> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qoder.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a vault

> Create a Vault for securely storing MCP server credentials.

`POST /api/v1/cloud/vaults`

Creates a new Vault. A Vault is used to securely store credentials for MCP servers. Add credentials with [Create a credential](/cloud-agents/api/vaults/create-credential) after creating the Vault.

## Headers

| Header          | Required | Description         |
| --------------- | -------- | ------------------- |
| `Authorization` | Yes      | `Bearer $QODER_PAT` |
| `Content-Type`  | Yes      | `application/json`  |

## Request body

| Field          | Type   | Required | Description                                |
| -------------- | ------ | -------- | ------------------------------------------ |
| `display_name` | string | Yes      | Vault display name, maximum 255 characters |
| `metadata`     | object | No       | Custom metadata                            |

## Example request

```bash theme={null}
curl -X POST https://api.qoder.com/api/v1/cloud/vaults \
  -H "Authorization: Bearer $QODER_PAT" \
  -H "Content-Type: application/json" \
  -d '{
    "display_name": "my-mcp-vault",
    "metadata": {"team": "docs"}
  }'
```

## Example response

**HTTP 200 OK**

```json theme={null}
{
  "id": "vault_019e3bb940277f0db05ab74291acf6ef",
  "type": "vault",
  "display_name": "my-mcp-vault",
  "metadata": {
    "team": "docs"
  },
  "credentials": [],
  "archived_at": null,
  "created_at": "2026-05-18T15:34:16.874877Z",
  "updated_at": "2026-05-18T15:34:16.874877Z"
}
```

## Response fields

| Field          | Type           | Description                                      |
| -------------- | -------------- | ------------------------------------------------ |
| `id`           | string         | Vault unique identifier with the `vault_` prefix |
| `type`         | string         | Always `"vault"`                                 |
| `display_name` | string         | Vault display name                               |
| `metadata`     | object         | Custom metadata                                  |
| `credentials`  | array          | Empty array for normal create requests           |
| `archived_at`  | string \| null | Archive time, or `null` when active              |
| `created_at`   | string         | Creation time (ISO 8601)                         |
| `updated_at`   | string         | Last update time (ISO 8601)                      |

## Errors

| HTTP | Type                    | Trigger                                                                                            |
| ---- | ----------------------- | -------------------------------------------------------------------------------------------------- |
| 400  | `invalid_request_error` | Missing `display_name`, invalid `display_name`, invalid `metadata`, or too many inline credentials |
| 401  | `TOKEN_INVALID`         | Missing or invalid authentication token                                                            |

See [Errors](/cloud-agents/api/conventions/errors) for the full error envelope.

## Related

<CardGroup cols={2}>
  <Card title="Authenticate with vaults" icon="key" href="/cloud-agents/vaults">
    Store and inject secrets safely into agent sessions.
  </Card>
</CardGroup>
