Skip to main content
POST
/
v1
/
teams
/
{team_id}
/
vault-connections
Create Vault Connection
curl --request POST \
  --url https://api.dataraven.io/v1/teams/{team_id}/vault-connections \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "vault_type": "onepassword",
  "description": "<string>",
  "access_token": "<string>",
  "client_id": "<string>",
  "client_secret": "<string>",
  "project": "<string>",
  "config": "<string>",
  "project_id": "<string>",
  "environment": "<string>",
  "secret_path": "<string>"
}
'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "name": "<string>",
  "description": "<string>",
  "vault_type": "onepassword",
  "last_verified_at": "2023-11-07T05:31:56Z",
  "created_at": "2023-11-07T05:31:56Z",
  "created_by": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

team_id
string<uuid>
required

Body

application/json

Schema for creating a new vault connection.

Credentials are stored encrypted in AWS SSM Parameter Store - they are NEVER returned in API responses.

Provider-specific configuration:

1Password:

  • access_token: Service account token (starts with "ops_")
  • No additional configuration needed

Doppler:

  • access_token: Service token (starts with "dp.st.")
  • project: Doppler project slug (required)
  • config: Doppler config name (required)

Infisical (Universal Auth / Machine Identity):

  • client_id: UUID from Machine Identity
  • client_secret: Secret string from Machine Identity
  • project_id: Infisical project ID - UUID (required)
  • environment: Environment slug e.g., "dev", "staging", "prod", "sandbox" (required)
  • secret_path: Path to secrets folder, e.g., "/" or "/aws" (optional, defaults to "/")
name
string
required

Connection name

Required string length: 1 - 255
vault_type
enum<string>
required

Vault provider type (onepassword, doppler, or infisical)

Available options:
onepassword,
doppler,
infisical
description
string | null

Optional description

Maximum string length: 2000
access_token
string | null

Vault access token (required for 1Password and Doppler)

Required string length: 1 - 4096
client_id
string | null

Infisical client ID from Machine Identity (required for Infisical)

Maximum string length: 255
client_secret
string | null

Infisical client secret from Machine Identity (required for Infisical)

Maximum string length: 1000
project
string | null

Doppler project slug (required for Doppler)

Maximum string length: 255
config
string | null

Doppler config name (required for Doppler)

Maximum string length: 255
project_id
string | null

Infisical project ID (required for Infisical)

Maximum string length: 255
environment
string | null

Infisical environment slug (required for Infisical)

Maximum string length: 100
secret_path
string | null

Infisical secret path (optional, defaults to '/')

Maximum string length: 500

Response

Successful Response

Schema for vault connection response (without sensitive data).

id
string<uuid>
required
name
string
required
description
string | null
required
vault_type
enum<string>
required

External vault provider types for credential storage.

ONEPASSWORD: 1Password via service account SDK DOPPLER: Doppler secrets manager via service token INFISICAL: Infisical via machine identity (Universal Auth)

Available options:
onepassword,
doppler,
infisical
last_verified_at
string<date-time> | null
required
created_at
string<date-time>
required
created_by
string<uuid>
required