Skip to main content

Import a key

Learn how to import a key

Pangea Vault can be used to store user-created keys. After a key is stored in the Vault, its private key material will never be exposed by the Vault service.

Importing an asymmetric key pair

To import an asymmetric key pair, you must provide both the public and private key material. Once imported, the private key material will never be exposed by the Vault service.

The purposes and algorithms supported for asymmetric keys are:

  • signing algorithms:
    • ED25519
    • RSA-PKCS1V15-2048-SHA256
    • ES256
    • ES384
    • ES512
  • encryption algorithms:
    • RSA-OAEP-2048-SHA256
  • jwt algorithms:
    • ES256
    • ES384
    • ES512

import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Vault
from pangea.services.vault.models.asymmetric import AsymmetricAlgorithm
from pangea.services.vault.models.common import KeyPurpose


def import_asymmetric_signing_key(name, public_key, private_key):
token = os.getenv("PANGEA_VAULT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
vault = Vault(token, config=config)
key_id = None

try:
# submit keys in PEM format
response = vault.asymmetric_store(
name=name,
public_key=public_key,
private_key=private_key,
purpose=KeyPurpose.SIGNING,
algorithm=AsymmetricAlgorithm.Ed25519
)

key_id = response.result.id

except pe.PangeaAPIException as e:
print(f"Vault Request Error: {e.response.summary}")
for err in e.errors:
print(f"\t{err.detail} \n")

return key_id

Importing a symmetric key

To import a symmetric key, you must provide the key. This key will never be exposed to the user.

The purposes and algorithms supported for symmetric keys are:

  • encryption algorithms:
    • AES-CFB-128
    • AES-CFB-256
  • jwt algorithms:
    • HS256
    • HS384
    • HS512

import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Vault
from pangea.services.vault.models.symmetric import SymmetricAlgorithm
from pangea.services.vault.models.common import KeyPurpose


def import_symmetric_encryption_key(name, key):
token = os.getenv("PANGEA_VAULT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
vault = Vault(token, config=config)
key_id = None


try:
# submit keys in PEM format
response = vault.symmetric_store(
name=name,
key=key,
purpose=KeyPurpose.ENCRYPTION,
algorithm=SymmetricAlgorithm.AES128_CFB
)

key_id = response.result.id

except pe.PangeaAPIException as e:
print(f"Vault Request Error: {e.response.summary}")
for err in e.errors:
print(f"\t{err.detail} \n")

return key_id

Was this article helpful?

Contact us