open-vault/website/source/api/system/unseal.html.md

---
layout: "api"
page_title: "/sys/unseal - HTTP API"
sidebar_current: "docs-http-system-unseal"
description: |-
  The `/sys/unseal` endpoint is used to unseal the Vault.
---

# `/sys/unseal`

The `/sys/seal-unseal` endpoint is used to unseal the Vault.

## Submit Unseal Key

This endpoint is used to enter a single master key share to progress the
unsealing of the Vault. If the threshold number of master key shares is reached,
Vault will attempt to unseal the Vault. Otherwise, this API must be called
multiple times until that threshold is met.

Either the `key` or `reset` parameter must be provided; if both are provided,
`reset` takes precedence.

| Method   | Path                         | Produces               |
| :------- | :--------------------------- | :--------------------- |
| `PUT`    | `/sys/unseal`                | `200 application/json` |

### Parameters

- `key` `(string: "")` – Specifies a single master key share. This is required
  unless `reset` is true.

- `reset` `(bool: false)` – Specifies if previously-provided unseal keys are
  discarded and the unseal process is reset.

### Sample Payload

```json
{
  "key": "abcd1234..."
}
```

### Sample Request

```
$ curl \
    --request PUT \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/unseal
```

### Sample Response

The "t" parameter is the threshold, and "n" is the number of shares.

```json
{
  "sealed": true,
  "t": 3,
  "n": 5,
  "progress": 2,
  "version": "0.6.2"
}
```

Sample response when Vault is unsealed.

```json
{
  "sealed": false,
  "t": 3,
  "n": 5,
  "progress": 0,
  "version": "0.6.2",
  "cluster_name": "vault-cluster-d6ec3c7f",
  "cluster_id": "3e8b3fec-3749-e056-ba41-b62a63b997e8"
}
```
-												Redo docs for system backend

This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.

											
										
										
											2017-03-15 06:40:33 +00:00
+								---
-												/docs/http -> /api

											
										
										
											2017-03-17 18:06:03 +00:00
+								layout: "api"
-												Docs typo fixes (#2830)

* Fix passing payload.json file to curl

* Correct API endpoint

											
										
										
											2017-06-07 14:02:58 +00:00
+								page_title: "/sys/unseal - HTTP API"
-												Redo docs for system backend

This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.

											
										
										
											2017-03-15 06:40:33 +00:00
+								sidebar_current: "docs-http-system-unseal"
 								description: |-
-												Docs typo fixes (#2830)

* Fix passing payload.json file to curl

* Correct API endpoint

											
										
										
											2017-06-07 14:02:58 +00:00
+								  The `/sys/unseal` endpoint is used to unseal the Vault.
-												Redo docs for system backend

This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.

											
										
										
											2017-03-15 06:40:33 +00:00
+								---
 								# `/sys/unseal`
 								The `/sys/seal-unseal` endpoint is used to unseal the Vault.
 								## Submit Unseal Key
 								This endpoint is used to enter a single master key share to progress the
 								unsealing of the Vault. If the threshold number of master key shares is reached,
 								Vault will attempt to unseal the Vault. Otherwise, this API must be called
 								multiple times until that threshold is met.
 								Either the `key` or `reset` parameter must be provided; if both are provided,
 								`reset` takes precedence.
 								| Method   | Path                         | Produces               |
 								| :------- | :--------------------------- | :--------------------- |
 								| `PUT`    | `/sys/unseal`                | `200 application/json` |
 								### Parameters
 								- `key` `(string: "")` – Specifies a single master key share. This is required
 								  unless `reset` is true.
 								- `reset` `(bool: false)` – Specifies if previously-provided unseal keys are
 								  discarded and the unseal process is reset.
 								### Sample Payload
 								```json
 								{
 								  "key": "abcd1234..."
 								}
 								```
 								### Sample Request
 								```
 								$ curl \
 								    --request PUT \
 								    --data @payload.json \
-												Drop vault.rocks (#4186)


											
										
										
											2018-03-23 15:41:51 +00:00
+								    http://127.0.0.1:8200/v1/sys/unseal
-												Redo docs for system backend

This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.

											
										
										
											2017-03-15 06:40:33 +00:00
+								```
 								### Sample Response
 								The "t" parameter is the threshold, and "n" is the number of shares.
 								```json
 								{
 								  "sealed": true,
 								  "t": 3,
 								  "n": 5,
 								  "progress": 2,
 								  "version": "0.6.2"
 								}
 								```
 								Sample response when Vault is unsealed.
 								```json
 								{
 								  "sealed": false,
 								  "t": 3,
 								  "n": 5,
 								  "progress": 0,
 								  "version": "0.6.2",
 								  "cluster_name": "vault-cluster-d6ec3c7f",
 								  "cluster_id": "3e8b3fec-3749-e056-ba41-b62a63b997e8"
 								}
 								```