Skip to main content

Vault | Node.js SDK

Vault

constructor(token: PangeaToken, config: PangeaConfig): VaultService

Creates a new VaultService with the given Pangea API token and configuration.

required parameters

PangeaToken

Pangea API token.

Configuration.

Response Object

VaultService
const config = new PangeaConfig({ domain: "pangea_domain" });
const vault = new VaultService("pangea_token", config);

Asymmetric generate

asymmetricGenerate(algorithm: AsymmetricAlgorithm, purpose: KeyPurpose, name: string, options: GenerateOptions): Promise<PangeaResponse<GenerateResult>>

Generate an asymmetric key.

required parameters

AsymmetricAlgorithm

The algorithm of the key. Options listed in Vault documentation.

KeyPurpose

The purpose of this key

string

The name of this item

The following options are supported:

  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[]): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations, or never to disallow rotation
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • expiration (string): Expiration timestamp

Response Object

Promise<PangeaResponse<GenerateResult>>
const response = await vault.asymmetricGenerate(
  Vault.AsymmetricAlgorithm.RSA2048_PKCS1V15_SHA256,
  Vault.KeyPurpose.SIGNING,
  "my-very-secret-secret",
  {
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Asymmetric store

asymmetricStore(privateKey: string, publicKey: string, algorithm: AsymmetricAlgorithm, purpose: KeyPurpose, name: string, options: StoreOptions): Promise<PangeaResponse<StoreResult>>

Import an asymmetric key.

required parameters

string

The private key in PEM format

string

The public key in PEM format

The algorithm of the key. Options listed in Vault documentation.

KeyPurpose

The purpose of this key. signing, encryption, or jwt.

string

The name of this item

The following options are supported:

  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[]): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations, or never to disallow rotation
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • expiration (string): Expiration timestamp

Response Object

Promise<PangeaResponse<StoreResult>>
const response = await vault.asymmetricStore(
  "private key example",
  "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA8s5JopbEPGBylPBcMK+L5PqHMqPJW/5KYPgBHzZGncc=\n-----END PUBLIC KEY-----",
  Vault.AsymmetricAlgorithm.RSA2048_PKCS1V15_SHA256,
  Vault.KeyPurpose.SIGNING,
  "my-very-secret-secret",
  {
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Decrypt

decrypt(id: string, cipherText: string, options: DecryptOptions): Promise<PangeaResponse<DecryptResult>>

Decrypt a message using a key.

required parameters

string

The item ID

string

A message encrypted by Vault (in base64)

Supported options:

  • version (number): The item version

Response Object

Promise<PangeaResponse<DecryptResult>>
const response = await vault.decrypt(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  "lJkk0gCLux+Q+rPNqLPEYw==",
  1
);

Decrypt structured

decryptStructured(request: EncryptStructuredRequest): Promise<PangeaResponse<EncryptStructuredResult<O>>>

Decrypt parts of a JSON object.

required parameters

EncryptStructuredRequest

Request parameters.

Response Object

Promise<PangeaResponse<EncryptStructuredResult<O>>>
const response = await vault.decryptStructured({
  id: "pvi_[...]",
  structured_data: {"field1": [1, 2, "[...]", "[...]"], "field2": "data2"},
  filter: "$.field1[2:4]",
});

Decrypt transform

decryptTransform(request: DecryptTransformRequest): Promise<PangeaResponse<DecryptTransformResult>>

Decrypt using a format-preserving algorithm (FPE).

required parameters

DecryptTransformRequest

Request parameters.

