.. _export_key:

Method: Export Key
------------------

Description
~~~~~~~~~~~

This endpoint exports (un-wraps) the named key and returns the plaintext of the encryption key. 
If version is specified, the specific version will be returned. 

.. note:: The key must be set to :ref:`allow_export<allow_export>` to support this operation.
.. note:: This endpoint requires :ref:`Admin<bits>` permission in the affected vault.

URL Syntax
~~~~~~~~~~

/api/{version}/transparent/export/:vaultid/:name(/:key_version)

HTTP Method
~~~~~~~~~~~

GET

Successful HTTP Response
~~~~~~~~~~~~~~~~~~~~~~~~

200

Parameters
~~~~~~~~~~

+----------------+------------------+----------------+---------+---------+-----------+------------------+
| Parameter name |   Description    | Parameter type |  Type   | Default | Mandatory |     Comment      |
+================+==================+================+=========+=========+===========+==================+
| X-Http-Token   | StoredSafe token | HTTP Header    | String  |         | :sup:`1)` | Preferred method |
+----------------+------------------+----------------+---------+---------+-----------+------------------+
| token          | StoredSafe token | JSON-encoded   | String  |         | :sup:`1)` | Legacy method    |
+----------------+------------------+----------------+---------+---------+-----------+------------------+
| vaultid        | Vault-ID         | URL-encoded    | String  |         | Yes       |                  |
+----------------+------------------+----------------+---------+---------+-----------+------------------+
| key_version    | Key version      | URL-encoded    | Integer |         |           |                  |
+----------------+------------------+----------------+---------+---------+-----------+------------------+

.. note:: :sup:`1)` One of the methods is required.

Response Attributes
~~~~~~~~~~~~~~~~~~~

+-----------------------+------------------------------------+---------+
|       Attribute       |            Description             |  Type   |
+=======================+====================================+=========+
| CALLINFO.errorcodes   | Number of errors                   | Integer |
+-----------------------+------------------------------------+---------+
| CALLINFO.errors       | Number of errors                   | Integer |
+-----------------------+------------------------------------+---------+
| CALLINFO.general      | Information                        | Array   |
+-----------------------+------------------------------------+---------+
| CALLINFO.handler      | Handler used                       | String  |
+-----------------------+------------------------------------+---------+
| CALLINFO.status       | SUCCESS or FAIL                    | String  |
+-----------------------+------------------------------------+---------+
| CALLINFO.token        | Rotated StoredSafe token :sup:`1)` | String  |
+-----------------------+------------------------------------+---------+
| KEYS                  | Keys                               | Array   |
+-----------------------+------------------------------------+---------+
| KEYS.name             | Key name                           | String  |
+-----------------------+------------------------------------+---------+
| KEYS.key_version      | Key version                        | String  |
+-----------------------+------------------------------------+---------+
| KEYS.type             | Key type                           | String  |
+-----------------------+------------------------------------+---------+
| DATA                  | Supplied data in prior API-call    | String  |
+-----------------------+------------------------------------+---------+
| HEADERS.(headers)     | HTTP Headers                       | String  |
+-----------------------+------------------------------------+---------+
| PARAMS                | Route parameters (empty)           | Array   |
+-----------------------+------------------------------------+---------+
| ERRORCODES            | Error code and text :sup:`2)`      | Object  |
+-----------------------+------------------------------------+---------+
| ERRORS                | Error code and text :sup:`2)`      | Array   |
+-----------------------+------------------------------------+---------+

.. note:: | :sup:`1)` Token to be used in subsequent calls
   | :sup:`2`) Only present if errors

Examples
~~~~~~~~

Export the named key ``my-new-key`` from the vault (vault-id) 179.

**Request**

::

   GET /api/1.0/transparent/export/179/my-new-key
   x-http-token: your_storedsafe_token

**Response**

::

   HTTP/2 201
   Content-type: application/json; charset=UTF-8
   {
       "CALLINFO": {
           "errorcodes": 0,
           "errors": 0,
           "general": [],
           "handler": "EncryptionHandler",
           "status": "SUCCESS",
           "token": "rotated_storedsafe_token"
       },
       "KEYS": {
           {
               "name": "my-new-key",
               "keys": {
                    "1": "63vYMld6YLxGXkkH5VJKD4yPQkXuBPcvIvVaFs4pIvU=",
                    "2": "f/jKeqC8qNLMMyMXJEpxkx6rVpGBAbgW/1Njpzud55o="
               }
           },
       },
       "DATA": {
           "name": "my-new-key",
           "token": "your_storedsafe_token",
       },
       "HEADERS": {
           "Accept": "*/*",
           "Content-Length": "169",
           "Content-Type": "application/json",
           "Host": "safe.domain.cc",
           "User-Agent": "curl/7.64.1",
           "X-Http-Token": "your_storedsafe_token"
       },
       "PARAMS": []
   }