass into the backend. Should be a json object with string keys and values.","format":"kvpairs","type":"object"},"plugin_name":{"description":"Name of the auth plugin to use based from the name in the plugin catalog.","type":"string"},"plugin_version":{"description":"The semantic version of the plugin to use.","type":"string"},"seal_wrap":{"default":false,"description":"Whether to turn on seal wrapping for the mount.","type":"boolean"},"type":{"description":"The type of the backend. Example: \"userpass\"","type":"string"}},"type":"object"}}}} ``` ## The AuthReadConfigurationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AuthReadConfigurationResponse":{"properties":{"accessor":{"type":"string"},"config":{"format":"map","type":"object"},"deprecation_status":{"type":"string"},"description":{"type":"string"},"external_entropy_access":{"type":"boolean"},"local":{"type":"boolean"},"options":{"format":"map","type":"object"},"plugin_version":{"type":"string"},"running_plugin_version":{"type":"string"},"running_sha256":{"type":"string"},"seal_wrap":{"type":"boolean"},"type":{"type":"string"},"uuid":{"type":"string"}},"type":"object"}}}} ``` ## The AuthReadTuningInformationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AuthReadTuningInformationResponse":{"properties":{"allowed_managed_keys":{"items":{"type":"string"},"type":"array"},"allowed_response_headers":{"items":{"type":"string"},"type":"array"},"audit_non_hmac_request_keys":{"items":{"type":"string"},"type":"array"},"audit_non_hmac_response_keys":{"items":{"type":"string"},"type":"array"},"default_lease_ttl":{"type":"integer"},"description":{"type":"string"},"external_entropy_access":{"type":"boolean"},"force_no_cache":{"type":"boolean"},"listing_visibility":{"type":"string"},"max_lease_ttl":{"type":"integer"},"options":{"format":"map","type":"object"},"passthrough_request_headers":{"items":{"type":"string"},"type":"array"},"plugin_version":{"type":"string"},"token_type":{"type":"string"},"user_lockout_counter_reset_duration":{"format":"int64","type":"integer"},"user_lockout_disable":{"type":"boolean"},"user_lockout_duration":{"format":"int64","type":"integer"},"user_lockout_threshold":{"format":"int64","type":"integer"}},"type":"object"}}}} ``` ## The AuthTuneConfigurationParametersRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"AuthTuneConfigurationParametersRequest":{"properties":{"allowed_response_headers":{"description":"A list of headers to whitelist and allow a plugin to set on responses.","items":{"type":"string"},"type":"array"},"audit_non_hmac_request_keys":{"description":"The list of keys in the request data object that will not be HMAC'ed by audit devices.","items":{"type":"string"},"type":"array"},"audit_non_hmac_response_keys":{"description":"The list of keys in the response data object that will not be HMAC'ed by audit devices.","items":{"type":"string"},"type":"array"},"default_lease_ttl":{"description":"The default lease TTL for this mount.","type":"string"},"description":{"description":"User-friendly description for this credential backend.","type":"string"},"listing_visibility":{"description":"Determines the visibility of the mount in the UI-specific listing endpoint. Accepted value are 'unauth' and 'hidden', with the empty default ('') behaving like 'hidden'.","type":"string"},"max_lease_ttl":{"description":"The max lease TTL for this mount.","type":"string"},"options":{"description":"The options to pass into the backend. Should be a json object with string keys and values.","format":"kvpairs","type":"object"},"passthrough_request_headers":{"description":"A list of headers to whitelist and pass from the request to the plugin.","items":{"type":"string"},"type":"array"},"plugin_version":{"description":"The semantic version of the plugin to use.","type":"string"},"token_type":{"description":"The type of token to issue (service or batch).","type":"string"},"user_lockout_config":{"description":"The user lockout configuration to pass into the backend. Should be a json object with string keys and values.","format":"map","type":"object"}},"type":"object"}}}} ``` ## The CreateTokenRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"CreateTokenRequest":{"type":"object","properties":{"id":{"type":"string","description":"Custom client token ID (root only). Cannot contain \".\" or start with \"s.\"."},"role_name":{"type":"string","description":"Name of the token role."},"policies":{"type":"array","items":{"type":"string"},"description":"Policies to assign to the token."},"meta":{"type":"object","additionalProperties":{"type":"string"},"description":"Metadata to pass through to audit devices."},"no_parent":{"type":"boolean","default":false,"description":"If true, creates an orphan token. Requires root or sudo."},"no_default_policy":{"type":"boolean","default":false,"description":"If true, excludes the default policy."},"renewable":{"type":"boolean","default":true,"description":"Whether the token can be renewed."},"lease":{"type":"string","deprecated":true,"description":"Deprecated. Use ttl instead."},"ttl":{"type":"string","description":"TTL (e.g., \"1h\")."},"type":{"type":"string","enum":["batch","service"],"description":"Token type."},"explicit_max_ttl":{"type":"string","description":"Explicit max TTL that cannot be exceeded."},"display_name":{"type":"string","default":"token","description":"Display name for the token."},"num_uses":{"type":"integer","default":0,"description":"Max number of uses. 0 means unlimited."},"period":{"type":"string","description":"Periodic renewal interval. Requires root or sudo."},"entity_alias":{"type":"string","description":"Entity alias to associate with (must be allowed in role)."}}}}}} ``` ## The CreateTokenResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"CreateTokenResponse":{"type":"object","properties":{"request_id":{"type":"string"},"lease_id":{"type":"string"},"renewable":{"type":"boolean"},"lease_duration":{"type":"integer"},"data":{"nullable":true},"wrap_info":{"nullable":true},"warnings":{"type":"array","items":{"type":"string"}},"auth":{"type":"object","properties":{"client_token":{"type":"string"},"accessor":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}},"token_policies":{"type":"array","items":{"type":"string"}},"metadata":{"type":"object","additionalProperties":{"type":"string"}},"lease_duration":{"type":"integer"},"renewable":{"type":"boolean"},"entity_id":{"type":"string"},"token_type":{"type":"string"},"orphan":{"type":"boolean"},"num_uses":{"type":"integer"}}}}}}}} ``` ## The CollectHostInformationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"CollectHostInformationResponse":{"properties":{"cpu":{"items":{"type":"object"},"type":"array"},"cpu_times":{"items":{"type":"object"},"type":"array"},"disk":{"items":{"type":"object"},"type":"array"},"host":{"format":"map","type":"object"},"memory":{"format":"map","type":"object"},"timestamp":{"format":"date-time","type":"string"}},"type":"object"}}}} ``` ## The CorsConfigureRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"CorsConfigureRequest":{"properties":{"allowed_headers":{"description":"A comma-separated string or array of strings indicating headers that are allowed on cross-origin requests.","items":{"type":"string"},"type":"array"},"allowed_origins":{"description":"A comma-separated string or array of strings indicating origins that may make cross-origin requests.","items":{"type":"string"},"type":"array"},"enable":{"description":"Enables or disables CORS headers on requests.","type":"boolean"}},"type":"object"}}}} ``` ## The CorsReadConfigurationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"CorsReadConfigurationResponse":{"properties":{"allowed_headers":{"items":{"type":"string"},"type":"array"},"allowed_origins":{"items":{"type":"string"},"type":"array"},"enabled":{"type":"boolean"}},"type":"object"}}}} ``` ## The DecodeRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"DecodeRequest":{"properties":{"encoded_token":{"description":"Specifies the encoded token (result from generate-root).","type":"string"},"otp":{"description":"Specifies the otp code for decode.","type":"string"}},"type":"object"}}}} ``` ## The EncryptionKeyConfigureRotationRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"EncryptionKeyConfigureRotationRequest":{"properties":{"enabled":{"description":"Whether automatic rotation is enabled.","type":"boolean"},"interval":{"description":"How long after installation of an active key term that the key will be automatically rotated.","format":"seconds","type":"integer"},"max_operations":{"description":"The number of encryption operations performed before the barrier key is automatically rotated.","format":"int64","type":"integer"}},"type":"object"}}}} ``` ## The EncryptionKeyReadRotationConfigurationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"EncryptionKeyReadRotationConfigurationResponse":{"properties":{"enabled":{"type":"boolean"},"interval":{"format":"seconds","type":"integer"},"max_operations":{"format":"int64","type":"integer"}},"type":"object"}}}} ``` ## The EntityBatchDeleteRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"EntityBatchDeleteRequest":{"properties":{"entity_ids":{"description":"Entity IDs to delete","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The EntityCreateAliasRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"EntityCreateAliasRequest":{"properties":{"canonical_id":{"description":"Entity ID to which this alias belongs","type":"string"},"custom_metadata":{"description":"User provided key-value pairs","format":"kvpairs","type":"object"},"entity_id":{"description":"Entity ID to which this alias belongs. This field is deprecated, use canonical_id.","type":"string"},"id":{"description":"ID of the entity alias. If set, updates the corresponding entity alias.","type":"string"},"mount_accessor":{"description":"Mount accessor to which this alias belongs to; unused for a modify","type":"string"},"name":{"description":"Name of the alias; unused for a modify","type":"string"}},"type":"object"}}}} ``` ## The EntityCreateRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"EntityCreateRequest":{"properties":{"disabled":{"description":"If set true, tokens tied to this identity will not be able to be used (but will not be revoked).","type":"boolean"},"id":{"description":"ID of the entity. If set, updates the corresponding existing entity.","type":"string"},"metadata":{"description":"Metadata to be associated with the entity. