Archives (soft-deletes) a vault item. The item will no longer appear in listings but is retained for audit purposes.
DELETE /api/v1/machine/vault/:vaultId/items/:itemIdsignerEncryptionKeyId matching the agent's active registered encryption key.| Header | Type | Required | Description |
|---|---|---|---|
X-API-Key | string | Yes | Your API key |
Content-Type | string | Yes | Must be application/json |
| Parameter | Type | Required | Description |
|---|---|---|---|
vaultId | string | Yes | The unique identifier of the vault |
itemId | string | Yes | The unique identifier of the vault item to archive |
| Field | Type | Required | Description |
|---|---|---|---|
summaryCheckpoint | object | Yes | Signed replacement vault summary checkpoint after the item is removed |
Success (204 No Content)
No response body is returned on success.
403 Forbidden - Caller cannot satisfy zero-trust checkpoint requirements
{
"error": {
"code": "checkpoint_signer_required",
"message": "Machine write endpoints require either a USER, TENANT, or ORG API key backed by an active user key pair, or an AGENT-scoped API key backed by the agent's active encryption key."
}
}404 Not Found - Vault item not found or not accessible
{
"error": {
"code": "vault_item_not_found",
"message": "The vault item with ID \"507f1f77bcf86cd799439021\" was not found or you do not have access to it."
}
}curl -X DELETE "https://r4.dev/api/v1/machine/vault/507f1f77bcf86cd799439011/items/507f1f77bcf86cd799439021" \
-H "X-API-Key: rk_abc123def456.ghijklmnopqrstuvwxyz" \
-H "Content-Type: application/json" \
-d '{
"summaryCheckpoint": {
"checkpoint": {
"vaultId": "507f1f77bcf86cd799439011",
"version": 10,
"name": "Production Secrets",
"dataClassification": "CONFIDENTIAL",
"currentDekVersion": 3,
"items": [],
"groups": []
},
"signerUserKeyPairId": "507f1f77bcf86cd799439099",
"signature": "base64-signature"
}
}'summaryCheckpoint is what lets zero-trust runtimes authenticate the new post-delete item listing.