Skip to main content

Vault | C# SDK | Keys Endpoints

Keys Endpoints

Symmetric generate

VaultClient.SymmetricGenerate(SymmetricGenerateRequest)

Generate a symmetric key.

required parameters

SymmetricGenerateRequest

The request parameters to send to the '/key/generate' endpoint.

Response Object

Task<Response<SymmetricGenerateResult>>

The response containing the generated symmetric key information.

SymmetricGenerateRequest request = new SymmetricGenerateRequest
    (
        SymmetricAlgorithm.AES128_CFB,
        KeyPurpose.Encryption,
        "my-very-secret-secret")
    ;
var response = await client.SymmetricGenerate(request);

Asymmetric generate

VaultClient.AsymmetricGenerate(AsymmetricGenerateRequest)

Generate an asymmetric key.

required parameters

AsymmetricGenerateRequest

The request parameters to send to the '/key/generate' endpoint.

Response Object

Task<Response<AsymmetricGenerateResult>>

The response containing the generated asymmetric key information.

AsymmetricGenerateRequest request = new AsymmetricGenerateRequest
    (
        AsymmetricAlgorithm.ED25519,
        KeyPurpose.Signing,
        "my-very-secret-secret")
    ;
var response = await client.AsymmetricGenerate(request);

Asymmetric store

VaultClient.AsymmetricStore(AsymmetricStoreRequest)

Import an asymmetric key.

required parameters

AsymmetricStoreRequest

The request parameters to send to the '/key/store' endpoint.

Response Object

Task<Response<AsymmetricStoreResult>>

The response containing the stored asymmetric key information.

AsymmetricStoreRequest request = new AsymmetricStoreRequest
    (
        "encoded private key",
        "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA8s5JopbEPGBylPBcMK+L5PqHMqPJW/5KYPgBHzZGncc=\n-----END PUBLIC KEY-----",
        AsymmetricAlgorithm.RSA4096_OAEP_SHA256,
        KeyPurpose.Signing,
        "my-very-secret-secret")
    ;
var response = await client.AsymmetricStore(request);

Symmetric store

VaultClient.SymmetricStore(SymmetricStoreRequest)

Import a symmetric key.

required parameters

SymmetricStoreRequest

The request parameters to send to the '/key/store' endpoint.

Response Object

Task<Response<SymmetricStoreResult>>

The response containing the stored symmetric key information.

SymmetricStoreRequest request = new SymmetricStoreRequest
    (
        "lJkk0gCLux+Q+rPNqLPEYw==",
        SymmetricAlgorithm.AES128_CFB,
        KeyPurpose.Encryption,
        "my-very-secret-secret")
    ;
var response = await client.SymmetricStore(request);

Rotate

VaultClient.KeyRotate(KeyRotateRequest)

Manually rotate a symmetric or asymmetric key.

required parameters

KeyRotateRequest

The request parameters to send to the '/key/rotate' endpoint.

Response Object

Task<Response<KeyRotateResult>>

The response containing the rotated key information.

KeyRotateRequest request = new KeyRotateRequest
    (
        "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
        ItemVersionState.Deactivated)
    .WithEncodedSymmetricKey("lJkk0gCLux+Q+rPNqLPEYw==")
    ;
var response = await client.KeyRotate(request);

Encrypt

VaultClient.Encrypt(EncryptRequest)

Encrypt a message using a key.

required parameters

EncryptRequest

The request parameters to send to the '/key/encrypt' endpoint.

Response Object

Task<Response<EncryptResult>>

The response containing the encrypted message.

EncryptRequest request = new EncryptRequest
    (
        "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
        "lJkk0gCLux+Q+rPNqLPEYw==")
    .WithVersion(2)
    ;
var response = await client.Encrypt(request);

Decrypt

VaultClient.Decrypt(DecryptRequest)

Decrypt a message using a key.

required parameters

DecryptRequest

The request parameters to send to the '/key/decrypt' endpoint.

Response Object

Task<Response<DecryptResult>>

The response containing the decrypted message.

DecryptRequest request = new DecryptRequest
    (
        "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
        "lJkk0gCLux+Q+rPNqLPEYw==")
    .WithVersion(2)
    ;
var response = await client.Decrypt(request);

Sign

VaultClient.Sign(SignRequest)

Sign a message using a key.

required parameters

SignRequest

The request parameters to send to the '/key/sign' endpoint.

Response Object

Task<Response<SignResult>>

The response containing the signed message.

SignRequest request = new SignRequest
    (
        "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
        "lJkk0gCLux+Q+rPNqLPEYw==")
    ;
var response = await client.Sign(request);

Verify

VaultClient.Verify(VerifyRequest)

Verify a signature using a key.

required parameters

VerifyRequest

The request containing the key ID, message, and signature to verify.

Response Object

Task<Response<VerifyResult>>

The response indicating whether the signature is valid or not.

var request = new VerifyRequest
    (
        "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
        "data2verify",
        "signature")
    ;
var response = await client.Verify(request);

Encrypt structured

VaultClient.EncryptStructured<T>(EncryptStructuredRequest<T>, CancellationToken)

Encrypt parts of a JSON object.

required parameters

EncryptStructuredRequest<T>

Request parameters.

CancellationToken

Cancellation token.

Response Object

Task<Response<EncryptStructuredResult<T>>>

Encrypted result.

var data = new SomeModel { Name = "...", Occupation = "..." };
var request = new EncryptStructuredRequest<SomeModel>(encryptionKeyId, data, "$.name");
var response = await client.EncryptStructured(request);

Decrypt structured

VaultClient.DecryptStructured<T>(EncryptStructuredRequest<T>, CancellationToken)

Decrypt parts of a JSON object.

required parameters

EncryptStructuredRequest<T>

Request parameters.

CancellationToken

Cancellation token.

Response Object

Task<Response<EncryptStructuredResult<T>>>

Decrypted result.

var data = new SomeModel { Name = "...", Occupation = "..." };
var request = new EncryptStructuredRequest<SomeModel>(encryptionKeyId, data, "$.name");
var response = await client.DecryptStructured(request);