Skip to main content
GET
/
vault
Get vault entries
curl --request GET \
  --url https://api.cloudcruise.com/vault \
  --header 'cc-key: <api-key>'
{
  "permissioned_user_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "user_name": "<string>",
  "password": "<string>",
  "domain": "<string>",
  "user_alias": "<string>",
  "tfa_secret": "<string>",
  "created_at": "2023-11-07T05:31:56Z",
  "session_storage": {},
  "local_storage": {},
  "cookies": [
    {
      "name": "<string>",
      "value": "<string>",
      "domain": "<string>",
      "path": "<string>",
      "httpOnly": true,
      "hostOnly": true,
      "secure": true,
      "session": true,
      "storeId": "<string>",
      "sameSite": "<string>",
      "expirationDate": 123
    }
  ],
  "persist_local_storage": true,
  "persist_cookies": true,
  "persist_session_storage": true,
  "allow_multiple_sessions": true,
  "max_concurrency": 123,
  "prevent_concurrency_during_login": true,
  "expiry_time_from_last_use": "<string>",
  "expiry_time_from_session_data_set": "<string>",
  "tfa_method": "AUTHENTICATOR",
  "tfa_email": "<string>",
  "tfa_phone_number": "<string>"
}
Note:
  • If the query parameters are omitted, all vault entries will be returned.
  • If both parameters are provided, the response will be a single vault entry record (not a list).

Authorizations

cc-key
string
header
required

API key-based authentication. Provide your CloudCruise API key in the cc-key header.

Query Parameters

permissioned_user_id
string<uuid>

Unique identifier for the vault entry. Optional, but if provided, 'domain' must also be provided.

domain
string

Target domain to filter vault entries. Optional, but if provided, 'permissioned_user_id' must also be provided.

Response

Vault entries successfully retrieved

Complete vault entry including system-generated fields

permissioned_user_id
string<uuid>

System-generated unique identifier

user_name
string

Encrypted username

password
string

Encrypted password

domain
string

Target domain for vault entry credentials

user_alias
string

Human readable identifier

tfa_secret
string | null

Two-factor authenticator secret key (TOTP). Required when tfa_method is AUTHENTICATOR. This should be encrypted with your encryption key prior to sending to the API, similar to other credentials. The secret is typically provided in base32 format from authenticator apps.

created_at
string<date-time>

Timestamp when the vault entry was created

session_storage
object

Session storage data

local_storage
object

Local storage data

cookies
object[]

Active vault entry cookies

persist_local_storage
boolean

Whether to maintain local storage across sessions

persist_cookies
boolean

Whether to maintain cookies across sessions

persist_session_storage
boolean

Whether to maintain session storage across sessions

allow_multiple_sessions
boolean

Whether to allow multiple concurrent sessions

max_concurrency
integer | null

Maximum number of concurrent sessions allowed (null for unlimited)

prevent_concurrency_during_login
boolean | null

Whether to prevent other sessions from starting while login is in progress

expiry_time_from_last_use
string | null

Session expiry interval from last activity (e.g., "01:30:00" for 1.5 hours). Set to null for no expiry from last use.

expiry_time_from_session_data_set
string | null

Session expiry interval from creation (e.g., "7 days 00:00:00" for 7 days). Set to null for no expiry from session data set.

tfa_method
enum<string> | null

Two-factor authentication method

Available options:
AUTHENTICATOR,
EMAIL,
SMS
tfa_email
string | null

Computed email address for TFA codes when tfa_method is EMAIL. This is automatically generated by CloudCruise in the format: info+{user_id}+{domain}@cloudcruise.com This field is read-only and cannot be set via the API.

tfa_phone_number
string | null

Computed phone number for TFA codes when tfa_method is SMS. This is automatically determined based on workspace configuration or defaults to CloudCruise's default phone number. This field is read-only and cannot be set via the API.