Vault API
Overview
The Vault API — conditional seal-and-release over REST.
The Vault API seals data so it opens only when a condition is met: a time-lock matures, or a t-of-n quorum approves. Sealing fragments and encrypts the payload, commits it under a Merkle root, and records every access in a hash-chained, tamper-evident audit trail.
Early access. Endpoints and response shapes may change. Run the service behind your own gateway and authentication.
Base URL
The service is self-hostable and listens on port 3300 by default:
http://localhost:3300Health check:
curl http://localhost:3300/health
# SCSA Vault OKThe flow
- Seal a payload with a release condition —
POST /v1/seal. You get back asealed_id. - Check whether it can open yet —
GET /v1/status/:id. - Release it once the condition is satisfied — quorum approvals, a matured
time-lock, then
POST /v1/unseal/:id. - Audit every step —
GET /v1/audit/:id.
Endpoints at a glance
| Method | Path | Purpose |
|---|---|---|
POST | /v1/seal | Seal data with a condition |
GET | /v1/status/:id | Current status of a seal |
POST | /v1/unseal/:id | Release data if the condition is met |
POST | /v1/approve/:id | Record a quorum approval |
GET | /v1/timelock-challenge/:id | Fetch the time-lock challenge |
POST | /v1/timelock-proof/:id | Submit the time-lock proof |
GET | /v1/audit/:id | Hash-chained audit trail |
GET | /v1/list | List all seals |
Payloads are JSON. Binary data is base64-encoded in the data field.