Vault API
A zero-knowledge encrypted credential store for your organization. Store API keys, login credentials, SSH keys, and other secrets — Inkbox never sees the plaintext. All encryption and decryption happens client-side using your vault key.
API base URL:
https://inkbox.ai/api/v1/vaultQuick start
Create an account and get your service token from the Inkbox console:
Get service tokenMost vault API requests support service-token authentication. Vault deletion is handled separately in the Inkbox Console. See individual endpoint docs for details.
X-Service-Token: YOUR_SERVICE_TOKENVault
Only one active vault can exist per organization. After deleting a vault, you can initialize a new one.
Get vault info
GETGet vault metadata including secret and key counts
/api/v1/vault/infoUnlock vault
GETFetch encrypted secrets and wrapped keys for client-side decryption
/api/v1/vault/unlockDelete vault
DELETEDelete the vault and all its keys and secrets
/api/v1/vaultSecrets
Create secret
POSTStore a new encrypted secret
/api/v1/vault/secretsList secrets
GETList all secrets (metadata only, no payloads)
/api/v1/vault/secretsGet secret
GETGet a single secret with its encrypted payload
/api/v1/vault/secrets/{secret_id}Update secret
PATCHUpdate a secret's name, description, or encrypted payload
/api/v1/vault/secrets/{secret_id}Delete secret
DELETEDelete a secret
/api/v1/vault/secrets/{secret_id}Keys
List vault keys
GETList all vault keys (primary and recovery)
/api/v1/vault/keysReplace primary key
PUTReplace the primary vault key using current key or recovery code
/api/v1/vault/keys/primaryRevoke vault key
DELETERevoke a vault key by its auth hash
/api/v1/vault/keys/{auth_hash}Access control
Grant identity access
POSTGrant an agent identity access to a specific secret
/api/v1/vault/secrets/{secret_id}/accessList access rules
GETList all identity access rules for a secret
/api/v1/vault/secrets/{secret_id}/accessRevoke identity access
DELETERevoke an identity's access to a secret
/api/v1/vault/secrets/{secret_id}/access/{identity_id}Vault info response
GET /vault/info returns the following fields:
| Field | Type | Description |
|---|---|---|
id | UUID | Vault identifier |
organization_id | string | Organization that owns this vault |
status | string | Lifecycle status: active or deleted |
created_at | string | Creation timestamp (ISO 8601) |
updated_at | string | Last update timestamp (ISO 8601) |
key_count | integer | Number of active primary vault keys |
secret_count | integer | Number of active vault secrets |
recovery_key_count | integer | Number of active recovery keys |
Delete vault DELETE
DELETE /vaultDelete the vault and all associated keys and secrets. This is a destructive operation — all vault keys and secrets are permanently inaccessible after deletion. This action is performed in the Inkbox Console.
After deletion, the organization can initialize a new vault. The deleted vault does not block creating a new one.
Response
Returns 204 No Content on success.
Where to delete a vault
Delete the vault from the Inkbox Console:
Open Inkbox Console