org.springframework.vault.core

Class VaultTransitTemplate

java.lang.Object

org.springframework.vault.core.VaultTransitTemplate

All Implemented Interfaces:

VaultTransitOperations

public class VaultTransitTemplate
extends Object
implements VaultTransitOperations

Default implementation of VaultTransitOperations.

Author:

Mark Paluch

Constructor Summary

Constructors

Constructor and Description
VaultTransitTemplate(VaultOperations vaultOperations, String path)

Method Summary

Modifier and Type	Method and Description
void	configureKey(String keyName, VaultTransitKeyConfiguration keyConfiguration) Creates a new named encryption key given a name.
void	createKey(String keyName) Creates a new named encryption key given a name.
void	createKey(String keyName, VaultTransitKeyCreationRequest createKeyRequest) Creates a new named encryption key given a name and VaultTransitKeyCreationRequest.
String	decrypt(String keyName, String ciphertext) Decrypts the provided plaintext using the named key.
byte[]	decrypt(String keyName, String ciphertext, VaultTransitContext transitRequest) Decrypts the provided plaintext using the named key.
void	deleteKey(String keyName) Deletes a named encryption key.
String	encrypt(String keyName, byte[] plaintext, VaultTransitContext transitRequest) Encrypts the provided plaintext using the named key.
String	encrypt(String keyName, String plaintext) Encrypts the provided plaintext using the named key.
VaultTransitKey	getKey(String keyName) Returns information about a named encryption key.
String	rewrap(String keyName, String ciphertext) Rewrap the provided ciphertext using the latest version of the named key.
String	rewrap(String keyName, String ciphertext, VaultTransitContext transitRequest) Rewrap the provided ciphertext using the latest version of the named key.
void	rotate(String keyName) Rotates the version of the named key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

VaultTransitTemplate

public VaultTransitTemplate(VaultOperations vaultOperations,
                            String path)

Method Detail

createKey

public void createKey(String keyName)

Description copied from interface: VaultTransitOperations

Creates a new named encryption key given a name.

Specified by:

createKey in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

createKey

public void createKey(String keyName,
                      VaultTransitKeyCreationRequest createKeyRequest)

Description copied from interface: VaultTransitOperations

Creates a new named encryption key given a name and VaultTransitKeyCreationRequest. The key options set here cannot be changed after key creation.

Specified by:

createKey in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

createKeyRequest - must not be null.

configureKey

public void configureKey(String keyName,
                         VaultTransitKeyConfiguration keyConfiguration)

Description copied from interface: VaultTransitOperations

Creates a new named encryption key given a name.

Specified by:

configureKey in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

keyConfiguration - must not be null.

getKey

public VaultTransitKey getKey(String keyName)

Description copied from interface: VaultTransitOperations

Returns information about a named encryption key.

Specified by:

getKey in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

Returns:

the VaultTransitKey.

deleteKey

public void deleteKey(String keyName)

Description copied from interface: VaultTransitOperations

Deletes a named encryption key. It will no longer be possible to decrypt any data encrypted with the named key.

Specified by:

deleteKey in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

rotate

public void rotate(String keyName)

Description copied from interface: VaultTransitOperations

Rotates the version of the named key. After rotation, new plaintext requests will be encrypted with the new version of the key. To upgrade ciphertext to be encrypted with the latest version of the key, use VaultTransitOperations.rewrap(String, String).

Specified by:

rotate in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

See Also:

VaultTransitOperations.rewrap(String, String)

encrypt

public String encrypt(String keyName,
                      String plaintext)

Description copied from interface: VaultTransitOperations

Encrypts the provided plaintext using the named key.

Specified by:

encrypt in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

plaintext - must not be empty or null.

Returns:

cipher text.

encrypt

public String encrypt(String keyName,
                      byte[] plaintext,
                      VaultTransitContext transitRequest)

Description copied from interface: VaultTransitOperations

Encrypts the provided plaintext using the named key.

Specified by:

encrypt in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

plaintext - must not be empty or null.

transitRequest - may be null if no request options provided.

Returns:

cipher text.

decrypt

public String decrypt(String keyName,
                      String ciphertext)

Description copied from interface: VaultTransitOperations

Decrypts the provided plaintext using the named key.

Specified by:

decrypt in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

ciphertext - must not be empty or null.

Returns:

plain text.

decrypt

public byte[] decrypt(String keyName,
                      String ciphertext,
                      VaultTransitContext transitRequest)

Description copied from interface: VaultTransitOperations

Decrypts the provided plaintext using the named key.

Specified by:

decrypt in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

ciphertext - must not be empty or null.

transitRequest - may be null if no request options provided.

Returns:

plain text.

rewrap

public String rewrap(String keyName,
                     String ciphertext)

Description copied from interface: VaultTransitOperations

Rewrap the provided ciphertext using the latest version of the named key. Because this never returns plaintext, it is possible to delegate this functionality to untrusted users or scripts.

Specified by:

rewrap in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

ciphertext - must not be empty or null.

Returns:

cipher text.

See Also:

VaultTransitOperations.rotate(String)

rewrap

public String rewrap(String keyName,
                     String ciphertext,
                     VaultTransitContext transitRequest)

Description copied from interface: VaultTransitOperations

Rewrap the provided ciphertext using the latest version of the named key. Because this never returns plaintext, it is possible to delegate this functionality to untrusted users or scripts.

Specified by:

rewrap in interface VaultTransitOperations

Parameters:

keyName - must not be empty or null.

ciphertext - must not be empty or null.

transitRequest - may be null if no request options provided.

Returns:

cipher text.

See Also:

VaultTransitOperations.rotate(String)