public interface VaultTransitOperations
transit
backend.Modifier and Type | Method and Description |
---|---|
void |
configureKey(String keyName,
VaultTransitKeyConfiguration keyConfiguration)
Create a new named encryption key given a
name . |
void |
createKey(String keyName)
Create a new named encryption key given a
name . |
void |
createKey(String keyName,
VaultTransitKeyCreationRequest createKeyRequest)
Create a new named encryption key given a
name and
VaultTransitKeyCreationRequest . |
Plaintext |
decrypt(String keyName,
Ciphertext ciphertext)
Decrypts the provided cipher text using the named key.
|
List<VaultDecryptionResult> |
decrypt(String keyName,
List<Ciphertext> batchRequest)
Decrypts the provided barch of cipher text using the named key and context.
|
String |
decrypt(String keyName,
String ciphertext)
Decrypts the provided plain text using the named key.
|
byte[] |
decrypt(String keyName,
String ciphertext,
VaultTransitContext transitContext)
Decrypts the provided
ciphertext using the named key. |
void |
deleteKey(String keyName)
Deletes a named encryption key.
|
String |
encrypt(String keyName,
byte[] plaintext,
VaultTransitContext transitRequest)
Encrypts the provided
plaintext using the named key. |
List<VaultEncryptionResult> |
encrypt(String keyName,
List<Plaintext> batchRequest)
Encrypts the provided batch of
plaintext using the named key and context. |
Ciphertext |
encrypt(String keyName,
Plaintext plaintext)
Encrypts the provided
plaintext using the named key. |
String |
encrypt(String keyName,
String plaintext)
Encrypts the provided plain text using the named key.
|
RawTransitKey |
exportKey(String keyName,
TransitKeyType type)
Returns the value of the named encryption key.
|
Hmac |
getHmac(String keyName,
Plaintext plaintext)
Create a HMAC using
keyName of given Plaintext using the default
hash algorithm. |
Hmac |
getHmac(String keyName,
VaultHmacRequest request)
Create a HMAC using
keyName of given VaultHmacRequest using the
default hash algorithm. |
VaultTransitKey |
getKey(String keyName)
Return information about a named encryption key.
|
List<String> |
getKeys()
Get a
List of transit key names. |
String |
rewrap(String keyName,
String ciphertext)
Rewrap the provided cipher text using the latest version of the named key.
|
String |
rewrap(String keyName,
String ciphertext,
VaultTransitContext transitContext)
Rewrap the provided cipher text using the latest version of the named key.
|
void |
rotate(String keyName)
Rotates the version of the named key.
|
Signature |
sign(String keyName,
Plaintext plaintext)
Create a cryptographic signature using
keyName of the given
Plaintext and the default hash algorithm. |
Signature |
sign(String keyName,
VaultSignRequest request)
Create a cryptographic signature using
keyName of the given
VaultSignRequest and the specified hash algorithm. |
boolean |
verify(String keyName,
Plaintext plaintext,
Signature signature)
|
SignatureValidation |
verify(String keyName,
VaultSignatureVerificationRequest request)
Verify the cryptographic signature using
keyName of the given
VaultSignRequest . |
void createKey(String keyName)
name
.keyName
- must not be empty or null.void createKey(String keyName, VaultTransitKeyCreationRequest createKeyRequest)
name
and
VaultTransitKeyCreationRequest
. The key options set here cannot be changed
after key creation.keyName
- must not be empty or null.createKeyRequest
- must not be null.void configureKey(String keyName, VaultTransitKeyConfiguration keyConfiguration)
name
.keyName
- must not be empty or null.keyConfiguration
- must not be null.@Nullable RawTransitKey exportKey(String keyName, TransitKeyType type)
keyName
- must not be empty or null.type
- must not be null.RawTransitKey
.@Nullable VaultTransitKey getKey(String keyName)
keyName
- must not be empty or null.VaultTransitKey
.void deleteKey(String keyName)
keyName
- must not be empty or null.void rotate(String keyName)
rewrap(String, String)
.keyName
- must not be empty or null.rewrap(String, String)
String encrypt(String keyName, String plaintext)
plaintext
is encoded into bytes using the default charset
. Use
encrypt(String, org.springframework.vault.support.Plaintext)
to construct
a Plaintext
object
from bytes to avoid Charset
mismatches.keyName
- must not be empty or null.plaintext
- must not be empty or null.Ciphertext encrypt(String keyName, Plaintext plaintext)
plaintext
using the named key.keyName
- must not be empty or null.plaintext
- must not be null.String encrypt(String keyName, byte[] plaintext, VaultTransitContext transitRequest)
plaintext
using the named key.keyName
- must not be empty or null.plaintext
- must not be empty or null.transitRequest
- must not be null. Use
VaultTransitContext.empty()
if no request options provided.List<VaultEncryptionResult> encrypt(String keyName, List<Plaintext> batchRequest)
plaintext
using the named key and context.
