Creates a new encrypted vault with scope-based default permissions.
POST /api/v1/machine/vault| Header | Type | Required | Description |
|---|---|---|---|
X-API-Key | string | Yes | Your API key |
Content-Type | string | Yes | Must be application/json |
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | The name of the vault (max 255 characters) |
encryptionKeyId | string | Yes | The encryption key ID. Encryption is required for machine-created vaults. |
projectId | string | No | Optional project ID to grant project-level WRITE access to the vault |
dataClassification | string | No | Data classification level: PUBLIC, INTERNAL, CONFIDENTIAL, or CUI |
Default permissions are determined by the API key scope:
projectId is provided, the project is additionally granted WRITE accessSuccess (201 Created)
{
"id": "507f1f77bcf86cd799439016"
}| Field | Type | Description |
|---|---|---|
id | string | The unique identifier of the newly created vault |
400 Bad Request - Invalid request body or vault creation failed
{
"error": {
"code": "vault_creation_failed",
"message": "Failed to create vault. Please verify your input and try again."
}
}404 Not Found - Encryption key or project not found
{
"error": {
"code": "encryption_key_not_found",
"message": "The encryption key with the provided ID was not found or you do not have access to it."
}
}curl -X POST "https://r4.dev/api/v1/machine/vault" \
-H "X-API-Key: rk_abc123def456.ghijklmnopqrstuvwxyz" \
-H "Content-Type: application/json" \
-d '{
"name": "Production Secrets",
"encryptionKeyId": "507f1f77bcf86cd799439015",
"projectId": "507f1f77bcf86cd799439014",
"dataClassification": "CONFIDENTIAL"
}'