Skip to main content

Encrypt blob


Creates ciphertext for the value of a BLOB type property.

Receives a query parameter, prop, containing the name of a BLOB type property, and raw bytes (not a JSON object) in the request body. The ciphertext is returned in the response body as raw bytes (application/octet-stream`).

See Encrypt for more information about the encryption process and request parameters.


Path parameters

  • collection - string required*

    The name of a collection.

Query parameters

  • expiration_secs - string

    Encrypted object expiration time in seconds. If not set, the default expiration time is used. See the PVAULT_EXPIRATION_TOKENS variable. If set to an empty value, the encrypted ciphertext blob does not expire.

  • adhoc_reason - string

    An ad-hoc reason for accessing the Vault data. Required when reason is set to Other.

  • reason - string required*

    Details of the reason for requesting the property. The default is set when no access reason is provided and PVAULT_SERVICE_FORCE_ACCESS_REASON is false.

  • reload_cache - boolean

    Reloads the cache before the action.

  • prop - string required*

    The name of a property.

  • type - string

    The type of the encryption:

    • randomized - generates a different randomized unpredictable, non-repeating ciphertext each time.
    • deterministic - generates the ciphertext deterministically based on the collection name, input object, and scope. Defaults to randomized if not set.
  • scope - string

    A classification for the encrypted object that is added to the ciphertext as associated data (AAD). An object encrypted with a scope can be decrypted only with the same scope.

  • tags - string

    Comma-separated list of tags to attach to the metadata of the encrypted object. The maximum number of allowed tags is defined by the PVAULT_DB_MAX_TOKEN_TAGS environment variable (default 10). Tags are not supported for the deterministic encryption type.

Request body

Details of the encryption request.

string required*

Possible responses

The request is successful.

string required*

Try the API


Path parameters

Query parameters

Request body

Navigate to the docs of your local Vault installation to try the API directly from there.

Code examples