Interface ReactiveVaultTransitOperations

All Known Implementing Classes:
ReactiveVaultTransitTemplate

public interface ReactiveVaultTransitOperations
* Interface that specifies operations using the transit backend.
Since:
3.1
Author:
James Luke
See Also:
  • Method Details

    • createKey

      Mono<Void> createKey(String keyName)
      Create a new named encryption key given a name.
      Parameters:
      keyName - must not be empty or null.
    • createKey

      Mono<Void> createKey(String keyName, VaultTransitKeyCreationRequest createKeyRequest)
      Create a new named encryption key given a name and VaultTransitKeyCreationRequest. The key options set here cannot be changed after key creation.
      Parameters:
      keyName - must not be empty or null.
      createKeyRequest - must not be null.
    • getKeys

      Flux<String> getKeys()
      Get a Flux of transit key names.
      Returns:
      Flux of transit key names.
    • configureKey

      Mono<Void> configureKey(String keyName, VaultTransitKeyConfiguration keyConfiguration)
      Create a new named encryption key given a name.
      Parameters:
      keyName - must not be empty or null.
      keyConfiguration - must not be null.
    • exportKey

      Mono<RawTransitKey> exportKey(String keyName, TransitKeyType type)
      Returns the value of the named encryption key. Depending on the type of key, different information may be returned. The key must be exportable to support this operation.
      Parameters:
      keyName - must not be empty or null.
      type - must not be null.
      Returns:
      the RawTransitKey. Empty if key does not exist
    • getKey

      Mono<VaultTransitKey> getKey(String keyName)
      Return information about a named encryption key.
      Parameters:
      keyName - must not be empty or null.
      Returns:
      the VaultTransitKey. Empty if key does not exist.
    • deleteKey

      Mono<Void> deleteKey(String keyName)
      Deletes a named encryption key. It will no longer be possible to decrypt any data encrypted with the named key.
      Parameters:
      keyName - must not be empty or null.
    • rotate

      Mono<Void> rotate(String keyName)
      Rotates the version of the named key. After rotation, new plain text requests will be encrypted with the new version of the key. To upgrade ciphertext to be encrypted with the latest version of the key, use rewrap(String, String).
      Parameters:
      keyName - must not be empty or null.
      See Also:
    • encrypt

      Mono<String> encrypt(String keyName, String plaintext)
      Encrypts the provided plain text using the named key. The given plaintext is encoded into bytes using the default charset. Use encrypt(String, org.springframework.vault.support.Plaintext) to construct a Plaintext object from bytes to avoid Charset mismatches.
      Parameters:
      keyName - must not be empty or null.
      plaintext - must not be empty or null.
      Returns:
      cipher text.
    • encrypt

      Mono<Ciphertext> encrypt(String keyName, Plaintext plaintext)
      Encrypts the provided plaintext using the named key.
      Parameters:
      keyName - must not be empty or null.
      plaintext - must not be null.
      Returns:
      cipher text.
    • encrypt

      Mono<String> encrypt(String keyName, byte[] plaintext, VaultTransitContext transitRequest)
      Encrypts the provided plaintext using the named key.
      Parameters:
      keyName - must not be empty or null.
      plaintext - must not be empty or null.
      transitRequest - must not be null. Use VaultTransitContext.empty() if no request options provided.
      Returns:
      cipher text.
    • encrypt

      Flux<VaultEncryptionResult> encrypt(String keyName, List<Plaintext> batchRequest)
      Encrypts the provided batch of plaintext using the named key and context. The encryption is done using transit backend's batch operation.
      Parameters:
      keyName - must not be empty or null.
      batchRequest - a list of Plaintext which includes plain text and an optional context.
      Returns:
      the encrypted result in the order of batchRequest plaintexts.
    • decrypt

      Mono<String> decrypt(String keyName, String ciphertext)
      Decrypts the provided plain text using the named key. The decoded plaintext is decoded into String the default charset. Use decrypt(String, org.springframework.vault.support.Ciphertext) to obtain a Ciphertext object that allows to control the Charset for later consumption.
      Parameters:
      keyName - must not be empty or null.
      ciphertext - must not be empty or null.
      Returns:
      plain text.
    • decrypt

