Module io.helidon.integrations.vault.secrets.transit
Package io.helidon.integrations.vault.secrets.transit

Class Encrypt.Request

java.lang.Object
io.helidon.integrations.common.rest.ApiJsonBuilder<Encrypt.Request>
io.helidon.integrations.common.rest.ApiJsonRequest<Encrypt.Request>
io.helidon.integrations.vault.VaultRequest<Encrypt.Request>
io.helidon.integrations.vault.secrets.transit.Encrypt.Request
All Implemented Interfaces:
ApiRequest<Encrypt.Request>
Enclosing class:
Encrypt
public static class Encrypt.Request extends VaultRequest<Encrypt.Request>
Request object. Can be configured with additional headers, query parameters etc.

  • Method Details

    • builder

      public static Encrypt.Request builder()
      Fluent API builder for configuring a request. The request builder is passed as is, without a build method. The equivalent of a build method is ApiJsonBuilder.toJson(jakarta.json.JsonBuilderFactory) used by the RestApi.
      Returns:
      new request builder

    • encryptionKeyName

      public Encrypt.Request encryptionKeyName(String encryptionKeyName)
      Specifies the name of the encryption key to encrypt against. Required.
      Parameters:
      encryptionKeyName - name of the key
      Returns:
      updated request

    • encryptionKeyVersion

      public Encrypt.Request encryptionKeyVersion(int version)
      Specifies the version of the key to use for encryption. If not set, uses the latest version. Must be greater than or equal to the key's min_encryption_version, if set. Optional.
      Parameters:
      version - key version
      Returns:
      updated request

    • encryptionKeyType

      public Encrypt.Request encryptionKeyType(String type)
      This parameter is required when encryption key is expected to be created. When performing an upsert operation, the type of key to create.

      Defaults to aes256-gcm96.

      Parameters:
      type - type of the encryption key
      Returns:
      updated request

    • convergentEncryption

      public Encrypt.Request convergentEncryption(String convergent)
      This parameter will only be used when a key is expected to be created. Whether to support convergent encryption. This is only supported when using a key with key derivation enabled and will require all requests to carry both a context and 96-bit (12-byte) nonce. The given nonce will be used in place of a randomly generated nonce. As a result, when the same context and nonce are supplied, the same ciphertext is generated. It is very important when using this mode that you ensure that all nonces are unique for a given context. Failing to do so will severely impact the ciphertext's security.
      Parameters:
      convergent - convergent encryption
      Returns:
      updated request

    • data

      public Encrypt.Request data(Base64Value value)
      The data to encrypt.
      Parameters:
      value - value to encrypt
      Returns:
      updated request
      See Also:

    • context

      public Encrypt.Request context(Base64Value value)
      Specifies the context for key derivation. This is required if key derivation is enabled for this key.
      Parameters:
      value - context
      Returns:
      updated request

    • nonce

      public Encrypt.Request nonce(Base64Value value)
      Specifies the nonce value. This must be provided if convergent encryption is enabled for this key and the key was generated with Vault 0.6.1. Not required for keys created in 0.6.2+. The value must be exactly 96 bits (12 bytes) long and the user must ensure that for any given context (and thus, any given encryption key) this nonce value is never reused.
      Parameters:
      value - nonce
      Returns:
      updated request