Docs Menu
Docs Home
/ /

Get One Key Vault Configuration by ID

Retrieves the configuration of one key vault.

You can successfully call this endpoint with any of the following assigned roles:

Base URL: https://{OPSMANAGER-HOST}:{PORT}/api/public/v1.0/admin

GET /keyVault/{KEY-VAULT-ID}
Name
Type
Description

KEY-VAULT-ID

string

Unique identifier of the key vault configuration to retrieve.

The following query parameters are optional:

Name
Type
Necessity
Description
Default

pretty

boolean

Optional

Flag indicating whether the response body is in a prettyprint format.

false

envelope

boolean

Optional

Flag that indicates whether to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

  • status: HTTP response code

  • content: Expected response body

false

This endpoint doesn't use HTTP request body parameters.

Name
Type
Description

id

string

Unique identifier that Ops Manager generates for this key vault configuration. Use this value as the vaultId when you configure an S3-compatible storage snapshot store to use this key vault.

friendlyName

string

Human-readable label that identifies this key vault configuration.

type

string

Key vault provider type. Ops Manager returns HASHI_CORP, which represents HashiCorp Vault.

url

string

Address of the HashiCorp Vault server that Ops Manager connects to.

auth

object

Authentication details that Ops Manager uses to connect to HashiCorp Vault.

auth.mechanism

string

Authentication method that Ops Manager uses to connect to HashiCorp Vault. Ops Manager returns one of the following values:

  • TOKEN

  • JWT

auth.secret

string

Credential that Ops Manager uses to authenticate to HashiCorp Vault. Ops Manager encrypts this value at rest and returns [REDACTED] instead of the stored value.

auth.jwtClaims

object

Claims that Ops Manager sends when it requests a JWT login from HashiCorp Vault. Ops Manager returns this object only when auth.mechanism is JWT.

customCertificates

array

List of custom Certificate Authority certificates that Ops Manager uses for TLS verification when it connects to the HashiCorp Vault server.

customCertificates[n].filename

string

Name that identifies the Certificate Authority PEM file.

customCertificates[n].certString

string

Contents of the Certificate Authority PEM file. Ops Manager returns [REDACTED] instead of the stored value.

links

object array

One or more links to sub-resources or related resources. All links arrays in responses include at least one link called self. The relationships between URLs are explained in the Web Linking Specification.

curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
--header 'Accept: application/json' \
--include \
--request GET 'https://<OpsManagerHost>:<Port>/api/public/v1.0/admin/keyVault/{KEY-VAULT-ID}?pretty=true'
HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
{
"id": "{KEY-VAULT-ID}",
"friendlyName": "myVault",
"type": "HASHI_CORP",
"url": "https://localhost:8200/",
"auth": {
"mechanism": "TOKEN",
"secret": "[REDACTED]"
},
"links": [
{
"href": "https://<OpsManagerHost>:<Port>/api/public/v1.0/admin/keyVault/{KEY-VAULT-ID}",
"rel": "self"
}
]
}

Back

Key Vault

On this page