Vault secrets
List
List all secrets in a vault. Values are never returned.
Secret values are never returned in any response. Only the env_key and metadata come back. To rotate a secret, use Update.
GET /api/public/v1/vaults/{vault_id}/secretsExample
curl -X GET https://api.nairi.ai/api/public/v1/vaults/VAULT_ID/secrets \
-H "Authorization: Bearer $NAIRI_API_KEY"const res = await fetch(
`https://api.nairi.ai/api/public/v1/vaults/${vaultId}/secrets`,
{
headers: {
Authorization: `Bearer ${process.env.NAIRI_API_KEY}`,
},
},
);
const secrets = (await res.json()) as Array<{ id: string; env_key: string }>;require "net/http"
require "json"
require "uri"
uri = URI("https://api.nairi.ai/api/public/v1/vaults/#{vault_id}/secrets")
req = Net::HTTP::Get.new(uri)
req["Authorization"] = "Bearer #{ENV['NAIRI_API_KEY']}"
res = Net::HTTP.start(uri.host, uri.port, use_ssl: true) { |h| h.request(req) }
secrets = JSON.parse(res.body)import os
import requests
res = requests.get(
f"https://api.nairi.ai/api/public/v1/vaults/{vault_id}/secrets",
headers={"Authorization": f"Bearer {os.environ['NAIRI_API_KEY']}"},
)
secrets = res.json()package main
import (
"encoding/json"
"fmt"
"io"
"net/http"
"os"
)
func main() {
vaultID := os.Getenv("VAULT_ID")
req, _ := http.NewRequest("GET", "https://api.nairi.ai/api/public/v1/vaults/"+vaultID+"/secrets", nil)
req.Header.Set("Authorization", "Bearer "+os.Getenv("NAIRI_API_KEY"))
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
raw, _ := io.ReadAll(res.Body)
var secrets []map[string]any
json.Unmarshal(raw, &secrets)
fmt.Println(secrets)
}Response
[
{
"id": "sec_01KQ27AQH800XQTQPJZ0DH14SJ",
"env_key": "DATABASE_URL",
"allowed_domains": [],
"created_at": "2026-04-25T11:45:19.000Z",
"updated_at": "2026-04-25T11:45:19.000Z"
}
]allowed_domains defaults to [] when not set. An empty array means no domain restriction is applied.