Vault | Node.js SDK
Vault
constructor(token: string, config: PangeaConfig): VaultServiceCreates a new VaultService with the given Pangea API token and
configuration.
const config = new PangeaConfig({ domain: "pangea_domain" });
const vault = new VaultService("pangea_token", config);Asymmetric generate
asymmetricGenerate(algorithm: AsymmetricAlgorithm, purpose: KeyPurpose, name: string, options: GenerateOptions): Promise<PangeaResponse<GenerateResult>>Generate an asymmetric key.
const response = await vault.asymmetricGenerate(
Vault.AsymmetricAlgorithm.RSA2048_PKCS1V15_SHA256,
Vault.KeyPurpose.SIGNING,
"my-very-secret-secret",
{
folder: "/personal",
metadata: {
"created_by": "John Doe",
"used_in": "Google products"
},
tags: ["irs_2023", "personal"],
rotation_frequency: "10d",
rotation_state: Vault.ItemVersionState.DEACTIVATED,
expiration: "2025-01-01T10:00:00Z",
}
);Asymmetric store
asymmetricStore(privateKey: string, publicKey: string, algorithm: AsymmetricAlgorithm, purpose: KeyPurpose, name: string, options: StoreOptions): Promise<PangeaResponse<StoreResult>>Import an asymmetric key.
const response = await vault.asymmetricStore(
"private key example",
"-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA8s5JopbEPGBylPBcMK+L5PqHMqPJW/5KYPgBHzZGncc=\n-----END PUBLIC KEY-----",
Vault.AsymmetricAlgorithm.RSA2048_PKCS1V15_SHA256,
Vault.KeyPurpose.SIGNING,
"my-very-secret-secret",
{
folder: "/personal",
metadata: {
"created_by": "John Doe",
"used_in": "Google products"
},
tags: ["irs_2023", "personal"],
rotation_frequency: "10d",
rotation_state: Vault.ItemVersionState.DEACTIVATED,
expiration: "2025-01-01T10:00:00Z",
}
);Decrypt
decrypt(id: string, cipherText: string, options: DecryptOptions): Promise<PangeaResponse<DecryptResult>>Decrypt a message using a key.
const response = await vault.decrypt(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
"lJkk0gCLux+Q+rPNqLPEYw==",
1
);Decrypt structured
decryptStructured(request: EncryptStructuredRequest): Promise<PangeaResponse<EncryptStructuredResult<O>>>Decrypt parts of a JSON object.
const response = await vault.decryptStructured({
id: "pvi_[...]",
structured_data: {"field1": [1, 2, "[...]", "[...]"], "field2": "data2"},
filter: "$.field1[2:4]",
});Delete
delete(id: string): Promise<PangeaResponse<DeleteResult>>Delete a secret or key.
const response = await vault.delete(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"
);Encrypt
encrypt(id: string, plainText: string): Promise<PangeaResponse<EncryptResult>>Encrypt a message using a key.
const response = await vault.encrypt(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
"lJkk0gCLux+Q+rPNqLPEYw=="
);Encrypt structured
encryptStructured(request: EncryptStructuredRequest): Promise<PangeaResponse<EncryptStructuredResult<O>>>Encrypt parts of a JSON object.
const response = await vault.encryptStructured({
id: "pvi_[...]",
structured_data: {"field1": [1, 2, "true", "false"], "field2": "data2"},
filter: "$.field1[2:4]",
});Create
folderCreate(request: CreateRequest): Promise<PangeaResponse<CreateResult>>Creates a folder.
const createParentResp = await vault.folderCreate({
name: "folder_name",
folder: "parent/folder/name",
});Retrieve
getItem(id: string, options: GetOptions): Promise<PangeaResponse<GetResult>>Retrieve a secret or key, and any associated information.
const response = await vault.getItem(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
{
version: 1,
version_state: Vault.ItemVersionState.ACTIVE,
verbose: true,
}
);JWT Retrieve
jwkGet(id: string, options: GetOptions): Promise<PangeaResponse<GetResult>>Retrieve a key in JWK format.
const response = await vault.jwkGet(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5"
);JWT Sign
jwtSign(id: string, payload: string): Promise<PangeaResponse<SignResult>>Sign a JSON Web Token (JWT) using a key.
const response = await vault.jwtSign(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
"{\"sub\": \"1234567890\",\"name\": \"John Doe\",\"admin\": true}"
);JWT Verify
jwtVerify(jws: string): Promise<PangeaResponse<VerifyResult>>Verify the signature of a JSON Web Token (JWT).
const response = await vault.jwtVerify(
"ewogICJhbGciO..."
