Module io.helidon.integrations.vault.secrets.transit
Package io.helidon.integrations.vault.secrets.transit

Class CreateKey.Request

    • Method Detail

      • name

        public CreateKey.Request name​(String name)
        Specifies the name of the encryption key to create.
        Parameters:
        name - key name
        Returns:
        updated request

      • convergentEncryption

        public CreateKey.Request convergentEncryption​(boolean convergent)
        If enabled, the key will support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true. When enabled, each encryption(/decryption/rewrap/datakey) operation will derive a nonce value rather than randomly generate it. Optional, defaults to false.
        Parameters:
        convergent - whether the key supports convergent encryption
        Returns:
        updated request

      • derived

        public CreateKey.Request derived​(boolean derived)
        Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this named key must provide a context which is used for key derivation. Optional, defaults to false.
        Parameters:
        derived - whether key derivation should be used
        Returns:
        updated request

      • exportable

        public CreateKey.Request exportable​(boolean exportable)
        Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported. Once set, this cannot be disabled. Optional, defaults to false.
        Parameters:
        exportable - whether the key is exportable
        Returns:
        updated request

      • allowPlaintextBackup

        public CreateKey.Request allowPlaintextBackup​(boolean allowBackup)
        If set, enables taking backup of named key in the plaintext format. Once set, this cannot be disabled. Optional, defaults to false.
        Parameters:
        allowBackup - whether to allow plain text backup
        Returns:
        updated request

      • type

        public CreateKey.Request type​(String type)
        Specifies the type of key to create. The currently-supported types are:
        • aes128-gcm96 - AES-128 wrapped with GCM using a 96-bit nonce size AEAD (symmetric, supports derivation and convergent encryption)
        • aes256-gcm96 - AES-256 wrapped with GCM using a 96-bit nonce size AEAD (symmetric, supports derivation and convergent encryption, default)
        • chacha20-poly1305 - ChaCha20-Poly1305 AEAD (symmetric, supports derivation and convergent encryption) -
        • ed25519 - ED25519 (asymmetric, supports derivation). When using derivation, a sign operation with the same context will derive the same key and signature; this is a signing analogue to convergent_encryption
        • ecdsa-p256 - ECDSA using the P-256 elliptic curve (asymmetric)
        • ecdsa-p384 - ECDSA using the P-384 elliptic curve (asymmetric)
        • ecds-p521 - ECDSA using the P-521 elliptic curve (asymmetric)
        • rsa-2048 - RSA with bit size of 2048 (asymmetric)
        • rsa-3072 - RSA with bit size of 3072 (asymmetric)
        • rsa-4096 - RSA with bit size of 4096 (asymmetric)
        Optional, defaults to aes256-gcm96.
        Parameters:
        type - type to use
        Returns:
        updated request