# `/vault/key` - GET
Returns the encrypted ContentKey of the vault.

## HTTP Headers
| Header        | Content            |
|---------------|--------------------|
| Authorization | `Bearer {token}`   |

## Responses
### 200 - Success
__Content - JSON:__
| Field | Description                      |
|-------|----------------------------------|
| key   | The vaults encrypted ContentKey. |
### 401 - Error: Unauthorized
The provided auth token doesn't allow you to perform this operation.
### 403 - Error: Forbidden
Blocked for security reasons.
### 404 - Error: Not Found
The authorized user has no vault.
This can be fixed with a `/vault/init` call.


# `/vault/key` - PUSH
Uploads a new encrypted ContentKey and with this replacing the old one.
This should __never__ change the ContentKey itself but only the encryption layer around it.
This is intended to be used for password changing only!

## HTTP Headers
| Header        | Content            |
|---------------|--------------------|
| Authorization | `Bearer {token}`   |
| Content-Type  | `application/json` |

## Content - JSON
| Field | Description                      |
|-------|----------------------------------|
| key   | The vaults encrypted ContentKey. |

## Responses
### 200 - Success
Changed the encrypted ContentKey successfully.
### 400 - Error: Bad Request
The request was malformed.
### 401 - Error: Unauthorized
The provided auth token doesn't allow you to perform this operation.
### 403 - Error: Forbidden
Blocked for security reasons.
### 404 - Error: Not Found
The authorized user has no vault.
This can be fixed with a `/vault/init` call.