);Key rotate
keyRotate(id: string, options: RotateOptions): Promise<PangeaResponse<RotateResult>>Manually rotate a symmetric or asymmetric key.
const response = await vault.keyRotate(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
{
rotation_state: Vault.ItemVersionState.DEACTIVATED,
key: "lJkk0gCLux+Q+rPNqLPEYw==",
}
);List
list(options: ListOptions): Promise<PangeaResponse<ListResult>>Look up a list of secrets, keys and folders, and their associated information.
const response = await vault.list(
{
filter: {
folder: "/",
type: "asymmetric_key",
name__contains: "test",
metadata_key1: "value1",
created_at__lt: "2023-12-12T00:00:00Z",
},
last: "WyIvdGVzdF8yMDdfc3ltbWV0cmljLyJd",
order: Vault.ItemOrder.ASC,
order_by: Vault.ItemOrderby.NAME,
size=20,
}
);Token rotate
pangeaTokenRotate(id: string, rotation_grace_period: string): Promise<PangeaResponse<RotateResult>>Rotate a Pangea token.
const response = await vault.pangeaTokenRotate(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
"1d"
);Pangea token store
pangeaTokenStore(pangeaToken: string, name: string, options: StoreOptions): Promise<PangeaResponse<StoreResult>>Import a secret.
const response = await vault.pangeaTokenStore(
"ptv_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd",
"my-very-secret-secret",
{
folder: "/personal",
metadata: {
"created_by": "John Doe",
"used_in": "Google products"
},
tags: ["irs_2023", "personal"],
rotation_frequency: "10d",
rotation_state: Vault.ItemVersionState.DEACTIVATED,
expiration: "2025-01-01T10:00:00Z",
}
);post(endpoint: string, data: object, options: PostOptions): Promise<PangeaResponse<R>>
POST request.
Secret rotate
secretRotate(id: string, secret: string, options: RotateOptions): Promise<PangeaResponse<RotateResult>>Rotate a secret.
const response = await vault.secretRotate(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
"12sdfgs4543qv@#%$casd",
{
rotation_state: Vault.ItemVersionState.DEACTIVATED,
}
);Secret store
secretStore(secret: string, name: string, options: StoreOptions): Promise<PangeaResponse<StoreResult>>Import a secret.
const response = await vault.secretStore(
"12sdfgs4543qv@#%$casd",
"my-very-secret-secret",
{
folder: "/personal",
metadata: {
"created_by": "John Doe",
"used_in": "Google products"
},
tags: ["irs_2023", "personal"],
rotation_frequency: "10d",
rotation_state: Vault.ItemVersionState.DEACTIVATED,
expiration: "2025-01-01T10:00:00Z",
}
);Sign
sign(id: string, message: string): Promise<PangeaResponse<SignResult>>Sign a message using a key.
const response = await vault.sign(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
"lJkk0gCLux+Q+rPNqLPEYw=="
);State change
stateChange(id: string, state: ItemVersionState, options: StateChangeOptions): Promise<PangeaResponse<StateChangeResult>>Change the state of a specific version of a secret or key.
const response = await vault.stateChange(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
Vault.ItemVersionState.DEACTIVATED
);Symmetric generate
symmetricGenerate(algorithm: SymmetricAlgorithm, purpose: KeyPurpose, name: string, options: GenerateOptions): Promise<PangeaResponse<GenerateResult>>Generate a symmetric key.
const response = await vault.symmetricGenerate(
Vault.SymmetricAlgorithm.AES128_CFB,
Vault.KeyPurpose.ENCRYPTION,
"my-very-secret-secret",
{
folder: "/personal",
metadata: {
"created_by": "John Doe",
"used_in": "Google products"
},
tags: ["irs_2023", "personal"],
rotation_frequency: "10d",
rotation_state: Vault.ItemVersionState.DEACTIVATED,
expiration: "2025-01-01T10:00:00Z",
}
);Symmetric store
symmetricStore(key: string, algorithm: SymmetricAlgorithm, purpose: KeyPurpose, name: string, options: StoreOptions): Promise<PangeaResponse<StoreResult>>Import a symmetric key.
const response = await vault.symmetricStore(
"lJkk0gCLux+Q+rPNqLPEYw==",
Vault.SymmetricAlgorithm.AES128_CFB,
Vault.KeyPurpose.ENCRYPTION,
"my-very-secret-secret",
{
folder: "/personal",
metadata: {
"created_by": "John Doe",
"used_in": "Google products"
},
tags: ["irs_2023", "personal"],
rotation_frequency: "10d",
rotation_state: Vault.ItemVersionState.DEACTIVATED,
expiration: "2025-01-01T10:00:00Z",
}
);Update
update(id: string, options: UpdateOptions): Promise<PangeaResponse<UpdateResult>>Update information associated with a secret or key.
const response = await vault.update(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
{
name: "my-very-secret-secret",
folder: "/personal",
metadata: {
"created_by": "John Doe",
"used_in": "Google products"
},
tags: ["irs_2023", "personal"],
rotation_frequency: "10d",
rotation_state: Vault.ItemVersionState.DEACTIVATED,
rotation_grace_period: "1d",
expiration: "2025-01-01T10:00:00Z",
item_state: Vault.ItemState.DISABLED,
}
);Verify
verify(id: string, message: string, signature: string, options: VerifyOptions): Promise<PangeaResponse<VerifyResult>>Verify a signature using a key.
