| --- |
| layout: api |
| page_title: /sys/audit-hash - HTTP API |
| description: |- |
| The `/sys/audit-hash` endpoint is used to hash data using an audit device's |
| hash function and salt. |
| --- |
| |
| # `/sys/audit-hash` |
| |
| @include 'alerts/restricted-admin.mdx' |
| |
| The `/sys/audit-hash` endpoint is used to calculate the hash of the data used by |
| an audit device's hash function and salt. This can be used to search audit logs |
| for a hashed value when the original value is known. |
| |
| ## Calculate hash |
| |
| This endpoint hashes the given input data with the specified audit device's |
| hash function and salt. This endpoint can be used to discover whether a given |
| plaintext string (the `input` parameter) appears in the audit log in obfuscated |
| form. |
| |
| The audit log records requests and responses. Since the Vault API is JSON-based, |
| any binary data returned from an API call (such as a DER-format certificate) is |
| base64-encoded by the Vault server in the response. As a result such information |
| should also be base64-encoded to supply into the `input` parameter. |
| |
| | Method | Path | |
| | :----- | :---------------------- | |
| | `POST` | `/sys/audit-hash/:path` | |
| |
| ### Parameters |
| |
| - `path` `(string: <required>)` – Specifies the path of the audit device to |
| generate hashes for. This is part of the request URL. |
| |
| - `input` `(string: <required>)` – Specifies the input string to hash. |
| |
| ### Sample payload |
| |
| ```json |
| { |
| "input": "my-secret-vault" |
| } |
| ``` |
| |
| ### Sample request |
| |
| ```shell-session |
| $ curl \ |
| --header "X-Vault-Token: ..." \ |
| --request POST \ |
| --data @payload.json \ |
| http://127.0.0.1:8200/v1/sys/audit-hash/example-audit |
| ``` |
| |
| ### Sample response |
| |
| ```json |
| { |
| "hash": "hmac-sha256:08ba35..." |
| } |
| ``` |
