@scaleway/sdk-key-manager 1.0.1 → 1.2.0

package/dist/v1alpha1/api.gen.cjs

@@ -42,6 +42,19 @@ class API extends sdkClient.API {
     },
     marshalling_gen.unmarshalKey
   );
+  /**
+   * Get the public key in PEM format.. Retrieves the public portion of an asymmetric cryptographic key in PEM format.
+   *
+   * @param request - The request {@link GetPublicKeyRequest}
+   * @returns A Promise of PublicKey
+   */
+  getPublicKey = (request) => this.client.fetch(
+    {
+      method: "GET",
+      path: `/key-manager/v1alpha1/regions/${sdkClient.validatePathParam("region", request.region ?? this.client.settings.defaultRegion)}/keys/${sdkClient.validatePathParam("keyId", request.keyId)}/public-key`
+    },
+    marshalling_gen.unmarshalPublicKey
+  );
   /**
    * Update a key. Modify a key's metadata including name, description and tags, specified by the `key_id` and `region` parameters.
    *
@@ -157,7 +170,8 @@ class API extends sdkClient.API {
           request.pageSize ?? this.client.settings.defaultPageSize
         ],
         ["project_id", request.projectId],
-        ["tags", request.tags]
+        ["tags", request.tags],
+        ["usage", request.usage]
       )
     },
     marshalling_gen.unmarshalListKeysResponse
@@ -222,6 +236,38 @@ class API extends sdkClient.API {
     },
     marshalling_gen.unmarshalDecryptResponse
   );
+  /**
+   * Sign a message digest. Use a given key to sign a message digest. The key must have its usage set to `asymmetric_signing`. The digest must be created using the same digest algorithm that is defined in the key's algorithm configuration.
+   *
+   * @param request - The request {@link SignRequest}
+   * @returns A Promise of SignResponse
+   */
+  sign = (request) => this.client.fetch(
+    {
+      body: JSON.stringify(marshalling_gen.marshalSignRequest(request, this.client.settings)),
+      headers: jsonContentHeaders,
+      method: "POST",
+      path: `/key-manager/v1alpha1/regions/${sdkClient.validatePathParam("region", request.region ?? this.client.settings.defaultRegion)}/keys/${sdkClient.validatePathParam("keyId", request.keyId)}/sign`
+    },
+    marshalling_gen.unmarshalSignResponse
+  );
+  /**
+   * Verify a message signature. Use a given key to verify a message signature against a message digest. The key must have its usage set to `asymmetric_signing`. The message digest must be generated using the same digest algorithm that is defined in the key's algorithm configuration.
+   *
+   * @param request - The request {@link VerifyRequest}
+   * @returns A Promise of VerifyResponse
+   */
+  verify = (request) => this.client.fetch(
+    {
+      body: JSON.stringify(
+        marshalling_gen.marshalVerifyRequest(request, this.client.settings)
+      ),
+      headers: jsonContentHeaders,
+      method: "POST",
+      path: `/key-manager/v1alpha1/regions/${sdkClient.validatePathParam("region", request.region ?? this.client.settings.defaultRegion)}/keys/${sdkClient.validatePathParam("keyId", request.keyId)}/verify`
+    },
+    marshalling_gen.unmarshalVerifyResponse
+  );
   /**
    * Import key material. Import externally generated key material into Key Manager to derive a new cryptographic key. The key's origin must be `external`.
    *

