Skip to content

Commit

Permalink
transit key apis
Browse files Browse the repository at this point in the history
  • Loading branch information
@rajanadar
rajanadar committed Jan 4, 2021
1 parent 29fff56 commit 0cde88a
Show file tree
Hide file tree
Showing 6 changed files with 43 additions and 47 deletions.
23 changes: 14 additions & 9 deletions src/VaultSharp/V1/SecretsEngines/Transit/CreateKeyRequestOptions.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,33 +12,38 @@ public class CreateKeyRequestOptions
/// ciphertext.This requires derived to be set to true. When enabled, each encryption(/decryption/rewrap/datakey)
/// operation will derive a nonce value rather than randomly generate it.
/// </summary>
[JsonProperty(PropertyName = "convergent_encryption", NullValueHandling = NullValueHandling.Ignore)]
public bool? ConvergentEncryption { get; set; }
[JsonProperty(PropertyName = "convergent_encryption")]
public bool ConvergentEncryption { get; set; }

/// <summary>
/// Specifies if key derivation is to be used.If enabled, all encrypt/decrypt requests to this named
/// key must provide a context which is used for key derivation.
/// </summary>
[JsonProperty(PropertyName = "derived", NullValueHandling = NullValueHandling.Ignore)]
public bool? Derived { get; set; }
[JsonProperty(PropertyName = "derived")]
public bool Derived { get; set; }

/// <summary>
/// Enables keys to be exportable. This allows for all the valid keys in the key ring to be
/// exported. Once set, this cannot be disabled.
/// </summary>
[JsonProperty(PropertyName = "exportable", NullValueHandling = NullValueHandling.Ignore)]
public bool? Exportable { get; set; }
[JsonProperty(PropertyName = "exportable")]
public bool Exportable { get; set; }

/// <summary>
/// If set, enables taking backup of named key in the plaintext format.Once set, this cannot be disabled.
/// </summary>
[JsonProperty(PropertyName = "allow_plaintext_backup", NullValueHandling = NullValueHandling.Ignore)]
public bool? AllowPlaintextBackup { get; set; }
[JsonProperty(PropertyName = "allow_plaintext_backup")]
public bool AllowPlaintextBackup { get; set; }

/// <summary>
/// Specifies the type of key to create.
/// </summary>
[JsonProperty("type")]
public string Type { get; set; } = "aes256-gcm96";
public TransitKeyType Type { get; set; }

public CreateKeyRequestOptions()
{
this.Type = TransitKeyType.aes256_gcm96;
}
}
}
2 changes: 1 addition & 1 deletion src/VaultSharp/V1/SecretsEngines/Transit/EncryptionKeyInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ public class EncryptionKeyInfo
/// The type of key (i.e. encryption algorithm) to generate.
/// </summary>
[JsonProperty("type")]
public string Type { get; set; } = "aes256-gcm96";
public TransitKeyType Type { get; set; }

/// <summary>
/// Specifies if the key is allowed to be deleted.
Expand Down
8 changes: 4 additions & 4 deletions src/VaultSharp/V1/SecretsEngines/Transit/ITransitSecretsEngine.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ public interface ITransitSecretsEngine
/// Provide a value only if you have customized the mount point.
/// </param>
/// <returns>Nothing is returned. No error means the operation was successful.</returns>
Task CreateKeyAsync(string keyName, CreateKeyRequestOptions createKeyRequestOptions, string mountPoint = SecretsEngineDefaultPaths.Transit);
Task CreateEncryptionKeyAsync(string keyName, CreateKeyRequestOptions createKeyRequestOptions, string mountPoint = SecretsEngineDefaultPaths.Transit);

/// <summary>
/// This endpoint returns information about a named encryption key.
Expand Down Expand Up @@ -143,7 +143,7 @@ public interface ITransitSecretsEngine
/// Provide a value only if you have customized the mount point.
/// </param>
/// <returns>Nothing is returned. No error means the operation was successful.</returns>
Task UpdateKeyAsync(string keyName, UpdateKeyRequestOptions updateKeyRequestOptions, string mountPoint = SecretsEngineDefaultPaths.Transit);
Task UpdateEncryptionKeyConfigAsync(string keyName, UpdateKeyRequestOptions updateKeyRequestOptions, string mountPoint = SecretsEngineDefaultPaths.Transit);

