Vault API
Sealing data
POST /v1/seal — seal a payload under a release condition.
POST /v1/seal
Seals a base64-encoded payload under a release condition. The engine fragments and encrypts the data and commits it under a Merkle root.
Request
{
"data": "SGVsbG8sIHNlYWxlZCB3b3JsZA==",
"condition": { "type": "time", "unlock_at": 1750000000 }
}| Field | Type | Description |
|---|---|---|
data | string | Base64-encoded bytes to seal |
condition | object | A time-lock or quorum condition |
curl -X POST http://localhost:3300/v1/seal \
-H 'content-type: application/json' \
-d '{
"data": "'"$(printf 'top secret' | base64)"'",
"condition": { "type": "quorum", "required": 2, "approvers": ["alice","bob","carol"] }
}'Response 201 Created
{
"sealed_id": "b9f1c3e2-…",
"merkle_root": "3a7f…",
"num_fragments": 5,
"condition": { "type": "quorum", "required": 2, "approvers": ["alice","bob","carol"] },
"created_at": 1749900000
}| Field | Type | Description |
|---|---|---|
sealed_id | string | Identifier used for every follow-up call |
merkle_root | string | Commitment over the fragments and condition |
num_fragments | integer | Number of fragments the payload was split into |
condition | object | The condition, echoed back |
created_at | integer | Unix timestamp of sealing |
Errors
| Status | Meaning |
|---|---|
400 Bad Request | data is not valid base64 |
500 Internal Server Error | Sealing failed |