Vault
/sys/tools
The /sys/tools
endpoints are a general set of tools.
Generate random bytes
This endpoint returns high-quality random bytes of the specified length.
Method | Path |
---|---|
POST | /sys/tools/random(/:source)(/:bytes) |
Parameters
bytes
(int: 32)
– Specifies the number of bytes to return. This value can be specified either in the request body, or as a part of the URL.format
(string: "base64")
– Specifies the output encoding. Valid options arehex
orbase64
.source
(string: "platform")
- Specifies the source of the requested bytes.platform
, the default, sources bytes from the platform's entropy source.seal
sources from entropy augmentation (enterprise only).all
mixes bytes from all available sources.
Sample payload
{
"format": "hex"
}
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/tools/random/164
Sample response
{
"data": {
"random_bytes": "dGhlIHF1aWNrIGJyb3duIGZveAo="
}
}
Hash data
This endpoint returns the cryptographic hash of given data using the specified algorithm.
Method | Path |
---|---|
POST | /sys/tools/hash(/:algorithm) |
Parameters
algorithm
(string: "sha2-256")
– Specifies the hash algorithm to use. This can also be specified as part of the URL. Currently-supported algorithms are:Note: In FIPS 140-2 mode, the following algorithms are not certified and thus should not be used:
sha3-224
,sha3-256
,sha3-384
, andsha3-512
.input
(string: <required>)
– Specifies the base64 encoded input data.format
(string: "hex")
– Specifies the output encoding. This can be eitherhex
orbase64
.
Sample payload
{
"input": "adba32=="
}
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/tools/hash/sha2-512
Sample response
{
"data": {
"sum": "dGhlIHF1aWNrIGJyb3duIGZveAo="
}
}