Interface TransitSecrets
- All Superinterfaces:
Secrets
API operations for Vault's Transit Secrets Engine.
-
Method Summary
Modifier and TypeMethodDescriptionstatic TransitSecrets
create
(TransitSecretsRx reactive) Create blocking transit secrets from its reactive counterpart.createKey
(CreateKey.Request request) Creates a new named encryption key of the specified type.decrypt
(Decrypt.Request request) Decrypts the provided ciphertext using the named key.decrypt
(DecryptBatch.Request request) Decrypts the provided batch of ciphertext strings using the named key.deleteKey
(DeleteKey.Request request) Delete a named ecryption key.encrypt
(Encrypt.Request request) Encrypts the provided plaintext using the named key.encrypt
(EncryptBatch.Request request) Encrypts the provided batch of plaintext strings using the named key.hmac
(Hmac.Request request) Hmac of a message.list
(ListSecrets.Request request) List available keys.sign
(Sign.Request request) Sign a message.updateKeyConfig
(UpdateKeyConfig.Request request) Tune configuration of a key.verify
(Verify.Request request) Verify a message signature.
-
Method Details
-
create
Create blocking transit secrets from its reactive counterpart. This method should not be used when injection is available, as an instance of this class can be injected. This method should never be used in reactive environment, unless running in an executor service (use theTransitSecretsRx
operations in reactive environment).- Parameters:
reactive
- reactive transit secrets- Returns:
- blocking transit secrets
-
list
List available keys. -
createKey
Creates a new named encryption key of the specified type.- Parameters:
request
- create key request- Returns:
- future with response
-
deleteKey
Delete a named ecryption key. Deletion is not allowed by default,updateKeyConfig(io.helidon.integrations.vault.secrets.transit.UpdateKeyConfig.Request)
must be called before deleting.- Parameters:
request
- delete key request- Returns:
- future with response
-
updateKeyConfig
Tune configuration of a key.- Parameters:
request
- update configuration request- Returns:
- future with response
- See Also:
-
encrypt
Encrypts the provided plaintext using the named key. This path supports the create and update policy capabilities as follows: if the user has the create capability for this endpoint in their policies, and the key does not exist, it will be upserted with default values (whether the key requires derivation depends on whether the context parameter is empty or not). If the user only has update capability and the key does not exist, an error will be returned.- Parameters:
request
- encrypt request- Returns:
- future with response
-
encrypt
Encrypts the provided batch of plaintext strings using the named key. This path supports the create and update policy capabilities as follows: if the user has the create capability for this endpoint in their policies, and the key does not exist, it will be upserted with default values (whether the key requires derivation depends on whether the context parameter is empty or not). If the user only has update capability and the key does not exist, an error will be returned.- Parameters:
request
- encrypt request- Returns:
- future with response
-
decrypt
Decrypts the provided ciphertext using the named key.- Parameters:
request
- decrypt request- Returns:
- future with response
-
decrypt
Decrypts the provided batch of ciphertext strings using the named key.- Parameters:
request
- decrypt request- Returns:
- future with response
-
hmac
Hmac of a message. Equivalent of a signature when using symmetric keys.- Parameters:
request
- hmac request- Returns:
- hmac response
-
sign
Sign a message.- Parameters:
request
- signature request- Returns:
- signature response
-
verify
Verify a message signature.- Parameters:
request
- verification request- Returns:
- verification response
-