Import a key

Learn how to import a key

Pangea Vault can be used to store user-created keys. After a key is stored in the Vault, its private key material will never be exposed by the Vault service.

Importing an asymmetric key pair

To import an asymmetric key pair, you must provide both the public and private key material. Once imported, the private key material will never be exposed by the Vault service.

The purposes and algorithms supported for asymmetric keys are:

signing algorithms:
- ED25519
- RSA-PKCS1V15-2048-SHA256
- ES256
- ES384
- ES512
encryption algorithms:
- RSA-OAEP-2048-SHA256
jwt algorithms:
- ES256
- ES384
- ES512

Language

Python

JavaScript

import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Vault
from pangea.services.vault.models.asymmetric import AsymmetricAlgorithm
from pangea.services.vault.models.common import KeyPurpose


def import_asymmetric_signing_key(name, public_key, private_key):
    token = os.getenv("PANGEA_VAULT_TOKEN")
    domain = os.getenv("PANGEA_DOMAIN")
    config = PangeaConfig(domain=domain)
    vault = Vault(token, config=config)
    key_id = None

    try:
        # submit keys in PEM format
        response = vault.asymmetric_store(
            name=name,
            public_key=public_key,
            private_key=private_key,
            purpose=KeyPurpose.SIGNING,
            algorithm=AsymmetricAlgorithm.Ed25519
        )

        key_id = response.result.id

    except pe.PangeaAPIException as e:
        print(f"Vault Request Error: {e.response.summary}")
        for err in e.errors:
            print(f"\t{err.detail} \n")

    return key_id

Importing a symmetric key

To import a symmetric key, you must provide the key. This key will never be exposed to the user.

The purposes and algorithms supported for symmetric keys are:

encryption algorithms:
- AES-CFB-128
- AES-CFB-256
jwt algorithms:
- HS256
- HS384
- HS512