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"name":{"description":"Name of the entity","type":"string"},"policies":{"description":"Policies to be tied to the entity.","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The EntityLookUpRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"EntityLookUpRequest":{"properties":{"alias_id":{"description":"ID of the alias.","type":"string"},"alias_mount_accessor":{"description":"Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with 'alias_name'.","type":"string"},"alias_name":{"description":"Name of the alias. This should be supplied in conjunction with 'alias_mount_accessor'.","type":"string"},"id":{"description":"ID of the entity.","type":"string"},"name":{"description":"Name of the entity.","type":"string"}},"type":"object"}}}} ``` ## The EntityMergeRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"EntityMergeRequest":{"properties":{"conflicting_alias_ids_to_keep":{"description":"Alias IDs to keep in case of conflicting aliases. Ignored if no conflicting aliases found","items":{"type":"string"},"type":"array"},"force":{"description":"Setting this will follow the 'mine' strategy for merging MFA secrets. If there are secrets of the same type both in entities that are merged from and in entity into which all others are getting merged, secrets in the destination will be unaltered. If not set, this API will throw an error containing all the conflicts.","type":"boolean"},"from_entity_ids":{"description":"Entity IDs which need to get merged","items":{"type":"string"},"type":"array"},"to_entity_id":{"description":"Entity ID into which all the other entities need to get merged","type":"string"}},"type":"object"}}}} ``` ## The EntityUpdateAliasByIdRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"EntityUpdateAliasByIdRequest":{"properties":{"canonical_id":{"description":"Entity ID to which this alias should be tied to","type":"string"},"custom_metadata":{"description":"User provided key-value pairs","format":"kvpairs","type":"object"},"entity_id":{"description":"Entity ID to which this alias belongs to. This field is deprecated, use canonical_id.","type":"string"},"mount_accessor":{"description":"(Unused)","type":"string"},"name":{"description":"(Unused)","type":"string"}},"type":"object"}}}} ``` ## The EntityUpdateByIdRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"EntityUpdateByIdRequest":{"properties":{"disabled":{"description":"If set true, tokens tied to this identity will not be able to be used (but will not be revoked).","type":"boolean"},"metadata":{"description":"Metadata to be associated with the entity. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"name":{"description":"Name of the entity","type":"string"},"policies":{"description":"Policies to be tied to the entity.","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The EntityUpdateByNameRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"EntityUpdateByNameRequest":{"properties":{"disabled":{"description":"If set true, tokens tied to this identity will not be able to be used (but will not be revoked).","type":"boolean"},"id":{"description":"ID of the entity. If set, updates the corresponding existing entity.","type":"string"},"metadata":{"description":"Metadata to be associated with the entity. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"policies":{"description":"Policies to be tied to the entity.","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The ErrorResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"ErrorResponse":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"string"}}}}}}} ``` ## The GenerateHashRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateHashRequest":{"properties":{"algorithm":{"default":"sha2-256","description":"Algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 Defaults to \"sha2-256\".","type":"string"},"format":{"default":"hex","description":"Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"hex\".","type":"string"},"input":{"description":"The base64-encoded input data","type":"string"},"urlalgorithm":{"description":"Algorithm to use (POST URL parameter)","type":"string"}},"type":"object"}}}} ``` ## The GenerateHashResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateHashResponse":{"properties":{"sum":{"type":"string"}},"type":"object"}}}} ``` ## The GenerateHashWithAlgorithmRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateHashWithAlgorithmRequest":{"properties":{"algorithm":{"default":"sha2-256","description":"Algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 Defaults to \"sha2-256\".","type":"string"},"format":{"default":"hex","description":"Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"hex\".","type":"string"},"input":{"description":"The base64-encoded input data","type":"string"}},"type":"object"}}}} ``` ## The GenerateHashWithAlgorithmResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateHashWithAlgorithmResponse":{"properties":{"sum":{"type":"string"}},"type":"object"}}}} ``` ## The GenerateRandomRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateRandomRequest":{"properties":{"bytes":{"default":32,"description":"The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).","type":"integer"},"format":{"default":"base64","description":"Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".","type":"string"},"source":{"default":"platform","description":"Which system to source random data from, ether \"platform\", \"seal\", or \"all\".","type":"string"},"urlbytes":{"description":"The number of bytes to generate (POST URL parameter)","type":"string"}},"type":"object"}}}} ``` ## The GenerateRandomResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateRandomResponse":{"properties":{"random_bytes":{"type":"string"}},"type":"object"}}}} ``` ## The GenerateRandomWithBytesRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateRandomWithBytesRequest":{"properties":{"bytes":{"default":32,"description":"The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).","type":"integer"},"format":{"default":"base64","description":"Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".","type":"string"},"source":{"default":"platform","description":"Which system to source random data from, ether \"platform\", \"seal\", or \"all\".","type":"string"}},"type":"object"}}}} ``` ## The GenerateRandomWithBytesResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateRandomWithBytesResponse":{"properties":{"random_bytes":{"type":"string"}},"type":"object"}}}} ``` ## The GenerateRandomWithSourceAndBytesRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateRandomWithSourceAndBytesRequest":{"properties":{"bytes":{"default":32,"description":"The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).","type":"integer"},"format":{"default":"base64","description":"Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".","type":"string"}},"type":"object"}}}} ``` ## The GenerateRandomWithSourceAndBytesResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateRandomWithSourceAndBytesResponse":{"properties":{"random_bytes":{"type":"string"}},"type":"object"}}}} ``` ## The GenerateRandomWithSourceRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateRandomWithSourceRequest":{"properties":{"bytes":{"default":32,"description":"The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).","type":"integer"},"format":{"default":"base64","description":"Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".","type":"string"},"urlbytes":{"description":"The number of bytes to generate (POST URL parameter)","type":"string"}},"type":"object"}}}} ``` ## The GenerateRandomWithSourceResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GenerateRandomWithSourceResponse":{"properties":{"random_bytes":{"type":"string"}},"type":"object"}}}} ``` ## The GroupCreateAliasRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GroupCreateAliasRequest":{"properties":{"canonical_id":{"description":"ID of the group to which this is an alias.","type":"string"},"id":{"description":"ID of the group alias.","type":"string"},"mount_accessor":{"description":"Mount accessor to which this alias belongs to.","type":"string"},"name":{"description":"Alias of the group.","type":"string"}},"type":"object"}}}} ``` ## The GroupCreateRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GroupCreateRequest":{"properties":{"id":{"description":"ID of the group. If set, updates the corresponding existing group.","type":"string"},"member_entity_ids":{"description":"Entity IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"member_group_ids":{"description":"Group IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"metadata":{"description":"Metadata to be associated with the group. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"name":{"description":"Name of the group.","type":"string"},"policies":{"description":"Policies to be tied to the group.","items":{"type":"string"},"type":"array"},"type":{"description":"Type of the group, 'internal' or 'external'. Defaults to 'internal'","type":"string"}},"type":"object"}}}} ``` ## The GroupLookUpRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GroupLookUpRequest":{"properties":{"alias_id":{"description":"ID of the alias.","type":"string"},"alias_mount_accessor":{"description":"Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with 'alias_name'.","type":"string"},"alias_name":{"description":"Name of the alias. This should be supplied in conjunction with 'alias_mount_accessor'.","type":"string"},"id":{"description":"ID of the group.","type":"string"},"name":{"description":"Name of the group.","type":"string"}},"type":"object"}}}} ``` ## The GroupUpdateAliasByIdRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GroupUpdateAliasByIdRequest":{"properties":{"canonical_id":{"description":"ID of the group to which this is an alias.","type":"string"},"mount_accessor":{"description":"Mount accessor to which this alias belongs to.","type":"string"},"name":{"description":"Alias of the group.","type":"string"}},"type":"object"}}}} ``` ## The GroupUpdateByIdRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GroupUpdateByIdRequest":{"properties":{"member_entity_ids":{"description":"Entity IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"member_group_ids":{"description":"Group IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"metadata":{"description":"Metadata to be associated with the group. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"name":{"description":"Name of the group.","type":"string"},"policies":{"description":"Policies to be tied to the group.","items":{"type":"string"},"type":"array"},"type":{"description":"Type of the group, 'internal' or 'external'. Defaults to 'internal'","type":"string"}},"type":"object"}}}} ``` ## The GroupUpdateByNameRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"GroupUpdateByNameRequest":{"properties":{"id":{"description":"ID of the group. If set, updates the corresponding existing group.","type":"string"},"member_entity_ids":{"description":"Entity IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"member_group_ids":{"description":"Group IDs to be assigned as group members.","items":{"type":"string"},"type":"array"},"metadata":{"description":"Metadata to be associated with the group. