Skip to main content

Vault | Node.js SDK

Vault

constructor(token: PangeaToken, config: PangeaConfig): VaultService

Creates a new VaultService with the given Pangea API token and configuration.

required parameters

PangeaToken

Pangea API token.

Configuration.

Response Object

VaultService
const config = new PangeaConfig({ domain: "pangea_domain" });
const vault = new VaultService("pangea_token", config);

Asymmetric generate

asymmetricGenerate(request: GenerateRequest): Promise<PangeaResponse<GenerateResult>>

Generate an asymmetric key.

required parameters

GenerateRequest

Response Object

Promise<PangeaResponse<GenerateResult>>
const response = await vault.asymmetricGenerate(
  {
    algorithm: Vault.AsymmetricAlgorithm.RSA2048_PKCS1V15_SHA256,
    purpose: Vault.KeyPurpose.SIGNING,
    name: "my-very-secret-secret",
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Asymmetric store

asymmetricStore(request: StoreRequest): Promise<PangeaResponse<StoreResult>>

Import an asymmetric key.

required parameters

StoreRequest

The following options are supported:

  • private_key (Vault.EncodedPrivateKey): The private key in PEM format
  • public_key (Vault.EncodedPublicKey): The public key in PEM format
  • algorithm (Vault.AsymmetricAlgorithm): The algorithm of the key. Options listed in Vault documentation.
  • purpose (Vault.KeyPurpose): The purpose of this key. signing, encryption, or jwt.
  • name (string): The name of this item
  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[]): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations, or never to disallow rotation
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • expiration (string): Expiration timestamp

Response Object

Promise<PangeaResponse<StoreResult>>
const response = await vault.asymmetricStore(
  {
    private_key: "private key example",
    public_key: "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA8s5JopbEPGBylPBcMK+L5PqHMqPJW/5KYPgBHzZGncc=\n-----END PUBLIC KEY-----",
    algorithm: Vault.AsymmetricAlgorithm.RSA2048_PKCS1V15_SHA256,
    purpose: Vault.KeyPurpose.SIGNING,
    name: "my-very-secret-secret",
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Decrypt

decrypt(request: DecryptRequest): Promise<PangeaResponse<DecryptResult>>

Decrypt a message using a key.

required parameters

DecryptRequest

Supported options:

  • id (string): The item ID
  • cipher_text (string): A message encrypted by Vault (in base64)
  • version (number): The item version

Response Object

Promise<PangeaResponse<DecryptResult>>
const response = await vault.decrypt({
  id: "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  cipher_text: "lJkk0gCLux+Q+rPNqLPEYw==",
  version: 1
});

Decrypt structured

decryptStructured(request: EncryptStructuredRequest): Promise<PangeaResponse<EncryptStructuredResult<O>>>

Decrypt parts of a JSON object.

required parameters

EncryptStructuredRequest

Request parameters.

Response Object

Promise<PangeaResponse<EncryptStructuredResult<O>>>
const response = await vault.decryptStructured({
  id: "pvi_[...]",
  structured_data: {"field1": [1, 2, "[...]", "[...]"], "field2": "data2"},
  filter: "$.field1[2:4]",
});

Decrypt transform

decryptTransform(request: DecryptTransformRequest): Promise<PangeaResponse<DecryptTransformResult>>

Decrypt using a format-preserving algorithm (FPE).

required parameters

DecryptTransformRequest

Request parameters.

Response Object

Promise<PangeaResponse<DecryptTransformResult>>
const response = await vault.decryptTransform({
  id: "pvi_[...]",
  cipher_text: "tZB-UKVP-MzTM",
  tweak: "MTIzMTIzMT==",
  alphabet: Vault.TransformAlphabet.ALPHANUMERIC,
});

Delete

delete(id: string): Promise<PangeaResponse<DeleteResult>>

Delete a secret or key.

required parameters

string

The item ID

Response Object

Promise<PangeaResponse<DeleteResult>>
const response = await vault.delete(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"
);

Encrypt

encrypt(request: EncryptRequest): Promise<PangeaResponse<EncryptResult>>

Encrypt a message using a key.

required parameters

EncryptRequest

Supported options:

  • id (string) The item ID
  • plainText (string): A message to be in encrypted (in base64)

Response Object

Promise<PangeaResponse<EncryptResult>>
const response = await vault.encrypt({
  id: "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  plain_text: "lJkk0gCLux+Q+rPNqLPEYw=="
});

Encrypt structured

encryptStructured(request: EncryptStructuredRequest): Promise<PangeaResponse<EncryptStructuredResult<O>>>

Encrypt parts of a JSON object.

required parameters

EncryptStructuredRequest

Request parameters.

