> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://platform.bctrl.ai/llms.txt.
> For full documentation content, see https://platform.bctrl.ai/llms-full.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://platform.bctrl.ai/_mcp/server.

# Get Secret Value

GET https://api.bctrl.ai/v1/vault/secrets/{key}/value

Read one vault secret value. Runtime-bound callers are still governed by vault policy and raw-read settings.

Reference: https://platform.bctrl.ai/api/api-reference/vault/value

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: bctrl API
  version: 1.0.0
paths:
  /v1/vault/secrets/{key}/value:
    get:
      operationId: secrets-value
      summary: Read vault secret value
      description: >-
        Read one vault secret value. Runtime-bound callers are still governed by
        vault policy and raw-read settings.
      tags:
        - subpackage_vault
      parameters:
        - name: key
          in: path
          required: true
          schema:
            type: string
        - name: Authorization
          in: header
          description: Use Bearer <api-key>.
          required: true
          schema:
            type: string
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/VaultSecretValue'
        '401':
          description: 'Authentication required: the API key is missing or invalid.'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: 'Forbidden: the API key cannot access this resource.'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: >-
            The requested resource was not found. Example code:
            `vault.secrets.not_found`.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
servers:
  - url: https://api.bctrl.ai
    description: Production
  - url: http://localhost:8787
    description: Local development gateway
components:
  schemas:
    VaultSecretValue:
      oneOf:
        - type: object
          properties:
            type:
              type: string
              enum:
                - login
              description: 'Discriminator value: login'
            key:
              type: string
            label:
              type: string
            notes:
              type: string
            originPatterns:
              type: array
              items:
                type: string
            origins:
              type: array
              items:
                type: string
            password:
              type: string
            username:
              type: string
          required:
            - type
            - key
            - password
            - username
          description: login variant
        - type: object
          properties:
            type:
              type: string
              enum:
                - value
              description: 'Discriminator value: value'
            key:
              type: string
            label:
              type: string
            notes:
              type: string
            originPatterns:
              type: array
              items:
                type: string
            origins:
              type: array
              items:
                type: string
            value:
              type: string
          required:
            - type
            - key
            - value
          description: value variant
      discriminator:
        propertyName: type
      title: VaultSecretValue
    ErrorResponseReasonClass:
      type: string
      enum:
        - invalid_input
        - unauthorized
        - capability_denied
        - capability_limit_exceeded
        - rate_limited
        - not_found
        - conflict
        - upstream
        - server
      description: Stable public error category for programmatic branching.
      title: ErrorResponseReasonClass
    ErrorResponse:
      type: object
      properties:
        code:
          type: string
          description: >-
            Stable, dot-namespaced error code, e.g. "runtime.not_found" or
            "request.invalid".
        details:
          type: object
          additionalProperties:
            description: Any type
          description: >-
            Resource-specific structured context. Use `code` and `reasonClass`
            for branching.
        error:
          type: string
        hint:
          type: string
          description: Optional next action for recoverable errors, e.g. "retry after 2s".
        reasonClass:
          $ref: '#/components/schemas/ErrorResponseReasonClass'
          description: Stable public error category for programmatic branching.
        requestId:
          type: string
      required:
        - code
        - error
      title: ErrorResponse
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: Use Bearer <api-key>.

```

## Examples



**Request**

```json
{}
```

**Response**

```json
{
  "type": "login",
  "key": "database/production/admin",
  "password": "S3cureP@ssw0rd!",
  "username": "prod_admin",
  "label": "Production Database Admin Credentials",
  "notes": "Credentials for the primary production database admin user.",
  "originPatterns": [
    "https://app.bctrl.ai/*",
    "https://admin.bctrl.ai/*"
  ],
  "origins": [
    "https://app.bctrl.ai",
    "https://admin.bctrl.ai"
  ]
}
```

**SDK Code**

```python
import requests

url = "https://api.bctrl.ai/v1/vault/secrets/key/value"

payload = {}
headers = {
    "Authorization": "Bearer <token>",
    "Content-Type": "application/json"
}

response = requests.get(url, json=payload, headers=headers)

print(response.json())
```

```javascript
const url = 'https://api.bctrl.ai/v1/vault/secrets/key/value';
const options = {
  method: 'GET',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: '{}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.bctrl.ai/v1/vault/secrets/key/value"

	payload := strings.NewReader("{}")

	req, _ := http.NewRequest("GET", url, payload)

	req.Header.Add("Authorization", "Bearer <token>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby
require 'uri'
require 'net/http'

url = URI("https://api.bctrl.ai/v1/vault/secrets/key/value")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{}"

response = http.request(request)
puts response.read_body
```

```java
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.get("https://api.bctrl.ai/v1/vault/secrets/key/value")
  .header("Authorization", "Bearer <token>")
  .header("Content-Type", "application/json")
  .body("{}")
  .asString();
```

```php
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('GET', 'https://api.bctrl.ai/v1/vault/secrets/key/value', [
  'body' => '{}',
  'headers' => [
    'Authorization' => 'Bearer <token>',
    'Content-Type' => 'application/json',
  ],
]);

echo $response->getBody();
```

```csharp
using RestSharp;

var client = new RestClient("https://api.bctrl.ai/v1/vault/secrets/key/value");
var request = new RestRequest(Method.GET);
request.AddHeader("Authorization", "Bearer <token>");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift
import Foundation

let headers = [
  "Authorization": "Bearer <token>",
  "Content-Type": "application/json"
]
let parameters = [] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.bctrl.ai/v1/vault/secrets/key/value")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```