Skip to content
qibdo qibdo
v1
API version
  • v1
Theme
Book a demo

List Certificate Authorities

GET
/vault/v1/workspaces/{workspace}/engines/qibdo/certificateAuthorities
curl --request GET \
--url https://example.com/vault/v1/workspaces/example/engines/qibdo/certificateAuthorities

Returns a paginated list of CAs in a workspace.

workspace
required
string

The workspace whose CAs will be listed.

page_size
integer format: int32

The maximum number of CAs to return. The service may return fewer than this value. If unspecified, at most 20 will be returned. The maximum value is 100; values above 100 will be coerced to 100.

page_token
string

A page token, received from a previous ListQibdoCertificateAuthorities call.

filter
string

AIP-160 filter expression.

order_by
string

AIP-132 order_by expression, e.g. “created desc”.

OK

Media type application/json

Response payload from List Qibdo Certificate Authorities

Carries the output produced by list qibdo certificate authorities.

object
certificate_authorities

The page of CAs.

Array<object>

QibdoCertificateAuthority — workspace-scoped certificate authority backed by the vault’s PKI engine. CAs form a hierarchical trust chain: a ROOT CA is self-signed, and one or more INTERMEDIATE CAs may chain off it. The CA’s private key is held by the vault; only metadata is persisted in the relational database.

object
id

The unique identifier of the certificate authority (UUID).

stringOutput only
workspace_id

The workspace this CA belongs to (UUID, weak reference to taxonomy).

stringOutput only
name

Human-readable name unique within the workspace.

string
type

Topology of the CA — ROOT or INTERMEDIATE.

string format: enum
Allowed values: CERTIFICATE_AUTHORITY_TYPE_UNSPECIFIED CERTIFICATE_AUTHORITY_TYPE_ROOT CERTIFICATE_AUTHORITY_TYPE_INTERMEDIATE
parent_ca_id

Parent CA id when this is an INTERMEDIATE; empty for ROOT.

string
algorithm

Signing algorithm — must match vault.crypto_algorithms.

string
subject

X.509 subject Distinguished Name.

string
valid_from

Notbefore timestamp (CA validity start).

string format: date-time
valid_until

Notafter timestamp (CA validity end).

string format: date-time
crl_endpoint

Optional CRL distribution point URL published by this CA.

string
ocsp_responder_url

Optional OCSP responder URL published by this CA.

string
tags

Tag entries used for organisation and policy matching.

Array<object>

Vault Tag

A key-value pair used to label and categorize vault resources such as secrets, crypto keys, leases, certificate authorities, certificates, and access policies.

object
key
required

Tag Key

Tag key (1–63 chars, lowercase letters/digits/dashes/underscores).

string
value
required

Tag Value

Tag value (free-form, up to 255 chars).

string
type

Tag Type

Whether the tag is system-managed or user-defined.

string format: enum
Allowed values: VAULT_TAG_TYPE_UNSPECIFIED VAULT_TAG_TYPE_SYSTEM VAULT_TAG_TYPE_USER
description

Tag Description

Optional description.

string
is_revoked

Whether the CA itself has been revoked. Once true, the CA can issue no further certificates and existing certs SHOULD be rotated.

booleanOutput only
mount_path

Vault PKI mount path where this CA is materialised (e.g., “workspaces/{workspace}/pki/{name}/”).

stringOutput only
created

Timestamp when the CA was created (server-managed).

string format: date-time Output only
updated

Timestamp when the CA metadata was last modified (server-managed).

string format: date-time Output only
location_id

Weak reference to a topology Location — where this resource resides. Defaults to the global location when omitted at creation and is immutable thereafter. Only the global location is available in this release.

stringOutput only
next_page_token

Opaque token for the next page; empty when no more results.

string
Example
{
"certificate_authorities": [
{
"type": "CERTIFICATE_AUTHORITY_TYPE_UNSPECIFIED",
"tags": [
{
"type": "VAULT_TAG_TYPE_UNSPECIFIED"
}
]
}
]
}

Default error response

Media type application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

object
code

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

integer format: int32
message

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

string
details

A list of messages that carry the error details. There is a common set of message types for APIs to use.

Array<object>

Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.

object
@type

The type of the serialized message.

string
key
additional properties
any
Example generated
{
"code": 1,
"message": "example",
"details": [
{
"@type": "example"
}
]
}