FruxonDocs
ApiSecrets

Creates a new secret with the supplied plaintext value.

The value is encrypted with the tenant's DEK before persistence and the call also publishes the initial revision — so the secret is immediately resolvable. Returns 409 if a secret with the same key already exists for this tenant.

POST
/v1/tenants/{tenant}/secrets

Authorization

Bearer
AuthorizationBearer <token>

JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.

In: header

Path Parameters

tenant*string

The tenant identifier

Request Body

key*string|null

Reference name (e.g. STRIPE_API_KEY). Unique per tenant.

description?string|null
value*string|null

Plaintext value. Encrypted at rest immediately; never persisted in cleartext anywhere. The new revision is created and published atomically when this value is supplied.

sensitivity?string

Sensitivity tier of a stored credential. Drives the per-operation audit policy (best-effort logging for Fruxon.Model.Encryption.Audit.CredentialSensitivity.Standard, fail-closed DB writes for Fruxon.Model.Encryption.Audit.CredentialSensitivity.Phi / Fruxon.Model.Encryption.Audit.CredentialSensitivity.Financial / Fruxon.Model.Encryption.Audit.CredentialSensitivity.Regulated) and is declared per integration class on its IntegrationAuthMetadata.

Values are ordered by stringency — higher numbers carry stricter defaults. A credential subject to multiple regimes is tagged its strictest applicable label.

Value in"UNSPECIFIED" | "STANDARD" | "PII" | "PHI" | "FINANCIAL" | "REGULATED"
note?string|null

Optional publish note attached to the initial revision.

[key: string]?never

Response Body

curl -X POST "https://api.fruxon.com/v1/tenants/string/secrets" \  -H "Content-Type: application/json" \  -d '{    "key": "string",    "value": "string"  }'
{
  "id": "00000000-0000-0000-0000-000000000000",
  "key": "string",
  "description": "string",
  "sensitivity": "STANDARD",
  "publishedRevisionId": "00000000-0000-0000-0000-000000000000",
  "publishedVersion": 0,
  "createdBy": "string",
  "createdAt": 0,
  "modifiedAt": 0
}
{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}
Empty
Empty
{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}