open-vault/website/content/api-docs/system/tools.mdx

---
layout: api
page_title: /sys/tools - HTTP API
description: This is the API documentation for a general set of crypto  tools.
---

# `/sys/tools`

The `/sys/tools` endpoints are a general set of tools.

## Generate Random Bytes

This endpoint returns high-quality random bytes of the specified length.

| Method | Path                                   |
| :----- | :------------------------------------- |
| `POST` | `/sys/tools/random(/:source)(/:bytes)` |

### Parameters

- `bytes` `(int: 32)` – Specifies the number of bytes to return. This value can
  be specified either in the request body, or as a part of the URL.

- `format` `(string: "base64")` – Specifies the output encoding. Valid options
  are `hex` or `base64`.

- `source` `(string: "platform")` - Specifies the source of the requested bytes.
  `platform`, the default, sources bytes from the platform's entropy source. 
  `seal` sources from entropy augmentation (enterprise only).
  `all` mixes bytes from all available sources.

### Sample Payload

```json
{
  "format": "hex"
}
```

### Sample Request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/tools/random/164
```

### Sample Response

```json
{
  "data": {
    "random_bytes": "dGhlIHF1aWNrIGJyb3duIGZveAo="
  }
}
```

## Hash Data

This endpoint returns the cryptographic hash of given data using the specified
algorithm.

| Method | Path                           |
| :----- | :----------------------------- |
| `POST` | `/sys/tools/hash(/:algorithm)` |

### Parameters

- `algorithm` `(string: "sha2-256")` – Specifies the hash algorithm to use. This
  can also be specified as part of the URL. Currently-supported algorithms are:

  - `sha2-224`
  - `sha2-256`
  - `sha2-384`
  - `sha2-512`
  - `sha3-224`
  - `sha3-256`
  - `sha3-384`
  - `sha3-512`

  ~> **Note**: In FIPS 140-2 mode, the following algorithms are not certified
     and thus should not be used: `sha3-224`, `sha3-256`, `sha3-384`, and
     `sha3-512`.

- `input` `(string: <required>)` – Specifies the **base64 encoded** input data.

- `format` `(string: "hex")` – Specifies the output encoding. This can be either
  `hex` or `base64`.

### Sample Payload

```json
{
  "input": "adba32=="
}
```

### Sample Request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/tools/hash/sha2-512
```

### Sample Response

```json
{
  "data": {
    "sum": "dGhlIHF1aWNrIGJyb3duIGZveAo="
  }
}
```
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
+								---
-												New Website! (#8154)

* new documentation website

* ci job adjustment

* update to latest version on downloads page

* remove transition-period scripts

* add netlify toml file

* fix docs patch

* fix ci config?

* revert go.mod changes

* a couple last markdown formatting fixes

											
										
										
											2020-01-18 00:18:09 +00:00
+								layout: api
 								page_title: /sys/tools - HTTP API
 								description: This is the API documentation for a general set of crypto  tools.
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
+								---
 								# `/sys/tools`
 								The `/sys/tools` endpoints are a general set of tools.
 								## Generate Random Bytes
 								This endpoint returns high-quality random bytes of the specified length.
-												Allow callers to choose the entropy source for the random endpoints. (#15213)

* Allow callers to choose the entropy source for the random endpoints

* Put source in the URL for sys as well

* changelog

* docs

* Fix unit tests, and add coverage

* refactor to use a single common implementation

* Update documentation

* one more tweak

* more cleanup

* Readd lost test expected code

* fmt

											
										
										
											2022-05-02 19:42:07 +00:00
+								| Method | Path                                   |
 								| :----- | :------------------------------------- |
 								| `POST` | `/sys/tools/random(/:source)(/:bytes)` |
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
 								### Parameters
 								- `bytes` `(int: 32)` – Specifies the number of bytes to return. This value can
 								  be specified either in the request body, or as a part of the URL.
 								- `format` `(string: "base64")` – Specifies the output encoding. Valid options
 								  are `hex` or `base64`.
-												Allow callers to choose the entropy source for the random endpoints. (#15213)

* Allow callers to choose the entropy source for the random endpoints

* Put source in the URL for sys as well

* changelog

* docs

* Fix unit tests, and add coverage

* refactor to use a single common implementation

* Update documentation

* one more tweak

* more cleanup

* Readd lost test expected code

* fmt

											
										
										
											2022-05-02 19:42:07 +00:00
+								- `source` `(string: "platform")` - Specifies the source of the requested bytes.
 								  `platform`, the default, sources bytes from the platform's entropy source.
 								  `seal` sources from entropy augmentation (enterprise only).
 								  `all` mixes bytes from all available sources.
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
+								### Sample Payload
 								```json
 								{
 								  "format": "hex"
 								}
 								```
 								### Sample Request
-												🌷 Docs Website Maintenance (#8985)