const response = await vault.verify(
"pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
"lJkk0gCLux+Q+rPNqLPEYw=="
"FfWuT2Mq/+cxa7wIugfhzi7ktZxVf926idJNgBDCysF/knY9B7M6wxqHMMPDEBs86D8OsEGuED21y3J7IGOpCQ==",
);Namespace Asymmetric
AsymmetricNamespace Common
CommonNamespace Folder
FolderNamespace JWK
JWKNamespace JWT
JWTNamespace Key
KeyNamespace Secret
SecretNamespace Symmetric
SymmetricEnum AsymmetricAlgorithm
AsymmetricAlgorithmES256 = "ES256"
ES256K = "ES256K"
ES384 = "ES384"
ES512 = "ES512"
Ed25519 = "ED25519"
Ed25519_DILITHIUM2_BETA = "ED25519-DILITHIUM2-BETA"
Ed448_DILITHIUM3_BETA = "ED448-DILITHIUM3-BETA"
FALCON_1024_BETA = "FALCON-1024-BETA"
RSA = "RSA-PKCS1V15-2048-SHA256"
RSA2048_OAEP_SHA1 = "RSA-OAEP-2048-SHA1"
RSA2048_OAEP_SHA256 = "RSA-OAEP-2048-SHA256"
RSA2048_OAEP_SHA512 = "RSA-OAEP-2048-SHA512"
RSA2048_PKCS1V15_SHA256 = "RSA-PKCS1V15-2048-SHA256"
RSA2048_PSS_SHA256 = "RSA-PSS-2048-SHA256"
RSA3072_OAEP_SHA1 = "RSA-OAEP-3072-SHA1"
RSA3072_OAEP_SHA256 = "RSA-OAEP-3072-SHA256"
RSA3072_OAEP_SHA512 = "RSA-OAEP-3072-SHA512"
RSA3072_PSS_SHA256 = "RSA-PSS-3072-SHA256"
RSA4096_OAEP_SHA1 = "RSA-OAEP-4096-SHA1"
RSA4096_OAEP_SHA256 = "RSA-OAEP-4096-SHA256"
RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"
RSA4096_PSS_SHA256 = "RSA-PSS-4096-SHA256"
RSA4096_PSS_SHA512 = "RSA-PSS-4096-SHA512"
SPHINCSPLUS_128F_SHA256_ROBUST_BETA = "SPHINCSPLUS-128F-SHA256-ROBUST-BETA"
SPHINCSPLUS_128F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHA256-SIMPLE-BETA"
SPHINCSPLUS_128F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-128F-SHAKE256-ROBUST-BETA"
SPHINCSPLUS_128F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHAKE256-SIMPLE-BETA"
SPHINCSPLUS_192F_SHA256_ROBUST_BETA = "SPHINCSPLUS-192F-SHA256-ROBUST-BETA"
SPHINCSPLUS_192F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHA256-SIMPLE-BETA"
SPHINCSPLUS_192F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-192F-SHAKE256-ROBUST-BETA"
SPHINCSPLUS_192F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHAKE256-SIMPLE-BETA"
SPHINCSPLUS_256F_SHA256_ROBUST_BETA = "SPHINCSPLUS-256F-SHA256-ROBUST-BETA"
SPHINCSPLUS_256F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHA256-SIMPLE-BETA"
SPHINCSPLUS_256F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-256F-SHAKE256-ROBUST-BETA"
SPHINCSPLUS_256F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHAKE256-SIMPLE-BETA"
Enum ItemOrder
ItemOrderASC = "asc"
DESC = "desc"
Enum ItemOrderBy
ItemOrderByCREATED_AT = "created_at"
DESTROYED_AT = "destroyed_at"
EXPIRATION = "expiration"
FOLDER = "folder"
LAST_ROTATED = "last_rotated"
NAME = "name"
NEXT_ROTATION = "next_rotation"
PURPOSE = "purpose"
TYPE = "type"
VERSION = "version"
Enum ItemState
ItemStateDISABLED = "disabled"
ENABLED = "ENABLED"
Enum ItemType
ItemTypeASYMMETRIC_KEY = "asymmetric_key"
PANGEA_TOKEN = "pangea_token"
SECRET = "secret"
SYMMETRIC_KEY = "symmetric_key"
Enum ItemVersionState
ItemVersionStateACTIVE = "active"
COMPROMISED = "compromised"
DEACTIVATED = "deactivated"
DESTROYED = "destroyed"
INHERITED = "inherited"
SUSPENDED = "suspended"
Enum KeyPurpose
KeyPurposeENCRYPTION = "encryption"
JWT = "jwt"
SIGNING = "signing"
Enum SymmetricAlgorithm
SymmetricAlgorithmAES = "AES-CFB-128"
AES128_CBC = "AES-CBC-128"
AES128_CFB = "AES-CFB-128"
AES256_CBC = "AES-CBC-256"
AES256_CFB = "AES-CFB-256"
AES256_GCM = "AES-GCM-256"
HS256 = "HS256"
HS384 = "HS384"
HS512 = "HS512"