Vaults

Vaults are containers that organize your files. Every file belongs to exactly one vault.

Visibility

Vaults have a visibility setting that determines access control and encryption behavior:

	Public	Private
Authentication	Files accessible without auth	Requires API key or JWT
Encryption	None — files stored as plaintext	Client-side AES-256-GCM
Sharing	Direct URLs anyone can access	Only authenticated owner
Use case	Public assets, open data	Sensitive documents, personal files

Caution

Vault visibility is immutable — it cannot be changed after creation. Choose carefully.

Default vault

Every account has a default vault (public). It’s created automatically when your account is set up. You can use it immediately without creating a vault first.

Creating vaults

TypeScript

// Public vault — no encryption
const publicVault = await tusky.vaults.create({
  name: 'Public Assets',
  visibility: 'public',
});

// Private vault — requires encryption setup
const privateVault = await tusky.vaults.create({
  name: 'Sensitive Docs',
  visibility: 'private',
});

Python

# Public vault
resp = requests.post(
    "https://api.opentusk.ai/api/vaults",
    headers=headers,
    json={"name": "Public Assets", "visibility": "public"},
)

# Private vault
resp = requests.post(
    "https://api.opentusk.ai/api/vaults",
    headers=headers,
    json={"name": "Sensitive Docs", "visibility": "private"},
)

Deleting vaults

Vaults can only be deleted when empty. Use force: true to move all files to trash first:

// Moves files to trash, then deletes the vault
await tusky.vaults.delete(vault.id, { force: true });

Deleted vaults go to trash with a 7-day grace period before permanent deletion.