* website maintenance round
* improve docs, revert bug workaround as it was fixed
* boost memory
* remove unnecessary code

											
										
										
											2020-05-21 17:18:17 +00:00
+								```shell-session
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
+								$ curl \
 								    --header "X-Vault-Token: ..." \
 								    --request POST \
 								    --data @payload.json \
-												Drop vault.rocks (#4186)


											
										
										
											2018-03-23 15:41:51 +00:00
+								    http://127.0.0.1:8200/v1/sys/tools/random/164
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
+								```
 								### Sample Response
 								```json
 								{
 								  "data": {
 								    "random_bytes": "dGhlIHF1aWNrIGJyb3duIGZveAo="
 								  }
 								}
 								```
 								## Hash Data
 								This endpoint returns the cryptographic hash of given data using the specified
 								algorithm.
-												New Website! (#8154)

* new documentation website

* ci job adjustment

* update to latest version on downloads page

* remove transition-period scripts

* add netlify toml file

* fix docs patch

* fix ci config?

* revert go.mod changes

* a couple last markdown formatting fixes

											
										
										
											2020-01-18 00:18:09 +00:00
+								| Method | Path                           |
 								| :----- | :----------------------------- |
 								| `POST` | `/sys/tools/hash(/:algorithm)` |
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
 								### Parameters
 								- `algorithm` `(string: "sha2-256")` – Specifies the hash algorithm to use. This
 								  can also be specified as part of the URL. Currently-supported algorithms are:
-												New Website! (#8154)

* new documentation website

* ci job adjustment

* update to latest version on downloads page

* remove transition-period scripts

* add netlify toml file

* fix docs patch

* fix ci config?

* revert go.mod changes

* a couple last markdown formatting fixes

											
										
										
											2020-01-18 00:18:09 +00:00
+								  - `sha2-224`
 								  - `sha2-256`
 								  - `sha2-384`
 								  - `sha2-512`
-												Adds support for SHA-3 to transit (#13367)

* Adding support for SHA3 in the transit backend.

* Adds SHA-3 tests for transit sign/verify path. Adds SHA-3 tests for logical system tools path hash functionality. Updates documentation to include SHA-3 algorithms in system tools path hashing.

* Adds changelog entry.

Co-authored-by: robison jacka <robison@packetized.io>

											
										
										
											2021-12-08 18:29:33 +00:00
+								  - `sha3-224`
 								  - `sha3-256`
 								  - `sha3-384`
 								  - `sha3-512`
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
-												Start documentation for FIPS variants of Vault Enterprise (#15475)

* Begin restructuring FIPS documentation

This creates a new FIPS category under Enterprise and copies the
FIPS-specific seal wrap documentation into it.

We leave the existing Seal Wrap page at the old path, but document that
the FIPS-specific portions of it have moved.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial FIPS 140-2 inside documentation

This documents the new FIPS 140-2 Inside binary and how to use and
validate it. This also documents which algorithms are certified for
use in the BoringCrypto distribution.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add notes about FIPS algorithm restrictions

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

											
										
										
											2022-05-17 20:28:20 +00:00
+								  ~> **Note**: In FIPS 140-2 mode, the following algorithms are not certified
 								     and thus should not be used: `sha3-224`, `sha3-256`, `sha3-384`, and
 								     `sha3-512`.
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
+								- `input` `(string: <required>)` – Specifies the **base64 encoded** input data.
 								- `format` `(string: "hex")` – Specifies the output encoding. This can be either
 								  `hex` or `base64`.
 								### Sample Payload
 								```json
 								{
 								  "input": "adba32=="
 								}
 								```
 								### Sample Request
-												🌷 Docs Website Maintenance (#8985)

* website maintenance round
* improve docs, revert bug workaround as it was fixed
* boost memory
* remove unnecessary code

											
										
										
											2020-05-21 17:18:17 +00:00
+								```shell-session
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
+								$ curl \
 								    --header "X-Vault-Token: ..." \
 								    --request POST \
 								    --data @payload.json \
-												Drop vault.rocks (#4186)


											
										
										
											2018-03-23 15:41:51 +00:00
+								    http://127.0.0.1:8200/v1/sys/tools/hash/sha2-512
-												copying general purpose tools from transit backend to /sys/tools (#3391)


											
										
										
											2017-10-20 14:59:17 +00:00
+								```
 								### Sample Response
 								```json
 								{
 								  "data": {
 								    "sum": "dGhlIHF1aWNrIGJyb3duIGZveAo="
 								  }
 								}
 								```