Package io.quarkus.vault.runtime
Class VaultTransitManager
- java.lang.Object
-
- io.quarkus.vault.runtime.VaultTransitManager
-
- All Implemented Interfaces:
VaultTransitSecretReactiveEngine
@ApplicationScoped public class VaultTransitManager extends Object implements VaultTransitSecretReactiveEngine
-
-
Constructor Summary
Constructors Constructor Description VaultTransitManager()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description io.smallrye.mutiny.Uni<Void>createKey(String keyName, KeyCreationRequestDetail detail)Create a new Transit key.io.smallrye.mutiny.Uni<ClearData>decrypt(String keyName, String ciphertext)Decrypt the encrypted data with the specified key, and return unencrypted data.io.smallrye.mutiny.Uni<ClearData>decrypt(String keyName, String ciphertext, TransitContext transitContext)Decrypt the encrypted data with the specified key and a transit context used for key derivation.io.smallrye.mutiny.Uni<Map<DecryptionRequest,ClearData>>decrypt(String keyName, List<DecryptionRequest> requests)Decrypt a list of encrypted data items.io.smallrye.mutiny.Uni<Void>deleteKey(String keyName)Delete a Transit key.io.smallrye.mutiny.Uni<String>encrypt(String keyName, ClearData clearData, TransitContext transitContext)Encrypt a regular string with a Vault key configured in the transit secret engine.io.smallrye.mutiny.Uni<String>encrypt(String keyName, String clearData)Encrypt a regular string with a Vault key configured in the transit secret engine.io.smallrye.mutiny.Uni<Map<EncryptionRequest,String>>encrypt(String keyName, List<EncryptionRequest> requests)Encrypt a list of elements.io.smallrye.mutiny.Uni<VaultTransitKeyExportDetail>exportKey(String keyName, VaultTransitExportKeyType keyType, String keyVersion)Export a Transit Key.io.smallrye.mutiny.Uni<List<String>>listKeys()List all Transit keys.protected VaultTransitKeyDetail<?>map(VaultTransitReadKeyData data)io.smallrye.mutiny.Uni<Optional<VaultTransitKeyDetail<?>>>readKey(String keyName)Read the configuration of a Transit key.io.smallrye.mutiny.Uni<String>rewrap(String keyName, String ciphertext)Reencrypt into a new cipher text a cipher text that was obtained from encryption using an old key version with the last key versionio.smallrye.mutiny.Uni<String>rewrap(String keyName, String ciphertext, TransitContext transitContext)Reencrypt into a new cipher text a cipher text that was obtained from encryption using an old key version with the last key version and an optional transit context used for key derivationio.smallrye.mutiny.Uni<Map<RewrappingRequest,String>>rewrap(String keyName, List<RewrappingRequest> requests)Reencrypt a list of encrypted data items with the last version of the specified key.io.smallrye.mutiny.Uni<String>sign(String keyName, SigningInput input, SignVerifyOptions options, TransitContext transitContext)Sign the input with the specified key and an optional explicit sign/verify options and an optional transit context used for key derivation, if applicable.io.smallrye.mutiny.Uni<String>sign(String keyName, SigningInput input, TransitContext transitContext)Sign the input with the specified key and an optional transit context used for key derivation, if applicable.io.smallrye.mutiny.Uni<String>sign(String keyName, String input)Sign an input string with the specified key.io.smallrye.mutiny.Uni<Map<SigningRequest,String>>sign(String keyName, List<SigningRequest> requests)Sign a list of inputs items.io.smallrye.mutiny.Uni<Map<SigningRequest,String>>sign(String keyName, List<SigningRequest> requests, SignVerifyOptions options)Sign a list of inputs items and an optional explicit sign/verify options.io.smallrye.mutiny.Uni<Void>updateKeyConfiguration(String keyName, KeyConfigRequestDetail detail)Update the configuration of a Transit key.io.smallrye.mutiny.Uni<Void>verifySignature(String keyName, String signature, SigningInput input, SignVerifyOptions options, TransitContext transitContext)Checks that the signature was obtained from signing the input with the specified key an an optional explicit sign/verify options.io.smallrye.mutiny.Uni<Void>verifySignature(String keyName, String signature, SigningInput input, TransitContext transitContext)Checks that the signature was obtained from signing the input with the specified key.io.smallrye.mutiny.Uni<Void>verifySignature(String keyName, String signature, String input)Checks that the signature was obtained from signing the input with the specified key.io.smallrye.mutiny.Uni<Void>verifySignature(String keyName, List<VerificationRequest> requests)Checks a list of verification requests.io.smallrye.mutiny.Uni<Void>verifySignature(String keyName, List<VerificationRequest> requests, SignVerifyOptions options)Checks a list of verification requests.
