Vault (Secrets)
Encrypted key-value secret storage with environment support, versioning, and bulk operations. Secrets are AES-encrypted at rest.
Create a Secret
POST /projects/{project_id}/vault
{
"key": "STRIPE_SECRET_KEY",
"value": "sk_live_abc123...",
"description": "Stripe live API key",
"environment": "production"
}List Secrets
GET /projects/{project_id}/vault?environment=production
{
"secrets": [
{
"id": "uuid",
"key": "STRIPE_SECRET_KEY",
"description": "Stripe live API key",
"environment": "production",
"version": 3,
"updated_at": "..."
}
],
"total": 1
}Get Secret Value
// Masked (default)
GET /projects/{project_id}/vault/STRIPE_SECRET_KEY?environment=production
// → { "value_preview": "sk_l•••••••••" }
// Revealed
GET /projects/{project_id}/vault/STRIPE_SECRET_KEY?reveal=true&environment=production
// → { "value": "sk_live_abc123..." }Update Secret
PUT /projects/{project_id}/vault/STRIPE_SECRET_KEY?environment=production
{ "value": "sk_live_new_key..." }
// Response — version auto-increments
{ "updated": true, "key": "STRIPE_SECRET_KEY", "version": 4 }Delete Secret
DELETE /projects/{project_id}/vault/STRIPE_SECRET_KEY?environment=production
Bulk Operations
// Bulk create/update
POST /projects/{project_id}/vault/bulk
{
"secrets": [
{ "key": "DB_HOST", "value": "db.example.com" },
{ "key": "DB_PORT", "value": "5432" },
{ "key": "DB_PASS", "value": "secret123" }
],
"environment": "production"
}Environments
Secrets are scoped by environment. Supported values: production, staging, development.