Skip to main content

Encrypt blob

post
/api/pvlt/1.0/data/collections/{collection}/encrypt/blob

Creates ciphertext for the value of a BLOB type property.

Receives a query parameter, prop, containing the name of a BLOB type property, and raw bytes (not a JSON object) in the request body. The ciphertext is returned in the response body as raw bytes (application/octet-stream`).

See Encrypt for more information about the encryption process and request parameters.

Request

Path parameters

  • collection - string required*

    The name of a collection.

Query parameters

  • expiration_secs - string

    Encrypted object expiration time in seconds. If not set, the default expiration time is used. See the PVAULT_EXPIRATION_TOKENS variable. If set to an empty value, the encrypted ciphertext blob does not expire.

  • adhoc_reason - string

    An ad-hoc reason for accessing the Vault data. Required when reason is set to Other.

  • reason - string

    Details of the reason for requesting the property. The default is set when no access reason is provided and PVAULT_SERVICE_FORCE_ACCESS_REASON is false.

  • custom_audit - string

    Custom audit information to be included in the audit log.

  • reload_cache - boolean

    Reloads the cache before the action.

  • prop - string required*

    The name of a property.

  • type - string

    The type of the encryption:

    • randomized - generates a different randomized unpredictable, non-repeating ciphertext each time.
    • deterministic - generates the ciphertext deterministically based on the collection name, input object, and scope. Defaults to randomized if not set.
  • scope - string

    A classification for the encrypted object that is added to the ciphertext as associated data (AAD). An object encrypted with a scope can be decrypted only with the same scope.

  • tags - string

    Comma-separated list of tags to attach to the metadata of the encrypted object. The maximum number of allowed tags is defined by the PVAULT_DB_MAX_TOKEN_TAGS environment variable (default 10). Tags are not supported for the deterministic encryption type.

Request body

Details of the encryption request.

string required*
Example
string

Possible responses

The request is successful.

string required*
Example
string

Try the API

Authorization

Path parameters

Query parameters

Request body

Navigate to the docs of your local Vault installation to try the API directly from there.

Code examples

Example