Response Object

Promise<PangeaResponse<DecryptTransformResult>>
const response = await vault.decryptTransform({
  id: "pvi_[...]",
  cipher_text: "tZB-UKVP-MzTM",
  tweak: "MTIzMTIzMT==",
  alphabet: Vault.TransformAlphabet.ALPHANUMERIC,
});

Delete

delete(id: string): Promise<PangeaResponse<DeleteResult>>

Delete a secret or key.

required parameters

string

The item ID

Response Object

Promise<PangeaResponse<DeleteResult>>
const response = await vault.delete(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"
);

Encrypt

encrypt(id: string, plainText: string): Promise<PangeaResponse<EncryptResult>>

Encrypt a message using a key.

required parameters

string

The item ID

string

A message to be in encrypted (in base64)

Response Object

Promise<PangeaResponse<EncryptResult>>
const response = await vault.encrypt(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  "lJkk0gCLux+Q+rPNqLPEYw=="
);

Encrypt structured

encryptStructured(request: EncryptStructuredRequest): Promise<PangeaResponse<EncryptStructuredResult<O>>>

Encrypt parts of a JSON object.

required parameters

EncryptStructuredRequest

Request parameters.

Response Object

Promise<PangeaResponse<EncryptStructuredResult<O>>>
const response = await vault.encryptStructured({
  id: "pvi_[...]",
  structured_data: {"field1": [1, 2, "true", "false"], "field2": "data2"},
  filter: "$.field1[2:4]",
});

Encrypt transform

encryptTransform(request: EncryptTransformRequest): Promise<PangeaResponse<EncryptTransformResult>>

Encrypt using a format-preserving algorithm (FPE).

required parameters

EncryptTransformRequest

Request parameters.

Response Object

Promise<PangeaResponse<EncryptTransformResult>>
const response = await vault.encryptTransform({
  id: "pvi_[...]",
  plain_text: "123-4567-8901",
  tweak: "MTIzMTIzMT==",
  alphabet: Vault.TransformAlphabet.ALPHANUMERIC,
});

Export

export(request: ExportRequest): Promise<PangeaResponse<ExportResult>>

Export a symmetric or asymmetric key.

required parameters

ExportRequest

Request parameters.

Response Object

Promise<PangeaResponse<ExportResult>>
// Generate an exportable key.
const generated = await vault.asymmetricGenerate(
  Vault.AsymmetricAlgorithm.RSA4096_OAEP_SHA512,
  Vault.KeyPurpose.ENCRYPTION,
  "a-name-for-the-key",
  { exportable: true }
);

// Then it can be exported whenever needed.
const exported = await vault.export({ id: generated.result.id });

Create

folderCreate(request: CreateRequest): Promise<PangeaResponse<CreateResult>>

Creates a folder.

required parameters

CreateRequest

An object representing request to /folder/create endpoint

Response Object

Promise<PangeaResponse<CreateResult>>
const createParentResp = await vault.folderCreate({
 name: "folder_name",
 folder: "parent/folder/name",
});

Retrieve

getItem(id: string, options: GetOptions): Promise<PangeaResponse<GetResult>>

Retrieve a secret or key, and any associated information.

required parameters

string

The item ID

GetOptions

The following options are supported:

  • version (number | string): The key version(s). all for all versions, num for a specific version, -num for the num latest versions.
  • version_state (Vault.ItemVersionState): The state of the item version
  • verbose (boolean): Return metadata and extra fields

Response Object

Promise<PangeaResponse<GetResult>>
const response = await vault.getItem(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  {
    version: 1,
    version_state: Vault.ItemVersionState.ACTIVE,
    verbose: true,
  }
);

JWT Retrieve

jwkGet(id: string, options: GetOptions): Promise<PangeaResponse<GetResult>>

Retrieve a key in JWK format.

required parameters

string

The item ID

GetOptions

Supported options:

  • version (string): The key version(s). all for all versions, num for a specific version, -num for the num latest versions

Response Object

Promise<PangeaResponse<GetResult>>
const response = await vault.jwkGet(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"
);

JWT Sign

jwtSign(id: string, payload: string): Promise<PangeaResponse<SignResult>>

Sign a JSON Web Token (JWT) using a key.

required parameters

string

The item ID

string

The JWT payload (in JSON)