Response Object

Promise<PangeaResponse<EncryptStructuredResult<O>>>
const response = await vault.encryptStructured({
  id: "pvi_[...]",
  structured_data: {"field1": [1, 2, "true", "false"], "field2": "data2"},
  filter: "$.field1[2:4]",
});

Encrypt transform

encryptTransform(request: EncryptTransformRequest): Promise<PangeaResponse<EncryptTransformResult>>

Encrypt using a format-preserving algorithm (FPE).

required parameters

EncryptTransformRequest

Request parameters.

Response Object

Promise<PangeaResponse<EncryptTransformResult>>
const response = await vault.encryptTransform({
  id: "pvi_[...]",
  plain_text: "123-4567-8901",
  tweak: "MTIzMTIzMT==",
  alphabet: Vault.TransformAlphabet.ALPHANUMERIC,
});

Export

export(request: ExportRequest): Promise<PangeaResponse<ExportResult>>

Export a symmetric or asymmetric key.

required parameters

ExportRequest

Request parameters.

Response Object

Promise<PangeaResponse<ExportResult>>
// Generate an exportable key.
const generated = await vault.asymmetricGenerate(
  Vault.AsymmetricAlgorithm.RSA4096_OAEP_SHA512,
  Vault.KeyPurpose.ENCRYPTION,
  "a-name-for-the-key",
  { exportable: true }
);

// Then it can be exported whenever needed.
const exported = await vault.export({ id: generated.result.id });

Create

folderCreate(request: CreateRequest): Promise<PangeaResponse<CreateResult>>

Creates a folder.

required parameters

CreateRequest

An object representing request to /folder/create endpoint

Response Object

Promise<PangeaResponse<CreateResult>>
const createParentResp = await vault.folderCreate({
 name: "folder_name",
 folder: "parent/folder/name",
});

Get Bulk

getBulk(request: GetBulkRequest): Promise<PangeaResponse<ListResult>>

Retrieve a list of secrets, keys and folders.

required parameters

GetBulkRequest

The following options are supported:

  • filter (object): A set of filters to help you customize your search. Examples: "folder": "/tmp", "tags": "personal", "name__contains": "xxx", "created_at__gt": "2020-02-05T10:00:00Z" For metadata, use: "metadata_": "<value>"
  • last (string): Internal ID returned in the previous look up response. Used for pagination.
  • order: (Vault.ItemOrder): Ordering direction
  • order_by: (Vault.ItemOrderBy): Property used to order the results
  • size: (number): Maximum number of items in the response

Response Object

Promise<PangeaResponse<ListResult>>
const response = await vault.getBulk(
  {
    filter: {
      folder: "/",
      type: "asymmetric_key",
      name__contains: "test",
      metadata_key1: "value1",
      created_at__lt: "2023-12-12T00:00:00Z",
    },
    last: "WyIvdGVzdF8yMDdfc3ltbWV0cmljLyJd",
    order: Vault.ItemOrder.ASC,
    order_by: Vault.ItemOrderby.NAME,
    size=20,
  }
);

Retrieve

getItem(request: GetRequest): Promise<PangeaResponse<GetResult>>

Retrieve a secret or key, and any associated information.

required parameters

GetRequest

The following options are supported:

  • id (string): The item ID
  • version (number | string): The key version(s). all for all versions, num for a specific version, -num for the num latest versions.
  • version_state (Vault.ItemVersionState): The state of the item version
  • verbose (boolean): Return metadata and extra fields

Response Object

Promise<PangeaResponse<GetResult>>
const response = await vault.getItem(
  {
    id: "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
    version: 1,
    version_state: Vault.ItemVersionState.ACTIVE,
    verbose: true,
  }
);

JWT Retrieve

jwkGet(request: GetRequest): Promise<PangeaResponse<GetResult>>

Retrieve a key in JWK format.

required parameters

GetRequest

Response Object

Promise<PangeaResponse<GetResult>>
const response = await vault.jwkGet(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"
);