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"policies":{"description":"Policies to be tied to the group.","items":{"type":"string"},"type":"array"},"type":{"description":"Type of the group, 'internal' or 'external'. Defaults to 'internal'","type":"string"}},"type":"object"}}}} ``` ## The HaStatusResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"HaStatusResponse":{"properties":{"nodes":{"items":{"type":"object"},"type":"array"}},"type":"object"}}}} ``` ## The InitializeRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"InitializeRequest":{"properties":{"pgp_keys":{"description":"Specifies an array of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as `secret_shares`.","items":{"type":"string"},"type":"array"},"recovery_pgp_keys":{"description":"Specifies an array of PGP public keys used to encrypt the output recovery keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as `recovery_shares`.","items":{"type":"string"},"type":"array"},"recovery_shares":{"description":"Specifies the number of shares to split the recovery key into.","type":"integer"},"recovery_threshold":{"description":"Specifies the number of shares required to reconstruct the recovery key. This must be less than or equal to `recovery_shares`.","type":"integer"},"root_token_pgp_key":{"description":"Specifies a PGP public key used to encrypt the initial root token. The key must be base64-encoded from its original binary representation.","type":"string"},"secret_shares":{"description":"Specifies the number of shares to split the unseal key into.","type":"integer"},"secret_threshold":{"description":"Specifies the number of shares required to reconstruct the unseal key. This must be less than or equal secret_shares. If using Vault HSM with auto-unsealing, this value must be the same as `secret_shares`.","type":"integer"},"stored_shares":{"description":"Specifies the number of shares that should be encrypted by the HSM and stored for auto-unsealing. Currently must be the same as `secret_shares`.","type":"integer"}},"type":"object"}}}} ``` ## The InternalClientActivityConfigureRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"InternalClientActivityConfigureRequest":{"properties":{"default_report_months":{"default":12,"description":"Number of months to report if no start date specified.","type":"integer"},"enabled":{"default":"default","description":"Enable or disable collection of client count: enable, disable, or default.","type":"string"},"retention_months":{"default":24,"description":"Number of months of client data to retain. Setting to 0 will clear all existing data.","type":"integer"}},"type":"object"}}}} ``` ## The InternalCountEntitiesResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"InternalCountEntitiesResponse":{"properties":{"counters":{"format":"map","type":"object"}},"type":"object"}}}} ``` ## The InternalCountTokensResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"InternalCountTokensResponse":{"properties":{"counters":{"format":"map","type":"object"}},"type":"object"}}}} ``` ## The InternalGenerateOpenApiDocumentWithParametersRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"InternalGenerateOpenApiDocumentWithParametersRequest":{"properties":{"context":{"description":"Context string appended to every operationId","type":"string"}},"type":"object"}}}} ``` ## The InternalUiListEnabledFeatureFlagsResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"InternalUiListEnabledFeatureFlagsResponse":{"properties":{"feature_flags":{"items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The InternalUiListEnabledVisibleMountsResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"InternalUiListEnabledVisibleMountsResponse":{"properties":{"auth":{"description":"auth mounts","format":"map","type":"object"},"secret":{"description":"secret mounts","format":"map","type":"object"}},"type":"object"}}}} ``` ## The InternalUiListNamespacesResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"InternalUiListNamespacesResponse":{"properties":{"keys":{"description":"field is only returned if there are one or more namespaces","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The InternalUiReadMountInformationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"InternalUiReadMountInformationResponse":{"properties":{"accessor":{"type":"string"},"config":{"format":"map","type":"object"},"description":{"type":"string"},"external_entropy_access":{"type":"boolean"},"local":{"type":"boolean"},"options":{"format":"map","type":"object"},"path":{"type":"string"},"plugin_version":{"type":"string"},"running_plugin_version":{"type":"string"},"running_sha256":{"type":"string"},"seal_wrap":{"type":"boolean"},"type":{"type":"string"},"uuid":{"type":"string"}},"type":"object"}}}} ``` ## The InternalUiReadResultantAclResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"InternalUiReadResultantAclResponse":{"properties":{"exact_paths":{"format":"map","type":"object"},"glob_paths":{"format":"map","type":"object"},"root":{"type":"boolean"}},"type":"object"}}}} ``` ## The LeaderStatusResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeaderStatusResponse":{"properties":{"active_time":{"format":"date-time","type":"string"},"ha_enabled":{"type":"boolean"},"is_self":{"type":"boolean"},"last_wal":{"format":"int64","type":"integer"},"leader_address":{"type":"string"},"leader_cluster_address":{"type":"string"},"performance_standby":{"type":"boolean"},"performance_standby_last_remote_wal":{"format":"int64","type":"integer"},"raft_applied_index":{"format":"int64","type":"integer"},"raft_committed_index":{"format":"int64","type":"integer"}},"type":"object"}}}} ``` ## The LeasesCountResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesCountResponse":{"properties":{"counts":{"description":"Number of matching leases per mount","type":"integer"},"lease_count":{"description":"Number of matching leases","type":"integer"}},"type":"object"}}}} ``` ## The LeasesListResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesListResponse":{"properties":{"counts":{"description":"Number of matching leases per mount","type":"integer"},"lease_count":{"description":"Number of matching leases","type":"integer"}},"type":"object"}}}} ``` ## The LeasesLookUpResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesLookUpResponse":{"properties":{"keys":{"description":"A list of lease ids","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The LeasesLookUpWithPrefixResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesLookUpWithPrefixResponse":{"properties":{"keys":{"description":"A list of lease ids","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The LeasesReadLeaseRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesReadLeaseRequest":{"properties":{"lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"}},"type":"object"}}}} ``` ## The LeasesReadLeaseResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesReadLeaseResponse":{"properties":{"expire_time":{"description":"Optional lease expiry time","format":"date-time","type":"string"},"id":{"description":"Lease id","type":"string"},"issue_time":{"description":"Timestamp for the lease's issue time","format":"date-time","type":"string"},"last_renewal":{"description":"Optional Timestamp of the last time the lease was renewed","format":"date-time","type":"string"},"renewable":{"description":"True if the lease is able to be renewed","type":"boolean"},"ttl":{"description":"Time to Live set for the lease, returns 0 if unset","type":"integer"}},"type":"object"}}}} ``` ## The LeasesRenewLease2Request object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesRenewLease2Request":{"properties":{"increment":{"description":"The desired increment in seconds to the lease","format":"seconds","type":"integer"},"lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"},"url_lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"}},"type":"object"}}}} ``` ## The LeasesRenewLeaseRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesRenewLeaseRequest":{"properties":{"increment":{"description":"The desired increment in seconds to the lease","format":"seconds","type":"integer"},"lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"},"url_lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"}},"type":"object"}}}} ``` ## The LeasesRenewLeaseWithId2Request object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesRenewLeaseWithId2Request":{"properties":{"increment":{"description":"The desired increment in seconds to the lease","format":"seconds","type":"integer"},"lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"}},"type":"object"}}}} ``` ## The LeasesRenewLeaseWithIdRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesRenewLeaseWithIdRequest":{"properties":{"increment":{"description":"The desired increment in seconds to the lease","format":"seconds","type":"integer"},"lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"}},"type":"object"}}}} ``` ## The LeasesRevokeLease2Request object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesRevokeLease2Request":{"properties":{"lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"},"sync":{"default":true,"description":"Whether or not to perform the revocation synchronously","type":"boolean"},"url_lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"}},"type":"object"}}}} ``` ## The LeasesRevokeLeaseRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesRevokeLeaseRequest":{"properties":{"lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"},"sync":{"default":true,"description":"Whether or not to perform the revocation synchronously","type":"boolean"},"url_lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"}},"type":"object"}}}} ``` ## The LeasesRevokeLeaseWithId2Request object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesRevokeLeaseWithId2Request":{"properties":{"lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"},"sync":{"default":true,"description":"Whether or not to perform the revocation synchronously","type":"boolean"}},"type":"object"}}}} ``` ## The LeasesRevokeLeaseWithIdRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesRevokeLeaseWithIdRequest":{"properties":{"lease_id":{"description":"The lease identifier to renew. This is included with a lease.","type":"string"},"sync":{"default":true,"description":"Whether or not to perform the revocation synchronously","type":"boolean"}},"type":"object"}}}} ``` ## The LeasesRevokeLeaseWithPrefix2Request object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesRevokeLeaseWithPrefix2Request":{"properties":{"sync":{"default":true,"description":"Whether or not to perform the revocation synchronously","type":"boolean"}},"type":"object"}}}} ``` ## The LeasesRevokeLeaseWithPrefixRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LeasesRevokeLeaseWithPrefixRequest":{"properties":{"sync":{"default":true,"description":"Whether or not to perform the revocation synchronously","type":"boolean"}},"type":"object"}}}} ``` ## The LoggersUpdateVerbosityLevelForRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LoggersUpdateVerbosityLevelForRequest":{"properties":{"level":{"description":"Log verbosity level. Supported values (in order of detail) are \"trace\", \"debug\", \"info\", \"warn\", and \"error\".","type":"string"}},"type":"object"}}}} ``` ## The LoggersUpdateVerbosityLevelRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"LoggersUpdateVerbosityLevelRequest":{"properties":{"level":{"description":"Log verbosity level. Supported values (in order of detail) are \"trace\", \"debug\", \"info\", \"warn\", and \"error\".","type":"string"}},"type":"object"}}}} ``` ## The MfaAdminDestroyTotpSecretRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MfaAdminDestroyTotpSecretRequest":{"properties":{"entity_id":{"description":"Identifier of the entity from which the MFA method secret needs to be removed.","type":"string"},"method_id":{"description":"The unique identifier for this MFA method.","type":"string"}},"required":["entity_id","method_id"],"type":"object"}}}} ``` ## The MfaAdminGenerateTotpSecretRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MfaAdminGenerateTotpSecretRequest":{"properties":{"entity_id":{"description":"Entity ID on which the generated secret needs to get stored.","type":"string"},"method_id":{"description":"The unique identifier for this MFA method.","type":"string"}},"required":["entity_id","method_id"],"type":"object"}}}} ``` ## The MfaConfigureDuoMethodRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MfaConfigureDuoMethodRequest":{"properties":{"api_hostname":{"description":"API host name for Duo.","type":"string"},"integration_key":{"description":"Integration key for Duo.","type":"string"},"method_name":{"description":"The unique name identifier for this MFA method.","type":"string"},"push_info":{"description":"Push information for Duo.","type":"string"},"secret_key":{"description":"Secret key for Duo.","type":"string"},"use_passcode":{"description":"If true, the user is reminded to use the passcode upon MFA validation. This option does not enforce using the passcode. Defaults to false.","type":"boolean"},"username_format":{"description":"A template string for mapping Identity names to MFA method names. Values to subtitute should be placed in {{}}. For example, \"{{alias.name}}@example.com\". Currently-supported mappings: alias.name: The name returned by the mount configured via the mount_accessor parameter If blank, the Alias's name field will be used as-is.","type":"string"}},"type":"object"}}}} ``` ## The MfaConfigureOktaMethodRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MfaConfigureOktaMethodRequest":{"properties":{"api_token":{"description":"Okta API key.","type":"string"},"base_url":{"description":"The base domain to use for the Okta API. When not specified in the configuration, \"okta.com\" is used.","type":"string"},"method_name":{"description":"The unique name identifier for this MFA method.","type":"string"},"org_name":{"description":"Name of the organization to be used in the Okta API.","type":"string"},"primary_email":{"description":"If true, the username will only match the primary email for the account. Defaults to false.","type":"boolean"},"production":{"description":"(DEPRECATED) Use base_url instead.","type":"boolean"},"username_format":{"description":"A template string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}. For example, \"{{entity.name}}@example.com\". If blank, the Entity's name field will be used as-is.","type":"string"}},"type":"object"}}}} ``` ## The MfaConfigurePingIdMethodRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MfaConfigurePingIdMethodRequest":{"properties":{"method_name":{"description":"The unique name identifier for this MFA method.","type":"string"},"settings_file_base64":{"description":"The settings file provided by Ping, Base64-encoded. This must be a settings file suitable for third-party clients, not the PingID SDK or PingFederate.","type":"string"},"username_format":{"description":"A template string for mapping Identity names to MFA method names. Values to subtitute should be placed in {{}}. For example, \"{{alias.name}}@example.com\". Currently-supported mappings: alias.name: The name returned by the mount configured via the mount_accessor parameter If blank, the Alias's name field will be used as-is.","type":"string"}},"type":"object"}}}} ``` ## The MfaConfigureTotpMethodRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MfaConfigureTotpMethodRequest":{"properties":{"algorithm":{"default":"SHA1","description":"The hashing algorithm used to generate the TOTP token. Options include SHA1, SHA256 and SHA512.","type":"string"},"digits":{"default":6,"description":"The number of digits in the generated TOTP token. This value can either be 6 or 8.","type":"integer"},"issuer":{"description":"The name of the key's issuing organization.","type":"string"},"key_size":{"default":20,"description":"Determines the size in bytes of the generated key.","type":"integer"},"max_validation_attempts":{"description":"Max number of allowed validation attempts.","type":"integer"},"method_name":{"description":"The unique name identifier for this MFA method.","type":"string"},"period":{"default":30,"description":"The length of time used to generate a counter for the TOTP token calculation.","format":"seconds","type":"integer"},"qr_size":{"default":200,"description":"The pixel size of the generated square QR code.","type":"integer"},"skew":{"default":1,"description":"The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1.","type":"integer"}},"type":"object"}}}} ``` ## The MfaGenerateTotpSecretRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MfaGenerateTotpSecretRequest":{"properties":{"method_id":{"description":"The unique identifier for this MFA method.","type":"string"}},"required":["method_id"],"type":"object"}}}} ``` ## The MfaValidateRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MfaValidateRequest":{"properties":{"mfa_payload":{"description":"A map from MFA method ID to a slice of passcodes or an empty slice if the method does not use passcodes","format":"map","type":"object"},"mfa_request_id":{"description":"ID for this MFA request","type":"string"}},"required":["mfa_payload","mfa_request_id"],"type":"object"}}}} ``` ## The MfaWriteLoginEnforcementRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MfaWriteLoginEnforcementRequest":{"properties":{"auth_method_accessors":{"description":"Array of auth mount accessor IDs","items":{"type":"string"},"type":"array"},"auth_method_types":{"description":"Array of auth mount types","items":{"type":"string"},"type":"array"},"identity_entity_ids":{"description":"Array of identity entity IDs","items":{"type":"string"},"type":"array"},"identity_group_ids":{"description":"Array of identity group IDs","items":{"type":"string"},"type":"array"},"mfa_method_ids":{"description":"Array of Method IDs that determine what methods will be enforced","items":{"type":"string"},"type":"array"}},"required":["mfa_method_ids"],"type":"object"}}}} ``` ## The MountsEnableSecretsEngineRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MountsEnableSecretsEngineRequest":{"properties":{"config":{"description":"Configuration for this mount, such as default_lease_ttl and max_lease_ttl.","format":"map","type":"object"},"description":{"description":"User-friendly description for this mount.","type":"string"},"external_entropy_access":{"default":false,"description":"Whether to give the mount access to Vault's external entropy.","type":"boolean"},"local":{"default":false,"description":"Mark the mount as a local mount, which is not replicated and is unaffected by replication.","type":"boolean"},"options":{"description":"The options to pass into the backend. Should be a json object with string keys and values.","format":"kvpairs","type":"object"},"plugin_name":{"description":"Name of the plugin to mount based from the name registered in the plugin catalog.","type":"string"},"plugin_version":{"description":"The semantic version of the plugin to use.","type":"string"},"seal_wrap":{"default":false,"description":"Whether to turn on seal wrapping for the mount.","type":"boolean"},"type":{"description":"The type of the backend. Example: \"passthrough\"","type":"string"}},"type":"object"}}}} ``` ## The MountsReadConfigurationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MountsReadConfigurationResponse":{"properties":{"accessor":{"type":"string"},"config":{"description":"Configuration for this mount, such as default_lease_ttl and max_lease_ttl.","format":"map","type":"object"},"deprecation_status":{"type":"string"},"description":{"description":"User-friendly description for this mount.","type":"string"},"external_entropy_access":{"type":"boolean"},"local":{"default":false,"description":"Mark the mount as a local mount, which is not replicated and is unaffected by replication.","type":"boolean"},"options":{"description":"The options to pass into the backend. Should be a json object with string keys and values.","format":"kvpairs","type":"object"},"plugin_version":{"description":"The semantic version of the plugin to use.","type":"string"},"running_plugin_version":{"type":"string"},"running_sha256":{"type":"string"},"seal_wrap":{"default":false,"description":"Whether to turn on seal wrapping for the mount.","type":"boolean"},"type":{"description":"The type of the backend. Example: \"passthrough\"","type":"string"},"uuid":{"type":"string"}},"type":"object"}}}} ``` ## The MountsReadTuningInformationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MountsReadTuningInformationResponse":{"properties":{"allowed_managed_keys":{"items":{"type":"string"},"type":"array"},"allowed_response_headers":{"description":"A list of headers to whitelist and allow a plugin to set on responses.","items":{"type":"string"},"type":"array"},"audit_non_hmac_request_keys":{"items":{"type":"string"},"type":"array"},"audit_non_hmac_response_keys":{"items":{"type":"string"},"type":"array"},"default_lease_ttl":{"description":"The default lease TTL for this mount.","type":"integer"},"description":{"description":"User-friendly description for this credential backend.","type":"string"},"external_entropy_access":{"type":"boolean"},"force_no_cache":{"type":"boolean"},"listing_visibility":{"type":"string"},"max_lease_ttl":{"description":"The max lease TTL for this mount.","type":"integer"},"options":{"description":"The options to pass into the backend. Should be a json object with string keys and values.","format":"kvpairs","type":"object"},"passthrough_request_headers":{"items":{"type":"string"},"type":"array"},"plugin_version":{"description":"The semantic version of the plugin to use.","type":"string"},"token_type":{"description":"The type of token to issue (service or batch).","type":"string"},"user_lockout_counter_reset_duration":{"format":"int64","type":"integer"},"user_lockout_disable":{"type":"boolean"},"user_lockout_duration":{"format":"int64","type":"integer"},"user_lockout_threshold":{"format":"int64","type":"integer"}},"type":"object"}}}} ``` ## The MountsTuneConfigurationParametersRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"MountsTuneConfigurationParametersRequest":{"properties":{"allowed_managed_keys":{"items":{"type":"string"},"type":"array"},"allowed_response_headers":{"description":"A list of headers to whitelist and allow a plugin to set on