Vault V1 Keys API Reference

post/v1/key/generate

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/generate' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Generate key

POST

https://vault.aws.us.pangea.cloud/v1/key/generate

Generate a symmetric or asymmetric key.

required parameters

type

string

Type of the Vault item

type

purpose

string

Purpose of the key:

signing - Asymmetric key used for creating and verifying cryptographic signatures
encryption - Asymmetric key used for encryption and decryption operations
jwt - Asymmetric key used for signing JSON Web Tokens (JWT), producing a verifiable JSON Web Signature (JWS)
pki - Asymmetric key used for Public Key Infrastructure (PKI) functions, such as certificate lifecycle management and identity verification

purpose

optional parameters

name

string

Name of the item

folder

string

Folder where the item is stored

metadata

object

Metadata provided by the user

array<string>

List of user-defined tags

rotation_frequency

string (pangea-duration)

Time interval between item rotations, provided as a positive number followed by a time unit: secs, mins, hrs, days, weeks, months, or years. You can use abbreviations like 1d. Omit to inherit from the parent folder or default settings. Set to never to disable rotation.

rotation_state

string

Target state for the previous version after rotation. Set to inherited to inherit from the parent folder or default settings.

rotation_state

expiration

string (date-time)

Expiration timestamp

exportable

boolean

(default: false)

Allows the creation of an exportable key. Default is false.

exportable

Response Fields

Response Schema

object

Pangea standard response schema

result

id

string

ID of the key

type

string

Type of the Vault item

version

integer

Version of the key

algorithm

string

Algorithm of the key

purpose

string

Purpose of the key:

signing - Asymmetric key used for creating and verifying cryptographic signatures
encryption - Asymmetric key used for encryption and decryption operations
jwt - Asymmetric key used for signing JSON Web Tokens (JWT), producing a verifiable JSON Web Signature (JWS)
pki - Asymmetric key used for Public Key Infrastructure (PKI) functions, such as certificate lifecycle management and identity verification

public_key

string

Public key (in PEM format)

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/rotate

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/rotate' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Rotate key

POST

https://vault.aws.us.pangea.cloud/v1/key/rotate

Manually rotate a symmetric or asymmetric key. Optionally, provide new key value(s) created using the same algorithm as the original key.

required parameters

id

string

ID of the key

optional parameters

rotation_state

string

Target state for the previous version after rotation. Omit to apply the current rotation policy.

rotation_state

key

string (base64)

Key material (Base64-encoded)

Response Fields

Response Schema

object

Pangea standard response schema

result

id

string

ID of the key

type

string

Type of the Vault item

version

integer

Version of the key

algorithm

string

Algorithm of the key

purpose

string

(default: "encryption")

Purpose of the key:

encryption - Symmetric key used for encryption and decryption operations
jwt - Symmetric key used for signing JSON Web Tokens (JWT), producing a verifiable JSON Web Signature (JWS)
fpe - Symmetric key used for Format Preserving Encryption (FPE)

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/encrypt

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/encrypt' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Encrypt

POST

https://vault.aws.us.pangea.cloud/v1/key/encrypt

Encrypt a message using a key created for encryption purposes.

required parameters

id

string

ID of the key to use. It must be a symmetric_key or asymmetric_key created for encryption purposes.

plain_text

string (base64)

Message to be encrypted (Base64-encoded)

optional parameters

version

integer

Version of the key. If not specified, the latest version is used by default.

minimum: 1

additional_data

string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

Response Fields

Response Schema

object

Pangea standard response schema

result

object

id

string

ID of the key

version

integer

Version of the key used for encryption

minimum: 1

algorithm

string

Algorithm of the key used for decryption

cipher_text

string (base64)

Encrypted message (Base64-encoded)

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/decrypt

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/decrypt' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Decrypt

POST

https://vault.aws.us.pangea.cloud/v1/key/decrypt

Decrypt a message using the same key that was used for encryption.

required parameters

id

string

ID of the key used for encrypting cipher_text

cipher_text

string (base64)

Message encrypted by Vault (Base64-encoded)

cipher_text

optional parameters

version

integer

Version of the key. If not specified, the latest version is used by default.

minimum: 1

additional_data

string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

Response Fields

Response Schema

object

Pangea standard response schema

result

object

id

string

ID of the key

version

integer

Version of the key used for decryption

minimum: 1

algorithm

string

Algorithm of the key used for encryption

plain_text

string (base64)

Decrypted message (Base64-encoded)

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/encrypt/structured

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/encrypt/structured' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Encrypt structured data

POST

https://vault.aws.us.pangea.cloud/v1/key/encrypt/structured

Encrypt structured data by selecting and encrypting parts of a JSON object using a JSONPath expression.

