org.springframework.vault.core

Interface VaultTransitOperations

All Known Implementing Classes:

VaultTransitTemplate

public interface VaultTransitOperations

Interface that specifies operations using the transit backend.

Author:

Mark Paluch, Sven Schürmann, Praveendra Singh

See Also:

Transit Secret Backend

Method Summary

Modifier and Type	Method and Description
void	configureKey(String keyName, VaultTransitKeyConfiguration keyConfiguration) Create a new named encryption key given a name.
void	createKey(String keyName) Create a new named encryption key given a name.
void	createKey(String keyName, VaultTransitKeyCreationRequest createKeyRequest) Create a new named encryption key given a name and VaultTransitKeyCreationRequest.
Plaintext	decrypt(String keyName, Ciphertext ciphertext) Decrypts the provided plaintext using the named key.
List<VaultDecryptionResult>	decrypt(String keyName, List<Ciphertext> batchRequest) Decrypts the provided barch of ciphertext using the named key and context.
String	decrypt(String keyName, String ciphertext) Decrypts the provided plaintext using the named key.
byte[]	decrypt(String keyName, String ciphertext, VaultTransitContext transitRequest) Decrypts the provided plaintext using the named key.
void	deleteKey(String keyName) Deletes a named encryption key.
String	encrypt(String keyName, byte[] plaintext, VaultTransitContext transitRequest) Encrypts the provided plaintext using the named key.
List<VaultEncryptionResult>	encrypt(String keyName, List<Plaintext> batchRequest) Encrypts the provided batch of plaintext using the named key and context.
Ciphertext	encrypt(String keyName, Plaintext plaintext) Encrypts the provided plaintext using the named key.
String	encrypt(String keyName, String plaintext) Encrypts the provided plaintext using the named key.
RawTransitKey	exportKey(String keyName, TransitKeyType type) Returns the value of the named encryption key.
VaultTransitKey	getKey(String keyName) Return information about a named encryption key.
List<String>	getKeys() Get a List of transit key names.
String	rewrap(String keyName, String ciphertext) Rewrap the provided ciphertext using the latest version of the named key.
String	rewrap(String keyName, String ciphertext, VaultTransitContext transitRequest) Rewrap the provided ciphertext using the latest version of the named key.
void	rotate(String keyName) Rotates the version of the named key.

Method Detail

createKey

void createKey(String keyName)

Create a new named encryption key given a name.

Parameters:

keyName - must not be empty or null.

createKey

void createKey(String keyName,
               VaultTransitKeyCreationRequest createKeyRequest)

Create a new named encryption key given a name and VaultTransitKeyCreationRequest. The key options set here cannot be changed after key creation.

Parameters:

keyName - must not be empty or null.

createKeyRequest - must not be null.

getKeys

List<String> getKeys()

Get a List of transit key names.

Returns:

List of transit key names.

configureKey

void configureKey(String keyName,
                  VaultTransitKeyConfiguration keyConfiguration)

Create a new named encryption key given a name.

Parameters:

keyName - must not be empty or null.

keyConfiguration - must not be null.

exportKey

RawTransitKey exportKey(String keyName,
                        TransitKeyType type)

Returns the value of the named encryption key. Depending on the type of key, different information may be returned. The key must be exportable to support this operation.

Parameters:

keyName - must not be empty or null.

type - must not be null.

Returns:

the RawTransitKey.

getKey

VaultTransitKey getKey(String keyName)

Return information about a named encryption key.

Parameters:

keyName - must not be empty or null.

Returns:

the VaultTransitKey.

deleteKey

void deleteKey(String keyName)

Deletes a named encryption key. It will no longer be possible to decrypt any data encrypted with the named key.

Parameters:

keyName - must not be empty or null.

rotate

void rotate(String keyName)

Rotates the version of the named key. After rotation, new plaintext requests will be encrypted with the new version of the key. To upgrade ciphertext to be encrypted with the latest version of the key, use rewrap(String, String).

Parameters:

keyName - must not be empty or null.

See Also:

rewrap(String, String)

encrypt

String encrypt(String keyName,
               String plaintext)

Encrypts the provided plaintext using the named key.

Parameters:

keyName - must not be empty or null.

plaintext - must not be empty or null.

Returns:

cipher text.

encrypt

Ciphertext encrypt(String keyName,
                   Plaintext plaintext)

Encrypts the provided plaintext using the named key.

Parameters:

keyName - must not be empty or null.

plaintext - must not be null.

Returns:

cipher text.

Since:

1.1

encrypt

String encrypt(String keyName,
               byte[] plaintext,
               VaultTransitContext transitRequest)

Encrypts the provided plaintext using the named key.

Parameters:

keyName - must not be empty or null.

plaintext - must not be empty or null.

transitRequest - may be null if no request options provided.

Returns:

cipher text.

encrypt

List<VaultEncryptionResult> encrypt(String keyName,
                                    List<Plaintext> batchRequest)

Encrypts the provided batch of plaintext using the named key and context. The encryption is done using transit backend's batch operation.

Parameters:

keyName - must not be empty or null.

batchRequest - a list of Plaintext which includes plaintext and an optional context.

Returns:

the encrypted result in the order of batchRequest plaintexts.

Since:

1.1

decrypt

String decrypt(String keyName,
               String ciphertext)

Decrypts the provided plaintext using the named key.

Parameters:

keyName - must not be empty or null.

ciphertext - must not be empty or null.

Returns:

plain text.

decrypt

Plaintext decrypt(String keyName,
                  Ciphertext ciphertext)

Decrypts the provided plaintext using the named key.

Parameters:

keyName - must not be empty or null.

ciphertext - must not be null.

Returns:

plain text.

Since:

1.1

decrypt

byte[] decrypt(String keyName,
               String ciphertext,
               VaultTransitContext transitRequest)

Decrypts the provided plaintext using the named key.

Parameters:

keyName - must not be empty or null.

ciphertext - must not be empty or null.

transitRequest - may be null if no request options provided.

Returns:

plain text.

decrypt

List<VaultDecryptionResult> decrypt(String keyName,
                                    List<Ciphertext> batchRequest)

Decrypts the provided barch of ciphertext using the named key and context. The decryption is done using transit backend's batch operation.

Parameters:

keyName - must not be empty or null.

batchRequest - a list of Ciphertext which includes plaintext and an optional context.

Returns:

the decrypted result in the order of batchRequest ciphertexts.

Since:

1.1

rewrap

String rewrap(String keyName,
              String ciphertext)

Rewrap the provided ciphertext using the latest version of the named key. Because this never returns plaintext, it is possible to delegate this functionality to untrusted users or scripts.

Parameters:

keyName - must not be empty or null.

ciphertext - must not be empty or null.

Returns:

cipher text.

See Also:

rotate(String)

rewrap

String rewrap(String keyName,
              String ciphertext,
              VaultTransitContext transitRequest)

Rewrap the provided ciphertext using the latest version of the named key. Because this never returns plaintext, it is possible to delegate this functionality to untrusted users or scripts.

Parameters:

keyName - must not be empty or null.

ciphertext - must not be empty or null.

transitRequest - may be null if no request options provided.

Returns:

cipher text.

See Also:

rotate(String)