Response Object

Promise<PangeaResponse<SignResult>>
const response = await vault.jwtSign(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  "{\"sub\": \"1234567890\",\"name\": \"John Doe\",\"admin\": true}"
);

JWT Verify

jwtVerify(jws: string): Promise<PangeaResponse<VerifyResult>>

Verify the signature of a JSON Web Token (JWT).

required parameters

string

The signed JSON Web Token (JWS)

Response Object

Promise<PangeaResponse<VerifyResult>>
const response = await vault.jwtVerify(
  "ewogICJhbGciO..."
);

Key rotate

keyRotate(id: string, options: RotateOptions): Promise<PangeaResponse<RotateResult>>

Manually rotate a symmetric or asymmetric key.

required parameters

string

The ID of the item

Supported options:

  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation. deactivated, suspended, or destroyed. Default is deactivated.
  • public_key (string): The public key (in PEM format)
  • private_key: (string): The private key (in PEM format)
  • key: (string): The key material (in base64)

Response Object

Promise<PangeaResponse<RotateResult>>
const response = await vault.keyRotate(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  {
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    key: "lJkk0gCLux+Q+rPNqLPEYw==",
  }
);

List

list(options: ListOptions): Promise<PangeaResponse<ListResult>>

Look up a list of secrets, keys and folders, and their associated information.

required parameters

ListOptions

The following options are supported:

  • filter (object): A set of filters to help you customize your search. Examples: "folder": "/tmp", "tags": "personal", "name__contains": "xxx", "created_at__gt": "2020-02-05T10:00:00Z" For metadata, use: "metadata_": "<value>"
  • last (string): Internal ID returned in the previous look up response. Used for pagination.
  • order: (Vault.ItemOrder): Ordering direction
  • order_by: (Vault.ItemOrderBy): Property used to order the results
  • size: (number): Maximum number of items in the response

Response Object

Promise<PangeaResponse<ListResult>>
const response = await vault.list(
  {
    filter: {
      folder: "/",
      type: "asymmetric_key",
      name__contains: "test",
      metadata_key1: "value1",
      created_at__lt: "2023-12-12T00:00:00Z",
    },
    last: "WyIvdGVzdF8yMDdfc3ltbWV0cmljLyJd",
    order: Vault.ItemOrder.ASC,
    order_by: Vault.ItemOrderby.NAME,
    size=20,
  }
);

Token rotate

pangeaTokenRotate(id: string, rotation_grace_period: string): Promise<PangeaResponse<RotateResult>>

Rotate a Pangea token.

required parameters

string

The item ID

string

Grace period for the previous version of the Pangea Token

Response Object

Promise<PangeaResponse<RotateResult>>
const response = await vault.pangeaTokenRotate(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  "1d"
);

Pangea token store

pangeaTokenStore(pangeaToken: string, name: string, options: StoreOptions): Promise<PangeaResponse<StoreResult>>

Import a secret.

required parameters

string

The pangea token to store

string

The name of this item

The following options are supported:

  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[]): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • expiration (string): Expiration timestamp

Response Object

Promise<PangeaResponse<StoreResult>>
const response = await vault.pangeaTokenStore(
  "ptv_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd",
  "my-very-secret-secret",
  {
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Secret rotate

secretRotate(id: string, secret: string, options: RotateOptions): Promise<PangeaResponse<RotateResult>>

Rotate a secret.

required parameters

string

The item ID

string

The secret value

The following options are supported:

  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation. Default is deactivated.