package/dist/v1alpha1/api.gen.d.ts

@@ -1,6 +1,6 @@
 import { API as ParentAPI } from '@scaleway/sdk-client';
 import type { Region as ScwRegion } from '@scaleway/sdk-client';
-import type { CreateKeyRequest, DataKey, DecryptRequest, DecryptResponse, DeleteKeyMaterialRequest, DeleteKeyRequest, DisableKeyRequest, EnableKeyRequest, EncryptRequest, EncryptResponse, GenerateDataKeyRequest, GetKeyRequest, ImportKeyMaterialRequest, Key, ListKeysRequest, ListKeysResponse, ProtectKeyRequest, RotateKeyRequest, UnprotectKeyRequest, UpdateKeyRequest } from './types.gen';
+import type { CreateKeyRequest, DataKey, DecryptRequest, DecryptResponse, DeleteKeyMaterialRequest, DeleteKeyRequest, DisableKeyRequest, EnableKeyRequest, EncryptRequest, EncryptResponse, GenerateDataKeyRequest, GetKeyRequest, GetPublicKeyRequest, ImportKeyMaterialRequest, Key, ListKeysRequest, ListKeysResponse, ProtectKeyRequest, PublicKey, RotateKeyRequest, SignRequest, SignResponse, UnprotectKeyRequest, UpdateKeyRequest, VerifyRequest, VerifyResponse } from './types.gen';
 /**
  * Key Manager API.
 
@@ -23,6 +23,13 @@ export declare class API extends ParentAPI {
      * @returns A Promise of Key
      */
     getKey: (request: Readonly<GetKeyRequest>) => Promise<Key>;
+    /**
+     * Get the public key in PEM format.. Retrieves the public portion of an asymmetric cryptographic key in PEM format.
+     *
+     * @param request - The request {@link GetPublicKeyRequest}
+     * @returns A Promise of PublicKey
+     */
+    getPublicKey: (request: Readonly<GetPublicKeyRequest>) => Promise<PublicKey>;
     /**
      * Update a key. Modify a key's metadata including name, description and tags, specified by the `key_id` and `region` parameters.
      *
@@ -105,6 +112,20 @@ export declare class API extends ParentAPI {
      * @returns A Promise of DecryptResponse
      */
     decrypt: (request: Readonly<DecryptRequest>) => Promise<DecryptResponse>;
+    /**
+     * Sign a message digest. Use a given key to sign a message digest. The key must have its usage set to `asymmetric_signing`. The digest must be created using the same digest algorithm that is defined in the key's algorithm configuration.
+     *
+     * @param request - The request {@link SignRequest}
+     * @returns A Promise of SignResponse
+     */
+    sign: (request: Readonly<SignRequest>) => Promise<SignResponse>;
+    /**
+     * Verify a message signature. Use a given key to verify a message signature against a message digest. The key must have its usage set to `asymmetric_signing`. The message digest must be generated using the same digest algorithm that is defined in the key's algorithm configuration.
+     *
+     * @param request - The request {@link VerifyRequest}
+     * @returns A Promise of VerifyResponse
+     */
+    verify: (request: Readonly<VerifyRequest>) => Promise<VerifyResponse>;
     /**
      * Import key material. Import externally generated key material into Key Manager to derive a new cryptographic key. The key's origin must be `external`.
      *