responses.","items":{"type":"string"},"type":"array"},"audit_non_hmac_request_keys":{"description":"The list of keys in the request data object that will not be HMAC'ed by audit devices.","items":{"type":"string"},"type":"array"},"audit_non_hmac_response_keys":{"description":"The list of keys in the response data object that will not be HMAC'ed by audit devices.","items":{"type":"string"},"type":"array"},"default_lease_ttl":{"description":"The default lease TTL for this mount.","type":"string"},"description":{"description":"User-friendly description for this credential backend.","type":"string"},"listing_visibility":{"description":"Determines the visibility of the mount in the UI-specific listing endpoint. Accepted value are 'unauth' and 'hidden', with the empty default ('') behaving like 'hidden'.","type":"string"},"max_lease_ttl":{"description":"The max lease TTL for this mount.","type":"string"},"options":{"description":"The options to pass into the backend. Should be a json object with string keys and values.","format":"kvpairs","type":"object"},"passthrough_request_headers":{"description":"A list of headers to whitelist and pass from the request to the plugin.","items":{"type":"string"},"type":"array"},"plugin_version":{"description":"The semantic version of the plugin to use.","type":"string"},"token_type":{"description":"The type of token to issue (service or batch).","type":"string"},"user_lockout_config":{"description":"The user lockout configuration to pass into the backend. Should be a json object with string keys and values.","format":"map","type":"object"}},"type":"object"}}}} ``` ## The OidcConfigureRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcConfigureRequest":{"properties":{"issuer":{"description":"Issuer URL to be used in the iss claim of the token. If not set, Vault's app_addr will be used.","type":"string"}},"type":"object"}}}} ``` ## The OidcIntrospectRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcIntrospectRequest":{"properties":{"client_id":{"description":"Optional client_id to verify","type":"string"},"token":{"description":"Token to verify","type":"string"}},"type":"object"}}}} ``` ## The OidcProviderAuthorizeWithParametersRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcProviderAuthorizeWithParametersRequest":{"properties":{"client_id":{"description":"The ID of the requesting client.","type":"string"},"code_challenge":{"description":"The code challenge derived from the code verifier.","type":"string"},"code_challenge_method":{"default":"plain","description":"The method that was used to derive the code challenge. The following methods are supported: 'S256', 'plain'. Defaults to 'plain'.","type":"string"},"max_age":{"description":"The allowable elapsed time in seconds since the last time the end-user was actively authenticated.","type":"integer"},"nonce":{"description":"The value that will be returned in the ID token nonce claim after a token exchange.","type":"string"},"redirect_uri":{"description":"The redirection URI to which the response will be sent.","type":"string"},"response_type":{"description":"The OIDC authentication flow to be used. The following response types are supported: 'code'","type":"string"},"scope":{"description":"A space-delimited, case-sensitive list of scopes to be requested. The 'openid' scope is required.","type":"string"},"state":{"description":"The value used to maintain state between the authentication request and client.","type":"string"}},"required":["client_id","redirect_uri","response_type","scope"],"type":"object"}}}} ``` ## The OidcProviderTokenRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcProviderTokenRequest":{"properties":{"client_id":{"description":"The ID of the requesting client.","type":"string"},"client_secret":{"description":"The secret of the requesting client.","type":"string"},"code":{"description":"The authorization code received from the provider's authorization endpoint.","type":"string"},"code_verifier":{"description":"The code verifier associated with the authorization code.","type":"string"},"grant_type":{"description":"The authorization grant type. The following grant types are supported: 'authorization_code'.","type":"string"},"redirect_uri":{"description":"The callback location where the authentication response was sent.","type":"string"}},"required":["code","grant_type","redirect_uri"],"type":"object"}}}} ``` ## The OidcRotateKeyRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcRotateKeyRequest":{"properties":{"verification_ttl":{"description":"Controls how long the public portion of a key will be available for verification after being rotated. Setting verification_ttl here will override the verification_ttl set on the key.","format":"seconds","type":"integer"}},"type":"object"}}}} ``` ## The OidcWriteAssignmentRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcWriteAssignmentRequest":{"properties":{"entity_ids":{"description":"Comma separated string or array of identity entity IDs","items":{"type":"string"},"type":"array"},"group_ids":{"description":"Comma separated string or array of identity group IDs","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The OidcWriteClientRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcWriteClientRequest":{"properties":{"access_token_ttl":{"default":"24h","description":"The time-to-live for access tokens obtained by the client.","format":"seconds","type":"integer"},"assignments":{"description":"Comma separated string or array of assignment resources.","items":{"type":"string"},"type":"array"},"client_type":{"default":"confidential","description":"The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: 'confidential', 'public'. Defaults to 'confidential'.","type":"string"},"id_token_ttl":{"default":"24h","description":"The time-to-live for ID tokens obtained by the client.","format":"seconds","type":"integer"},"key":{"default":"default","description":"A reference to a named key resource. Cannot be modified after creation. Defaults to the 'default' key.","type":"string"},"redirect_uris":{"description":"Comma separated string or array of redirect URIs used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The OidcWriteKeyRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcWriteKeyRequest":{"properties":{"algorithm":{"default":"RS256","description":"Signing algorithm to use. This will default to RS256.","type":"string"},"allowed_client_ids":{"description":"Comma separated string or array of role client ids allowed to use this key for signing. If empty no roles are allowed. If \"*\" all roles are allowed.","items":{"type":"string"},"type":"array"},"rotation_period":{"default":"24h","description":"How often to generate a new keypair.","format":"seconds","type":"integer"},"verification_ttl":{"default":"24h","description":"Controls how long the public portion of a key will be available for verification after being rotated.","format":"seconds","type":"integer"}},"type":"object"}}}} ``` ## The OidcWriteProviderRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcWriteProviderRequest":{"properties":{"allowed_client_ids":{"description":"The client IDs that are permitted to use the provider","items":{"type":"string"},"type":"array"},"issuer":{"description":"Specifies what will be used for the iss claim of ID tokens.","type":"string"},"scopes_supported":{"description":"The scopes supported for requesting on the provider","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The OidcWriteRoleRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcWriteRoleRequest":{"properties":{"client_id":{"description":"Optional client_id","type":"string"},"key":{"description":"The OIDC key to use for generating tokens. The specified key must already exist.","type":"string"},"template":{"description":"The template string to use for generating tokens. This may be in string-ified JSON or base64 format.","type":"string"},"ttl":{"default":"24h","description":"TTL of the tokens generated against the role.","format":"seconds","type":"integer"}},"required":["key"],"type":"object"}}}} ``` ## The OidcWriteScopeRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"OidcWriteScopeRequest":{"properties":{"description":{"description":"The description of the scope","type":"string"},"template":{"description":"The template string to use for the scope. This may be in string-ified JSON or base64 format.","type":"string"}},"type":"object"}}}} ``` ## The PersonaCreateRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PersonaCreateRequest":{"properties":{"entity_id":{"description":"Entity ID to which this persona belongs to","type":"string"},"id":{"description":"ID of the persona","type":"string"},"metadata":{"description":"Metadata to be associated with the persona. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"mount_accessor":{"description":"Mount accessor to which this persona belongs to","type":"string"},"name":{"description":"Name of the persona","type":"string"}},"type":"object"}}}} ``` ## The PersonaUpdateByIdRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PersonaUpdateByIdRequest":{"properties":{"entity_id":{"description":"Entity ID to which this persona should be tied to","type":"string"},"metadata":{"description":"Metadata to be associated with the persona. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault metadata=key1=value1 metadata=key2=value2","format":"kvpairs","type":"object"},"mount_accessor":{"description":"Mount accessor to which this persona belongs to","type":"string"},"name":{"description":"Name of the persona","type":"string"}},"type":"object"}}}} ``` ## The PluginsCatalogListPluginsResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PluginsCatalogListPluginsResponse":{"properties":{"detailed":{"format":"map","type":"object"}},"type":"object"}}}} ``` ## The PluginsCatalogListPluginsWithTypeResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PluginsCatalogListPluginsWithTypeResponse":{"properties":{"keys":{"description":"List of plugin names in the catalog","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The PluginsCatalogReadPluginConfigurationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PluginsCatalogReadPluginConfigurationResponse":{"properties":{"args":{"description":"The args passed to plugin command.","items":{"type":"string"},"type":"array"},"builtin":{"type":"boolean"},"command":{"description":"The command used to start the plugin. The executable defined in this command must exist in vault's plugin directory.","type":"string"},"deprecation_status":{"type":"string"},"name":{"description":"The name of the plugin","type":"string"},"sha256":{"description":"The SHA256 sum of the executable used in the command field. This should be HEX encoded.","type":"string"},"version":{"description":"The semantic version of the plugin to use.","type":"string"}},"type":"object"}}}} ``` ## The PluginsCatalogReadPluginConfigurationWithTypeResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PluginsCatalogReadPluginConfigurationWithTypeResponse":{"properties":{"args":{"description":"The