JWT Sign

jwtSign(id: string, payload: string): Promise<PangeaResponse<SignResult>>

Sign a JSON Web Token (JWT) using a key.

required parameters

string

The item ID

string

The JWT payload (in JSON)

Response Object

Promise<PangeaResponse<SignResult>>
const response = await vault.jwtSign(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  "{\"sub\": \"1234567890\",\"name\": \"John Doe\",\"admin\": true}"
);

JWT Verify

jwtVerify(jws: string): Promise<PangeaResponse<VerifyResult>>

Verify the signature of a JSON Web Token (JWT).

required parameters

string

The signed JSON Web Token (JWS)

Response Object

Promise<PangeaResponse<VerifyResult>>
const response = await vault.jwtVerify(
  "ewogICJhbGciO..."
);

Key rotate

keyRotate(request: RotateRequest): Promise<PangeaResponse<RotateResult>>

Manually rotate a symmetric or asymmetric key.

required parameters

RotateRequest

Supported options:

  • id (string): The ID of the item
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation. deactivated, suspended, or destroyed. Default is deactivated.
  • public_key (string): The public key (in PEM format)
  • private_key: (string): The private key (in PEM format)
  • key: (string): The key material (in base64)

Response Object

Promise<PangeaResponse<RotateResult>>
const response = await vault.keyRotate(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  {
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    key: "lJkk0gCLux+Q+rPNqLPEYw==",
  }
);

List

list(request: ListRequest): Promise<PangeaResponse<ListResult>>

Look up a list of secrets, keys and folders, and their associated information.

required parameters

ListRequest

The following options are supported:

  • filter (object): A set of filters to help you customize your search. Examples: "folder": "/tmp", "tags": "personal", "name__contains": "xxx", "created_at__gt": "2020-02-05T10:00:00Z" For metadata, use: "metadata_": "<value>"
  • last (string): Internal ID returned in the previous look up response. Used for pagination.
  • order: (Vault.ItemOrder): Ordering direction
  • order_by: (Vault.ItemOrderBy): Property used to order the results
  • size: (number): Maximum number of items in the response

Response Object

Promise<PangeaResponse<ListResult>>
const response = await vault.list(
  {
    filter: {
      folder: "/",
      type: "asymmetric_key",
      name__contains: "test",
      metadata_key1: "value1",
      created_at__lt: "2023-12-12T00:00:00Z",
    },
    last: "WyIvdGVzdF8yMDdfc3ltbWV0cmljLyJd",
    order: Vault.ItemOrder.ASC,
    order_by: Vault.ItemOrderby.NAME,
    size=20,
  }
);

Secret rotate

secretRotate(request: RotateRequest): Promise<PangeaResponse<RotateResult>>

Rotate a secret.

required parameters

RotateRequest

The following options are supported:

  • id (string): The item ID
  • secret (string): The secret value
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation. Default is deactivated.

Response Object

Promise<PangeaResponse<RotateResult>>
const response = await vault.secretRotate(
  {
    id: "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
    secret: "12sdfgs4543qv@#%$casd",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
  }
);

Secret store

secretStore(request: StoreRequest): Promise<PangeaResponse<StoreResult>>

Import a secret.

required parameters

StoreRequest

The following options are supported:

  • secret (string): The secret value
  • token (string): The Pangea Token value
  • client_secret (string): The oauth client secret
  • client_id (string): The oauth client ID
  • client_secret_id (string): The oauth client secret ID
  • name (string): The name of this item
  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[]): A list of user-defined tags
  • rotation_grace_period (string): Grace period for the previous version of the secret
  • rotation_frequency (string): Period of time between item rotations
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • expiration (string): Expiration timestamp

Response Object

Promise<PangeaResponse<StoreResult>>
const response = await vault.secretStore(
  {
    secret: "12sdfgs4543qv@#%$casd",
    name: "my-very-secret-secret",
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Sign

sign(id: string, message: string): Promise<PangeaResponse<SignResult>>

Sign a message using a key.

required parameters

string

The item ID

string

The message to be signed, in base64

Response Object

Promise<PangeaResponse<SignResult>>
const response = await vault.sign(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  "lJkk0gCLux+Q+rPNqLPEYw=="
);

State change

stateChange(request: StateChangeRequest): Promise<PangeaResponse<StateChangeResult>>

Change the state of a specific version of a secret or key.

required parameters

StateChangeRequest

State change options. The following options are supported:

  • id (string): The item ID
  • state (Vault.ItemVersionState): The new state of the item version
  • version (number): the item version
  • destroy_period (string): Period of time for the destruction of a compromised key. Only valid if state=compromised

Response Object

Promise<PangeaResponse<StateChangeResult>>
const response = await vault.stateChange( {
  id: "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  state: Vault.ItemVersionState.DEACTIVATED
});

Symmetric generate

symmetricGenerate(request: GenerateRequest): Promise<PangeaResponse<GenerateResult>>

Generate a symmetric key.

required parameters

GenerateRequest

The following options are supported:

  • algorithm (Vault.SymmetricAlgorithm): The algorithm of the key. Options listed in Vault documentation.
  • purpose (Vault.KeyPurpose): The purpose of this key
  • name (string): The name of this item
  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[]): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations, or never to disallow rotation
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • expiration (string): Expiration timestamp

Response Object

Promise<PangeaResponse<GenerateResult>>
const response = await vault.symmetricGenerate(
  {
    algorithm: Vault.SymmetricAlgorithm.AES128_CFB,
    purpose: Vault.KeyPurpose.ENCRYPTION,
    name: "my-very-secret-secret",
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Symmetric store

symmetricStore(request: StoreRequest): Promise<PangeaResponse<StoreResult>>

Import a symmetric key.

required parameters

StoreRequest

The following options are supported:

  • key (string): The key material (in base64)
  • algorithm (Vault.SymmetricAlgorithm): The algorithm of the key. Options listed in Vault documentation.
  • purpose (Vault.KeyPurpose): The purpose of this key. encryption or jwt
  • name (string): The name of this item
  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[]): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations, or never to disallow rotation
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • expiration (string): Expiration timestamp

Response Object

Promise<PangeaResponse<StoreResult>>
const response = await vault.symmetricStore(
  {
    keY: "lJkk0gCLux+Q+rPNqLPEYw==",
    algorithm: Vault.SymmetricAlgorithm.AES128_CFB,
    purpose: Vault.KeyPurpose.ENCRYPTION,
    name: "my-very-secret-secret",
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Update

update(request: UpdateRequest): Promise<PangeaResponse<UpdateResult>>

Update information associated with a secret or key.

required parameters

UpdateRequest

The following options are supported:

  • id (string): The item ID
  • name (string): The name of this item
  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[], optional): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • rotation_grace_period (string): Grace period for the previous version of the Pangea Token
  • expiration (string): Expiration timestamp
  • item_state (string): The new state of the item.

Response Object

Promise<PangeaResponse<UpdateResult>>
const response = await vault.update(
  {
    id: "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
    name: "my-very-secret-secret",
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    rotation_grace_period: "1d",
    expiration: "2025-01-01T10:00:00Z",
    item_state: Vault.ItemState.DISABLED,
  }
);

Verify

verify(request: VerifyRequest): Promise<PangeaResponse<VerifyResult>>

Verify a signature using a key.

required parameters

VerifyRequest

Supported options:

  • id (string): The item ID
  • message (string): The message to be verified (in base64)
  • signature (string): The message signature (in base64)
  • version (number): The item version

Response Object

Promise<PangeaResponse<VerifyResult>>
const response = await vault.verify({
  id: "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  message: "lJkk0gCLux+Q+rPNqLPEYw=="
  signature: "FfWuT2Mq/+cxa7wIugfhzi7ktZxVf926idJNgBDCysF/knY9B7M6wxqHMMPDEBs86D8OsEGuED21y3J7IGOpCQ==",
});

Namespace Asymmetric

Asymmetric

Namespace Common

Common

Namespace Folder

Folder

Namespace JWK

JWK

Namespace JWT

JWT

Namespace Key

Key

Namespace Secret

Secret

Namespace Symmetric

Symmetric

Enum AsymmetricAlgorithm

AsymmetricAlgorithm

Ed25519 = "ED25519"

Ed25519_DILITHIUM2_BETA = "ED25519-DILITHIUM2-BETA"

Ed448_DILITHIUM3_BETA = "ED448-DILITHIUM3-BETA"

ES256 = "ES256"

ES256K = "ES256K"

ES384 = "ES384"

ES512 = "ES512"

FALCON_1024_BETA = "FALCON-1024-BETA"

RSA = "RSA-PKCS1V15-2048-SHA256"

