Create Vault Integration

curl --request POST \
  --url https://api.example.com/vault-integrations \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "type": "<string>",
  "config": {
    "config.address": "<string>",
    "config.namespace": "<string>",
    "config.authMethod": "<string>",
    "config.roleId": "<string>",
    "config.secretId": "<string>"
  }
}
'

{
  "id": "<string>",
  "name": "<string>",
  "type": "<string>",
  "address": "<string>",
  "namespace": "<string>",
  "authMethod": "<string>",
  "roleId": "<string>",
  "createdAt": "<string>",
  "updatedAt": "<string>"
}

POST

vault-integrations

curl --request POST \
  --url https://api.example.com/vault-integrations \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "type": "<string>",
  "config": {
    "config.address": "<string>",
    "config.namespace": "<string>",
    "config.authMethod": "<string>",
    "config.roleId": "<string>",
    "config.secretId": "<string>"
  }
}
'

{
  "id": "<string>",
  "name": "<string>",
  "type": "<string>",
  "address": "<string>",
  "namespace": "<string>",
  "authMethod": "<string>",
  "roleId": "<string>",
  "createdAt": "<string>",
  "updatedAt": "<string>"
}

Overview

Registers an external secret-manager integration. v1 supports HashiCorp Vault (OSS, Enterprise, and OpenBao) via AppRole authentication. ScrapEngine never stores the raw username/password — instead, you point credentials at this integration and a vault path, and the authenticate task action reads the secret on demand using the registered AppRole. The secret_id is stored encrypted at rest.

Body

name

string

required

Human-readable name. 1-100 characters.

type

string

required

Backend type. Must be hashicorp (only value supported in v1).

config

object

required

HashiCorp-specific configuration.

Show config properties

config.address

string

required

Vault address, for example https://vault:8200. Must include the protocol.

config.namespace

string

Optional Vault Enterprise namespace.

config.authMethod

string

required

Auth method. Must be approle (only value supported in v1).

config.roleId

string

required

AppRole role_id.

config.secretId

string

required

AppRole secret_id. Stored encrypted at rest.

Example Request

curl -X POST "https://api.scrapengine.io/api/v1/vault-integrations" \
  -H "Authorization: Bearer $SCRAPENGINE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "prod-vault",
    "type": "hashicorp",
    "config": {
      "address": "https://vault.prod.example.com:8200",
      "namespace": "admin/scrapengine",
      "authMethod": "approle",
      "roleId": "8f2e1c0c-0e4a-4b58-8b2e-4a9e1c8a4a11",
      "secretId": "s.xxxxxxxxxxxxxxxxxxxxxxxx"
    }
  }'

Response

Success Response (201)

string

Integration ID (UUID). Reference from credential records.

name

string

The name you provided.

type

string

Always hashicorp in v1.

address

string

Vault address.

namespace

string

Vault Enterprise namespace, or null if unset.

authMethod

string

Always approle in v1.

roleId

string

AppRole role_id (echoed back; secret_id is never returned).

createdAt

string

ISO 8601 timestamp.

updatedAt

string

ISO 8601 timestamp.

Example Response:

{
  "id": "5f8c6a74-5f2e-4f5a-9e58-5b9c3c7d2a11",
  "name": "prod-vault",
  "type": "hashicorp",
  "address": "https://vault.prod.example.com:8200",
  "namespace": "admin/scrapengine",
  "authMethod": "approle",
  "roleId": "8f2e1c0c-0e4a-4b58-8b2e-4a9e1c8a4a11",
  "createdAt": "2026-04-24T09:12:44Z",
  "updatedAt": "2026-04-24T09:12:44Z"
}

Error Responses

Status	Description
`400`	Invalid body — missing required fields, bad URL, or unsupported `type` / `authMethod`.
`401`	Unauthorized — invalid or missing API key.

Delete Credential List Vault Integrations

​Overview

​Body

​Example Request

​Response

​Success Response (201)

​Error Responses

Overview

Body

Example Request

Response

Success Response (201)

Error Responses