public interface VaultTransitOperations
transit
backend.Modifier and Type | Method and Description |
---|---|
void |
configureKey(String keyName,
VaultTransitKeyConfiguration keyConfiguration)
Create a new named encryption key given a
name . |
void |
createKey(String keyName)
Create a new named encryption key given a
name . |
void |
createKey(String keyName,
VaultTransitKeyCreationRequest createKeyRequest)
Create a new named encryption key given a
name and
VaultTransitKeyCreationRequest . |
Plaintext |
decrypt(String keyName,
Ciphertext ciphertext)
Decrypts the provided plaintext using the named key.
|
List<VaultDecryptionResult> |
decrypt(String keyName,
List<Ciphertext> batchRequest)
Decrypts the provided barch of ciphertext using the named key and context.
|
String |
decrypt(String keyName,
String ciphertext)
Decrypts the provided plaintext using the named key.
|
byte[] |
decrypt(String keyName,
String ciphertext,
VaultTransitContext transitContext)
Decrypts the provided plaintext using the named key.
|
void |
deleteKey(String keyName)
Deletes a named encryption key.
|
String |
encrypt(String keyName,
byte[] plaintext,
VaultTransitContext transitRequest)
Encrypts the provided plaintext using the named key.
|
List<VaultEncryptionResult> |
encrypt(String keyName,
List<Plaintext> batchRequest)
Encrypts the provided batch of plaintext using the named key and context.
|
Ciphertext |
encrypt(String keyName,
Plaintext plaintext)
Encrypts the provided plaintext using the named key.
|
String |
encrypt(String keyName,
String plaintext)
Encrypts the provided plaintext using the named key.
|
RawTransitKey |
exportKey(String keyName,
TransitKeyType type)
Returns the value of the named encryption key.
|
Hmac |
getHmac(String keyName,
Plaintext plaintext)
Create a HMAC using
keyName of given Plaintext using the default
hash algorithm. |
Hmac |
getHmac(String keyName,
VaultHmacRequest request)
Create a HMAC using
keyName of given VaultHmacRequest using the
default hash algorithm. |
VaultTransitKey |
getKey(String keyName)
Return information about a named encryption key.
|
List<String> |
getKeys()
Get a
List of transit key names. |
String |
rewrap(String keyName,
String ciphertext)
Rewrap the provided ciphertext using the latest version of the named key.
|
String |
rewrap(String keyName,
String ciphertext,
VaultTransitContext transitContext)
Rewrap the provided ciphertext using the latest version of the named key.
|
void |
rotate(String keyName)
Rotates the version of the named key.
|
Signature |
sign(String keyName,
Plaintext plaintext)
Create a cryptographic signature using
keyName of the given
Plaintext and the default hash algorithm. |
Signature |
sign(String keyName,
VaultSignRequest request)
Create a cryptographic signature using
keyName of the given
VaultSignRequest and the specified hash algorithm. |
boolean |
verify(String keyName,
Plaintext plaintext,
Signature signature)
|
SignatureValidation |
verify(String keyName,
VaultSignatureVerificationRequest request)
Verify the cryptographic signature using
keyName of the given
VaultSignRequest . |
void createKey(String keyName)
name
.keyName
- must not be empty or null.void createKey(String keyName, VaultTransitKeyCreationRequest createKeyRequest)
name
and
VaultTransitKeyCreationRequest
. The key options set here cannot be changed
after key creation.keyName
- must not be empty or null.createKeyRequest
- must not be null.void configureKey(String keyName, VaultTransitKeyConfiguration keyConfiguration)
name
.keyName
- must not be empty or null.keyConfiguration
- must not be null.@Nullable RawTransitKey exportKey(String keyName, TransitKeyType type)
keyName
- must not be empty or null.type
- must not be null.RawTransitKey
.@Nullable VaultTransitKey getKey(String keyName)
keyName
- must not be empty or null.VaultTransitKey
.void deleteKey(String keyName)
keyName
- must not be empty or null.void rotate(String keyName)
rewrap(String, String)
.keyName
- must not be empty or null.rewrap(String, String)
String encrypt(String keyName, String plaintext)
keyName
- must not be empty or null.plaintext
- must not be empty or null.Ciphertext encrypt(String keyName, Plaintext plaintext)
keyName
- must not be empty or null.plaintext
- must not be null.String encrypt(String keyName, byte[] plaintext, VaultTransitContext transitRequest)
keyName
- must not be empty or null.plaintext
- must not be empty or null.transitRequest
- must not be null. Use
VaultTransitContext.empty()
if no request options provided.List<VaultEncryptionResult> encrypt(String keyName, List<Plaintext> batchRequest)
keyName
- must not be empty or null.batchRequest
- a list of Plaintext
which includes plaintext and an
optional context.batchRequest
plaintexts.String decrypt(String keyName, String ciphertext)
keyName
- must not be empty or null.ciphertext
- must not be empty or null.Plaintext decrypt(String keyName, Ciphertext ciphertext)
keyName
- must not be empty or null.ciphertext
- must not be null.byte[] decrypt(String keyName, String ciphertext, VaultTransitContext transitContext)
keyName
- must not be empty or null.ciphertext
- must not be empty or null.transitContext
- must not be null. Use
VaultTransitContext.empty()
if no request options provided.List<VaultDecryptionResult> decrypt(String keyName, List<Ciphertext> batchRequest)
keyName
- must not be empty or null.batchRequest
- a list of Ciphertext
which includes plaintext and an
optional context.batchRequest
ciphertexts.String rewrap(String keyName, String ciphertext)
keyName
- must not be empty or null.ciphertext
- must not be empty or null.rotate(String)
String rewrap(String keyName, String ciphertext, VaultTransitContext transitContext)
keyName
- must not be empty or null.ciphertext
- must not be empty or null.transitContext
- must not be null. Use
VaultTransitContext.empty()
if no request options provided.rotate(String)
Hmac getHmac(String keyName, Plaintext plaintext)
keyName
of given Plaintext
using the default
hash algorithm. The key can be of any type supported by transit; the raw key will
be marshaled into bytes to be used for the HMAC function. If the key is of a type
that supports rotation, the latest (current) version will be used.keyName
- must not be empty or null.plaintext
- must not be null.Hmac getHmac(String keyName, VaultHmacRequest request)
keyName
of given VaultHmacRequest
using the
default hash algorithm. The key can be of any type supported by transit; the raw
key will be marshaled into bytes to be used for the HMAC function. If the key is of
a type that supports rotation, configured VaultHmacRequest.getKeyVersion()
will be used.keyName
- must not be empty or null.request
- the VaultHmacRequest
, must not be null.Signature sign(String keyName, Plaintext plaintext)
keyName
of the given
Plaintext
and the default hash algorithm. The key must be of a type that
supports signing.keyName
- must not be empty or null.plaintext
- must not be empty or null.Plaintext
.Signature sign(String keyName, VaultSignRequest request)
keyName
of the given
VaultSignRequest
and the specified hash algorithm. The key must be of a
type that supports signing.keyName
- must not be empty or null.request
- VaultSignRequest
must not be empty or null.VaultSignRequest
.boolean verify(String keyName, Plaintext plaintext, Signature signature)
keyName
- must not be empty or null.plaintext
- must not be null.signature
- Signature to be verified, must not be null.SignatureValidation verify(String keyName, VaultSignatureVerificationRequest request)
keyName
of the given
VaultSignRequest
.keyName
- must not be empty or null.request
- VaultSignatureVerificationRequest
must not be
null.SignatureValidation
.Copyright © 2016–2020 Pivotal Software, Inc.. All rights reserved.