Skip to main content
POST
/
vault-integrations
Create Vault Integration
curl --request POST \
  --url https://api.example.com/vault-integrations \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "type": "<string>",
  "config": {
    "config.address": "<string>",
    "config.namespace": "<string>",
    "config.authMethod": "<string>",
    "config.roleId": "<string>",
    "config.secretId": "<string>"
  }
}
'
{
  "id": "<string>",
  "name": "<string>",
  "type": "<string>",
  "address": "<string>",
  "namespace": "<string>",
  "authMethod": "<string>",
  "roleId": "<string>",
  "createdAt": "<string>",
  "updatedAt": "<string>"
}

Overview

Registers an external secret-manager integration. v1 supports HashiCorp Vault (OSS, Enterprise, and OpenBao) via AppRole authentication. ScrapEngine never stores the raw username/password — instead, you point credentials at this integration and a vault path, and the authenticate task action reads the secret on demand using the registered AppRole. The secret_id is stored encrypted at rest.

Body

name
string
required
Human-readable name. 1-100 characters.
type
string
required
Backend type. Must be hashicorp (only value supported in v1).
config
object
required
HashiCorp-specific configuration.

Example Request

curl -X POST "https://api.scrapengine.io/api/v1/vault-integrations" \
  -H "Authorization: Bearer $SCRAPENGINE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "prod-vault",
    "type": "hashicorp",
    "config": {
      "address": "https://vault.prod.example.com:8200",
      "namespace": "admin/scrapengine",
      "authMethod": "approle",
      "roleId": "8f2e1c0c-0e4a-4b58-8b2e-4a9e1c8a4a11",
      "secretId": "s.xxxxxxxxxxxxxxxxxxxxxxxx"
    }
  }'

Response

Success Response (201)

id
string
Integration ID (UUID). Reference from credential records.
name
string
The name you provided.
type
string
Always hashicorp in v1.
address
string
Vault address.
namespace
string
Vault Enterprise namespace, or null if unset.
authMethod
string
Always approle in v1.
roleId
string
AppRole role_id (echoed back; secret_id is never returned).
createdAt
string
ISO 8601 timestamp.
updatedAt
string
ISO 8601 timestamp.
Example Response: 
{
  "id": "5f8c6a74-5f2e-4f5a-9e58-5b9c3c7d2a11",
  "name": "prod-vault",
  "type": "hashicorp",
  "address": "https://vault.prod.example.com:8200",
  "namespace": "admin/scrapengine",
  "authMethod": "approle",
  "roleId": "8f2e1c0c-0e4a-4b58-8b2e-4a9e1c8a4a11",
  "createdAt": "2026-04-24T09:12:44Z",
  "updatedAt": "2026-04-24T09:12:44Z"
}

Error Responses

StatusDescription
400Invalid body — missing required fields, bad URL, or unsupported type / authMethod.
401Unauthorized — invalid or missing API key.