package/dist/v1alpha1/api.gen.js

@@ -1,5 +1,5 @@
 import { API as API$1, validatePathParam, urlParams, enrichForPagination } from "@scaleway/sdk-client";
-import { marshalCreateKeyRequest, unmarshalKey, marshalUpdateKeyRequest, unmarshalListKeysResponse, marshalGenerateDataKeyRequest, unmarshalDataKey, marshalEncryptRequest, unmarshalEncryptResponse, marshalDecryptRequest, unmarshalDecryptResponse, marshalImportKeyMaterialRequest } from "./marshalling.gen.js";
+import { marshalCreateKeyRequest, unmarshalKey, unmarshalPublicKey, marshalUpdateKeyRequest, unmarshalListKeysResponse, marshalGenerateDataKeyRequest, unmarshalDataKey, marshalEncryptRequest, unmarshalEncryptResponse, marshalDecryptRequest, unmarshalDecryptResponse, marshalSignRequest, unmarshalSignResponse, marshalVerifyRequest, unmarshalVerifyResponse, marshalImportKeyMaterialRequest } from "./marshalling.gen.js";
 const jsonContentHeaders = {
   "Content-Type": "application/json; charset=utf-8"
 };
@@ -40,6 +40,19 @@ class API extends API$1 {
     },
     unmarshalKey
   );
+  /**
+   * Get the public key in PEM format.. Retrieves the public portion of an asymmetric cryptographic key in PEM format.
+   *
+   * @param request - The request {@link GetPublicKeyRequest}
+   * @returns A Promise of PublicKey
+   */
+  getPublicKey = (request) => this.client.fetch(
+    {
+      method: "GET",
+      path: `/key-manager/v1alpha1/regions/${validatePathParam("region", request.region ?? this.client.settings.defaultRegion)}/keys/${validatePathParam("keyId", request.keyId)}/public-key`
+    },
+    unmarshalPublicKey
+  );
   /**
    * Update a key. Modify a key's metadata including name, description and tags, specified by the `key_id` and `region` parameters.
    *
@@ -155,7 +168,8 @@ class API extends API$1 {
           request.pageSize ?? this.client.settings.defaultPageSize
         ],
         ["project_id", request.projectId],
-        ["tags", request.tags]
+        ["tags", request.tags],
+        ["usage", request.usage]
       )
     },
     unmarshalListKeysResponse
@@ -220,6 +234,38 @@ class API extends API$1 {
     },
     unmarshalDecryptResponse
   );
+  /**
+   * Sign a message digest. Use a given key to sign a message digest. The key must have its usage set to `asymmetric_signing`. The digest must be created using the same digest algorithm that is defined in the key's algorithm configuration.
+   *
+   * @param request - The request {@link SignRequest}
+   * @returns A Promise of SignResponse
+   */
+  sign = (request) => this.client.fetch(
+    {
+      body: JSON.stringify(marshalSignRequest(request, this.client.settings)),
+      headers: jsonContentHeaders,
+      method: "POST",
+      path: `/key-manager/v1alpha1/regions/${validatePathParam("region", request.region ?? this.client.settings.defaultRegion)}/keys/${validatePathParam("keyId", request.keyId)}/sign`
+    },
+    unmarshalSignResponse
+  );
+  /**
+   * Verify a message signature. Use a given key to verify a message signature against a message digest. The key must have its usage set to `asymmetric_signing`. The message digest must be generated using the same digest algorithm that is defined in the key's algorithm configuration.
+   *
+   * @param request - The request {@link VerifyRequest}
+   * @returns A Promise of VerifyResponse
+   */
+  verify = (request) => this.client.fetch(
+    {
+      body: JSON.stringify(
+        marshalVerifyRequest(request, this.client.settings)
+      ),
+      headers: jsonContentHeaders,
+      method: "POST",
+      path: `/key-manager/v1alpha1/regions/${validatePathParam("region", request.region ?? this.client.settings.defaultRegion)}/keys/${validatePathParam("keyId", request.keyId)}/verify`
+    },
+    unmarshalVerifyResponse
+  );
   /**
    * Import key material. Import externally generated key material into Key Manager to derive a new cryptographic key. The key's origin must be `external`.
    *

package/dist/v1alpha1/index.gen.cjs

@@ -8,9 +8,14 @@ exports.marshalDecryptRequest = marshalling_gen.marshalDecryptRequest;
 exports.marshalEncryptRequest = marshalling_gen.marshalEncryptRequest;
 exports.marshalGenerateDataKeyRequest = marshalling_gen.marshalGenerateDataKeyRequest;
 exports.marshalImportKeyMaterialRequest = marshalling_gen.marshalImportKeyMaterialRequest;
+exports.marshalSignRequest = marshalling_gen.marshalSignRequest;
 exports.marshalUpdateKeyRequest = marshalling_gen.marshalUpdateKeyRequest;
+exports.marshalVerifyRequest = marshalling_gen.marshalVerifyRequest;
 exports.unmarshalDataKey = marshalling_gen.unmarshalDataKey;
 exports.unmarshalDecryptResponse = marshalling_gen.unmarshalDecryptResponse;
 exports.unmarshalEncryptResponse = marshalling_gen.unmarshalEncryptResponse;
 exports.unmarshalKey = marshalling_gen.unmarshalKey;
 exports.unmarshalListKeysResponse = marshalling_gen.unmarshalListKeysResponse;
+exports.unmarshalPublicKey = marshalling_gen.unmarshalPublicKey;
+exports.unmarshalSignResponse = marshalling_gen.unmarshalSignResponse;
+exports.unmarshalVerifyResponse = marshalling_gen.unmarshalVerifyResponse;