args passed to plugin command.","items":{"type":"string"},"type":"array"},"builtin":{"type":"boolean"},"command":{"description":"The command used to start the plugin. The executable defined in this command must exist in vault's plugin directory.","type":"string"},"deprecation_status":{"type":"string"},"name":{"description":"The name of the plugin","type":"string"},"sha256":{"description":"The SHA256 sum of the executable used in the command field. This should be HEX encoded.","type":"string"},"version":{"description":"The semantic version of the plugin to use.","type":"string"}},"type":"object"}}}} ``` ## The PluginsCatalogRegisterPluginRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PluginsCatalogRegisterPluginRequest":{"properties":{"args":{"description":"The args passed to plugin command.","items":{"type":"string"},"type":"array"},"command":{"description":"The command used to start the plugin. The executable defined in this command must exist in vault's plugin directory.","type":"string"},"env":{"description":"The environment variables passed to plugin command. Each entry is of the form \"key=value\".","items":{"type":"string"},"type":"array"},"sha256":{"description":"The SHA256 sum of the executable used in the command field. This should be HEX encoded.","type":"string"},"type":{"description":"The type of the plugin, may be auth, secret, or database","type":"string"},"version":{"description":"The semantic version of the plugin to use.","type":"string"}},"type":"object"}}}} ``` ## The PluginsCatalogRegisterPluginWithTypeRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PluginsCatalogRegisterPluginWithTypeRequest":{"properties":{"args":{"description":"The args passed to plugin command.","items":{"type":"string"},"type":"array"},"command":{"description":"The command used to start the plugin. The executable defined in this command must exist in vault's plugin directory.","type":"string"},"env":{"description":"The environment variables passed to plugin command. Each entry is of the form \"key=value\".","items":{"type":"string"},"type":"array"},"sha256":{"description":"The SHA256 sum of the executable used in the command field. This should be HEX encoded.","type":"string"},"version":{"description":"The semantic version of the plugin to use.","type":"string"}},"type":"object"}}}} ``` ## The PluginsReloadBackendsRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PluginsReloadBackendsRequest":{"properties":{"mounts":{"description":"The mount paths of the plugin backends to reload.","items":{"type":"string"},"type":"array"},"plugin":{"description":"The name of the plugin to reload, as registered in the plugin catalog.","type":"string"},"scope":{"type":"string"}},"type":"object"}}}} ``` ## The PluginsReloadBackendsResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PluginsReloadBackendsResponse":{"properties":{"reload_id":{"type":"string"}},"type":"object"}}}} ``` ## The PoliciesGeneratePasswordFromPasswordPolicyResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PoliciesGeneratePasswordFromPasswordPolicyResponse":{"properties":{"password":{"type":"string"}},"type":"object"}}}} ``` ## The PoliciesListAclPoliciesResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PoliciesListAclPoliciesResponse":{"properties":{"keys":{"items":{"type":"string"},"type":"array"},"policies":{"items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The PoliciesListPasswordPoliciesResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PoliciesListPasswordPoliciesResponse":{"properties":{"keys":{"items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The PoliciesListResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PoliciesListResponse":{"properties":{"keys":{"items":{"type":"string"},"type":"array"},"policies":{"items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The PoliciesReadAclPolicy2Response object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PoliciesReadAclPolicy2Response":{"properties":{"name":{"type":"string"},"policy":{"type":"string"},"rules":{"type":"string"}},"type":"object"}}}} ``` ## The PoliciesReadAclPolicyResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PoliciesReadAclPolicyResponse":{"properties":{"name":{"type":"string"},"policy":{"type":"string"},"rules":{"type":"string"}},"type":"object"}}}} ``` ## The PoliciesReadPasswordPolicyResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PoliciesReadPasswordPolicyResponse":{"properties":{"policy":{"type":"string"}},"type":"object"}}}} ``` ## The PoliciesWriteAclPolicy2Request object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PoliciesWriteAclPolicy2Request":{"properties":{"policy":{"description":"The rules of the policy.","type":"string"},"rules":{"deprecated":true,"description":"The rules of the policy.","type":"string"}},"type":"object"}}}} ``` ## The PoliciesWriteAclPolicyRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PoliciesWriteAclPolicyRequest":{"properties":{"policy":{"description":"The rules of the policy.","type":"string"}},"type":"object"}}}} ``` ## The PoliciesWritePasswordPolicyRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"PoliciesWritePasswordPolicyRequest":{"properties":{"policy":{"description":"The password policy","type":"string"}},"type":"object"}}}} ``` ## The QueryTokenAccessorCapabilitiesRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"QueryTokenAccessorCapabilitiesRequest":{"properties":{"accessor":{"description":"Accessor of the token for which capabilities are being queried.","type":"string"},"path":{"deprecated":true,"description":"Use 'paths' instead.","items":{"type":"string"},"type":"array"},"paths":{"description":"Paths on which capabilities are being queried.","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The QueryTokenCapabilitiesRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"QueryTokenCapabilitiesRequest":{"properties":{"path":{"deprecated":true,"description":"Use 'paths' instead.","items":{"type":"string"},"type":"array"},"paths":{"description":"Paths on which capabilities are being queried.","items":{"type":"string"},"type":"array"},"token":{"description":"Token for which capabilities are being queried.","type":"string"}},"type":"object"}}}} ``` ## The QueryTokenSelfCapabilitiesRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"QueryTokenSelfCapabilitiesRequest":{"properties":{"path":{"deprecated":true,"description":"Use 'paths' instead.","items":{"type":"string"},"type":"array"},"paths":{"description":"Paths on which capabilities are being queried.","items":{"type":"string"},"type":"array"},"token":{"description":"Token for which capabilities are being queried.","type":"string"}},"type":"object"}}}} ``` ## The RateLimitQuotasConfigureRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RateLimitQuotasConfigureRequest":{"properties":{"enable_rate_limit_audit_logging":{"description":"If set, starts audit logging of requests that get rejected due to rate limit quota rule violations.","type":"boolean"},"enable_rate_limit_response_headers":{"description":"If set, additional rate limit quota HTTP headers will be added to responses.","type":"boolean"},"rate_limit_exempt_paths":{"description":"Specifies the list of exempt paths from all rate limit quotas. If empty no paths will be exempt.","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The RateLimitQuotasListResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RateLimitQuotasListResponse":{"properties":{"keys":{"items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The RateLimitQuotasReadConfigurationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RateLimitQuotasReadConfigurationResponse":{"properties":{"enable_rate_limit_audit_logging":{"type":"boolean"},"enable_rate_limit_response_headers":{"type":"boolean"},"rate_limit_exempt_paths":{"items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The RateLimitQuotasReadResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RateLimitQuotasReadResponse":{"properties":{"block_interval":{"type":"integer"},"interval":{"type":"integer"},"name":{"type":"string"},"path":{"type":"string"},"rate":{"format":"float","type":"number"},"role":{"type":"string"},"type":{"type":"string"}},"type":"object"}}}} ``` ## The RateLimitQuotasWriteRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RateLimitQuotasWriteRequest":{"properties":{"block_interval":{"description":"If set, when a client reaches a rate limit threshold, the client will be prohibited from any further requests until after the 'block_interval' has elapsed.","format":"seconds","type":"integer"},"interval":{"description":"The duration to enforce rate limiting for (default '1s').","format":"seconds","type":"integer"},"path":{"description":"Path of the mount or namespace to apply the quota. A blank path configures a global quota. For example namespace1/ adds a quota to a full namespace, namespace1/auth/userpass adds a quota to userpass in namespace1.","type":"string"},"rate":{"description":"The maximum number of requests in a given interval to be allowed by the quota rule. The 'rate' must be positive.","format":"float","type":"number"},"role":{"description":"Login role to apply this quota to. Note that when set, path must be configured to a valid auth method with a concept of roles.","type":"string"},"type":{"description":"Type of the quota rule.","type":"string"}},"type":"object"}}}} ``` ## The ReadWrappingProperties2Response object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"ReadWrappingProperties2Response":{"properties":{"creation_path":{"type":"string"},"creation_time":{"format":"date-time","type":"string"},"creation_ttl":{"format":"seconds","type":"integer"}},"type":"object"}}}} ``` ## The ReadWrappingPropertiesRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"ReadWrappingPropertiesRequest":{"properties":{"token":{"type":"string"}},"type":"object"}}}} ``` ## The ReadWrappingPropertiesResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"ReadWrappingPropertiesResponse":{"properties":{"creation_path":{"type":"string"},"creation_time":{"format":"date-time","type":"string"},"creation_ttl":{"format":"seconds","type":"integer"}},"type":"object"}}}} ``` ## The RekeyAttemptInitializeRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyAttemptInitializeRequest":{"properties":{"backup":{"description":"Specifies if using PGP-encrypted keys, whether Vault should also store a plaintext backup of the PGP-encrypted keys.","type":"boolean"},"pgp_keys":{"description":"Specifies an array of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as secret_shares.","items":{"type":"string"},"type":"array"},"require_verification":{"description":"Turns on verification functionality","type":"boolean"},"secret_shares":{"description":"Specifies the number of shares to split the unseal key into.","type":"integer"},"secret_threshold":{"description":"Specifies the number of shares required to reconstruct the unseal key. This must be less than or equal secret_shares. If using Vault HSM with auto-unsealing, this