Skip to main content

Vault | Golang SDK | Keys Endpoints

Keys Endpoints

Asymmetric generate

func (v *vault) AsymmetricGenerate(ctx context.Context, input *AsymmetricGenerateRequest) (*pangea.PangeaResponse[AsymmetricGenerateResult], error)

Generate an asymmetric key.

required parameters

context.Context
*AsymmetricGenerateRequest
input := &vault.AsymmetricGenerateRequest{
	Algorithm: vault.AArsa2048_pkcs1v15_sha256,
	Purpose:   vault.KPsigning,
	CommonGenerateRequest: vault.CommonGenerateRequest{
		Name:   pangea.StringValue("my-very-secret-secret"),
		Folder: pangea.StringValue("/personal"),
		Metadata: vault.Metadata{
			"created_by": pangea.StringValue("John Doe"),
			"used_in":    pangea.StringValue("Google products"),
		},
		Tags: vault.Tags{
			pangea.StringValue("irs_2023"),
			pangea.StringValue("personal"),
		},
		RotationFrequency: pangea.StringValue("10d"),
		RotationState:     pangea.StringValue("deactivated"),
		DisabledAt:        pangea.StringValue("2025-01-01T10:00:00Z"),
	},
}

agr, err := vaultcli.AsymmetricGenerate(ctx, input)

Asymmetric store

func (v *vault) AsymmetricStore(ctx context.Context, input *AsymmetricStoreRequest) (*pangea.PangeaResponse[AsymmetricStoreResult], error)

Import an asymmetric key.

required parameters

context.Context
*AsymmetricStoreRequest
var PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA8s5JopbEPGBylPBcMK+L5PqHMqPJW/5KYPgBHzZGncc=\n-----END PUBLIC KEY-----"
var PRIVATE_KEY = "private key example"

input := &vault.AsymmetricStoreRequest{
	Algorithm:  vault.AArsa2048_pkcs1v15_sha256,
	PublicKey:  vault.EncodedPublicKey(PUBLIC_KEY),
	PrivateKey: vault.EncodedPrivateKey(PRIVATE_KEY),
	Purpose:    vault.KPsigning,
	CommonStoreRequest: vault.CommonStoreRequest{
		Name: pangea.StringValue("my-very-secret-secret"),
		Folder: pangea.StringValue("/personal"),
		Metadata: vault.Metadata{
			"created_by": pangea.StringValue("John Doe"),
			"used_in":    pangea.StringValue("Google products"),
		},
		Tags: vault.Tags{
			pangea.StringValue("irs_2023"),
			pangea.StringValue("personal"),
		},
		RotationFrequency: pangea.StringValue("10d"),
		RotationState:     pangea.StringValue("deactivated"),
		DisabledAt:        pangea.StringValue("2025-01-01T10:00:00Z"),
	},
}

asr, err := vaultcli.AsymmetricStore(ctx, input)

Decrypt

func (v *vault) Decrypt(ctx context.Context, input *DecryptRequest) (*pangea.PangeaResponse[DecryptResult], error)

Decrypt a message using a key.

required parameters

context.Context
*DecryptRequest
input := &vault.DecryptRequest{
	ID: pangea.StringValue("pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"),
	CipherText: pangea.StringValue("lJkk0gCLux+Q+rPNqLPEYw=="),
	Version: pangea.Int(1),
}

dr, err := vaultcli.Decrypt(ctx, input)

Decrypt structured

func (v *vault) DecryptStructured(ctx context.Context, input *EncryptStructuredRequest) (*pangea.PangeaResponse[EncryptStructuredResult], error)

Decrypt parts of a JSON object.

required parameters

context.Context
*EncryptStructuredRequest
data := map[string]interface{}{
	"field1": [4]interface{}{1, 2, "kxcbC9E9IlgVaSCChPWUMgUC3ko=", "6FfI/LCzatLRLNAc8SuBK/TDnGxp"},
	"field2": "true",
}

decryptedResponse, err := client.DecryptStructured(
	ctx,
	&vault.EncryptStructuredRequest{
		ID:             "pvi_[...]",
		StructuredData: data,
		Filter:         "$.field1[2:4]",
	},
)

Encrypt

func (v *vault) Encrypt(ctx context.Context, input *EncryptRequest) (*pangea.PangeaResponse[EncryptResult], error)

Encrypt a message using a key.

required parameters

context.Context
*EncryptRequest
msg := "message to encrypt..."
data := base64.StdEncoding.EncodeToString([]byte(msg))

input := &vault.EncryptRequest{
	ID: pangea.StringValue("pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"),
	PlainText: data,
	Version: pangea.Int(1),
}

enc, err := vaultcli.Encrypt(ctx, input)

Encrypt structured

func (v *vault) EncryptStructured(ctx context.Context, input *EncryptStructuredRequest) (*pangea.PangeaResponse[EncryptStructuredResult], error)

