Module io.helidon.integrations.vault.secrets.transit
Package io.helidon.integrations.vault.secrets.transit

Class Encrypt.Request

    • Method Detail

      • encryptionKeyName

        public Encrypt.Request encryptionKeyName​(String encryptionKeyName)
        Specifies the name of the encryption key to encrypt against. Required.
        Parameters:
        encryptionKeyName - name of the key
        Returns:
        updated request

      • encryptionKeyVersion

        public Encrypt.Request encryptionKeyVersion​(int version)
        Specifies the version of the key to use for encryption. If not set, uses the latest version. Must be greater than or equal to the key's min_encryption_version, if set. Optional.
        Parameters:
        version - key version
        Returns:
        updated request

      • encryptionKeyType

        public Encrypt.Request encryptionKeyType​(String type)
        This parameter is required when encryption key is expected to be created. When performing an upsert operation, the type of key to create.

        Defaults to aes256-gcm96.

        Parameters:
        type - type of the encryption key
        Returns:
        updated request

      • convergentEncryption

        public Encrypt.Request convergentEncryption​(String convergent)
        This parameter will only be used when a key is expected to be created. Whether to support convergent encryption. This is only supported when using a key with key derivation enabled and will require all requests to carry both a context and 96-bit (12-byte) nonce. The given nonce will be used in place of a randomly generated nonce. As a result, when the same context and nonce are supplied, the same ciphertext is generated. It is very important when using this mode that you ensure that all nonces are unique for a given context. Failing to do so will severely impact the ciphertext's security.
        Parameters:
        convergent - convergent encryption
        Returns:
        updated request

      • context

        public Encrypt.Request context​(Base64Value value)
        Specifies the context for key derivation. This is required if key derivation is enabled for this key.
        Parameters:
        value - context
        Returns:
        updated request

      • nonce

        public Encrypt.Request nonce​(Base64Value value)
        Specifies the nonce value. This must be provided if convergent encryption is enabled for this key and the key was generated with Vault 0.6.1. Not required for keys created in 0.6.2+. The value must be exactly 96 bits (12 bytes) long and the user must ensure that for any given context (and thus, any given encryption key) this nonce value is never reused.
        Parameters:
        value - nonce
        Returns:
        updated request