Skip to content

Add docs for new datakeys endpoint #843

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: vault/1.21.x
Choose a base branch
from
Open

Add docs for new datakeys endpoint #843

wants to merge 1 commit into from

Conversation

rculpepper
Copy link
Contributor

No description provided.

@rculpepper rculpepper requested a review from a team as a code owner August 20, 2025 17:00
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 20, 2025
edited
Loading

Vercel Previews Deployed

Name Status Preview Updated (UTC)
Dev Portal ✅ Ready (Inspect) Visit Preview Wed Aug 20 17:23:58 UTC 2025
Unified Docs API ✅ Ready (Inspect) Visit Preview Wed Aug 20 17:18:04 UTC 2025

@github-actions GitHub Actions
Copy link

Broken Link Checker

Full Github Actions output

@yhyakuna yhyakuna added the Vault Content update for Vault product docs label Aug 21, 2025
schavis
schavis requested changes Aug 26, 2025
View reviewed changes
content/vault/v1.21.x (rc)/content/api-docs/secret/transit.mdx
Comment on lines +1206 to +1211
This endpoint generates a specified number of new high-entropy keys and encrypts them with the
named key. Optionally return the plaintext of the keys as well. Whether plaintext
is returned depends on the path; as a result, you can use Vault ACL policies to
control whether a user is allowed to retrieve the plaintext value of the keys. This
is useful if you want an untrusted user or operation to generate keys that are
then made available to trusted users.
Copy link
Contributor

@schavis schavis Aug 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This endpoint generates a specified number of new high-entropy keys and encrypts them with the
named key. Optionally return the plaintext of the keys as well. Whether plaintext
is returned depends on the path; as a result, you can use Vault ACL policies to
control whether a user is allowed to retrieve the plaintext value of the keys. This
is useful if you want an untrusted user or operation to generate keys that are
then made available to trusted users.
The data keys endpoint generates the specified number of new, high-entropy keys.
Vault always returns keys encrypted with the provided named and optionally
returns the associated plaintext.
You can use Vault ACL policies to control which users can retrieve the plaintext
value of the keys. For example, to allow untrusted users or operations to
generate keys that are then available to trusted users.

Style correction: write in active voice, use complete sentences in paragraphs

content/vault/v1.21.x (rc)/content/api-docs/secret/transit.mdx
| :----- | :----------------------------- |
| `POST` | `/transit/datakeys/:type/:name` |

### Parameters
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### Parameters
### Path parameters

content/vault/v1.21.x (rc)/content/api-docs/secret/transit.mdx
Comment on lines +1219 to +1222
- `type` `(string: <required>)` – Specifies the type of keys to generate. If
`plaintext`, the plaintext keys will be returned along with the ciphertexts. If
`wrapped`, only the ciphertext values will be returned. This is specified as
part of the URL.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- `type` `(string: <required>)` – Specifies the type of keys to generate. If
`plaintext`, the plaintext keys will be returned along with the ciphertexts. If
`wrapped`, only the ciphertext values will be returned. This is specified as
part of the URL.
- `type` `(enum: <required>)` – Specifies the type of keys to generate.
- `plaintext` - return the plaintext keys along with the ciphertexts
- `wrapped` - only return the ciphertext values.

content/vault/v1.21.x (rc)/content/api-docs/secret/transit.mdx

- `name` `(string: <required>)` – Specifies the name of the encryption key to
use to encrypt the datakeys. This is specified as part of the URL.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### Request parameters

content/vault/v1.21.x (rc)/content/api-docs/secret/transit.mdx
Comment on lines +1224 to +1225
- `name` `(string: <required>)` – Specifies the name of the encryption key to
use to encrypt the datakeys. This is specified as part of the URL.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- `name` `(string: <required>)` – Specifies the name of the encryption key to
use to encrypt the datakeys. This is specified as part of the URL.
- `name` `(string: <required>)` – Specifies the name of the encryption key to
use to encrypt the datakeys.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schavis schavis schavis requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
Vault Content update for Vault product docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rculpepper @schavis @yhyakuna