--- title: Create a vault entry slug: m3a90243 canonical_url: https://docs.coveo.com/en/m3a90243/ collection: manage-an-organization source_format: adoc --- # Create a vault entry Vault entries are sensitive and restricted key-value pairs stored in the [Vault resource of the Coveo Migration API](https://platform.cloud.coveo.com/docs?urls.primaryName=Migration#/Vault). The API uses these entries to migrate sensitive information leveraged by your resources, such as passwords, secrets, and keys, used to [index](https://docs.coveo.com/en/204/) content. You can also [use vault entries in indexing pipeline extensions](https://docs.coveo.com/en/l9he0046/) (IPEs). > **Note** > > When [applying a snapshot to an organization](https://docs.coveo.com/en/3239#apply-a-snapshot-to-an-organization), you can typically use a purpose-built **Allow import** button to automatically import vault parameters from the origin organization. > > If there remain missing vault entries after the import, you must create them manually. This article provides an example showing how to create vault entries using the [`GET /vaultentries/missing`](https://platform.cloud.coveo.com/docs?urls.primaryName=Migration#/Vault/rest_organizations_paramId_vaultentries_missing_get) and [`POST /vaultentries`](https://platform.cloud.coveo.com/docs?urls.primaryName=Migration#/Vault/rest_organizations_paramId_vaultentries_post) endpoints. ## Example You want to apply a snapshot to an organization, but when checking the prerequisites, you receive an error message. ![Checking prerequisites when some are missing](https://docs.coveo.com/en/assets/images/index-content/snapshot-check-prereqs.png) You try clicking the **Allow import** button, but you then receive another error message stating that some information is still missing. A likely cause is that you've deleted the vault entry from the origin organization. You therefore use the [`GET /vaultentries/missing`](https://platform.cloud.coveo.com/docs?urls.primaryName=Migration#/Vault/rest_organizations_paramId_vaultentries_missing_get) endpoint to see which vault entry is missing. To make that request, you first need to retrieve the ID of your snapshot. You do so by retrieving the last string of the URL of the target snapshot page in the Administration Console. (An alternative would be using the [`GET /shapshot`)(https://platform.cloud.coveo.com/docs?urls.primaryName=Migration#/Snapshot/rest_organizations_paramId_snapshots_get) endpoint to list the snapshots in your organization.] ``` https://platform.cloud.coveo.com/admin/#destinationorganizationid/organization/resource-snapshots/destinationorganizationid-ucbeikkpvxek36wnh4apoe2fnu ``` Now that you have the target snapshot ID, that is, `destinationorganizationid-ucbeikkpvxek36wnh4apoe2fnu`, you make a `GET /vaultentries/missing` request, setting the `snapshotId` query parameter value to that ID. ```http GET https://platform.cloud.coveo.com/rest/organizations/destinationorganizationid/vaultentries/missing?snapshotId=destinationorganizationid-ucbeikkpvxek36wnh4apoe2fnu HTTP/1.1 Accept: application/json Content-Type: application/json ``` In the response, you learn that the following vault entry is missing: ```json { "missingVaultEntries": [ "originorganizationid_iynO7X-configuration.parameters.secretKey.value" ] } ``` Opening the snapshot JSON, you notice that it's for the `secretKey` parameter used as a credential by one of your sources. Depending on the resource, you may see another parameter (for example, `consumerKey`) in place of `secretKey`. ``` // ... "SOURCE": [ { "model": { // ... "configuration": { // ... "parameters": { // ... "secretKey": { "sensitive": true, "value": "{{ VAULT.originorganizationid_iynO7X-configuration.parameters.secretKey.value }}" } }, // ... } // ... } // ... } ] // ... ``` You therefore use the [`POST /vaultentries`](https://platform.cloud.coveo.com/docs?urls.primaryName=Migration#/Vault/rest_organizations_paramId_vaultentries_post) endpoint to create the target vault entry in your destination organization. ```http POST https://platform.cloud.coveo.com/rest/organizations/destinationorganizationid/vaultentries HTTP/1.1 Accept: application/json Content-Type: application/json ``` Request payload: ```json { "attributeReferences": [ { "jsonPath": "configuration.parameters.secretKey.value", <1> "resourceName": "originorganizationid_iynO7X", <2> "resourceType": "SOURCE" } ], "key": "originorganizationid_iyn07x-configuration.parameters.secretKey.value", <3> "value": "s8h#kj%43s", <4> "organizationId": "destinationorganizationid", <5> "valueType": "STRING", "vaultVisibilityType": "OBFUSCATED" } ``` <1> To determine the `jsonPath` value, you open the snapshot JSON content to find out the path to the target key from its parent resource model. In this case, it's `configuration.parameters.secretKey.value`. ``` // ... "SOURCE": [ { "model": { // ... "configuration": { // ... "parameters": { // ... "secretKey": { "sensitive": true, "value": "{{ VAULT.originorganizationid_iynO7X-configuration.parameters.secretKey.value }}" } }, // ... } // ... } // ... "resourceName": "originorganizationid_iynO7X" } ] // ... ``` <2> The `resourceName` of the resource using your vault entry. You can find its name in the snapshot JSON content as well. <3> The `key` of the missing vault entry you are creating, namely `originorganizationid_iyn07x-configuration.parameters.secretKey.value`. <4> Then, you set the vault entry `value` to `s8h#kj%43s`, which is the credential needed to access the content your source indexes. <5> You set the unique identifier of the destination organization as the value of the `organizationId` parameter. After sending this request, you go back to the Administration Console, refresh your browser, and check that your snapshot prerequisites are now satisfied. ![Successful prerequisite check after adding vault entry](https://docs.coveo.com/en/assets/images/index-content/snapshot-prereq-met.png)