public interface VaultTransitKey

A key inside Vault's transit backend.

Author:: Mark Paluch, Sven Schürmann, Nanne Baars

Method Summary

Modifier and Type

Method

Description

boolean

allowPlaintextBackup()

int

getConvergentVersion()

Map<String,Object>

getKeys()

int

getLatestVersion()

int

getMinDecryptionVersion()

int

getMinEncryptionVersion()

String

getName()

String

getType()

boolean

isDeletionAllowed()

boolean

isDerived()

boolean

isExportable()

boolean

supportsConvergentEncryption()

boolean

supportsDecryption()

boolean

supportsDerivation()

boolean

supportsEncryption()

boolean

supportsSigning()

Method Details
- getName
  
  String getName()
  
  Returns:
  
  name of the key
- getType
  
  String getType()
  
  Returns:
  
  the key type (aes-gcm, ecdsa-p256, ...).
- allowPlaintextBackup
  
  boolean allowPlaintextBackup()
  
  Returns:
  
  whether the key can be backed up in the plaintext format. Once set, this cannot be disabled.
  
  Since:
  
  3.0.3
- getConvergentVersion
  
  int getConvergentVersion()
  
  Returns:
  
  the version of the convergent nonce to use. Note: since version 3 the algorithm used in transit convergent encryption returns -1 as the version is stored with the key. For backwards compatability this field might be useful.
  
  Since:
  
  3.0.3
- isDeletionAllowed
  
  boolean isDeletionAllowed()
  
  Returns:
  
  true if deletion of the key is allowed. Key deletion must be turned on to make keys deletable.
- isDerived
  
  boolean isDerived()
  
  Returns:
  
  true if key derivation MUST be used.
- isExportable
  
  boolean isExportable()
  
  Returns:
  
  true if the raw key is exportable.
- getKeys
  
  Map<String,Object> getKeys()
  
  Returns:
  
  a Map of key version to its Vault-specific representation.
- getLatestVersion
  
  int getLatestVersion()
  
  Returns:
  
  the latest key version.
- getMinDecryptionVersion
  
  int getMinDecryptionVersion()
  
  Returns:
  
  required key version to still be able to decrypt data.
- getMinEncryptionVersion
  
  int getMinEncryptionVersion()
  
  Returns:
  
  required key version to encrypt data.
  
  Since:
  
  1.1
- supportsConvergentEncryption
  
  boolean supportsConvergentEncryption()
  
  Returns:
  
  whether the key supports convergent encryption (i.e where the same plaintext creates the same ciphertext). Requires isDerived() to be set to true.
  
  Since:
  
  3.0.3
- supportsDecryption
  
  boolean supportsDecryption()
  
  Returns:
  
  whether the key supports decryption.
  
  Since:
  
  1.1
- supportsDerivation
  
  boolean supportsDerivation()
  
  Returns:
  
  whether the key supports derivation.
  
  Since:
  
  1.1
- supportsEncryption
  
  boolean supportsEncryption()
  
  Returns:
  
  whether the key supports encryption.
  
  Since:
  
  1.1
- supportsSigning
  
  boolean supportsSigning()
  
  Returns:
  
  whether the key supports signing.
  
  Since:
  
  1.1

Interface VaultTransitKey

Method Summary

Method Details

getName

getType

allowPlaintextBackup

getConvergentVersion

isDeletionAllowed

isDerived

isExportable

getKeys

getLatestVersion

getMinDecryptionVersion

getMinEncryptionVersion

supportsConvergentEncryption

supportsDecryption

supportsDerivation

supportsEncryption

supportsSigning