Resolve access items
POST /api/v1/access/resolve
Resolves the given access items by checking host sources and computing the injections (env vars, mounts) that would be applied to containers. Used by the UI “Test” button to preview resolution without creating a container.
Request Body required
Section titled “Request Body required ”Item IDs to resolve
object
Item IDs to resolve
object
object
BuiltIn is true for items that ship with Warden.
Credentials are the individual credential entries in this group.
object
Injections are the container-side delivery targets.
object
Key is the env var name or container path for the injection target.
ReadOnly applies to mount injections — when true the mount is read-only.
Type is the injection kind (env, mount_file, mount_socket).
Value is a static override for the resolved value. When set, this is used instead of the source-resolved value. Useful when the injection needs a fixed container-side path (e.g. SSH_AUTH_SOCK env var pointing to the container socket path).
Label is a human-readable name for this credential (e.g. “SSH Agent Socket”).
Sources are tried in order; the first detected value is used.
object
Type is the kind of host source.
Value is the env var name, file path, socket path, or command string.
Transform is an optional processing step applied to the resolved value.
object
Params holds type-specific configuration (e.g. “pattern” for strip_lines).
object
Type identifies the transformation.
Description explains what this access item provides.
ID is a stable identifier. Built-in items use well-known IDs (e.g. “git”, “ssh”); user items get generated UUIDs.
Label is the human-readable display name (e.g. “Git Config”).
Method is the delivery strategy (only “transport” for now).
Responses
Section titled “ Responses ”OK
object
object
Credentials contains per-credential resolution results.
object
Error is set when resolution failed (distinct from “not detected”).
Injections are the resolved container-side deliveries.
object
Key is the env var name or container path.
ReadOnly applies to mount injections.
Type is the injection kind (env, mount_file, mount_socket).
Value is the resolved content (env var value, host file path, or host socket path).
Label is the credential’s human-readable name.
Resolved is true when a source was detected and all injections were produced.
SourceMatched describes which source was matched (empty when unresolved).
ID is the access item identifier.
Label is the access item display name.
Invalid request body
object
Item not found
object
Internal Server Error