Vaults are secure wallet containers that hold blockchain addresses and signing keys. They are the foundation of asset custody in Cubewire.
A vault represents a secure wallet with:
Cubewire uses HSM vault security. You must specify the vault type when creating a vault.
Currently Available — HSM vaults store keys in certified tamper-resistant hardware, providing enterprise-grade security for digital asset custody.
| Property | Description |
|---|---|
| Key Storage | FIPS 140-2 Level 3 certified hardware |
| Key Export | Impossible — keys never leave HSM |
| Signing | Hardware-accelerated cryptographic operations |
| Best For | Regulatory compliance, traditional finance |
Key Security Features:
When to Use HSM:
| Field | Type | Description |
|---|---|---|
id | UUID | Unique vault identifier (auto-generated) |
name | string | Human-readable name (unique within organization, max 255 char) |
type | enum | Vault type — HSM |
status | enum | Vault status - active or inactive |
keyStatus | enum | Key generation status - ready, pending, or failed |
keyError | string | Error message if key generation failed (nullable) |
userId | UUID | ID of user who created the vault |
organizationId | UUID | Organization ID that owns the vault |
address | string | Blockchain address (0x..., null until key generation complete) |
bsb | string | Bank State Branch code (Australian banking integration, nullable) |
accountNumber | string | Bank account number (for traditional banking integration, nullable) |
groupName | string | Organizational grouping (e.g., 'Finance Department', nullable) |
tags | string[] | Metadata tags for categorization and filtering |
createdAt | datetime | Creation timestamp (ISO 8601, UTC) |
updatedAt | datetime | Last modification timestamp (ISO 8601, UTC) |
assets | array | Array of asset balances associated with this vault |
user | object | Nested user object containing user id |
Vaults can sign and submit blockchain transactions:
Vaults support signing EIP-712 structured data for:
Before submitting transactions, vaults can estimate gas fees to help you:
Long-term storage of organizational funds with maximum security.
Day-to-day transactions like payroll, vendor payments.
Processing customer transactions and settlements.
| Recommendation | Description |
|---|---|
| Deactivate unused vaults | Reduce attack surface |
| Regular audits | Review vault inventory periodically |
| Separate hot/cold | Use different vaults for different risk profiles |
For complete API documentation including endpoints, request/response examples, and code samples:
GET /api/v1/vaultsPOST /api/v1/vaultsGET /api/v1/vaults/{id}PATCH /api/v1/vaults/{id}PUT /api/v1/vaults/{id}DELETE /api/v1/vaults/{id}POST /api/v1/vaults/{id}/archiveGET /api/v1/vaults/address/{address}POST /api/v1/vaults/address/{address}/estimate-gasPOST /api/v1/vaults/tradfi/resolve-vaultsGET /api/v1/vaults/{id}/assetsPOST /api/v1/vaults/{id}/assetsGET /api/v1/vaults/{id}/noncePOST /api/v1/vaults/{id}/deactivateVaults are secure wallet containers that hold blockchain addresses and signing keys. They are the foundation of asset custody in Cubewire.
A vault represents a secure wallet with:
Cubewire uses HSM vault security. You must specify the vault type when creating a vault.
Currently Available — HSM vaults store keys in certified tamper-resistant hardware, providing enterprise-grade security for digital asset custody.
| Property | Description |
|---|---|
| Key Storage | FIPS 140-2 Level 3 certified hardware |
| Key Export | Impossible — keys never leave HSM |
| Signing | Hardware-accelerated cryptographic operations |
| Best For | Regulatory compliance, traditional finance |
Key Security Features:
When to Use HSM:
| Field | Type | Description |
|---|---|---|
id | UUID | Unique vault identifier (auto-generated) |
name | string | Human-readable name (unique within organization, max 255 char) |
type | enum | Vault type — HSM |
status | enum | Vault status - active or inactive |
keyStatus | enum | Key generation status - ready, pending, or failed |
keyError | string | Error message if key generation failed (nullable) |
userId | UUID | ID of user who created the vault |
organizationId | UUID | Organization ID that owns the vault |
address | string | Blockchain address (0x..., null until key generation complete) |
bsb | string | Bank State Branch code (Australian banking integration, nullable) |
accountNumber | string | Bank account number (for traditional banking integration, nullable) |
groupName | string | Organizational grouping (e.g., 'Finance Department', nullable) |
tags | string[] | Metadata tags for categorization and filtering |
createdAt | datetime | Creation timestamp (ISO 8601, UTC) |
updatedAt | datetime | Last modification timestamp (ISO 8601, UTC) |
assets | array | Array of asset balances associated with this vault |
user | object | Nested user object containing user id |
Vaults can sign and submit blockchain transactions:
Vaults support signing EIP-712 structured data for:
Before submitting transactions, vaults can estimate gas fees to help you:
Long-term storage of organizational funds with maximum security.
Day-to-day transactions like payroll, vendor payments.
Processing customer transactions and settlements.
| Recommendation | Description |
|---|---|
| Deactivate unused vaults | Reduce attack surface |
| Regular audits | Review vault inventory periodically |
| Separate hot/cold | Use different vaults for different risk profiles |
For complete API documentation including endpoints, request/response examples, and code samples:
GET /api/v1/vaultsPOST /api/v1/vaultsGET /api/v1/vaults/{id}PATCH /api/v1/vaults/{id}PUT /api/v1/vaults/{id}DELETE /api/v1/vaults/{id}POST /api/v1/vaults/{id}/archiveGET /api/v1/vaults/address/{address}POST /api/v1/vaults/address/{address}/estimate-gasPOST /api/v1/vaults/tradfi/resolve-vaultsGET /api/v1/vaults/{id}/assetsPOST /api/v1/vaults/{id}/assetsGET /api/v1/vaults/{id}/noncePOST /api/v1/vaults/{id}/deactivate