Skip to main content
POST
/
api
/
vault
/
get-secrets
Get Secret(s)
curl --request POST \
  --url http://localhost:3000/api/vault/get-secrets \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: text/plain' \
  --data '
{
  "key": "OPENAI_API_KEY",
  "tags": [
    "openai"
  ]
}
'
{
  "err": {},
  "res": {
    "OPEN_API_KEY": "OPEN_API_VALUE"
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.openlit.io/llms.txt

Use this file to discover all available pages before exploring further.

Cross-origin browser requests

POST /api/vault/get-secrets is an API-key authenticated endpoint for retrieving Vault secrets. Browser requests from a different origin are blocked unless the calling origin is explicitly allowed. To allow a browser application hosted on another domain, configure the OpenLIT deployment with a comma-separated origin allowlist: 
OPENLIT_ALLOWED_CORS_ORIGINS="https://app.example.com,https://admin.example.com"
OPENLIT_ALLOWED_ORIGINS is also supported as a backward-compatible alias. NEXTAUTH_URL is automatically treated as an allowed same-site origin. Use complete origins such as https://app.example.com. Do not configure wildcard origins for this endpoint.
Server-to-server SDK or REST requests usually do not need CORS configuration because CORS is enforced by browsers.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

text/plain
key
string
Example:

"OPENAI_API_KEY"

tags
string[]
Example:
["openai"]

Response

200 - application/json

Successfully retrieved secret(s).

err
object
res
object
Example:
{ "OPEN_API_KEY": "OPEN_API_VALUE" }