PCI Vault Logo
Keys

Keys are used to encrypt (tokenize) and decrypt credit card and other data.

PCI Vault keys are passphrase protected private keys as used in asymmetric cryptography. The private key is stored in PCI Vault's secure keyring, but the passphrase used to unlock the key is available to you only.

It is very important to keep your passphrase safe as any data encrypted with a certain passphrase can only be decrypted with that same passphrase.

POST /key/ Create a Key
PCI DSS Scope: SAQ-A/D

You only need one key to encrypt all your data, but we recommend that you have multiple keys to help with logically organising your data.

The user field is the identifier for your key and the passphrase is used to lock the private key.

Please note that PCI Vault has a zero-knowledge architecture, meaning that your passphrase is not stored by PCI Vault. Keep your passphrase safe and do not share it with anyone, not even PCI Vault staff.

(body)

The identifier for the key you want to create.

(body)

The passphrase used to lock the key. If you don't specify a passphrase, one will be generated. Keep this passphrase safe!

POST
https://api.pcivault.io/v1/key/

    
Response Code: 200
        (example)
      

  
  




GET /key/
    List Keys
    



PCI DSS Scope: 
    SAQ-A/D

    

      

      
List all the keys you have created.
This list only contains the user field of each key.




      

      

    (query)


  


    
Limit the number of keys returned. This limit is 65536 by default.



    (query)


  


    
The token received in the X-PCIVault-Next-Token header in a previous request.




      

      

      

  


        
GET

        
https://api.pcivault.io/v1/key/?limit=250

      



  
  
# No Body

    
Response Code: 200
        (example)
      

  
  




PUT /key/
    Update a Key's Passphrase
    



PCI DSS Scope: 
    SAQ-A/D

    

      

      
Update the passphrase for an existing key.


After updating your passphrase for a key, the old passphrase will no longer work.
Make sure you keep your new passphrase safe and do not share it with anyone.


Please note that PCI Vault has a zero-knowledge architecture,
meaning that your passphrase is not stored by PCI Vault.


WARNING: Any capture or retrieval endpoints created with this key and the old passphrase will stop working after the passphrase is updated. You will need to create new endpoints for this key with the new passphrase.




      

      

      

      

    (body)


  


    
The identifier for the key you want to update.



    (body)


  


    
The current passphrase used to lock the key.



    (body)


  


    
The new passphrase to set for the key.




      

  


        
PUT

        
https://api.pcivault.io/v1/key/

      



  
  



    
Response Code: 200
        (example)
      

  
  




DELETE /key/
    Delete a Key
    



PCI DSS Scope: 
    SAQ-A/D

    

      

      
Delete a key.
Please note that all data stored under a certain key 
will become inaccessible forever if the key is deleted,
unless the "safe" flag is set to true.




      

      

    (query)


  


    
The identifier for the key you want to delete.



    (query)


  


    
Specify t or true to only delete a key if there is no data associated to it. This flag is true by default.




      

      

      

  


        
DELETE

        
https://api.pcivault.io/v1/key/

      



  
  
# No Body

    
Response Code: 200
        (example)