Skip to main content

Import a key

Learn how to import a key

Pangea Vault can be used to store user-created keys. After a key is stored in the Vault, its private key material will never be exposed by the Vault service.

Importing an asymmetric key pair

To import an asymmetric key pair, you must provide both the public and private key material. Once imported, the private key material will never be exposed by the Vault service.

The purposes and algorithms supported for asymmetric keys are:

  • signing algorithms:
    • ED25519
    • RSA-PKCS1V15-2048-SHA256
    • ES256
    • ES384
    • ES512
    • ED25519-DILITHIUM2-BETA
    • ED448-DILITHIUM3-BETA
  • encryption algorithms:
    • RSA-OAEP-2048-SHA256
  • jwt algorithms:
    • ES256
    • ES384
    • ES512
POST/v1/key/store
curl -sSLX POST 'https://vault.'"$PANGEA_DOMAIN"'/v1/key/store' \
-H 'Authorization: Bearer '"$PANGEA_VAULT_TOKEN" \
-H 'Content-Type: application/json' \
-d '{"type":"asymmetric_key","purpose":"signing","public_key":"a_public_key","private_key":"a_private_key","algorithm":"ED25519"}'

Importing a symmetric key

To import a symmetric key, you must provide the key. This key will never be exposed to the user.

The purposes and algorithms supported for symmetric keys are:

  • encryption algorithms:
    • AES-CFB-128
    • AES-CFB-256
    • AES-GCM-256
    • AES-CBC-128
    • AES-CBC-256
  • jwt algorithms:
    • HS256
    • HS384
    • HS512
POST/v1/key/store
curl -sSLX POST 'https://vault.'"$PANGEA_DOMAIN"'/v1/key/store' \
-H 'Authorization: Bearer '"$PANGEA_VAULT_TOKEN" \
-H 'Content-Type: application/json' \
-d '{"type":"symmetric_key","purpose":"encryption","key":"aGV5","algorithm":"AES-CFB-128"}'

Was this article helpful?

Contact us

Secure AI from cloud to code

636 Ramona St Palo Alto, CA 94301

Guides
Services
SDKs & APIs

©2025 Pangea. All rights reserved.

PrivacyYour Privacy ChoicesTerms of UseLegal Notices
Contact Us