Response Object

Promise<PangeaResponse<RotateResult>>
const response = await vault.secretRotate(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  "12sdfgs4543qv@#%$casd",
  {
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
  }
);

Secret store

secretStore(secret: string, name: string, options: StoreOptions): Promise<PangeaResponse<StoreResult>>

Import a secret.

required parameters

string

The secret value

string

The name of this item

The following options are supported:

  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[]): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • expiration (string): Expiration timestamp

Response Object

Promise<PangeaResponse<StoreResult>>
const response = await vault.secretStore(
  "12sdfgs4543qv@#%$casd",
  "my-very-secret-secret",
  {
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Sign

sign(id: string, message: string): Promise<PangeaResponse<SignResult>>

Sign a message using a key.

required parameters

string

The item ID

string

The message to be signed, in base64

Response Object

Promise<PangeaResponse<SignResult>>
const response = await vault.sign(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  "lJkk0gCLux+Q+rPNqLPEYw=="
);

State change

stateChange(id: string, state: ItemVersionState, options: StateChangeOptions): Promise<PangeaResponse<StateChangeResult>>

Change the state of a specific version of a secret or key.

required parameters

string

The item ID

The new state of the item version

State change options. The following options are supported:

  • version (number): the item version
  • destroy_period (string): Period of time for the destruction of a compromised key. Only valid if state=compromised

Response Object

Promise<PangeaResponse<StateChangeResult>>
const response = await vault.stateChange(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  Vault.ItemVersionState.DEACTIVATED
);

Symmetric generate

symmetricGenerate(algorithm: SymmetricAlgorithm, purpose: KeyPurpose, name: string, options: GenerateOptions): Promise<PangeaResponse<GenerateResult>>

Generate a symmetric key.

required parameters

SymmetricAlgorithm

The algorithm of the key. Options listed in Vault documentation.

KeyPurpose

The purpose of this key

string

The name of this item

The following options are supported:

  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[]): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations, or never to disallow rotation
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • expiration (string): Expiration timestamp

Response Object

Promise<PangeaResponse<GenerateResult>>
const response = await vault.symmetricGenerate(
  Vault.SymmetricAlgorithm.AES128_CFB,
  Vault.KeyPurpose.ENCRYPTION,
  "my-very-secret-secret",
  {
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Symmetric store

symmetricStore(key: string, algorithm: SymmetricAlgorithm, purpose: KeyPurpose, name: string, options: StoreOptions): Promise<PangeaResponse<StoreResult>>

Import a symmetric key.

required parameters

string

The key material (in base64)

The algorithm of the key. Options listed in Vault documentation.

KeyPurpose

The purpose of this key. encryption or jwt

string

The name of this item

The following options are supported:

  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[]): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations, or never to disallow rotation
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • expiration (string): Expiration timestamp

Response Object

Promise<PangeaResponse<StoreResult>>
const response = await vault.symmetricStore(
  "lJkk0gCLux+Q+rPNqLPEYw==",
  Vault.SymmetricAlgorithm.AES128_CFB,
  Vault.KeyPurpose.ENCRYPTION,
  "my-very-secret-secret",
  {
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    expiration: "2025-01-01T10:00:00Z",
  }
);

Update

update(id: string, options: UpdateOptions): Promise<PangeaResponse<UpdateResult>>

Update information associated with a secret or key.

required parameters

string

The item ID

The following options are supported:

  • name (string): The name of this item
  • folder (string): The folder where this item is stored
  • metadata (object): User-provided metadata
  • tags (string[], optional): A list of user-defined tags
  • rotation_frequency (string): Period of time between item rotations
  • rotation_state (Vault.ItemVersionState): State to which the previous version should transition upon rotation.
  • rotation_grace_period (string): Grace period for the previous version of the Pangea Token
  • expiration (string): Expiration timestamp
  • item_state (string): The new state of the item.

