All Implemented Interfaces:
ApiRequest<CreateKey.Request>
Enclosing class:
CreateKey

public static final class CreateKey.Request extends VaultRequest<CreateKey.Request>
Request object. Can be configured with additional headers, query parameters etc.
  • Method Details

    • builder

      public static CreateKey.Request builder()
      Fluent API builder for configuring a request. The request builder is passed as is, without a build method. The equivalent of a build method is ApiJsonBuilder.toJson(jakarta.json.JsonBuilderFactory) used by the RestApi.
      Returns:
      new request builder
    • name

      public CreateKey.Request name(String name)
      Specifies the name of the encryption key to create.
      Parameters:
      name - key name
      Returns:
      updated request
    • convergentEncryption

      public CreateKey.Request convergentEncryption(boolean convergent)
      If enabled, the key will support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true. When enabled, each encryption(/decryption/rewrap/datakey) operation will derive a nonce value rather than randomly generate it. Optional, defaults to false.
      Parameters:
      convergent - whether the key supports convergent encryption
      Returns:
      updated request
    • derived

      public CreateKey.Request derived(boolean derived)
      Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this named key must provide a context which is used for key derivation. Optional, defaults to false.
      Parameters:
      derived - whether key derivation should be used
      Returns:
      updated request
    • exportable

      public CreateKey.Request exportable(boolean exportable)
      Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported. Once set, this cannot be disabled. Optional, defaults to false.
      Parameters:
      exportable - whether the key is exportable
      Returns:
      updated request
    • allowPlaintextBackup

      public CreateKey.Request allowPlaintextBackup(boolean allowBackup)
      If set, enables taking backup of named key in the plaintext format. Once set, this cannot be disabled. Optional, defaults to false.
      Parameters:
      allowBackup - whether to allow plain text backup
      Returns:
      updated request
    • type

      public CreateKey.Request type(String type)
      Specifies the type of key to create. The currently-supported types are:
      • aes128-gcm96 - AES-128 wrapped with GCM using a 96-bit nonce size AEAD (symmetric, supports derivation and convergent encryption)
      • aes256-gcm96 - AES-256 wrapped with GCM using a 96-bit nonce size AEAD (symmetric, supports derivation and convergent encryption, default)
      • chacha20-poly1305 - ChaCha20-Poly1305 AEAD (symmetric, supports derivation and convergent encryption) -
      • ed25519 - ED25519 (asymmetric, supports derivation). When using derivation, a sign operation with the same context will derive the same key and signature; this is a signing analogue to convergent_encryption
      • ecdsa-p256 - ECDSA using the P-256 elliptic curve (asymmetric)
      • ecdsa-p384 - ECDSA using the P-384 elliptic curve (asymmetric)
      • ecds-p521 - ECDSA using the P-521 elliptic curve (asymmetric)
      • rsa-2048 - RSA with bit size of 2048 (asymmetric)
      • rsa-3072 - RSA with bit size of 3072 (asymmetric)
      • rsa-4096 - RSA with bit size of 4096 (asymmetric)
      Optional, defaults to aes256-gcm96.
      Parameters:
      type - type to use
      Returns:
      updated request