Access keys provide programmatic access to vault data through Secryn’s API. They are always scoped to a single vault and are intended for automation, integrations, and non-interactive workflows.
An access key is a secure, read-only token used to authenticate API requests. When paired with a vault ID, it allows authorized systems to retrieve resources from that vault. Access keys:
Each access key belongs to exactly one vault. Project-level permissions and restricted vault rules do not apply—if the key is valid, access is granted only within that vault. This makes access keys suitable for external integrations where fine-grained project permissions are not desired.
Using an access key, clients can:
Responses always reflect the current active state of the resource.
API calls include:
Missing or invalid values cause the request to fail. Access keys do not represent users and do not create user sessions.
Revoke and replace a key immediately if compromise is suspected.
Rotation does not modify stored resources.
| Feature | Access Keys | Public URLs |
|---|---|---|
| Authentication | Required | Not required |
| Scope | Entire vault | Single resource |
| Supported resources | Secrets, keys, certificates | Keys, certificates only |
| Mutability | Read-only | Read-only |
| Revocable | Yes | Yes |
Use access keys when multiple resources or secrets must be accessed. Use public URLs only when a single key or certificate needs to be shared without authentication.
Access keys are the primary mechanism for secure, automated access to vault data in Secryn, providing a predictable integration model without exposing user credentials.