For example, use a JSONPath like $.batch_input[*].ssn to select elements in the following JSON document:

{
    "batch_input": [
        {
            "ssn": "123-45-6789"
        },
        {
            "ssn": "987-65-4321"
        }
    ]
}

Using this filter for encryption will return a JSON document where 123-45-6789 and 987-65-4321 are replaced with their encrypted values.

Find additional details in the Structured Data Encryption and JSON Path documentation.

required parameters

id

string

ID of the key to use. It must be a symmetric_key or asymmetric_key created for encryption purposes.

structured_data

object

JSON used to perform bulk encryption operations

filter

string (jsonpath)

Filter expression that must target string elements in the structured_data field

optional parameters

version

integer

Version of the key. If not specified, the latest version is used by default.

minimum: 1

additional_data

string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

Response Fields

Response Schema

object

Pangea standard response schema

result

object

id

string

ID of the item

version

integer

Version of the key used for encryption

minimum: 1

algorithm

string

Algorithm of the key

structured_data

object

Structured data with the filtered elements encrypted

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/decrypt/structured

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/decrypt/structured' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Decrypt structured

POST

https://vault.aws.us.pangea.cloud/v1/key/decrypt/structured

Decrypt structured data by selecting encrypted parts of a JSON object using a JSONPath expression.

For example, use a JSONPath like $.batch_input[*].ssn to select encrypted elements in the following JSON document:

{
    "batch_input": [
        {
            "ssn": "CwAAAIfgVg2uv98KIMhAS17DQfznWEA8yXTqLvZFaXDafQIu"
        },
        {
            "ssn": "CwAAADIqwKdF8LQc9SlAFvyf+G4wvsCgurmuVIWad9Ip5tl2"
        }
    ]
}

Using this filter for decryption will return a JSON document with the encrypted values replaced by their decrypted counterparts.

Find additional details in the Structured Data Encryption and JSON Path documentation.

required parameters

id

string

ID of the key used for encrypting structured_data

structured_data

object

Structured data with the filtered elements encrypted

filter

string (jsonpath)

Filter expression that must target string elements in the structured_data field

optional parameters

version

integer

Version of the key. If not specified, the latest version is used by default.

minimum: 1

additional_data

string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

Response Fields

Response Schema

object

Pangea standard response schema

result

object

id

string

ID of the item

version

integer

Version of the key used for decryption

minimum: 1

algorithm

string

Algorithm of the key

structured_data

object

JSON used to perform bulk encryption operations

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/encrypt/transform

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/encrypt/transform' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Encrypt using FPE

POST

https://vault.aws.us.pangea.cloud/v1/key/encrypt/transform

Encrypt using a Format Preserving Encryption (FPE) algorithm.

required parameters

id

string

ID of the key to use. It must be a symmetric_key created for Format Preserving Encryption.

plain_text

string

Message to be encrypted

alphabet

string

Character set to use for Format Preserving Encryption (FPE)

alphabet

optional parameters

version

integer

Version of the key. If not specified, the latest version is used by default.

minimum: 1

tweak

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

Response Fields

Response Schema

object

Pangea standard response schema

result

object

id

string

ID of the key

version

integer

Version of the key used for encryption

minimum: 1

algorithm

string

Algorithm of the key used for encryption

cipher_text

string

Message encrypted with FPE

tweak

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

alphabet

string

Character set to use for Format Preserving Encryption (FPE)

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/decrypt/transform

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/decrypt/transform' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Decrypt using FPE

