Use the /v1/vaults endpoints to create, update, and delete vaults. Requests must include a project scope and RBAC allows only owners to make changes.
POST /v1/vaults HTTP/1.1
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "payments-prod",
"replication_regions": ["us-east-1", "eu-central-1"],
"restricted": true
}
Responses include vault IDs, creation timestamps, and replication status so you can poll for readiness before provisioning secrets.