/// <summary>
/// This endpoint deletes a named encryption key. It will no longer be possible to decrypt any data encrypted with the named key.
Expand All @@ -156,7 +156,7 @@ public interface ITransitSecretsEngine
/// Provide a value only if you have customized the mount point.
/// </param>
/// <returns>Nothing is returned. No error means the operation was successful.</returns>
Task DeleteKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.Transit);
Task DeleteEncryptionKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.Transit);

/// <summary>
/// This endpoint rotates the version of the named key. After rotation, new plaintext requests will be encrypted with the new version of the key.
Expand All @@ -169,7 +169,7 @@ public interface ITransitSecretsEngine
/// Provide a value only if you have customized the mount point.
/// </param>
/// <returns>Nothing is returned. No error means the operation was successful.</returns>
Task RotateKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.Transit);
Task RotateEncryptionKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.Transit);

/// <summary>
/// This endpoint rewraps the provided ciphertext using the latest version of the named key.
Expand Down
6 changes: 3 additions & 3 deletions src/VaultSharp/V1/SecretsEngines/Transit/RewrapRequestOptions.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,13 @@ public class RewrapRequestOptions : RewrapItem
/// <summary>
/// Specifies the version of the key to use for the operation. If not set, uses the latest version.
/// </summary>
[JsonProperty(PropertyName = "key_version", NullValueHandling = NullValueHandling.Ignore)]
public int? KeyVersion { get; set; }
[JsonProperty(PropertyName = "key_version")]
public int KeyVersion { get; set; }

/// <summary>
/// Specifies a list of items to be decrypted in a single batch.
/// </summary>
[JsonProperty(PropertyName = "batch_input", NullValueHandling = NullValueHandling.Ignore)]
[JsonProperty(PropertyName = "batch_input")]
public List<DecryptionItem> BatchedRewrapItems { get; set; }
}
}
31 changes: 11 additions & 20 deletions src/VaultSharp/V1/SecretsEngines/Transit/TransitSecretsEngineProvider.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ public async Task<Secret<DataKeyResponse>> GenerateDataKeyAsync(string keyType,
"v1/" + mountPoint.Trim('/') + "/datakey/" + keyType.Trim('/')+ "/" + keyName.Trim('/'), HttpMethod.Post, dataKeyRequestOptions, wrapTimeToLive: wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
}

public async Task CreateKeyAsync(string keyName, CreateKeyRequestOptions createKeyRequestOptions, string mountPoint = SecretsEngineDefaultPaths.Transit)
public async Task CreateEncryptionKeyAsync(string keyName, CreateKeyRequestOptions createKeyRequestOptions, string mountPoint = SecretsEngineDefaultPaths.Transit)
{
Checker.NotNull(keyName, "keyName");
Checker.NotNull(createKeyRequestOptions, "createKeyRequestOptions");
Expand All @@ -51,25 +51,22 @@ public async Task CreateKeyAsync(string keyName, CreateKeyRequestOptions createK
await _polymath.MakeVaultApiRequest<object>(
"v1/" + mountPoint.Trim('/') + "/keys/" + keyName.Trim('/'),
HttpMethod.Post,
createKeyRequestOptions,
wrapTimeToLive: null)
createKeyRequestOptions)
.ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
}

public async Task<Secret<EncryptionKeyInfo>> ReadEncryptionKeyAsync(string keyName, string mountPoint = "transit")
public async Task<Secret<EncryptionKeyInfo>> ReadEncryptionKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.Transit)
{
Checker.NotNull(keyName, "keyName");
Checker.NotNull(mountPoint, "mountPoint");

return await _polymath.MakeVaultApiRequest<Secret<EncryptionKeyInfo>>(
"v1/" + mountPoint.Trim('/') + "/keys/" + keyName.Trim('/'),
HttpMethod.Get,
requestData: null,
wrapTimeToLive: null)
HttpMethod.Get)
.ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
}

public async Task UpdateKeyAsync(string keyName, UpdateKeyRequestOptions updateKeyRequestOptions, string mountPoint = "transit")
public async Task UpdateEncryptionKeyConfigAsync(string keyName, UpdateKeyRequestOptions updateKeyRequestOptions, string mountPoint = SecretsEngineDefaultPaths.Transit)
{
Checker.NotNull(keyName, "keyName");
Checker.NotNull(updateKeyRequestOptions, "updateKeyRequestOptions");
Expand All @@ -78,34 +75,29 @@ public async Task UpdateKeyAsync(string keyName, UpdateKeyRequestOptions updateK
await _polymath.MakeVaultApiRequest<object>(
"v1/" + mountPoint.Trim('/') + "/keys/" + keyName.Trim('/') + "/config",
HttpMethod.Post,
updateKeyRequestOptions,
wrapTimeToLive: null)
updateKeyRequestOptions)
.ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
}