package/dist/v1alpha1/index.gen.d.ts

@@ -1,3 +1,3 @@
 export { API } from './api.gen';
 export * from './marshalling.gen';
-export type { CreateKeyRequest, DataKey, DataKeyAlgorithmSymmetricEncryption, DecryptRequest, DecryptResponse, DeleteKeyMaterialRequest, DeleteKeyRequest, DisableKeyRequest, EnableKeyRequest, EncryptRequest, EncryptResponse, GenerateDataKeyRequest, GetKeyRequest, ImportKeyMaterialRequest, Key, KeyAlgorithmSymmetricEncryption, KeyOrigin, KeyRotationPolicy, KeyState, KeyUsage, ListKeysRequest, ListKeysRequestOrderBy, ListKeysResponse, ProtectKeyRequest, RotateKeyRequest, UnprotectKeyRequest, UpdateKeyRequest, } from './types.gen';
+export type { CreateKeyRequest, DataKey, DataKeyAlgorithmSymmetricEncryption, DecryptRequest, DecryptResponse, DeleteKeyMaterialRequest, DeleteKeyRequest, DisableKeyRequest, EnableKeyRequest, EncryptRequest, EncryptResponse, GenerateDataKeyRequest, GetKeyRequest, GetPublicKeyRequest, ImportKeyMaterialRequest, Key, KeyAlgorithmAsymmetricEncryption, KeyAlgorithmAsymmetricSigning, KeyAlgorithmSymmetricEncryption, KeyOrigin, KeyRotationPolicy, KeyState, KeyUsage, ListKeysRequest, ListKeysRequestOrderBy, ListKeysRequestUsage, ListKeysResponse, ProtectKeyRequest, PublicKey, RotateKeyRequest, SignRequest, SignResponse, UnprotectKeyRequest, UpdateKeyRequest, VerifyRequest, VerifyResponse, } from './types.gen';

package/dist/v1alpha1/index.gen.js

@@ -1,5 +1,5 @@
 import { API } from "./api.gen.js";
-import { marshalCreateKeyRequest, marshalDecryptRequest, marshalEncryptRequest, marshalGenerateDataKeyRequest, marshalImportKeyMaterialRequest, marshalUpdateKeyRequest, unmarshalDataKey, unmarshalDecryptResponse, unmarshalEncryptResponse, unmarshalKey, unmarshalListKeysResponse } from "./marshalling.gen.js";
+import { marshalCreateKeyRequest, marshalDecryptRequest, marshalEncryptRequest, marshalGenerateDataKeyRequest, marshalImportKeyMaterialRequest, marshalSignRequest, marshalUpdateKeyRequest, marshalVerifyRequest, unmarshalDataKey, unmarshalDecryptResponse, unmarshalEncryptResponse, unmarshalKey, unmarshalListKeysResponse, unmarshalPublicKey, unmarshalSignResponse, unmarshalVerifyResponse } from "./marshalling.gen.js";
 export {
   API,
   marshalCreateKeyRequest,
@@ -7,10 +7,15 @@ export {
   marshalEncryptRequest,
   marshalGenerateDataKeyRequest,
   marshalImportKeyMaterialRequest,
+  marshalSignRequest,
   marshalUpdateKeyRequest,
+  marshalVerifyRequest,
   unmarshalDataKey,
   unmarshalDecryptResponse,
   unmarshalEncryptResponse,
   unmarshalKey,
-  unmarshalListKeysResponse
+  unmarshalListKeysResponse,
+  unmarshalPublicKey,
+  unmarshalSignResponse,
+  unmarshalVerifyResponse
 };