value must be the same as secret_shares.","type":"integer"}},"type":"object"}}}} ``` ## The RekeyAttemptInitializeResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyAttemptInitializeResponse":{"properties":{"backup":{"type":"boolean"},"n":{"type":"integer"},"nounce":{"type":"string"},"pgp_fingerprints":{"items":{"type":"string"},"type":"array"},"progress":{"type":"integer"},"required":{"type":"integer"},"started":{"type":"string"},"t":{"type":"integer"},"verification_nonce":{"type":"string"},"verification_required":{"type":"boolean"}},"type":"object"}}}} ``` ## The RekeyAttemptReadProgressResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyAttemptReadProgressResponse":{"properties":{"backup":{"type":"boolean"},"n":{"type":"integer"},"nounce":{"type":"string"},"pgp_fingerprints":{"items":{"type":"string"},"type":"array"},"progress":{"type":"integer"},"required":{"type":"integer"},"started":{"type":"string"},"t":{"type":"integer"},"verification_nonce":{"type":"string"},"verification_required":{"type":"boolean"}},"type":"object"}}}} ``` ## The RekeyAttemptUpdateRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyAttemptUpdateRequest":{"properties":{"key":{"description":"Specifies a single unseal key share.","type":"string"},"nonce":{"description":"Specifies the nonce of the rekey attempt.","type":"string"}},"type":"object"}}}} ``` ## The RekeyAttemptUpdateResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyAttemptUpdateResponse":{"properties":{"backup":{"type":"boolean"},"complete":{"type":"boolean"},"keys":{"items":{"type":"string"},"type":"array"},"keys_base64":{"items":{"type":"string"},"type":"array"},"n":{"type":"integer"},"nounce":{"type":"string"},"pgp_fingerprints":{"items":{"type":"string"},"type":"array"},"progress":{"type":"integer"},"required":{"type":"integer"},"started":{"type":"string"},"t":{"type":"integer"},"verification_nonce":{"type":"string"},"verification_required":{"type":"boolean"}},"type":"object"}}}} ``` ## The RekeyReadBackupKeyResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyReadBackupKeyResponse":{"properties":{"keys":{"format":"map","type":"object"},"keys_base64":{"format":"map","type":"object"},"nonce":{"type":"string"}},"type":"object"}}}} ``` ## The RekeyReadBackupRecoveryKeyResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyReadBackupRecoveryKeyResponse":{"properties":{"keys":{"format":"map","type":"object"},"keys_base64":{"format":"map","type":"object"},"nonce":{"type":"string"}},"type":"object"}}}} ``` ## The RekeyVerificationCancelResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyVerificationCancelResponse":{"properties":{"n":{"type":"integer"},"nounce":{"type":"string"},"progress":{"type":"integer"},"started":{"type":"string"},"t":{"type":"integer"}},"type":"object"}}}} ``` ## The RekeyVerificationReadProgressResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyVerificationReadProgressResponse":{"properties":{"n":{"type":"integer"},"nounce":{"type":"string"},"progress":{"type":"integer"},"started":{"type":"string"},"t":{"type":"integer"}},"type":"object"}}}} ``` ## The RekeyVerificationUpdateRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyVerificationUpdateRequest":{"properties":{"key":{"description":"Specifies a single unseal share key from the new set of shares.","type":"string"},"nonce":{"description":"Specifies the nonce of the rekey verification operation.","type":"string"}},"type":"object"}}}} ``` ## The RekeyVerificationUpdateResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RekeyVerificationUpdateResponse":{"properties":{"complete":{"type":"boolean"},"nounce":{"type":"string"}},"type":"object"}}}} ``` ## The RemountRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RemountRequest":{"properties":{"from":{"description":"The previous mount point.","type":"string"},"to":{"description":"The new mount point.","type":"string"}},"type":"object"}}}} ``` ## The RemountResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RemountResponse":{"properties":{"migration_id":{"type":"string"}},"type":"object"}}}} ``` ## The RemountStatusResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RemountStatusResponse":{"properties":{"migration_id":{"type":"string"},"migration_info":{"format":"map","type":"object"}},"type":"object"}}}} ``` ## The RewrapRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RewrapRequest":{"properties":{"token":{"type":"string"}},"type":"object"}}}} ``` ## The RootTokenGenerationInitialize2Request object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RootTokenGenerationInitialize2Request":{"properties":{"pgp_key":{"description":"Specifies a base64-encoded PGP public key.","type":"string"}},"type":"object"}}}} ``` ## The RootTokenGenerationInitialize2Response object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RootTokenGenerationInitialize2Response":{"properties":{"complete":{"type":"boolean"},"encoded_root_token":{"type":"string"},"encoded_token":{"type":"string"},"nonce":{"type":"string"},"otp":{"type":"string"},"otp_length":{"type":"integer"},"pgp_fingerprint":{"type":"string"},"progress":{"type":"integer"},"required":{"type":"integer"},"started":{"type":"boolean"}},"type":"object"}}}} ``` ## The RootTokenGenerationInitializeRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RootTokenGenerationInitializeRequest":{"properties":{"pgp_key":{"description":"Specifies a base64-encoded PGP public key.","type":"string"}},"type":"object"}}}} ``` ## The RootTokenGenerationInitializeResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RootTokenGenerationInitializeResponse":{"properties":{"complete":{"type":"boolean"},"encoded_root_token":{"type":"string"},"encoded_token":{"type":"string"},"nonce":{"type":"string"},"otp":{"type":"string"},"otp_length":{"type":"integer"},"pgp_fingerprint":{"type":"string"},"progress":{"type":"integer"},"required":{"type":"integer"},"started":{"type":"boolean"}},"type":"object"}}}} ``` ## The RootTokenGenerationReadProgress2Response object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RootTokenGenerationReadProgress2Response":{"properties":{"complete":{"type":"boolean"},"encoded_root_token":{"type":"string"},"encoded_token":{"type":"string"},"nonce":{"type":"string"},"otp":{"type":"string"},"otp_length":{"type":"integer"},"pgp_fingerprint":{"type":"string"},"progress":{"type":"integer"},"required":{"type":"integer"},"started":{"type":"boolean"}},"type":"object"}}}} ``` ## The RootTokenGenerationReadProgressResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RootTokenGenerationReadProgressResponse":{"properties":{"complete":{"type":"boolean"},"encoded_root_token":{"type":"string"},"encoded_token":{"type":"string"},"nonce":{"type":"string"},"otp":{"type":"string"},"otp_length":{"type":"integer"},"pgp_fingerprint":{"type":"string"},"progress":{"type":"integer"},"required":{"type":"integer"},"started":{"type":"boolean"}},"type":"object"}}}} ``` ## The RootTokenGenerationUpdateRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RootTokenGenerationUpdateRequest":{"properties":{"key":{"description":"Specifies a single unseal key share.","type":"string"},"nonce":{"description":"Specifies the nonce of the attempt.","type":"string"}},"type":"object"}}}} ``` ## The RootTokenGenerationUpdateResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"RootTokenGenerationUpdateResponse":{"properties":{"complete":{"type":"boolean"},"encoded_root_token":{"type":"string"},"encoded_token":{"type":"string"},"nonce":{"type":"string"},"otp":{"type":"string"},"otp_length":{"type":"integer"},"pgp_fingerprint":{"type":"string"},"progress":{"type":"integer"},"required":{"type":"integer"},"started":{"type":"boolean"}},"type":"object"}}}} ``` ## The SealStatusResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"SealStatusResponse":{"properties":{"build_date":{"type":"string"},"cluster_id":{"type":"string"},"cluster_name":{"type":"string"},"hcp_link_resource_ID":{"type":"string"},"hcp_link_status":{"type":"string"},"initialized":{"type":"boolean"},"migration":{"type":"boolean"},"n":{"type":"integer"},"nonce":{"type":"string"},"progress":{"type":"integer"},"recovery_seal":{"type":"boolean"},"sealed":{"type":"boolean"},"storage_type":{"type":"string"},"t":{"type":"integer"},"type":{"type":"string"},"version":{"type":"string"}},"type":"object"}}}} ``` ## The SystemListNamespacesResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"SystemListNamespacesResponse":{"properties":{"keys":{"items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The SystemPatchNamespacesPathResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"SystemPatchNamespacesPathResponse":{"properties":{"custom_metadata":{"format":"map","type":"object"},"id":{"type":"string"},"path":{"type":"string"}},"type":"object"}}}} ``` ## The SystemReadNamespacesPathResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"SystemReadNamespacesPathResponse":{"properties":{"custom_metadata":{"format":"map","type":"object"},"id":{"type":"string"},"path":{"type":"string"}},"type":"object"}}}} ``` ## The SystemWriteNamespacesApiLockLockRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"SystemWriteNamespacesApiLockLockRequest":{"properties":{"path":{"type":"string"}},"required":["path"],"type":"object"}}}} ``` ## The SystemWriteNamespacesApiLockUnlockRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"SystemWriteNamespacesApiLockUnlockRequest":{"properties":{"path":{"type":"string"}},"required":["path"],"type":"object"}}}} ``` ## The SystemWriteNamespacesPathRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"SystemWriteNamespacesPathRequest":{"properties":{"custom_metadata":{"description":"A map of arbitrary string to string valued user-provided metadata meant to describe the namespace","format":"map","type":"object"}},"type":"object"}}}} ``` ## The SystemWriteNamespacesPathResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"SystemWriteNamespacesPathResponse":{"properties":{"custom_metadata":{"format":"map","type":"object"},"id":{"type":"string"},"path":{"type":"string"}},"type":"object"}}}} ``` ## The TokenCreateAgainstRoleRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenCreateAgainstRoleRequest":{"properties":{"display_name":{"description":"Name to associate with this token","type":"string"},"entity_alias":{"description":"Name of the entity alias to associate with this token","type":"string"},"explicit_max_ttl":{"description":"Explicit Max TTL of this token","type":"string"},"id":{"description":"Value for the token","type":"string"},"lease":{"deprecated":true,"description":"Use 'ttl' instead","type":"string"},"meta":{"description":"Arbitrary key=value metadata to associate with the token","format":"kvpairs","type":"object"},"no_default_policy":{"description":"Do not include default policy for this token","type":"boolean"},"no_parent":{"description":"Create the token with no parent","type":"boolean"},"num_uses":{"description":"Max number of uses for this token","type":"integer"},"period":{"description":"Renew