POST

https://vault.aws.us.pangea.cloud/v1/key/decrypt/transform

Decrypt using a Format Preserving Encryption (FPE) algorithm.

required parameters

id

string

ID of the key used for encrypting cipher_text

cipher_text

string

Message encrypted by Vault

cipher_text

tweak

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

alphabet

string

Character set to use for Format Preserving Encryption (FPE)

alphabet

optional parameters

version

integer

Version of the key. If not specified, the latest version is used by default.

minimum: 1

Response Fields

Response Schema

object

Pangea standard response schema

result

object

id

string

ID of the key

version

integer

Version of the key used for decryption

minimum: 1

algorithm

string

Algorithm of the key used for encryption

plain_text

string

Message to be encrypted

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/encrypt/transform/structured

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/encrypt/transform/structured' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Encrypt structured data using FPE

POST

https://vault.aws.us.pangea.cloud/v1/key/encrypt/transform/structured

Encrypt structured data using a Format Preserving Encryption (FPE) algorithm by selecting and encrypting parts of a JSON object with a JSONPath expression.

For example, use a JSONPath like $.batch_input[*].ssn to select elements in the following JSON document:

{
    "batch_input": [
        {
            "ssn": "123-45-6789"
        },
        {
            "ssn": "987-65-4321"
        }
    ]
}

Using this filter for encryption will return a JSON document where 123-45-6789 and 987-65-4321 are replaced with their FPE-encrypted values.

Find additional information in the Format Preserving Encryption (FPE), Structured Data Encryption, and JSON Path documentation.

required parameters

id

string

ID of the key to use. It must be a symmetric_key created for Format Preserving Encryption.

alphabet

string

Character set to use for Format Preserving Encryption (FPE)

alphabet

structured_data

object

JSON used to perform bulk encryption operations

filter

string (jsonpath)

Filter expression that must target string elements in the structured_data field

optional parameters

version

integer

Version of the key. If not specified, the latest version is used by default.

minimum: 1

additional_data

string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

tweak

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

Response Fields

Response Schema

object

Pangea standard response schema

result

object

id

string

ID of the key

version

integer

Version of the key used for encryption

minimum: 1

algorithm

string

Algorithm of the key used for encryption

structured_data

object

Structured data with the filtered elements encrypted using FPE

tweak

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

alphabet

string

Character set to use for Format Preserving Encryption (FPE)

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/decrypt/transform/structured

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/decrypt/transform/structured' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Decrypt structured data using FPE

POST

https://vault.aws.us.pangea.cloud/v1/key/decrypt/transform/structured

Decrypt structured data by selecting FPE-encrypted parts of a JSON object using a JSONPath expression.

For example, use a JSONPath like $.batch_input[*].ssn to select FPE-encrypted elements in the following JSON document:

{
    "batch_input": [
        {
            "ssn": "987-65-4321"
        },
        {
            "ssn": "123-45-6789"
        }
    ]
}

Using this filter for decryption will return a JSON document with the FPE-encrypted values replaced by their decrypted counterparts.

Find additional information in the Format Preserving Encryption (FPE), Structured Data Encryption, and JSON Path documentation.

required parameters

id

string

ID of the key used for encrypting structured_data

structured_data

object

Structured data with the filtered elements encrypted using FPE

filter

string (jsonpath)

Filter expression that must target string elements in the structured_data field

alphabet

string

Character set to use for Format Preserving Encryption (FPE)

alphabet

optional parameters

version

integer

Version of the key. If not specified, the latest version is used by default.

minimum: 1

additional_data

string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

tweak

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

Response Fields

Response Schema

object

Pangea standard response schema

result

object

id

string

ID of the key

version

integer

Version of the key used for decryption

minimum: 1

algorithm

string

Algorithm of the key used for encryption

structured_data

object

JSON used to perform bulk encryption operations

tweak

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

alphabet

string

Character set to use for Format Preserving Encryption (FPE)

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/sign

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/sign' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Sign

POST

https://vault.aws.us.pangea.cloud/v1/key/sign

Sign a message using a key for creating and verifying cryptographic signatures.

required parameters

id

string

ID of the key to use. It must be an asymmetric_key created for signing purposes.

