Package org.springframework.vault.support

Class VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder

java.lang.Object

org.springframework.vault.support.VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder

Enclosing class:

VaultTransitKeyConfiguration

public static class VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder
extends Object

Builder for VaultTransitKeyConfiguration.

Method Summary

Modifier and Type	Method	Description
VaultTransitKeyConfiguration	build()	Build a new VaultTransitKeyConfiguration instance.
VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder	deletionAllowed(boolean deletionAllowed)	Set whether key deletion is allowed.
VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder	minDecryptionVersion(int minDecryptionVersion)	Specifies the minimum version of ciphertext allowed to be decrypted.
VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder	minEncryptionVersion(int minEncryptionVersion)	Specifies the minimum version of the key that can be used to encrypt plaintext, sign payloads, or generate HMACs.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

deletionAllowed

public VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder deletionAllowed(boolean deletionAllowed)

Set whether key deletion is allowed.

Parameters:

deletionAllowed - true if key deletion should be allowed.

Returns:

this VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder.

minDecryptionVersion

public VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder minDecryptionVersion(int minDecryptionVersion)

Specifies the minimum version of ciphertext allowed to be decrypted. Adjusting this as part of a key rotation policy can prevent old copies of ciphertext from being decrypted, should they fall into the wrong hands. For signatures, this value controls the minimum version of signature that can be verified against. For HMACs, this controls the minimum version of a key allowed to be used as the key for verification.

Parameters:

minDecryptionVersion - key version.

Returns:

this VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder.

Since:

1.1

minEncryptionVersion

public VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder minEncryptionVersion(int minEncryptionVersion)

Specifies the minimum version of the key that can be used to encrypt plaintext, sign payloads, or generate HMACs. Must be 0 (which will use the latest version) or a value greater or equal to minDecryptionVersion(int).

Parameters:

minEncryptionVersion - key version.

Returns:

this VaultTransitKeyConfiguration.VaultTransitKeyConfigurationBuilder.

Since:

1.1

build

public VaultTransitKeyConfiguration build()

Build a new VaultTransitKeyConfiguration instance.

Returns:

a new VaultTransitKeyConfiguration.