API

API Examples

Practical Secryn API examples for vault access, resource downloads, CI/CD, and error handling.

API Examples

This section provides practical examples for common Secryn API use cases.

All examples assume:

  • API version: /api/v1
  • Authentication via Authorization: Bearer <TOKEN>
  • JSON responses unless noted otherwise

1. Fetch All Secrets (Default)

Returns all active secrets (including values).

curl --request GET \
  --url "https://secryn.example.com/api/v1/vaults/{vault_id}" \
  --header "Accept: application/json" \
  --header "Authorization: Bearer VAULT_ACCESS_KEY"

Example Response

{
  "id": "721957a3289697010d59db7ecf6cca2bc7515f790292c8ece6b4915a09930511",
  "name": "Production Vault",
  "secrets": [
    {
      "id": "b9ae97d1-7a4f-439f-8f93-6e6ddf5108ed",
      "name": "DB_PASSWORD",
      "value": "super-secret-password",
      "content_type": "text/plain",
      "tags": ["database", "production"]
    }
  ]
}

2. Fetch Secret Names Only

Useful when you only need metadata.

curl --request GET \
  --url "https://secryn.example.com/api/v1/vaults/{vault_id}?secrets=names" \
  --header "Authorization: Bearer VAULT_ACCESS_KEY"

Example Response

{
  "id": "721957a3289697010d59db7ecf6cca2bc7515f790292c8ece6b4915a09930511",
  "name": "Production Vault",
  "secrets": [
    {
      "id": "b9ae97d1-7a4f-439f-8f93-6e6ddf5108ed",
      "name": "DB_PASSWORD"
    }
  ]
}

3. Fetch a Single Secret

curl --request GET \
  --url "https://secryn.example.com/api/v1/vaults/{vault_id}?resource={secret_id}" \
  --header "Authorization: Bearer VAULT_ACCESS_KEY"

4. List Keys in a Vault

curl --request GET \
  --url "https://secryn.example.com/api/v1/vaults/{vault_id}?include=keys" \
  --header "Authorization: Bearer VAULT_ACCESS_KEY"

Example Response

{
  "id": "vault-id",
  "name": "Production Vault",
  "keys": [
    {
      "id": "8b280b73-4ff5-4fa3-972b-008c1563b730",
      "name": "JWT_SIGNING_KEY",
      "type": "rsa",
      "key_type": "RSA",
      "key_size": 2048,
      "activation_date": null,
      "expiration_date": "2026-12-01T00:00:00Z",
      "tags": ["auth"]
    }
  ]
}

5. Download a Key (Vault Access)

Returns PEM file.

curl --request GET \
  --url "https://secryn.example.com/api/v1/vaults/{vault_id}?resource={key_id}" \
  --header "Authorization: Bearer VAULT_ACCESS_KEY" \
  --output key.pem

6. Download a Public Key

If key is marked public:

curl --request GET \
  --url "https://secryn.example.com/api/v1/keys/{key_id}" \
  --header "Authorization: Bearer RESOURCE_PUBLIC_TOKEN" \
  --output key.pem

7. Download a Certificate (Vault Access)

curl --request GET \
  --url "https://secryn.example.com/api/v1/vaults/{vault_id}?resource={certificate_id}" \
  --header "Authorization: Bearer VAULT_ACCESS_KEY" \
  --output cert.pem

8. Download a Public Certificate

curl --request GET \
  --url "https://secryn.example.com/api/v1/certificates/{certificate_id}" \
  --header "Authorization: Bearer RESOURCE_PUBLIC_TOKEN" \
  --output cert.pem

9. CI/CD Example (GitHub Actions)

name: Fetch Secrets

jobs:
  fetch:
    runs-on: ubuntu-latest
    steps:
      - name: Get secrets
        run: |
          curl -H "Authorization: Bearer $SECRYN_TOKEN" \
               -H "Accept: application/json" \
               https://secryn.example.com/api/v1/vaults/$VAULT_ID > secrets.json
        env:
          SECRYN_TOKEN: ${{ secrets.SECRYN_TOKEN }}
          VAULT_ID: ${{ secrets.VAULT_ID }}

10. Error Handling Example

Invalid token:

{
  "message": "Unauthorized"
}

Expired key/certificate:

{
  "message": "Resource expired"
}

Content Types

ResourceContent Type
Secretsapplication/json
Keys (download)application/x-pem-file
Certificates (download)application/x-pem-file

Certificates