Share

A Quick Overview of VaultApi

By cadayton April 28, 2025
Self-Hosted method of securing data

#security #vault #veracrypt #powershell

VaultApi a self-host method for securing data

BTCpayAPI

VaultApi is dependent upon both HashiCorp Vault and VeraCrypt to work it’s magic.

Hashicorp Vault and KeePassXC are the primary password manager applications that I’m using currently and for the most part the entries in each should be mirroring each other. The functional difference between these two are KeePassXC has a graphical interface. While Hashicorp Vault has a web interface, the key value VaultApi makes use of is the REST Api to perform ACID operations on secured data for automation purposes.

The vault keys and root token associated with HashiCorp Vault are stored in an encrypted file that is kept in cold storage. Prior to starting HashiCrop Vault server, the cold storage file is mounted on the system using VeraCrypt.

Also, this implementation is on my non-routed network primarily being used by my Linux systems but any OS supporting PowerShell on the non-routed network should be able to access the Vault as a client.

Additionally, the Vault is only ran on an on-demand basis.

The startup process is as follows:

VaultApi start
VaultApi unseal
VaultApi login
VaultApi KeyPaths

The command VaultApi KeyPaths dumps a list of key paths to a local file to make the finding of key paths simpler.

The path lookup process is as follows:

VaultApi FindPaths Vehicle

This command returns a list of paths matching the specified value of Vehicle.

VaultApi FindPaths Vehicle
kv1/Vehicle/1995-Mustang-GT500                           
kv1/Vehicle/2003-DodgeViper
kv1/Vehicle/2012-Nissan
kv1/Vehicle/2016-Telsa

To lookup all the keys associated to a given path:

VaultApi kv1Read kv1/Vehicle/2012-Nissan -kvkey _ReturnKeys
plate                           
VIN

To return a value associated with a key of a given path to the clipboard:

VaultApi kv1Read kv1/Vehicle/2012-Nissan -kvkey plate

If the -raw options is included the value will be returned to the console.

To add a new key/value pair to an existing path:

VaultApi kv1Update kv1/Vehicle/2012-Nissan 21000000 -kvkey mileage

To add a new path and key/value pair:

VaultApi kv1Create kv1/Vehicle/2025-Lambo Bitcoin -kvkey plate

To list the 2nd level path names:

Default level 1 path name is "kv1"
 
VaultApi kv1list

To list 3rd level path names:

VaultApi kv1list kv1/Vehicle

To Delete a path and it’s associated key/value pairs:

VaultApi kv1Delete kv1/Vehicle/2012-Nissan

To just delete a single key/value pair for a given path
use the HashiCorp Vault Web interface.

To launch the HashiCorp Vault web interface:

VaultApi WebUI

To return status information about the Vault:

VaultApi status
sealed initialized version n t
 ---- - -
False        True  1.15.6  5 3

To return process information about the Vault:

VaultApi Check
Hashicorp Vault (v1.15.6) is running...116147

To show the hash value of the VaultApi script:

VaultApi ShowHash
3D47628ECB3FA0E7DBD28BA7606CE5BF

To return a 20 character randomized value to the clipboard:

VaultApi SetValue

To create a backup of the HashiCorp Vault :

Must be logged in with the root token.
 
VaultApi Backup

A snapshot file will be created in the $HOME/Downloads directory by default.

To stop the HashiCorp Vault server:

VaultApi seal
  The vault is sealed.
  
VaultApi stop
  The server is stopped.

To get help information about VaultApi

Get-Help VaultApi -Full | more

OR

Get-Help VaultApi -Examples | more

Here are some past articles I wrote about setting up HashiCorp Vault and VeraCrypt.

Bitcoin and key/value using Hashicorp Vault

Bitcoin and Cold Storage using VeraCrypt

More information on VaultApi.

VaultApi Documentation

Download VaultApi script here

#security #vault #veracrypt #powershell
Write a comment
No comments yet.

Related articles

by Alien Investor

June 3 2026
Cover image for Tails OS: The Amnesic OS for Digital Freedom

Tails OS: The Amnesic OS for Digital Freedom

Every operating system you use leaves a trail. Browser history, file access logs, network connections, swap files — your computer is a diary you never meant to keep. Tails is the answer to that problem: a live operating system that remembers nothing, routes everything through Tor, and disappears without a trace the moment you pull the USB stick.

by Alien Investor

June 3 2026
Cover image for Vanadium: The Most Secure Mobile Browser — Built Into the OS

Vanadium: The Most Secure Mobile Browser — Built Into the OS

Most browsers are layered on top of an operating system that doesn't trust them. Vanadium is different. It is the OS. It is the system WebView that every app runs through. JIT-less by default. MTE-hardened. Fully de-Googled. And the best settings are the ones you don't touch.

by Ghost Mode

June 2 2026
Cover image for The Death of the Password — and What Comes Next

The Death of the Password — and What Comes Next

Passwords were invented in 1961 for a university lab. They were never designed to protect eight billion people. Passkeys are replacing them — using the same cryptographic principles Bitcoin and Nostr have relied on for years.