Secrets

Secrets are stored inside vaults and can only be accessed via the Vault API using a Vault Access Key. Secrets are never accessible using public resource tokens.

Secrets are versioned in the application, but the API always returns the current active version.

How to Fetch Secrets

Secrets are retrieved from:

GET /api/v1/vaults/{vault_id}

Authentication is required:

Authorization: Bearer VAULT_ACCESS_KEY
Accept: application/json

Fetch All Secrets (Names + Values)

Default behavior returns all active secrets with values:

curl --request GET \
  --url "https://secryn.example.com/api/v1/vaults/{vault_id}" \
  --header "Accept: application/json" \
  --header "Authorization: Bearer VAULT_ACCESS_KEY"

Returned fields include:

• id
• name
• value
• content_type
• tags

Fetch Secret Names Only

If you only need the list of secret names (without values):

GET /api/v1/vaults/{vault_id}?secrets=names

Example:

curl --request GET \
  --url "https://secryn.example.com/api/v1/vaults/{vault_id}?secrets=names" \
  --header "Accept: application/json" \
  --header "Authorization: Bearer VAULT_ACCESS_KEY"

Returned fields:

• id
• name

Fetch a Single Secret by ID

To fetch a specific secret (active only) using the vault endpoint:

GET /api/v1/vaults/{vault_id}?resource={secret_id}

Example:

curl --request GET \
  --url "https://secryn.example.com/api/v1/vaults/{vault_id}?resource={secret_id}" \
  --header "Accept: application/json" \
  --header "Authorization: Bearer VAULT_ACCESS_KEY"

Returned fields:

• id
• name
• value
• content_type
• tags

If the secret is not found (or not active), the API returns:

404 Not Found

Notes

• Secrets are never public.
• Secrets require a vault access key.
• API returns only active secrets.
• Secret access is recorded in Request Logs.