Create access item
POST /api/v1/access
Creates a new user-defined access item with the given label, description, and credential configuration. Returns the created item with a generated ID.
Request Body required
Section titled “Request Body required ”Access item configuration
object
Access item configuration
object
object
Injections are the container-side delivery targets.
object
Key is the env var name or container path for the injection target.
ReadOnly applies to mount injections — when true the mount is read-only.
Type is the injection kind (env, mount_file, mount_socket).
Value is a static override for the resolved value. When set, this is used instead of the source-resolved value. Useful when the injection needs a fixed container-side path (e.g. SSH_AUTH_SOCK env var pointing to the container socket path).
Label is a human-readable name for this credential (e.g. “SSH Agent Socket”).
Sources are tried in order; the first detected value is used.
object
Type is the kind of host source.
Value is the env var name, file path, socket path, or command string.
Transform is an optional processing step applied to the resolved value.
object
Params holds type-specific configuration (e.g. “pattern” for strip_lines).
object
Type identifies the transformation.
Responses
Section titled “ Responses ”Created
object
BuiltIn is true for items that ship with Warden.
Credentials are the individual credential entries in this group.
object
Injections are the container-side delivery targets.
object
Key is the env var name or container path for the injection target.
ReadOnly applies to mount injections — when true the mount is read-only.
Type is the injection kind (env, mount_file, mount_socket).
Value is a static override for the resolved value. When set, this is used instead of the source-resolved value. Useful when the injection needs a fixed container-side path (e.g. SSH_AUTH_SOCK env var pointing to the container socket path).
Label is a human-readable name for this credential (e.g. “SSH Agent Socket”).
Sources are tried in order; the first detected value is used.
object
Type is the kind of host source.
Value is the env var name, file path, socket path, or command string.
Transform is an optional processing step applied to the resolved value.
object
Params holds type-specific configuration (e.g. “pattern” for strip_lines).
object
Type identifies the transformation.
Description explains what this access item provides.
ID is a stable identifier. Built-in items use well-known IDs (e.g. “git”, “ssh”); user items get generated UUIDs.
Label is the human-readable display name (e.g. “Git Config”).
Method is the delivery strategy (only “transport” for now).
Invalid input (missing label or credentials)
object
Internal Server Error