-
-
-
Method Detail
-
encrypt
public io.smallrye.mutiny.Uni<String> encrypt(String keyName, String clearData)
Description copied from interface:VaultTransitSecretReactiveEngineEncrypt a regular string with a Vault key configured in the transit secret engine. Equivalent to:encrypt(keyName, ClearData.from(clearData), null);This method is usually used in conjunction with
VaultTransitSecretReactiveEngine.decrypt(String, String)- Specified by:
encryptin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key to encrypt the data withclearData- the string to encrypt- Returns:
- cipher text
- See Also:
- encrypt data
-
encrypt
public io.smallrye.mutiny.Uni<String> encrypt(String keyName, ClearData clearData, TransitContext transitContext)
Description copied from interface:VaultTransitSecretReactiveEngineEncrypt a regular string with a Vault key configured in the transit secret engine. If the key does not exist, and the policy specifies a create capability the key will be lazily created (i.e. upsert). The key can be further customized by specifying transit encryption-key configuration properties.- Specified by:
encryptin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key to encrypt the data withclearData- the data to encrypttransitContext- optional transit context used for key derivation- Returns:
- cipher text
- See Also:
- encrypt data
-
encrypt
public io.smallrye.mutiny.Uni<Map<EncryptionRequest,String>> encrypt(String keyName, List<EncryptionRequest> requests)
Description copied from interface:VaultTransitSecretReactiveEngineEncrypt a list of elements. This will return a list of cipher texts. Each element shall specify the data to encrypt, an optional key version and an optional transit context, used for key derivation if applicable. If any error occurs, the service will throw aVaultEncryptionBatchException- Specified by:
encryptin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key to encrypt the data withrequests- the list of elements to encrypt- Returns:
- a map of each request and its corresponding cipher text
- See Also:
- encrypt data
-
decrypt
public io.smallrye.mutiny.Uni<ClearData> decrypt(String keyName, String ciphertext)
Description copied from interface:VaultTransitSecretReactiveEngineDecrypt the encrypted data with the specified key, and return unencrypted data.- Specified by:
decryptin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key that was used to encrypt the original dataciphertext- the encrypted data- Returns:
- the unencrypted data
- See Also:
- decrypt data
-
decrypt
public io.smallrye.mutiny.Uni<ClearData> decrypt(String keyName, String ciphertext, TransitContext transitContext)
Description copied from interface:VaultTransitSecretReactiveEngineDecrypt the encrypted data with the specified key and a transit context used for key derivation.- Specified by:
decryptin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key that was used to encrypt the original dataciphertext- data to decrypttransitContext- optional transit context used for key derivation- Returns:
- the unencrypted data
- See Also:
- decrypt data, create key derived attribute
-
decrypt
public io.smallrye.mutiny.Uni<Map<DecryptionRequest,ClearData>> decrypt(String keyName, List<DecryptionRequest> requests)
Description copied from interface:VaultTransitSecretReactiveEngineDecrypt a list of encrypted data items. Each item shall specify the encrypted data plus an optional transit context used for key derivation (if applicable). If any error occurs, the service will throw aVaultDecryptionBatchException- Specified by:
decryptin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key that was used to encrypt the original datarequests- the list of encrypted data items- Returns:
- a map of each request with its corresponding decrypted data item
- See Also:
- decrypt data
-
rewrap
public io.smallrye.mutiny.Uni<String> rewrap(String keyName, String ciphertext)
Description copied from interface:VaultTransitSecretReactiveEngineReencrypt into a new cipher text a cipher text that was obtained from encryption using an old key version with the last key version- Specified by:
rewrapin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the encryption key that was used for the previous encryptionciphertext- the old cipher text that needs rewrapping- Returns:
- the reencrypted cipher text with last key version as a new cipher text
- See Also:
- rewrap data, working set management
-
rewrap
public io.smallrye.mutiny.Uni<String> rewrap(String keyName, String ciphertext, TransitContext transitContext)
Description copied from interface:VaultTransitSecretReactiveEngineReencrypt into a new cipher text a cipher text that was obtained from encryption using an old key version with the last key version and an optional transit context used for key derivation- Specified by:
rewrapin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the encryption key that was used for the previous encryptionciphertext- the old cipher text that needs rewrappingtransitContext- optional transit context used for key derivation- Returns:
- the reencrypted cipher text with last key version as a new cipher text
- See Also:
- rewrap data, working set management
-
rewrap
public io.smallrye.mutiny.Uni<Map<RewrappingRequest,String>> rewrap(String keyName, List<RewrappingRequest> requests)
Description copied from interface:VaultTransitSecretReactiveEngineReencrypt a list of encrypted data items with the last version of the specified key. Each item shall specify a cipher text to reencrypt, an optional key version, and an optional transit context used for key derivation, if applicable. If any error occurs, the service will throw aVaultRewrappingBatchException- Specified by:
rewrapin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the encryption key that was used for the previous encryptionsrequests- the list of items to reencrypt- Returns:
- a map of each request with its corresponding reencrypted data item
- See Also:
- rewrap data, working set management
-
sign
public io.smallrye.mutiny.Uni<String> sign(String keyName, String input)
Description copied from interface:VaultTransitSecretReactiveEngineSign an input string with the specified key.- Specified by:
signin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the signing key to useinput- String to sign- Returns:
- the signature
- See Also:
- sign data
-
sign
public io.smallrye.mutiny.Uni<String> sign(String keyName, SigningInput input, TransitContext transitContext)
Description copied from interface:VaultTransitSecretReactiveEngineSign the input with the specified key and an optional transit context used for key derivation, if applicable.- Specified by:
signin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the signing key to useinput- data to signtransitContext- optional transit context used for key derivation- Returns:
- the signature
- See Also:
- sign data
-
sign
public io.smallrye.mutiny.Uni<String> sign(String keyName, SigningInput input, SignVerifyOptions options, TransitContext transitContext)
Description copied from interface:VaultTransitSecretReactiveEngineSign the input with the specified key and an optional explicit sign/verify options and an optional transit context used for key derivation, if applicable.- Specified by:
signin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the signing key to useinput- data to signoptions- optional explicit sign/verify optionstransitContext- optional transit context used for key derivation- Returns:
- the signature
- See Also:
- sign data
-
sign
public io.smallrye.mutiny.Uni<Map<SigningRequest,String>> sign(String keyName, List<SigningRequest> requests)
Description copied from interface:VaultTransitSecretReactiveEngineSign a list of inputs items. Each item shall specify the input to sign, an optional key version, and an optional transit context used for key derivation, if applicable. If any error occurs, the service will throw aVaultSigningBatchException- Specified by:
signin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the signing key to userequests- the list of inputs to sign- Returns:
- a map of each request with its corresponding signature item
- See Also:
- sign data
-
sign
public io.smallrye.mutiny.Uni<Map<SigningRequest,String>> sign(String keyName, List<SigningRequest> requests, SignVerifyOptions options)
Description copied from interface:VaultTransitSecretReactiveEngineSign a list of inputs items and an optional explicit sign/verify options. Each item shall specify the input to sign, an optional key version, and an optional transit context used for key derivation, if applicable. If any error occurs, the service will throw aVaultSigningBatchException- Specified by:
signin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the signing key to userequests- the list of inputs to signoptions- optional explicit sign/verify options- Returns:
- a map of each request with its corresponding signature item
- See Also:
- sign data
-
verifySignature
public io.smallrye.mutiny.Uni<Void> verifySignature(String keyName, String signature, String input)
Description copied from interface:VaultTransitSecretReactiveEngineChecks that the signature was obtained from signing the input with the specified key. The service will throw aVaultExceptionif this is not the case.- Specified by:
verifySignaturein interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key that was used to sign the inputsignature- the signature obtained from one of the sign methodsinput- the original input data- See Also:
- verify signed data
-
verifySignature
public io.smallrye.mutiny.Uni<Void> verifySignature(String keyName, String signature, SigningInput input, TransitContext transitContext)
Description copied from interface:VaultTransitSecretReactiveEngineChecks that the signature was obtained from signing the input with the specified key. The service will throw aVaultExceptionif this is not the case.- Specified by:
verifySignaturein interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key that was used to sign the inputsignature- the signature obtained from one of the sign methodsinput- the original input datatransitContext- optional transit context used for key derivation- See Also:
- verify signed data
-
verifySignature
public io.smallrye.mutiny.Uni<Void> verifySignature(String keyName, String signature, SigningInput input, SignVerifyOptions options, TransitContext transitContext)
Description copied from interface:VaultTransitSecretReactiveEngineChecks that the signature was obtained from signing the input with the specified key an an optional explicit sign/verify options. The service will throw aVaultExceptionif this is not the case.- Specified by:
verifySignaturein interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key that was used to sign the inputsignature- the signature obtained from one of the sign methodsinput- the original input dataoptions- optional explicit sign/verify optionstransitContext- optional transit context used for key derivation- See Also:
- verify signed data
-
verifySignature
public io.smallrye.mutiny.Uni<Void> verifySignature(String keyName, List<VerificationRequest> requests)
Description copied from interface:VaultTransitSecretReactiveEngineChecks a list of verification requests. Each request shall specify an input and the signature we want to match against, and an optional transit context used for key derivation, if applicable. If the signature does not match, or if any other error occurs, the service will throw aVaultVerificationBatchException- Specified by:
verifySignaturein interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key that was used to sign the inputrequests- a list of items specifying an input and a signature to match against- See Also:
- verify signed data
-
verifySignature
public io.smallrye.mutiny.Uni<Void> verifySignature(String keyName, List<VerificationRequest> requests, SignVerifyOptions options)
Description copied from interface:VaultTransitSecretReactiveEngineChecks a list of verification requests. Each request shall specify an input and the signature we want to match against, and an optional explicit sign/verify options and an optionals transit context used for key derivation, if applicable. If the signature does not match, or if any other error occurs, the service will throw aVaultVerificationBatchException- Specified by:
verifySignaturein interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- the key that was used to sign the inputrequests- a list of items specifying an input and a signature to match againstoptions- optional explicit sign/verify options- See Also:
- verify signed data
-
createKey
public io.smallrye.mutiny.Uni<Void> createKey(String keyName, KeyCreationRequestDetail detail)
Description copied from interface:VaultTransitSecretReactiveEngineCreate a new Transit key.- Specified by:
createKeyin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- key namedetail- key creation detail or null- See Also:
- create key
-
updateKeyConfiguration
public io.smallrye.mutiny.Uni<Void> updateKeyConfiguration(String keyName, KeyConfigRequestDetail detail)
Description copied from interface:VaultTransitSecretReactiveEngineUpdate the configuration of a Transit key. The key must exist.- Specified by:
updateKeyConfigurationin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- key namedetail- key configuration detail- See Also:
- update key configuration
-
deleteKey
public io.smallrye.mutiny.Uni<Void> deleteKey(String keyName)
Description copied from interface:VaultTransitSecretReactiveEngineDelete a Transit key. Key must have been configured with deletion allowed. The key must exist.- Specified by:
deleteKeyin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- key name- See Also:
- delete key
-
exportKey
public io.smallrye.mutiny.Uni<VaultTransitKeyExportDetail> exportKey(String keyName, VaultTransitExportKeyType keyType, String keyVersion)
Description copied from interface:VaultTransitSecretReactiveEngineExport a Transit Key. Key must have made exportable through creation or configuration update. The key must exist.- Specified by:
exportKeyin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- name of the keykeyType- key typekeyVersion- null, "latest" or a valid version number as a String. If null all versions will be returned- Returns:
- All specified key versions
- See Also:
- export key
-
readKey
public io.smallrye.mutiny.Uni<Optional<VaultTransitKeyDetail<?>>> readKey(String keyName)
Description copied from interface:VaultTransitSecretReactiveEngineRead the configuration of a Transit key.- Specified by:
readKeyin interfaceVaultTransitSecretReactiveEngine- Parameters:
keyName- key name- Returns:
- key detail, or null if the key does not exist
- See Also:
- read key
-
listKeys
public io.smallrye.mutiny.Uni<List<String>> listKeys()
Description copied from interface:VaultTransitSecretReactiveEngineList all Transit keys.- Specified by:
listKeysin interfaceVaultTransitSecretReactiveEngine- Returns:
- key names
- See Also:
- list keys
-
map
protected VaultTransitKeyDetail<?> map(VaultTransitReadKeyData data)
-
-