Encrypt parts of a JSON object.

required parameters

context.Context
*EncryptStructuredRequest
data := map[string]interface{}{
	"field1": [4]interface{}{1, 2, "true", "false"},
	"field2": "true",
}

encryptedResponse, err := client.EncryptStructured(
	ctx,
	&vault.EncryptStructuredRequest{
		ID:             "pvi_[...]",
		StructuredData: data,
		Filter:         "$.field1[2:4]",
	},
)

Key rotate

func (v *vault) KeyRotate(ctx context.Context, input *KeyRotateRequest) (*pangea.PangeaResponse[KeyRotateResult], error)

Manually rotate a symmetric or asymmetric key.

required parameters

context.Context
*KeyRotateRequest
var SYMMETRIC_KEY = "lJkk0gCLux+Q+rPNqLPEYw=="

input := &vault.KeyRotateRequest{
	CommonRotateRequest: vault.CommonRotateRequest{
		ID:            pangea.StringValue("pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"),
		RotationState: vault.IVSdeactivated,
	},
	Key: &vault.EncodedSymmetricKey(SYMMETRIC_KEY),
}

krr, err := vaultcli.KeyRotate(ctx, input)

Sign

func (v *vault) Sign(ctx context.Context, input *SignRequest) (*pangea.PangeaResponse[SignResult], error)

Sign a message using a key.

required parameters

context.Context
*SignRequest
msg := "message to sign..."
data := base64.StdEncoding.EncodeToString([]byte(msg))

input := &vault.SignRequest{
	ID: pangea.StringValue("pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"),
	Message: data,
	Version: pangea.Int(1),
}

sr, err := vaultcli.Sign(ctx, input)

Symmetric generate

func (v *vault) SymmetricGenerate(ctx context.Context, input *SymmetricGenerateRequest) (*pangea.PangeaResponse[SymmetricGenerateResult], error)

Generate a symmetric key.

required parameters

context.Context
*SymmetricGenerateRequest
input := &vault.SymmetricGenerateRequest{
	Algorithm: vault.SYAaes128_cfb,
	Purpose:   vault.KPencryption,
	CommonGenerateRequest: vault.CommonGenerateRequest{
		Name:   pangea.StringValue("my-very-secret-secret"),
		Folder: pangea.StringValue("/personal"),
		Metadata: vault.Metadata{
			"created_by": pangea.StringValue("John Doe"),
			"used_in":    pangea.StringValue("Google products"),
		},
		Tags: vault.Tags{
			pangea.StringValue("irs_2023"),
			pangea.StringValue("personal"),
		},
		RotationFrequency: pangea.StringValue("10d"),
		RotationState:     pangea.StringValue("deactivated"),
		DisabledAt:        pangea.StringValue("2025-01-01T10:00:00Z"),
	},
}

sgr, err := vaultcli.SymmetricGenerate(ctx, input)

Symmetric store

func (v *vault) SymmetricStore(ctx context.Context, input *SymmetricStoreRequest) (*pangea.PangeaResponse[SymmetricStoreResult], error)

Import a symmetric key.

required parameters

context.Context
*SymmetricStoreRequest
input := &vault.SymmetricStoreRequest{
	Key: vault.EncodedSymmetricKey("lJkk0gCLux+Q+rPNqLPEYw=="),
	Algorithm: vault.SYAaes128_cfb,
	Purpose: vault.KPencryption,
	CommonStoreRequest: vault.CommonStoreRequest{
		Name: pangea.StringValue("my-very-secret-secret"),
		Folder: pangea.StringValue("/personal"),
		Metadata: vault.Metadata{
			"created_by": pangea.StringValue("John Doe"),
			"used_in":    pangea.StringValue("Google products"),
		},
		Tags: vault.Tags{
			pangea.StringValue("irs_2023"),
			pangea.StringValue("personal"),
		},
		RotationFrequency: pangea.StringValue("10d"),
		RotationState:     pangea.StringValue("deactivated"),
		DisabledAt:        pangea.StringValue("2025-01-01T10:00:00Z"),
	},
}

ssr, err := vaultcli.SymmetricStore(ctx, input)

Verify

func (v *vault) Verify(ctx context.Context, input *VerifyRequest) (*pangea.PangeaResponse[VerifyResult], error)

Verify a signature using a key.

required parameters

context.Context
*VerifyRequest
input := &vault.VerifyRequest{
	ID:        pangea.StringValue("pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"),
	Version:   pangea.Int(1),
	Message:   pangea.StringValue("lJkk0gCLux+Q+rPNqLPEYw=="),
	Signature: pangea.StringValue("FfWuT2Mq/+cxa7wIugfhzi7ktZxVf926idJNgBDCysF/knY9B7M6wxqHMMPDEBs86D8OsEGuED21y3J7IGOpCQ=="),
}

vr, err := vaultcli.Verify(ctx, input)