RSA2048_OAEP_SHA1 = "RSA-OAEP-2048-SHA1"

RSA2048_OAEP_SHA256 = "RSA-OAEP-2048-SHA256"

RSA2048_OAEP_SHA512 = "RSA-OAEP-2048-SHA512"

RSA2048_PKCS1V15_SHA256 = "RSA-PKCS1V15-2048-SHA256"

RSA2048_PSS_SHA256 = "RSA-PSS-2048-SHA256"

RSA3072_OAEP_SHA1 = "RSA-OAEP-3072-SHA1"

RSA3072_OAEP_SHA256 = "RSA-OAEP-3072-SHA256"

RSA3072_OAEP_SHA512 = "RSA-OAEP-3072-SHA512"

RSA3072_PSS_SHA256 = "RSA-PSS-3072-SHA256"

RSA4096_OAEP_SHA1 = "RSA-OAEP-4096-SHA1"

RSA4096_OAEP_SHA256 = "RSA-OAEP-4096-SHA256"

RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"

RSA4096_PSS_SHA256 = "RSA-PSS-4096-SHA256"

RSA4096_PSS_SHA512 = "RSA-PSS-4096-SHA512"

SPHINCSPLUS_128F_SHA256_ROBUST_BETA = "SPHINCSPLUS-128F-SHA256-ROBUST-BETA"

SPHINCSPLUS_128F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHA256-SIMPLE-BETA"

SPHINCSPLUS_128F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-128F-SHAKE256-ROBUST-BETA"

SPHINCSPLUS_128F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHAKE256-SIMPLE-BETA"

SPHINCSPLUS_192F_SHA256_ROBUST_BETA = "SPHINCSPLUS-192F-SHA256-ROBUST-BETA"

SPHINCSPLUS_192F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHA256-SIMPLE-BETA"

SPHINCSPLUS_192F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-192F-SHAKE256-ROBUST-BETA"

SPHINCSPLUS_192F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHAKE256-SIMPLE-BETA"

SPHINCSPLUS_256F_SHA256_ROBUST_BETA = "SPHINCSPLUS-256F-SHA256-ROBUST-BETA"

SPHINCSPLUS_256F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHA256-SIMPLE-BETA"

SPHINCSPLUS_256F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-256F-SHAKE256-ROBUST-BETA"

SPHINCSPLUS_256F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHAKE256-SIMPLE-BETA"

Enum ExportEncryptionAlgorithm

ExportEncryptionAlgorithm

RSA4096_NO_PADDING_KEM = "RSA-NO-PADDING-4096-KEM"

RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"

Enum ExportEncryptionType

ExportEncryptionType

ASYMMETRIC = "asymmetric"

KEM = "kem"

Enum ItemOrder

ItemOrder

ASC = "asc"

DESC = "desc"

Enum ItemOrderBy

ItemOrderBy

CREATED_AT = "created_at"

DESTROYED_AT = "destroyed_at"

EXPIRATION = "expiration"

FOLDER = "folder"

LAST_ROTATED = "last_rotated"

NAME = "name"

NEXT_ROTATION = "next_rotation"

PURPOSE = "purpose"

TYPE = "type"

VERSION = "version"

Enum ItemState

ItemState

DISABLED = "disabled"

ENABLED = "enabled"

Enum ItemType

ItemType

ASYMMETRIC_KEY = "asymmetric_key"

FOLDER = "folder"

PANGEA_CLIENT_SECRET = "pangea_client_secret"

PANGEA_PLATFORM_CLIENT_SECRET = "pangea_platform_client_secret"

PANGEA_TOKEN = "pangea_token"

SECRET = "secret"

SYMMETRIC_KEY = "symmetric_key"

Enum ItemVersionState

ItemVersionState

ACTIVE = "active"

COMPROMISED = "compromised"

DEACTIVATED = "deactivated"

DESTROYED = "destroyed"

INHERITED = "inherited"

SUSPENDED = "suspended"

Enum KeyPurpose

KeyPurpose

ENCRYPTION = "encryption"

FPE = "fpe"

JWT = "jwt"

SIGNING = "signing"

Enum SymmetricAlgorithm

SymmetricAlgorithm

AES = "AES-CFB-128"

AES128_CBC = "AES-CBC-128"

AES128_CFB = "AES-CFB-128"

AES128_FF3_1 = "AES-FF3-1-128-BETA"