Response Object

Promise<PangeaResponse<UpdateResult>>
const response = await vault.update(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  {
    name: "my-very-secret-secret",
    folder: "/personal",
    metadata: {
      "created_by": "John Doe",
      "used_in": "Google products"
    },
    tags: ["irs_2023", "personal"],
    rotation_frequency: "10d",
    rotation_state: Vault.ItemVersionState.DEACTIVATED,
    rotation_grace_period: "1d",
    expiration: "2025-01-01T10:00:00Z",
    item_state: Vault.ItemState.DISABLED,
  }
);

Verify

verify(id: string, message: string, signature: string, options: VerifyOptions): Promise<PangeaResponse<VerifyResult>>

Verify a signature using a key.

required parameters

string

The item ID

string

The message to be verified (in base64)

string

The message signature (in base64)

Supported options:

  • version (number): The item version

Response Object

Promise<PangeaResponse<VerifyResult>>
const response = await vault.verify(
  "pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
  "lJkk0gCLux+Q+rPNqLPEYw=="
  "FfWuT2Mq/+cxa7wIugfhzi7ktZxVf926idJNgBDCysF/knY9B7M6wxqHMMPDEBs86D8OsEGuED21y3J7IGOpCQ==",
);

Namespace Asymmetric

Asymmetric

Namespace Common

Common

Namespace Folder

Folder

Namespace JWK

JWK

Namespace JWT

JWT

Namespace Key

Key

Namespace Secret

Secret

Namespace Symmetric

Symmetric

Enum AsymmetricAlgorithm

AsymmetricAlgorithm

Ed25519 = "ED25519"

Ed25519_DILITHIUM2_BETA = "ED25519-DILITHIUM2-BETA"

Ed448_DILITHIUM3_BETA = "ED448-DILITHIUM3-BETA"

ES256 = "ES256"

ES256K = "ES256K"

ES384 = "ES384"

ES512 = "ES512"

FALCON_1024_BETA = "FALCON-1024-BETA"

RSA = "RSA-PKCS1V15-2048-SHA256"

RSA2048_OAEP_SHA1 = "RSA-OAEP-2048-SHA1"

RSA2048_OAEP_SHA256 = "RSA-OAEP-2048-SHA256"

RSA2048_OAEP_SHA512 = "RSA-OAEP-2048-SHA512"

RSA2048_PKCS1V15_SHA256 = "RSA-PKCS1V15-2048-SHA256"

RSA2048_PSS_SHA256 = "RSA-PSS-2048-SHA256"

RSA3072_OAEP_SHA1 = "RSA-OAEP-3072-SHA1"

RSA3072_OAEP_SHA256 = "RSA-OAEP-3072-SHA256"

RSA3072_OAEP_SHA512 = "RSA-OAEP-3072-SHA512"

RSA3072_PSS_SHA256 = "RSA-PSS-3072-SHA256"

RSA4096_OAEP_SHA1 = "RSA-OAEP-4096-SHA1"

RSA4096_OAEP_SHA256 = "RSA-OAEP-4096-SHA256"

RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"

RSA4096_PSS_SHA256 = "RSA-PSS-4096-SHA256"

RSA4096_PSS_SHA512 = "RSA-PSS-4096-SHA512"

SPHINCSPLUS_128F_SHA256_ROBUST_BETA = "SPHINCSPLUS-128F-SHA256-ROBUST-BETA"

SPHINCSPLUS_128F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHA256-SIMPLE-BETA"

SPHINCSPLUS_128F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-128F-SHAKE256-ROBUST-BETA"

SPHINCSPLUS_128F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHAKE256-SIMPLE-BETA"

SPHINCSPLUS_192F_SHA256_ROBUST_BETA = "SPHINCSPLUS-192F-SHA256-ROBUST-BETA"

SPHINCSPLUS_192F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHA256-SIMPLE-BETA"

SPHINCSPLUS_192F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-192F-SHAKE256-ROBUST-BETA"

SPHINCSPLUS_192F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHAKE256-SIMPLE-BETA"

SPHINCSPLUS_256F_SHA256_ROBUST_BETA = "SPHINCSPLUS-256F-SHA256-ROBUST-BETA"

SPHINCSPLUS_256F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHA256-SIMPLE-BETA"

SPHINCSPLUS_256F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-256F-SHAKE256-ROBUST-BETA"

