SDK — Advanced
Members
Section titled “Members”Manage vault team members.
// List membersconst members = await pb.members.list({ vault: 'my-app' });
// Add a memberawait pb.members.add('alice@example.com', { vault: 'my-app', role: 'admin', // viewer | member | admin});
// Update roleawait pb.members.updateRole('alice@example.com', 'member', { vault: 'my-app',});
// Remove memberawait pb.members.remove('alice@example.com', { vault: 'my-app',});
// Get a user's public key (for key exchange)const pubKey = await pb.members.getUserPublicKey('alice@example.com');interface MemberData { user_id: string; email: string; role: string; joined_at: string;}
interface AddMemberOptions { vault?: string; role?: 'viewer' | 'member' | 'admin';}Webhooks
Section titled “Webhooks”Configure HTTP notifications for secret events.
// List webhooksconst hooks = await pb.webhooks.list({ vault: 'my-app' });
// Create webhookconst hook = await pb.webhooks.create({ vault: 'my-app', name: 'slack-notify', url: 'https://hooks.slack.com/...', events: ['secret.created', 'secret.updated'],});
// Update webhookawait pb.webhooks.update(hook.id, { vault: 'my-app', events: ['secret.created', 'secret.updated', 'secret.deleted'], active: true,});
// Test webhookawait pb.webhooks.test(hook.id, { vault: 'my-app' });
// Delete webhookawait pb.webhooks.delete(hook.id, { vault: 'my-app' });Webhook Events
Section titled “Webhook Events”| Event | Trigger |
|---|---|
secret.created | New secret created |
secret.updated | Secret value updated |
secret.deleted | Secret deleted |
secret.rotated | Secret rotation triggered |
Webhook Payload
Section titled “Webhook Payload”{ "event": "secret.updated", "vault_id": "...", "data": { "secretName": "API_KEY" }, "timestamp": "2024-01-15T10:30:00Z"}Webhooks include an X-PassBox-Signature header (HMAC-SHA256) for verification.
Rotation
Section titled “Rotation”Configure secret rotation tracking.
// Get rotation configconst config = await pb.rotation.get('API_KEY', { vault: 'my-app' });
// Set rotation configawait pb.rotation.set('API_KEY', { vault: 'my-app', intervalHours: 168, // weekly webhookId: 'webhook-uuid', // optional: notify on rotation});
// Remove rotation configawait pb.rotation.remove('API_KEY', { vault: 'my-app' });
// Trigger manual rotationawait pb.rotation.trigger('API_KEY', { vault: 'my-app' });Service Tokens
Section titled “Service Tokens”Manage service tokens programmatically.
// List tokensconst tokens = await pb.tokens.list();
// Create tokenconst result = await pb.tokens.create({ name: 'ci-deploy', permissions: ['read'], vaultId: 'vault-uuid', // optional});console.log(result.token); // pb_... — save this
// Revoke tokenawait pb.tokens.revoke('token-id');Account
Section titled “Account”// Change passwordawait pb.account.changePassword({ currentPassword: 'old-pass', newPassword: 'new-pass',});
// Delete accountawait pb.account.deleteAccount();Importers
Section titled “Importers”Import secrets from various file formats.
// Import from .env contentconst result = await pb.importers.fromDotenv(envFileContent, { vault: 'my-app', env: 'production',});console.log(`${result.created} created, ${result.updated} updated`);
// Import from JSONawait pb.importers.fromJSON('{"API_KEY": "sk-123"}', { vault: 'my-app',});
// Import from CSVawait pb.importers.fromCSV('name,value\nAPI_KEY,sk-123', { vault: 'my-app',});Env Resource
Section titled “Env Resource”Parse and import .env file content.
// Parse .env content into key-value objectconst parsed = pb.env.parse('DATABASE_URL=postgres://...\nAPI_KEY=sk-123');// { DATABASE_URL: "postgres://...", API_KEY: "sk-123" }
// Import .env content into vaultconst result = await pb.env.import(envContent, { vault: 'my-app', env: 'production',});