message

string (base64)

Message to be signed (Base64-encoded)

optional parameters

version

integer

Version of the key. If not specified, the latest version is used by default.

minimum: 1

Response Fields

Response Schema

object

Pangea standard response schema

result

object

id

string

ID of the key used for signing

version

integer

Version of the key used for signing

minimum: 1

algorithm

string

Algorithm of the key used for signing

signature

string (base64)

Signature of the message (Base64-encoded)

public_key

string

Public key (in PEM format)

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/verify

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/verify' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Verify signature

POST

https://vault.aws.us.pangea.cloud/v1/key/verify

Verify a signature using a key for creating and verifying cryptographic signatures.

required parameters

id

string

ID of the key used for signing message

message

string (base64)

Message used for generating signature (Base64-encoded)

signature

string (base64)

Signature to be verified, generated for message (Base64-encoded)

optional parameters

version

integer

Version of the key. If not specified, the latest version is used by default.

minimum: 1

Response Fields

Response Schema

object

Pangea standard response schema

result

object

id

string

ID of the key used for signing

version

integer

Version of the key used for signing

minimum: 1

algorithm

string

Algorithm of the key used for signing

valid_signature

boolean

Indicates whether the signature has been verified:

true - The signature is valid
false - The signature is not valid

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/key/store

curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v1/key/store' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

Store key

POST

https://vault.aws.us.pangea.cloud/v1/key/store

Import a symmetric or asymmetric key.

required parameters

type

string

Type of the Vault item

type

purpose

string

Purpose of the key:

signing - Asymmetric key used for creating and verifying cryptographic signatures
encryption - Asymmetric key used for encryption and decryption operations
jwt - Asymmetric key used for signing JSON Web Tokens (JWT), producing a verifiable JSON Web Signature (JWS)
pki - Asymmetric key used for Public Key Infrastructure (PKI) functions, such as certificate lifecycle management and identity verification

purpose

public_key

string

Public key (in PEM format)

private_key

string

Private key (in PEM format)

private_key

optional parameters

name

string

Name to be assigned to the key

folder

string

Folder where this key will be stored in Vault. By default, a folder is created or used based on the key’s purpose: /key/encryption, /key/signing, or /key/jwt.

metadata

object

Metadata provided by the user

array<string>

List of user-defined tags

rotation_frequency

string (pangea-duration)

Time interval between item rotations, provided as a positive number followed by a time unit: secs, mins, hrs, days, weeks, months, or years. You can use abbreviations like 1d. Omit to inherit from the parent folder or default settings. Set to never to disable rotation.

rotation_state

string

Target state for the previous version after rotation. Set to inherited to inherit from the parent folder or default settings.

rotation_state

expiration

string (date-time)

Expiration timestamp

exportable

boolean

(default: false)

Allows the creation of an exportable key. Default is false.

exportable

Response Fields

Response Schema

object

Pangea standard response schema

result

type

string

Type of the Vault item

id

string

ID of the key

version

integer

Version of the key

algorithm

string

Algorithm of the key

purpose

string

Purpose of the key:

signing - Asymmetric key used for creating and verifying cryptographic signatures
encryption - Asymmetric key used for encryption and decryption operations
jwt - Asymmetric key used for signing JSON Web Tokens (JWT), producing a verifiable JSON Web Signature (JWS)
pki - Asymmetric key used for Public Key Infrastructure (PKI) functions, such as certificate lifecycle management and identity verification

public_key

string

Public key (in PEM format)

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Was this article helpful?

Contact us

Generate key

string

string

string

string

object

array<string>

string (pangea-duration)

string

string (date-time)

boolean

object

Asymmetric Key

string

string

integer

string

string

string

string

string

string

string

string

Rotate key

string

string

string (base64)

object

Symmetric Key

string

string

integer

string

string

string

string

string

string

string

Encrypt

string

string (base64)

integer

string

object

object

string

integer

string

string (base64)

string

string

string

string

string

Decrypt

string

string (base64)

integer

string

object

object

string

integer

string

string (base64)

string

string

string

string

string

Encrypt structured data

string

object

string (jsonpath)

integer

string

object

object