SPHINCSPLUS_256F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHAKE256-SIMPLE-BETA"

Enum ExportEncryptionAlgorithm

ExportEncryptionAlgorithm

RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"

Enum ItemOrder

ItemOrder

ASC = "asc"

DESC = "desc"

Enum ItemOrderBy

ItemOrderBy

CREATED_AT = "created_at"

DESTROYED_AT = "destroyed_at"

EXPIRATION = "expiration"

FOLDER = "folder"

LAST_ROTATED = "last_rotated"

NAME = "name"

NEXT_ROTATION = "next_rotation"

PURPOSE = "purpose"

TYPE = "type"

VERSION = "version"

Enum ItemState

ItemState

DISABLED = "disabled"

ENABLED = "enabled"

Enum ItemType

ItemType

ASYMMETRIC_KEY = "asymmetric_key"

PANGEA_TOKEN = "pangea_token"

SECRET = "secret"

SYMMETRIC_KEY = "symmetric_key"

Enum ItemVersionState

ItemVersionState

ACTIVE = "active"

COMPROMISED = "compromised"

DEACTIVATED = "deactivated"

DESTROYED = "destroyed"

INHERITED = "inherited"

SUSPENDED = "suspended"

Enum KeyPurpose

KeyPurpose

ENCRYPTION = "encryption"

FPE = "fpe"

JWT = "jwt"

SIGNING = "signing"

Enum SymmetricAlgorithm

SymmetricAlgorithm

AES = "AES-CFB-128"

AES128_CBC = "AES-CBC-128"

AES128_CFB = "AES-CFB-128"

AES128_FF3_1 = "AES-FF3-1-128-BETA"

AES256_CBC = "AES-CBC-256"

AES256_CFB = "AES-CFB-256"

AES256_FF3_1 = "AES-FF3-1-256-BETA"

AES256_GCM = "AES-GCM-256"

HS256 = "HS256"

HS384 = "HS384"

HS512 = "HS512"

Enum TransformAlphabet

TransformAlphabet

ALPHA_LOWER = "alphalower"

ALPHA_UPPER = "alphaupper"

ALPHANUMERIC = "alphanumeric"

ALPHANUMERIC_LOWER = "alphanumericlower"

ALPHANUMERIC_UPPER = "alphanumericupper"

NUMERIC = "numeric"

Interface DeleteRequest

DeleteRequest

required parameters

string

Interface DeleteResult

DeleteResult

required parameters

string

Interface ExportRequest

ExportRequest

required parameters

string

The ID of the item.

optional parameters

ExportEncryptionAlgorithm

The algorithm of the public key.

string

Public key in pem format used to encrypt exported key(s).

number

The item version.

Interface ExportResult

ExportResult

required parameters

string

The algorithm of the key.

boolean

Whether exported key(s) are encrypted with encryption_key sent on the request or not. If encrypted, the result is sent in base64, any other case they are in PEM format plain text.

string

The ID of the item.

string

The state of the item.

string

The type of the key.

number

The item version.

optional parameters

string

The key material.

string

The private key (in PEM format).

string

The public key (in PEM format).

Interface GetOptions

GetOptions

optional parameters

boolean
string | number
ItemVersionState

Interface GetRequest

GetRequest

required parameters

string

optional parameters

boolean
string | number
ItemVersionState

Interface GetResult

GetResult

required parameters

string
string
string
string
string

optional parameters

ItemVersionData
string
boolean

Whether the key is exportable or not.

string
InheritedSettigs
string
string
Object
string
string
string
string
string
Tags

Interface InheritedSettigs

InheritedSettigs

optional parameters

string
string
string

Interface ItemData

ItemData

required parameters

string
string
string
string
string

optional parameters

ItemVersionData
string
boolean

Whether the key is exportable or not.

string
string
string
Object
string
string
string
string
Tags

Interface ItemVersionData

ItemVersionData

required parameters

string
string
number

optional parameters</