period","type":"string"},"policies":{"description":"List of policies for the token","items":{"type":"string"},"type":"array"},"renewable":{"default":true,"description":"Allow token to be renewed past its initial TTL up to system/mount maximum TTL","type":"boolean"},"ttl":{"description":"Time to live for this token","type":"string"},"type":{"description":"Token type","type":"string"}},"type":"object"}}}} ``` ## The TokenCreateOrphanRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenCreateOrphanRequest":{"properties":{"display_name":{"description":"Name to associate with this token","type":"string"},"entity_alias":{"description":"Name of the entity alias to associate with this token","type":"string"},"explicit_max_ttl":{"description":"Explicit Max TTL of this token","type":"string"},"id":{"description":"Value for the token","type":"string"},"lease":{"deprecated":true,"description":"Use 'ttl' instead","type":"string"},"meta":{"description":"Arbitrary key=value metadata to associate with the token","format":"kvpairs","type":"object"},"no_default_policy":{"description":"Do not include default policy for this token","type":"boolean"},"no_parent":{"description":"Create the token with no parent","type":"boolean"},"num_uses":{"description":"Max number of uses for this token","type":"integer"},"period":{"description":"Renew period","type":"string"},"policies":{"description":"List of policies for the token","items":{"type":"string"},"type":"array"},"renewable":{"default":true,"description":"Allow token to be renewed past its initial TTL up to system/mount maximum TTL","type":"boolean"},"ttl":{"description":"Time to live for this token","type":"string"},"type":{"description":"Token type","type":"string"}},"type":"object"}}}} ``` ## The TokenCreateRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenCreateRequest":{"properties":{"display_name":{"description":"Name to associate with this token","type":"string"},"entity_alias":{"description":"Name of the entity alias to associate with this token","type":"string"},"explicit_max_ttl":{"description":"Explicit Max TTL of this token","type":"string"},"id":{"description":"Value for the token","type":"string"},"lease":{"deprecated":true,"description":"Use 'ttl' instead","type":"string"},"meta":{"description":"Arbitrary key=value metadata to associate with the token","format":"kvpairs","type":"object"},"no_default_policy":{"description":"Do not include default policy for this token","type":"boolean"},"no_parent":{"description":"Create the token with no parent","type":"boolean"},"num_uses":{"description":"Max number of uses for this token","type":"integer"},"period":{"description":"Renew period","type":"string"},"policies":{"description":"List of policies for the token","items":{"type":"string"},"type":"array"},"renewable":{"default":true,"description":"Allow token to be renewed past its initial TTL up to system/mount maximum TTL","type":"boolean"},"ttl":{"description":"Time to live for this token","type":"string"},"type":{"description":"Token type","type":"string"}},"type":"object"}}}} ``` ## The TokenLookUpAccessorRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenLookUpAccessorRequest":{"properties":{"accessor":{"description":"Accessor of the token to look up (request body)","type":"string"}},"type":"object"}}}} ``` ## The TokenLookUpRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenLookUpRequest":{"properties":{"token":{"description":"Token to lookup (POST request body)","type":"string"}},"type":"object"}}}} ``` ## The TokenLookUpSelf2Request object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenLookUpSelf2Request":{"properties":{"token":{"description":"Token to look up (unused, does not need to be set)","type":"string"}},"type":"object"}}}} ``` ## The TokenRenewAccessorRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenRenewAccessorRequest":{"properties":{"accessor":{"description":"Accessor of the token to renew (request body)","type":"string"},"increment":{"default":0,"description":"The desired increment in seconds to the token expiration","format":"seconds","type":"integer"}},"type":"object"}}}} ``` ## The TokenRenewRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenRenewRequest":{"properties":{"increment":{"default":0,"description":"The desired increment in seconds to the token expiration","format":"seconds","type":"integer"},"token":{"description":"Token to renew (request body)","type":"string"}},"type":"object"}}}} ``` ## The TokenRenewSelfRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenRenewSelfRequest":{"properties":{"increment":{"default":0,"description":"The desired increment in seconds to the token expiration","format":"seconds","type":"integer"},"token":{"description":"Token to renew (unused, does not need to be set)","type":"string"}},"type":"object"}}}} ``` ## The TokenRevokeAccessorRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenRevokeAccessorRequest":{"properties":{"accessor":{"description":"Accessor of the token (request body)","type":"string"}},"type":"object"}}}} ``` ## The TokenRevokeOrphanRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenRevokeOrphanRequest":{"properties":{"token":{"description":"Token to revoke (request body)","type":"string"}},"type":"object"}}}} ``` ## The TokenRevokeRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenRevokeRequest":{"properties":{"token":{"description":"Token to revoke (request body)","type":"string"}},"type":"object"}}}} ``` ## The TokenWriteRoleRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"TokenWriteRoleRequest":{"properties":{"allowed_entity_aliases":{"description":"String or JSON list of allowed entity aliases. If set, specifies the entity aliases which are allowed to be used during token generation. This field supports globbing.","items":{"type":"string"},"type":"array"},"allowed_policies":{"description":"If set, tokens can be created with any subset of the policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. The parameter is a comma-delimited string of policy names.","items":{"type":"string"},"type":"array"},"allowed_policies_glob":{"description":"If set, tokens can be created with any subset of glob matched policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. The parameter is a comma-delimited string of policy name globs.","items":{"type":"string"},"type":"array"},"bound_cidrs":{"deprecated":true,"description":"Use 'token_bound_cidrs' instead.","items":{"type":"string"},"type":"array"},"disallowed_policies":{"description":"If set, successful token creation via this role will require that no policies in the given list are requested. The parameter is a comma-delimited string of policy names.","items":{"type":"string"},"type":"array"},"disallowed_policies_glob":{"description":"If set, successful token creation via this role will require that no requested policies glob match any of policies in this list. The parameter is a comma-delimited string of policy name globs.","items":{"type":"string"},"type":"array"},"explicit_max_ttl":{"deprecated":true,"description":"Use 'token_explicit_max_ttl' instead.","format":"seconds","type":"integer"},"orphan":{"description":"If true, tokens created via this role will be orphan tokens (have no parent)","type":"boolean"},"path_suffix":{"description":"If set, tokens created via this role will contain the given suffix as a part of their path. This can be used to assist use of the 'revoke-prefix' endpoint later on. The given suffix must match the regular expression.\\w[\\w-.]+\\w","type":"string"},"period":{"deprecated":true,"description":"Use 'token_period' instead.","format":"seconds","type":"integer"},"renewable":{"default":true,"description":"Tokens created via this role will be renewable or not according to this value. Defaults to \"true\".","type":"boolean"},"token_bound_cidrs":{"description":"Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.","items":{"type":"string"},"type":"array"},"token_explicit_max_ttl":{"description":"If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.","format":"seconds","type":"integer"},"token_no_default_policy":{"description":"If true, the 'default' policy will not automatically be added to generated tokens","type":"boolean"},"token_num_uses":{"description":"The maximum number of times a token may be used, a value of zero means unlimited","type":"integer"},"token_period":{"description":"If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").","format":"seconds","type":"integer"},"token_type":{"default":"default-service","description":"The type of token to generate, service or batch","type":"string"}},"type":"object"}}}} ``` ## The UiHeadersConfigureRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"UiHeadersConfigureRequest":{"properties":{"multivalue":{"description":"Returns multiple values if true","type":"boolean"},"values":{"description":"The values to set the header.","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The UiHeadersListResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"UiHeadersListResponse":{"properties":{"keys":{"description":"Lists of configured UI headers. Omitted if list is empty","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The UiHeadersReadConfigurationResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"UiHeadersReadConfigurationResponse":{"properties":{"value":{"description":"returns the first header value when `multivalue` request parameter is false","type":"string"},"values":{"description":"returns all header values when `multivalue` request parameter is true","items":{"type":"string"},"type":"array"}},"type":"object"}}}} ``` ## The UnsealRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"UnsealRequest":{"properties":{"key":{"description":"Specifies a single unseal key share. This is required unless reset is true.","type":"string"},"reset":{"description":"Specifies if previously-provided unseal keys are discarded and the unseal process is reset.","type":"boolean"}},"type":"object"}}}} ``` ## The UnsealResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"UnsealResponse":{"properties":{"build_date":{"type":"string"},"cluster_id":{"type":"string"},"cluster_name":{"type":"string"},"hcp_link_resource_ID":{"type":"string"},"hcp_link_status":{"type":"string"},"initialized":{"type":"boolean"},"migration":{"type":"boolean"},"n":{"type":"integer"},"nonce":{"type":"string"},"progress":{"type":"integer"},"recovery_seal":{"type":"boolean"},"sealed":{"type":"boolean"},"storage_type":{"type":"string"},"t":{"type":"integer"},"type":{"type":"string"},"version":{"type":"string"}},"type":"object"}}}} ``` ## The UnwrapRequest object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"UnwrapRequest":{"properties":{"token":{"type":"string"}},"type":"object"}}}} ``` ## The VersionHistoryResponse object ```json {"openapi":"3.0.2","info":{"title":"Enclaive Vault API","version":"1.3.2"},"components":{"schemas":{"VersionHistoryResponse":{"properties":{"key_info":{"format":"kvpairs","type":"object"},"keys":{"items":{"type":"string"},"type":"array"}},"type":"object"}}}} ```