/sys/wrapping/unwrap
The /sys/wrapping/unwrap
endpoint unwraps a wrapped response.
Wrapping unwrap
Restricted endpoint
The API path can only be called from the root or administrative namespace.This endpoint returns the original response inside the given wrapping token.
Unlike simply reading cubbyhole/response
(which is deprecated), this endpoint
provides additional validation checks on the token, returns the original value
on the wire rather than a JSON string representation of it, and ensures that the
response is properly audit-logged.
This endpoint can be used by using a wrapping token as the client token in the
API call, in which case the token
parameter is not required; or, a different
token with permissions to access this endpoint can make the call and pass in the
wrapping token in the token
parameter. Do not use the wrapping token in both
locations; this will cause the wrapping token to be revoked but the value to be
unable to be looked up, as it will basically be a double-use of the token!
Method | Path |
---|---|
POST | /sys/wrapping/unwrap |
Parameters
token
(string: "")
– Specifies the wrapping token ID. This is required if the client token is not the wrapping token. Do not use the wrapping token in both locations.
Sample payload
Sample request
Or you can use token to unwrap without authentication in vault
Sample response