List accessible secrets

Endpoint: GET /v1/vaults/:vault_id/secrets
Authentication: Bearer JWT (agent)

Returns metadata for secrets in the vault. The server applies policy so the agent only sees secrets it has read access to. Optional query: ?prefix=... to filter by path prefix.

Example request

curl
TypeScript

curl -s "https://api.1claw.xyz/v1/vaults/$VAULT_ID/secrets?prefix=api-keys" \
  -H "Authorization: Bearer <agent_token>"

const { data } = await client.secrets.list(VAULT_ID);
for (const s of data.secrets) {
  console.log(`${s.path} (${s.type}, v${s.version})`);
}

Example response (200)

{
  "secrets": [
    {
      "id": "599dd304-920c-4459-ae07-d62a3515381b",
      "path": "api-keys/openai",
      "type": "api_key",
      "version": 1,
      "metadata": {},
      "created_at": "2026-02-18T12:00:00Z"
    }
  ]
}

Values are never returned in list responses. To get a value, call GET .../secrets/:path for each path you need.

Example request​

Example response (200)​

Example request

Example response (200)