package/dist/v1alpha1/marshalling.gen.cjs

@@ -19,6 +19,8 @@ const unmarshalKeyUsage = (data) => {
     );
   }
   return {
+    asymmetricEncryption: data.asymmetric_encryption ? data.asymmetric_encryption : void 0,
+    asymmetricSigning: data.asymmetric_signing ? data.asymmetric_signing : void 0,
     symmetricEncryption: data.symmetric_encryption ? data.symmetric_encryption : void 0
   };
 };
@@ -95,13 +97,47 @@ const unmarshalListKeysResponse = (data) => {
     totalCount: data.total_count
   };
 };
+const unmarshalPublicKey = (data) => {
+  if (!sdkClient.isJSONObject(data)) {
+    throw new TypeError(
+      `Unmarshalling the type 'PublicKey' failed as data isn't a dictionary.`
+    );
+  }
+  return {
+    pem: data.pem
+  };
+};
+const unmarshalSignResponse = (data) => {
+  if (!sdkClient.isJSONObject(data)) {
+    throw new TypeError(
+      `Unmarshalling the type 'SignResponse' failed as data isn't a dictionary.`
+    );
+  }
+  return {
+    keyId: data.key_id,
+    signature: data.signature
+  };
+};
+const unmarshalVerifyResponse = (data) => {
+  if (!sdkClient.isJSONObject(data)) {
+    throw new TypeError(
+      `Unmarshalling the type 'VerifyResponse' failed as data isn't a dictionary.`
+    );
+  }
+  return {
+    keyId: data.key_id,
+    valid: data.valid
+  };
+};
 const marshalKeyRotationPolicy = (request, defaults) => ({
   next_rotation_at: request.nextRotationAt,
   rotation_period: request.rotationPeriod
 });
 const marshalKeyUsage = (request, defaults) => ({
   ...sdkClient.resolveOneOf([
-    { param: "symmetric_encryption", value: request.symmetricEncryption }
+    { param: "symmetric_encryption", value: request.symmetricEncryption },
+    { param: "asymmetric_encryption", value: request.asymmetricEncryption },
+    { param: "asymmetric_signing", value: request.asymmetricSigning }
   ])
 });
 const marshalCreateKeyRequest = (request, defaults) => ({
@@ -130,20 +166,32 @@ const marshalImportKeyMaterialRequest = (request, defaults) => ({
   key_material: request.keyMaterial,
   salt: request.salt
 });
+const marshalSignRequest = (request, defaults) => ({
+  digest: request.digest
+});
 const marshalUpdateKeyRequest = (request, defaults) => ({
   description: request.description,
   name: request.name,
   rotation_policy: request.rotationPolicy !== void 0 ? marshalKeyRotationPolicy(request.rotationPolicy) : void 0,
   tags: request.tags
 });
+const marshalVerifyRequest = (request, defaults) => ({
+  digest: request.digest,
+  signature: request.signature
+});
 exports.marshalCreateKeyRequest = marshalCreateKeyRequest;
 exports.marshalDecryptRequest = marshalDecryptRequest;
 exports.marshalEncryptRequest = marshalEncryptRequest;
 exports.marshalGenerateDataKeyRequest = marshalGenerateDataKeyRequest;
 exports.marshalImportKeyMaterialRequest = marshalImportKeyMaterialRequest;
+exports.marshalSignRequest = marshalSignRequest;
 exports.marshalUpdateKeyRequest = marshalUpdateKeyRequest;
+exports.marshalVerifyRequest = marshalVerifyRequest;
 exports.unmarshalDataKey = unmarshalDataKey;
 exports.unmarshalDecryptResponse = unmarshalDecryptResponse;
 exports.unmarshalEncryptResponse = unmarshalEncryptResponse;
 exports.unmarshalKey = unmarshalKey;
 exports.unmarshalListKeysResponse = unmarshalListKeysResponse;
+exports.unmarshalPublicKey = unmarshalPublicKey;
+exports.unmarshalSignResponse = unmarshalSignResponse;
+exports.unmarshalVerifyResponse = unmarshalVerifyResponse;