The encryption is done using transit backend's batch operation.keyName
- must not be empty or null.batchRequest
- a list of Plaintext
which includes plain text and an
optional context.batchRequest
plaintexts.String decrypt(String keyName, String ciphertext)
plaintext
is decoded into String
the default charset
. Use
decrypt(String, org.springframework.vault.support.Ciphertext)
to obtain a
Ciphertext
object that allows to control
the Charset
for later consumption.keyName
- must not be empty or null.ciphertext
- must not be empty or null.Plaintext decrypt(String keyName, Ciphertext ciphertext)
keyName
- must not be empty or null.ciphertext
- must not be null.byte[] decrypt(String keyName, String ciphertext, VaultTransitContext transitContext)
ciphertext
using the named key.keyName
- must not be empty or null.ciphertext
- must not be empty or null.transitContext
- must not be null. Use
VaultTransitContext.empty()
if no request options provided.List<VaultDecryptionResult> decrypt(String keyName, List<Ciphertext> batchRequest)
keyName
- must not be empty or null.batchRequest
- a list of Ciphertext
which includes plain text and an
optional context.batchRequest
ciphertexts.String rewrap(String keyName, String ciphertext)
keyName
- must not be empty or null.ciphertext
- must not be empty or null.rotate(String)
String rewrap(String keyName, String ciphertext, VaultTransitContext transitContext)
keyName
- must not be empty or null.ciphertext
- must not be empty or null.transitContext
- must not be null. Use
VaultTransitContext.empty()
if no request options provided.rotate(String)
Hmac getHmac(String keyName, Plaintext plaintext)
keyName
of given Plaintext
using the default
hash algorithm. The key can be of any type supported by transit; the raw key will
be marshaled into bytes to be used for the HMAC function. If the key is of a type
that supports rotation, the latest (current) version will be used.keyName
- must not be empty or null.plaintext
- must not be null.Hmac getHmac(String keyName, VaultHmacRequest request)
keyName
of given VaultHmacRequest
using the
default hash algorithm. The key can be of any type supported by transit; the raw
key will be marshaled into bytes to be used for the HMAC function. If the key is of
a type that supports rotation, configured VaultHmacRequest.getKeyVersion()
will be used.keyName
- must not be empty or null.request
- the VaultHmacRequest
, must not be null.Signature sign(String keyName, Plaintext plaintext)
keyName
of the given
Plaintext
and the default hash algorithm. The key must be of a type that
supports signing.keyName
- must not be empty or null.plaintext
- must not be empty or null.Plaintext
.Signature sign(String keyName, VaultSignRequest request)
keyName
of the given
VaultSignRequest
and the specified hash algorithm. The key must be of a
type that supports signing.keyName
- must not be empty or null.request
- VaultSignRequest
must not be empty or null.VaultSignRequest
.boolean verify(String keyName, Plaintext plaintext, Signature signature)
keyName
- must not be empty or null.plaintext
- must not be null.signature
- Signature to be verified, must not be null.SignatureValidation verify(String keyName, VaultSignatureVerificationRequest request)
keyName
of the given
VaultSignRequest
.keyName
- must not be empty or null.request
- VaultSignatureVerificationRequest
must not be
null.SignatureValidation
.Copyright © 2016–2020 Pivotal Software, Inc.. All rights reserved.