Keys can be accessed either:
Keys are immutable and not versioned.
Authorization: Bearer VAULT_ACCESS_KEY
Accept: application/json
Authorization: Bearer RESOURCE_PUBLIC_TOKEN
Public tokens only apply to keys that were marked Public when created.
Use include=keys:
GET /api/v1/vaults/{vault_id}?include=keys
Example:
curl --request GET \
--url "https://secryn.example.com/api/v1/vaults/{vault_id}?include=keys" \
--header "Accept: application/json" \
--header "Authorization: Bearer VAULT_ACCESS_KEY"
id, name, type, key_type, key_size, activation_date, expiration_date, tags
Vault listing only includes keys that are:
activation_date is null, oractivation_date <= now()If a key is expired, it may be returned in the list as:
{ "id": "<key-id>", "message": "Resource expired" }
Use the vault endpoint with resource=:
GET /api/v1/vaults/{vault_id}?resource={key_id}
Example:
curl --request GET \
--url "https://secryn.example.com/api/v1/vaults/{vault_id}?resource={key_id}" \
--header "Authorization: Bearer VAULT_ACCESS_KEY"
When fetching a key by resource ID, Secryn returns the key file contents (PEM) with:
Content-Type: application/x-pem-fileno-store, no-cache)403 Forbidden -> key is not active yet (activation_date in the future)410 Gone -> key is expired404 Not Found -> key does not exist in that vaultIf a key was created with Public visibility, it can be accessed directly using the public token:
GET /api/v1/keys/{key_id}
Authorization: Bearer RESOURCE_PUBLIC_TOKEN
Example:
curl --request GET \
--url "https://secryn.example.com/api/v1/keys/{key_id}" \
--header "Authorization: Bearer RESOURCE_PUBLIC_TOKEN"
Public access behavior:
application/x-pem-file)410 when fetched directly