package/dist/v1alpha1/marshalling.gen.d.ts

@@ -1,13 +1,18 @@
 import type { DefaultValues } from '@scaleway/sdk-client';
-import type { CreateKeyRequest, DataKey, DecryptRequest, DecryptResponse, EncryptRequest, EncryptResponse, GenerateDataKeyRequest, ImportKeyMaterialRequest, Key, ListKeysResponse, UpdateKeyRequest } from './types.gen';
+import type { CreateKeyRequest, DataKey, DecryptRequest, DecryptResponse, EncryptRequest, EncryptResponse, GenerateDataKeyRequest, ImportKeyMaterialRequest, Key, ListKeysResponse, PublicKey, SignRequest, SignResponse, UpdateKeyRequest, VerifyRequest, VerifyResponse } from './types.gen';
 export declare const unmarshalKey: (data: unknown) => Key;
 export declare const unmarshalDataKey: (data: unknown) => DataKey;
 export declare const unmarshalDecryptResponse: (data: unknown) => DecryptResponse;
 export declare const unmarshalEncryptResponse: (data: unknown) => EncryptResponse;
 export declare const unmarshalListKeysResponse: (data: unknown) => ListKeysResponse;
+export declare const unmarshalPublicKey: (data: unknown) => PublicKey;
+export declare const unmarshalSignResponse: (data: unknown) => SignResponse;
+export declare const unmarshalVerifyResponse: (data: unknown) => VerifyResponse;
 export declare const marshalCreateKeyRequest: (request: CreateKeyRequest, defaults: DefaultValues) => Record<string, unknown>;
 export declare const marshalDecryptRequest: (request: DecryptRequest, defaults: DefaultValues) => Record<string, unknown>;
 export declare const marshalEncryptRequest: (request: EncryptRequest, defaults: DefaultValues) => Record<string, unknown>;
 export declare const marshalGenerateDataKeyRequest: (request: GenerateDataKeyRequest, defaults: DefaultValues) => Record<string, unknown>;
 export declare const marshalImportKeyMaterialRequest: (request: ImportKeyMaterialRequest, defaults: DefaultValues) => Record<string, unknown>;
+export declare const marshalSignRequest: (request: SignRequest, defaults: DefaultValues) => Record<string, unknown>;
 export declare const marshalUpdateKeyRequest: (request: UpdateKeyRequest, defaults: DefaultValues) => Record<string, unknown>;
+export declare const marshalVerifyRequest: (request: VerifyRequest, defaults: DefaultValues) => Record<string, unknown>;

package/dist/v1alpha1/marshalling.gen.js

@@ -17,6 +17,8 @@ const unmarshalKeyUsage = (data) => {
     );
   }
   return {
+    asymmetricEncryption: data.asymmetric_encryption ? data.asymmetric_encryption : void 0,
+    asymmetricSigning: data.asymmetric_signing ? data.asymmetric_signing : void 0,
     symmetricEncryption: data.symmetric_encryption ? data.symmetric_encryption : void 0
   };
 };
@@ -93,13 +95,47 @@ const unmarshalListKeysResponse = (data) => {
     totalCount: data.total_count
   };
 };
+const unmarshalPublicKey = (data) => {
+  if (!isJSONObject(data)) {
+    throw new TypeError(
+      `Unmarshalling the type 'PublicKey' failed as data isn't a dictionary.`
+    );
+  }
+  return {
+    pem: data.pem
+  };
+};
+const unmarshalSignResponse = (data) => {
+  if (!isJSONObject(data)) {
+    throw new TypeError(
+      `Unmarshalling the type 'SignResponse' failed as data isn't a dictionary.`
+    );
+  }
+  return {
+    keyId: data.key_id,
+    signature: data.signature
+  };
+};
+const unmarshalVerifyResponse = (data) => {
+  if (!isJSONObject(data)) {
+    throw new TypeError(
+      `Unmarshalling the type 'VerifyResponse' failed as data isn't a dictionary.`
+    );
+  }
+  return {
+    keyId: data.key_id,
+    valid: data.valid
+  };
+};
 const marshalKeyRotationPolicy = (request, defaults) => ({
   next_rotation_at: request.nextRotationAt,
   rotation_period: request.rotationPeriod
 });
 const marshalKeyUsage = (request, defaults) => ({
   ...resolveOneOf([
-    { param: "symmetric_encryption", value: request.symmetricEncryption }
+    { param: "symmetric_encryption", value: request.symmetricEncryption },
+    { param: "asymmetric_encryption", value: request.asymmetricEncryption },
+    { param: "asymmetric_signing", value: request.asymmetricSigning }
   ])
 });
 const marshalCreateKeyRequest = (request, defaults) => ({
@@ -128,22 +164,34 @@ const marshalImportKeyMaterialRequest = (request, defaults) => ({
   key_material: request.keyMaterial,
   salt: request.salt
 });
+const marshalSignRequest = (request, defaults) => ({
+  digest: request.digest
+});
 const marshalUpdateKeyRequest = (request, defaults) => ({
   description: request.description,
   name: request.name,
   rotation_policy: request.rotationPolicy !== void 0 ? marshalKeyRotationPolicy(request.rotationPolicy) : void 0,
   tags: request.tags
 });
+const marshalVerifyRequest = (request, defaults) => ({
+  digest: request.digest,
+  signature: request.signature
+});
 export {
   marshalCreateKeyRequest,
   marshalDecryptRequest,
   marshalEncryptRequest,
   marshalGenerateDataKeyRequest,
   marshalImportKeyMaterialRequest,
+  marshalSignRequest,
   marshalUpdateKeyRequest,
+  marshalVerifyRequest,
   unmarshalDataKey,
   unmarshalDecryptResponse,
   unmarshalEncryptResponse,
   unmarshalKey,
-  unmarshalListKeysResponse
+  unmarshalListKeysResponse,
+  unmarshalPublicKey,
+  unmarshalSignResponse,
+  unmarshalVerifyResponse
 };