public async Task DeleteKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.Transit)
public async Task DeleteEncryptionKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.Transit)
{
Checker.NotNull(keyName, "keyName");
Checker.NotNull(mountPoint, "mountPoint");

await _polymath.MakeVaultApiRequest<object>(
"v1/" + mountPoint.Trim('/') + "/keys/" + keyName.Trim('/'),
HttpMethod.Delete,
requestData: null,
wrapTimeToLive: null)
HttpMethod.Delete)
.ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
}

public async Task RotateKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.Transit)
public async Task RotateEncryptionKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.Transit)
{
Checker.NotNull(keyName, "keyName");
Checker.NotNull(mountPoint, "mountPoint");

await _polymath.MakeVaultApiRequest<object>(
"v1/" + mountPoint.Trim('/') + "/keys/" + keyName.Trim('/') + "/rotate",
HttpMethod.Post,
requestData: null,
wrapTimeToLive: null)
HttpMethod.Post)
.ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
}

Expand All @@ -118,8 +110,7 @@ public async Task<Secret<EncryptionResponse>> RewrapAsync(string keyName, Rewrap
return await _polymath.MakeVaultApiRequest<Secret<EncryptionResponse>>(
"v1/" + mountPoint.Trim('/') + "/rewrap/" + keyName.Trim('/'),
HttpMethod.Post,
rewrapRequestOptions,
wrapTimeToLive: null)
rewrapRequestOptions)
.ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
}
}
Expand Down
20 changes: 10 additions & 10 deletions src/VaultSharp/V1/SecretsEngines/Transit/UpdateKeyRequestOptions.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,21 +11,21 @@ public class UpdateKeyRequestOptions
/// <summary>
/// Specifies if the key is allowed to be deleted.
/// </summary>
[JsonProperty(PropertyName = "deletion_allowed", NullValueHandling = NullValueHandling.Ignore)]
public bool? DeletionAllowed { get; set; }
[JsonProperty(PropertyName = "deletion_allowed")]
public bool DeletionAllowed { get; set; }

/// <summary>
/// Enables keys to be exportable. This allows for all the valid keys in the key ring to be
/// exported. Once set, this cannot be disabled.
/// </summary>
[JsonProperty(PropertyName = "exportable", NullValueHandling = NullValueHandling.Ignore)]
public bool? Exportable { get; set; }
[JsonProperty(PropertyName = "exportable")]
public bool Exportable { get; set; }

/// <summary>
/// Enables taking backup of named key in the plaintext format. Once set, this cannot be disabled.
/// </summary>
[JsonProperty(PropertyName = "allow_plaintext_backup", NullValueHandling = NullValueHandling.Ignore)]
public bool? AllowPlaintextBackup { get; set; }
[JsonProperty(PropertyName = "allow_plaintext_backup")]
public bool AllowPlaintextBackup { get; set; }

/// <summary>
/// Specifies the minimum version of ciphertext allowed to be decrypted. Adjusting this as part
Expand All @@ -34,15 +34,15 @@ public class UpdateKeyRequestOptions
/// signature that can be verified against. For HMACs, this controls the minimum version of a
/// key allowed to be used as the key for verification.
/// </summary>
[JsonProperty(PropertyName = "min_decryption_version", NullValueHandling = NullValueHandling.Ignore)]
public int? MinimumDecryptionVersion { get; set; }
[JsonProperty(PropertyName = "min_decryption_version")]
public int MinimumDecryptionVersion { get; set; }

/// <summary>
/// Specifies the minimum version of the key that can be used to encrypt plaintext, sign payloads,
/// or generate HMACs. Must be 0 (which will use the latest version) or a value greater or equal
/// to min_decryption_version.
/// </summary>
[JsonProperty(PropertyName = "min_encryption_version", NullValueHandling = NullValueHandling.Ignore)]
public int? MinimumEncryptionVersion { get; set; }
[JsonProperty(PropertyName = "min_encryption_version")]
public int MinimumEncryptionVersion { get; set; }
}
}

0 comments on commit 0cde88a

Please sign in to comment.