AES256_CBC = "AES-CBC-256"

AES256_CFB = "AES-CFB-256"

AES256_FF3_1 = "AES-FF3-1-256-BETA"

AES256_GCM = "AES-GCM-256"

HS256 = "HS256"

HS384 = "HS384"

HS512 = "HS512"

Enum TransformAlphabet

TransformAlphabet

ALPHA_LOWER = "alphalower"

ALPHA_UPPER = "alphaupper"

ALPHANUMERIC = "alphanumeric"

ALPHANUMERIC_LOWER = "alphanumericlower"

ALPHANUMERIC_UPPER = "alphanumericupper"

NUMERIC = "numeric"

Interface DeleteRequest

DeleteRequest

required parameters

string

Interface DeleteResult

DeleteResult

required parameters

string

Interface ExportRequest

ExportRequest

required parameters

string

The ID of the item

optional parameters

ExportEncryptionAlgorithm

The algorithm of the public key.

string

Public key in pem format used to encrypt exported key(s).

string

This is the password that will be used along with a salt to derive the symmetric key that is used to encrypt the exported key material. Required if encryption_type is kem.

number

The item version

Interface ExportResult

ExportResult

required parameters

string

The algorithm of the key.

boolean

True if the item is enabled.

string

The ID of the item.

string

The type of the key.

number

The item version.

optional parameters

string

The algorithm of the public key used to encrypt exported material

string

Salt used to derivate the symmetric key when

string

Encryption format of the exported key(s). It could be none if returned in plain text, asymmetric if it is encrypted just with the public key sent in asymmetric_public_key, or kem if it was encrypted using KEM protocol.

string

Hash algorithm used to derivate the symmetric key when

number

Iteration count used to derivate the symmetric key when

string

Key derivation function used to derivate the symmetric key when

string

The key material.

string

The private key (in PEM format).

string

The public key (in PEM format).

string

The algorithm of the symmetric key used to encrypt exported material

Interface GetBulkRequest

GetBulkRequest

optional parameters

Object

A set of filters to help you customize your search.

string

Internal ID returned in the previous look up response. Used for pagination.

Ordering direction

ItemOrderBy

Property used to order the results

number

Maximum number of items in the response

Interface GetBulkResult

GetBulkResult

required parameters

Array<ItemData>

optional parameters

string

Interface GetRequest

GetRequest

required parameters

string

optional parameters

string | number

Interface GetResult

GetResult

required parameters

string

Timestamp indicating when the item was created

boolean

True if the item is enabled

string

The ID of the item

number

Latest version number

string

The type of the item

optional parameters

string

The algorithm of the key

string
string

Timestamp indicating when the item will be disabled

boolean

Whether the key is exportable or not.

string

The folder where this item is stored

InheritedSettigs

For settings that inherit a value from a parent folder, the full path of the folder where the value is set

string

Timestamp of the last rotation (if any)

Object

User-provided metadata

string

The name of this item

string

Timestamp of the next rotation, if auto rotation is enabled.

string

The purpose of the key

string

Period of time between item rotations.

string

Grace period for the previous version of the secret

string

State to which the previous version should transition upon rotation

Tags

A list of user-defined tags

Interface InheritedSettigs

InheritedSettigs

optional parameters

string
string
string

Interface ItemData

ItemData

required parameters

string

Timestamp indicating when the item was created

boolean

True if the item is enabled

string

The ID of the item

number

Latest version number

string

The type of the item

optional parameters

string

The algorithm of the key

string
string

Timestamp indicating when the item will be disabled

boolean

Whether the key is exportable or not.

string

The folder where this item is stored

InheritedSettigs

For settings that inherit a value from a parent folder, the full path of the folder where the value is set

string

Timestamp of the last rotation (if any)

Object

User-provided metadata

string

The name of this item

string

Timestamp of the next rotation, if auto rotation is enabled.

string

The purpose of the key

string

Period of time between item rotations.

string

Grace period for the previous version of the secret

string

State to which the previous version should transition upon rotation

Tags

A list of user-defined tags

Interface ItemVersionData

ItemVersionData

required parameters

string

Timestamp indicating when the item was created

string

The state of the item version

number

The item version

optional parameters

string
string
string

Timestamp indicating when the item version will be destroyed

string
string

Timestamp indicating when the item version will be rotated

string
string

Interface ListItemData