Seven Layer
Vault API

Sealing data

POST /v1/seal — seal a payload under a release condition.

POST /v1/seal

Seals a base64-encoded payload under a release condition. The engine fragments and encrypts the data and commits it under a Merkle root.

Request

{
  "data": "SGVsbG8sIHNlYWxlZCB3b3JsZA==",
  "condition": { "type": "time", "unlock_at": 1750000000 }
}
FieldTypeDescription
datastringBase64-encoded bytes to seal
conditionobjectA time-lock or quorum condition
curl -X POST http://localhost:3300/v1/seal \
  -H 'content-type: application/json' \
  -d '{
    "data": "'"$(printf 'top secret' | base64)"'",
    "condition": { "type": "quorum", "required": 2, "approvers": ["alice","bob","carol"] }
  }'

Response 201 Created

{
  "sealed_id": "b9f1c3e2-…",
  "merkle_root": "3a7f…",
  "num_fragments": 5,
  "condition": { "type": "quorum", "required": 2, "approvers": ["alice","bob","carol"] },
  "created_at": 1749900000
}
FieldTypeDescription
sealed_idstringIdentifier used for every follow-up call
merkle_rootstringCommitment over the fragments and condition
num_fragmentsintegerNumber of fragments the payload was split into
conditionobjectThe condition, echoed back
created_atintegerUnix timestamp of sealing

Errors

StatusMeaning
400 Bad Requestdata is not valid base64
500 Internal Server ErrorSealing failed

On this page