Vault
/sys/tools
The /sys/tools endpoints are a general set of tools.
Generate random bytes
Use the Generate random bytes endpoint to generate high-quality random bytes of a specified length. You can fetch up to 10MB with the platform source or when using the DRBG option. To avoid depleting HSM entropy, you can only fetch up to 128KB with seal/all sources using entropy augmentation.
| Method | Path |
|---|---|
POST | /sys/tools/random(/:source)(/:bytes) |
Parameters
bytes(int: 32)– Specifies the number of bytes to return. This value can be specified either in the request body, or as a part of the URL.format(string: "base64")– Specifies the output encoding. Valid options arehexorbase64.source(string: "platform")- Specifies the source of the requested bytes.platform, the default, sources bytes from the platform's entropy source.sealsources from entropy augmentation (enterprise only).allmixes bytes from all available sources.drbg(string: "")- When set to "auto" or "hmacdrbg", seeds a cryptographically secure random generator with a seed from the chosen source in order to efficiently generate a larger volume of random bytes. "auto" is equivalent to "hmacdrbg" but in the future may select the most appropriate of multiple options.
Sample payload
{
"format": "hex"
}
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/tools/random/164
Sample response
{
"data": {
"random_bytes": "dGhlIHF1aWNrIGJyb3duIGZveAo="
}
}
Hash data
This endpoint returns the cryptographic hash of given data using the specified algorithm.
| Method | Path |
|---|---|
POST | /sys/tools/hash(/:algorithm) |
Parameters
algorithm(string: "sha2-256")– Specifies the hash algorithm to use. This can also be specified as part of the URL. Currently-supported algorithms are:input(string: <required>)– Specifies the base64 encoded input data.format(string: "hex")– Specifies the output encoding. This can be eitherhexorbase64.
Sample payload
{
"input": "adba32=="
}
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/tools/hash/sha2-512
Sample response
{
"data": {
"sum": "dGhlIHF1aWNrIGJyb3duIGZveAo="
}
}