Import a key
Learn how to import a key
Pangea Vault can be used to store user-created keys. After a key is stored in the Vault, its private key material will never be exposed by the Vault service.
Importing an asymmetric key pair
To import an asymmetric key pair, you must provide both the public and private key material. Once imported, the private key material will never be exposed by the Vault service.
The purposes and algorithms supported for asymmetric keys are:
signing
algorithms:ED25519
RSA-PKCS1V15-2048-SHA256
ES256
ES384
ES512
encryption
algorithms:RSA-OAEP-2048-SHA256
jwt
algorithms:ES256
ES384
ES512
import os
import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Vault
from pangea.services.vault.models.asymmetric import AsymmetricAlgorithm
from pangea.services.vault.models.common import KeyPurpose
def import_asymmetric_signing_key(name, public_key, private_key):
token = os.getenv("PANGEA_VAULT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
vault = Vault(token, config=config)
key_id = None
try:
# submit keys in PEM format
response = vault.asymmetric_store(
name=name,
public_key=public_key,
private_key=private_key,
purpose=KeyPurpose.SIGNING,
algorithm=AsymmetricAlgorithm.Ed25519
)
key_id = response.result.id
except pe.PangeaAPIException as e:
print(f"Vault Request Error: {e.response.summary}")
for err in e.errors:
print(f"\t{err.detail} \n")
return key_id
Importing a symmetric key
To import a symmetric key, you must provide the key. This key will never be exposed to the user.
The purposes and algorithms supported for symmetric keys are:
encryption
algorithms:AES-CFB-128
AES-CFB-256
jwt
algorithms:HS256
HS384
HS512
import os
import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Vault
from pangea.services.vault.models.symmetric import SymmetricAlgorithm
from pangea.services.vault.models.common import KeyPurpose
def import_symmetric_encryption_key(name, key):
token = os.getenv("PANGEA_VAULT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
vault = Vault(token, config=config)
key_id = None
try:
# submit keys in PEM format
response = vault.symmetric_store(
name=name,
key=key,
purpose=KeyPurpose.ENCRYPTION,
algorithm=SymmetricAlgorithm.AES128_CFB
)
key_id = response.result.id
except pe.PangeaAPIException as e:
print(f"Vault Request Error: {e.response.summary}")
for err in e.errors:
print(f"\t{err.detail} \n")
return key_id
Was this article helpful?