package/dist/v1alpha1/types.gen.d.ts

@@ -1,9 +1,12 @@
 import type { Region as ScwRegion } from '@scaleway/sdk-client';
 export type DataKeyAlgorithmSymmetricEncryption = 'unknown_symmetric_encryption' | 'aes_256_gcm';
+export type KeyAlgorithmAsymmetricEncryption = 'unknown_asymmetric_encryption' | 'rsa_oaep_2048_sha256' | 'rsa_oaep_3072_sha256' | 'rsa_oaep_4096_sha256';
+export type KeyAlgorithmAsymmetricSigning = 'unknown_asymmetric_signing' | 'ec_p256_sha256' | 'ec_p384_sha384' | 'rsa_pss_2048_sha256' | 'rsa_pss_3072_sha256' | 'rsa_pss_4096_sha256' | 'rsa_pkcs1_2048_sha256' | 'rsa_pkcs1_3072_sha256' | 'rsa_pkcs1_4096_sha256';
 export type KeyAlgorithmSymmetricEncryption = 'unknown_symmetric_encryption' | 'aes_256_gcm';
 export type KeyOrigin = 'unknown_origin' | 'scaleway_kms' | 'external';
 export type KeyState = 'unknown_state' | 'enabled' | 'disabled' | 'pending_key_material';
 export type ListKeysRequestOrderBy = 'name_asc' | 'name_desc' | 'created_at_asc' | 'created_at_desc' | 'updated_at_asc' | 'updated_at_desc';
+export type ListKeysRequestUsage = 'unknown_usage' | 'symmetric_encryption' | 'asymmetric_encryption' | 'asymmetric_signing';
 export interface KeyRotationPolicy {
     /**
      * Time interval between two key rotations. The minimum duration is 24 hours and the maximum duration is 1 year (876000 hours).
@@ -18,9 +21,19 @@ export interface KeyUsage {
     /**
      * See the `Key.Algorithm.SymmetricEncryption` enum for a description of values.
      *
-     * One-of ('usage'): at most one of 'symmetricEncryption' could be set.
+     * One-of ('usage'): at most one of 'symmetricEncryption', 'asymmetricEncryption', 'asymmetricSigning' could be set.
      */
     symmetricEncryption?: KeyAlgorithmSymmetricEncryption;
+    /**
+     *
+     * One-of ('usage'): at most one of 'symmetricEncryption', 'asymmetricEncryption', 'asymmetricSigning' could be set.
+     */
+    asymmetricEncryption?: KeyAlgorithmAsymmetricEncryption;
+    /**
+     *
+     * One-of ('usage'): at most one of 'symmetricEncryption', 'asymmetricEncryption', 'asymmetricSigning' could be set.
+     */
+    asymmetricSigning?: KeyAlgorithmAsymmetricSigning;
 }
 export interface Key {
     /**
@@ -154,7 +167,7 @@ export type DecryptRequest = {
      */
     region?: ScwRegion;
     /**
-     * ID of the key to decrypt.
+     * The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`.
      */
     keyId: string;
     /**
@@ -162,7 +175,7 @@ export type DecryptRequest = {
      */
     ciphertext: string;
     /**
-     * The additional data must match the value passed in the encryption request.
+     * The additional data must match the value passed in the encryption request. Only supported by keys with a usage set to `symmetric_encryption`.
      */
     associatedData?: string;
 };
@@ -226,7 +239,7 @@ export type EncryptRequest = {
      */
     region?: ScwRegion;
     /**
-     * ID of the key to encrypt.
+     * The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`.
      */
     keyId: string;
     /**
