QuantumAPI

QuantumVault

February 17, 2026 February 17, 2026 v1.0.0+

QuantumVault is a quantum-safe secret and key management system. It provides encrypted storage for secrets, credentials, API keys, certificates, and any sensitive data your applications need — protected by post-quantum cryptography (NIST FIPS 203/204/205) and QRNG-generated entropy.

Unlike traditional secret managers that rely on algorithms vulnerable to quantum computers, QuantumVault uses envelope encryption with AES-256-GCM and quantum random nonces. Each tenant's data is isolated with per-tenant encryption keys, ensuring that a compromise of one tenant never affects another.

Key features

Secrets Management

Store any type of secret with rich metadata, labels, custom fields, versioning, and full audit trail.

Secure Sharing

Share secrets via time-limited, password-protected links or directly with team members via access policies.

Vault Health

Automated security scoring across 5 categories: password strength, reuse, freshness, 2FA coverage, and URL security.

SSH Certificate Authority

Built-in SSH CA for signing user keys. Eliminate static SSH keys and manage access centrally.

Secret References

Compose connection strings and configs from individual secrets using ${ref_key} template syntax.

Rotation Policies

Automate credential rotation with configurable intervals, grace periods, and notification alerts.

Dynamic Secrets

Generate short-lived database credentials on demand. Automatic revocation when the lease expires.

Import & Export

Migrate from Bitwarden, 1Password, or other tools. Export as CSV, JSON, or encrypted JSON backups.

Access Control

Fine-grained permissions (read, reveal, manage, delete) with resource groups and access policies.

Encryption architecture

All data at rest is protected using envelope encryption. A platform master key wraps per-tenant data encryption keys, which in turn encrypt individual secret values using AES-256-GCM with QRNG-generated nonces. This ensures that even if the database is compromised, encrypted data remains unreadable without the master key chain.

Encryption architecture
┌─────────────────────────────────────────────────┐
│  Platform Master Key (QAPI_MASTER_KEY)       │
│  ── wraps ──▶  Per-Tenant Data Keys             │
│                  ── encrypts ──▶  Secret Values  │
│                                                   │
│  AES-256-GCM  +  QRNG nonces  +  Argon2id KDF  │
└─────────────────────────────────────────────────┘

Quick start

The fastest way to get started is through the Tenant Portal UI, but you can also manage secrets programmatically via the REST API.

Create a secret via API
curl -X POST https://api.quantumapi.eu/api/v1/secrets \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "database-password",
    "value": "super-secret-value",
    "contentType": "password",
    "labels": ["production", "database"],
    "expiresAt": "2027-01-01T00:00:00Z"
  }'
Retrieve a secret
curl https://api.quantumapi.eu/api/v1/secrets/{id}/value \
  -H "Authorization: Bearer <token>"

Next steps

Learn about secret types and metadata

Learn more

Set up vault health monitoring

Learn more

Share secrets securely

Learn more

Configure SSH Certificate Authority

Learn more
qapi — QuantumAPI CLI Documentation