Store a new secret in Vault

POST

/secrets

const url = 'https://your-org.evershell.ai/v1/secrets';
const options = {
  method: 'POST',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: '{"name":"example","value":"example"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url https://your-org.evershell.ai/v1/secrets \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{ "name": "example", "value": "example" }'

Permissions: secrets:write.

Strict-create — a duplicate name returns 400, not silently rotated.

Authorizations

bearerAuth

Request Body^required

application/json

object

name

required

string

value

required

string

Example ^generated

{
  "name": "example",
  "value": "example"
}

Responses

201

Stored

application/json

object

name

string

status

string

Example

{
  "status": "stored"
}

400

Validation failure

application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

423

Tenant is past_due, decommissioning, or trial-expired

application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

503

Secrets subsystem isn’t configured on this CP (secrets_disabled).

application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

Store a new secret in Vault

Authorizations

Request Body required

Example generated

Responses

201

Example

400

Example

423

Example

503

Example

Request Body^required

Example ^generated