All Superinterfaces:
Secrets

public interface TransitSecrets extends Secrets
API operations for Vault's Transit Secrets Engine.
  • Method Details

    • create

      static TransitSecrets create(TransitSecretsRx reactive)
      Create blocking transit secrets from its reactive counterpart. This method should not be used when injection is available, as an instance of this class can be injected. This method should never be used in reactive environment, unless running in an executor service (use the TransitSecretsRx operations in reactive environment).
      Parameters:
      reactive - reactive transit secrets
      Returns:
      blocking transit secrets
    • list

      List available keys.
      Specified by:
      list in interface Secrets
      Parameters:
      request - list request, path is ignored
      Returns:
      list of available keys
    • createKey

      Creates a new named encryption key of the specified type.
      Parameters:
      request - create key request
      Returns:
      future with response
    • deleteKey

      Delete a named ecryption key. Deletion is not allowed by default, updateKeyConfig(io.helidon.integrations.vault.secrets.transit.UpdateKeyConfig.Request) must be called before deleting.
      Parameters:
      request - delete key request
      Returns:
      future with response
    • updateKeyConfig

      Tune configuration of a key.
      Parameters:
      request - update configuration request
      Returns:
      future with response
      See Also:
    • encrypt

      Encrypts the provided plaintext using the named key. This path supports the create and update policy capabilities as follows: if the user has the create capability for this endpoint in their policies, and the key does not exist, it will be upserted with default values (whether the key requires derivation depends on whether the context parameter is empty or not). If the user only has update capability and the key does not exist, an error will be returned.
      Parameters:
      request - encrypt request
      Returns:
      future with response
    • encrypt

      Encrypts the provided batch of plaintext strings using the named key. This path supports the create and update policy capabilities as follows: if the user has the create capability for this endpoint in their policies, and the key does not exist, it will be upserted with default values (whether the key requires derivation depends on whether the context parameter is empty or not). If the user only has update capability and the key does not exist, an error will be returned.
      Parameters:
      request - encrypt request
      Returns:
      future with response
    • decrypt

      Decrypts the provided ciphertext using the named key.
      Parameters:
      request - decrypt request
      Returns:
      future with response
    • decrypt

      Decrypts the provided batch of ciphertext strings using the named key.
      Parameters:
      request - decrypt request
      Returns:
      future with response
    • hmac

      Hmac.Response hmac(Hmac.Request request)
      Hmac of a message. Equivalent of a signature when using symmetric keys.
      Parameters:
      request - hmac request
      Returns:
      hmac response
    • sign

      Sign.Response sign(Sign.Request request)
      Sign a message.
      Parameters:
      request - signature request
      Returns:
      signature response
    • verify

      Verify a message signature.
      Parameters:
      request - verification request
      Returns:
      verification response