      Mono<Plaintext> decrypt(String keyName, Ciphertext ciphertext)
      Decrypts the provided cipher text using the named key.
      Parameters:
      keyName - must not be empty or null.
      ciphertext - must not be null.
      Returns:
      plain text.
    • decrypt

      Mono<byte[]> decrypt(String keyName, String ciphertext, VaultTransitContext transitContext)
      Decrypts the provided ciphertext using the named key.
      Parameters:
      keyName - must not be empty or null.
      ciphertext - must not be empty or null.
      transitContext - must not be null. Use VaultTransitContext.empty() if no request options provided.
      Returns:
      cipher text.
    • decrypt

      Flux<VaultDecryptionResult> decrypt(String keyName, List<Ciphertext> batchRequest)
      Decrypts the provided batch of cipher text using the named key and context. The* decryption is done using transit backend's batch operation.
      Parameters:
      keyName - must not be empty or null.
      batchRequest - a list of Ciphertext which includes plain text and an optional context.
      Returns:
      the decrypted result in the order of batchRequest ciphertexts.
    • rewrap

      Mono<String> rewrap(String keyName, String ciphertext)
      Rewrap the provided cipher text using the latest version of the named key. Because this never returns plain text, it is possible to delegate this functionality to untrusted users or scripts.
      Parameters:
      keyName - must not be empty or null.
      ciphertext - must not be empty or null.
      Returns:
      cipher text.
      See Also:
    • rewrap

      Mono<String> rewrap(String keyName, String ciphertext, VaultTransitContext transitContext)
      Rewrap the provided cipher text using the latest version of the named key. Because this never returns plain text, it is possible to delegate this functionality to untrusted users or scripts.
      Parameters:
      keyName - must not be empty or null.
      ciphertext - must not be empty or null.
      transitContext - must not be null. Use VaultTransitContext.empty() if no request options provided.
      Returns:
      cipher text.
      See Also:
    • getHmac

      Mono<Hmac> getHmac(String keyName, Plaintext plaintext)
      Create a HMAC using keyName of given Plaintext using the default hash algorithm. The key can be of any type supported by transit; the raw key will be marshaled into bytes to be used for the HMAC function. If the key is of a type that supports rotation, the latest (current) version will be used.
      Parameters:
      keyName - must not be empty or null.
      plaintext - must not be null.
      Returns:
      the digest of given data the default hash algorithm and the named key.
    • getHmac

      Mono<Hmac> getHmac(String keyName, VaultHmacRequest request)
      Create a HMAC using keyName of given VaultHmacRequest using the default hash algorithm. The key can be of any type supported by transit; the raw key will be marshaled into bytes to be used for the HMAC function. If the key is of a type that supports rotation, configured VaultHmacRequest.getKeyVersion() will be used.
      Parameters:
      keyName - must not be empty or null.
      request - the VaultHmacRequest, must not be null.
      Returns:
      the digest of given data the default hash algorithm and the named key.
    • sign

      Mono<Signature> sign(String keyName, Plaintext plaintext)
      Create a cryptographic signature using keyName of the given Plaintext and the default hash algorithm. The key must be of a type that supports signing.
      Parameters:
      keyName - must not be empty or null.
      plaintext - must not be empty or null.
      Returns:
      Signature for Plaintext.
    • sign

      Mono<Signature> sign(String keyName, VaultSignRequest request)
      Create a cryptographic signature using keyName of the given VaultSignRequest and the specified hash algorithm. The key must be of a type that supports signing.
      Parameters:
      keyName - must not be empty or null.
      request - VaultSignRequest must not be empty or null.
      Returns:
      Signature for VaultSignRequest.
    • verify

      Mono<Boolean> verify(String keyName, Plaintext plaintext, Signature signature)
      Verify the cryptographic signature using keyName of the given Plaintext and Signature.
      Parameters:
      keyName - must not be empty or null.
      plaintext - must not be null.
      signature - Signature to be verified, must not be null.
      Returns:
      true if the signature is valid, false otherwise.
    • verify

      Verify the cryptographic signature using keyName of the given VaultSignRequest.
      Parameters:
      keyName - must not be empty or null.
      request - VaultSignatureVerificationRequest must not be null.
      Returns:
      the resulting SignatureValidation.