@@ -234,7 +247,7 @@ export type EncryptRequest = {
      */
     plaintext: string;
     /**
-     * Additional data which will not be encrypted, but authenticated and appended to the encrypted payload.
+     * Additional data which will not be encrypted, but authenticated and appended to the encrypted payload. Only supported by keys with a usage set to `symmetric_encryption`.
      */
     associatedData?: string;
 };
@@ -277,6 +290,16 @@ export type GetKeyRequest = {
      */
     keyId: string;
 };
+export type GetPublicKeyRequest = {
+    /**
+     * Region to target. If none is passed will use default region from the config.
+     */
+    region?: ScwRegion;
+    /**
+     * ID of the key.
+     */
+    keyId: string;
+};
 export type ImportKeyMaterialRequest = {
     /**
      * Region to target. If none is passed will use default region from the config.
@@ -319,6 +342,10 @@ export type ListKeysRequest = {
      * (Optional) Filter by key name.
      */
     name?: string;
+    /**
+     * Select from symmetric encryption, asymmetric encryption, or asymmetric signing.
+     */
+    usage?: ListKeysRequestUsage;
 };
 export interface ListKeysResponse {
     /**
@@ -340,6 +367,9 @@ export type ProtectKeyRequest = {
      */
     keyId: string;
 };
+export interface PublicKey {
+    pem: string;
+}
 export type RotateKeyRequest = {
     /**
      * Region to target. If none is passed will use default region from the config.
@@ -350,6 +380,30 @@ export type RotateKeyRequest = {
      */
     keyId: string;
 };
+export type SignRequest = {
+    /**
+     * Region to target. If none is passed will use default region from the config.
+     */
+    region?: ScwRegion;
+    /**
+     * ID of the key to use for signing.
+     */
+    keyId: string;
+    /**
+     * The digest must be generated using the same algorithm defined in the key’s algorithm settings.
+     */
+    digest: string;
+};
+export interface SignResponse {
+    /**
+     * ID of the key used to generate the signature.
+     */
+    keyId: string;
+    /**
+     * The message signature.
+     */
+    signature: string;
+}
 export type UnprotectKeyRequest = {
     /**
      * Region to target. If none is passed will use default region from the config.
@@ -386,3 +440,31 @@ export type UpdateKeyRequest = {
      */
     rotationPolicy?: KeyRotationPolicy;
 };
+export type VerifyRequest = {
+    /**
+     * Region to target. If none is passed will use default region from the config.
+     */
+    region?: ScwRegion;
+    /**
+     * ID of the key to use for signature verification.
+     */
+    keyId: string;
+    /**
+     * Must be generated using the same algorithm specified in the key’s configuration.
+     */
+    digest: string;
+    /**
+     * The message signature to verify.
+     */
+    signature: string;
+};
+export interface VerifyResponse {
+    /**
+     * ID of the key used for verification.
+     */
+    keyId: string;
+    /**
+     * Returns `true` if the signature is valid for the digest and key, `false` otherwise.
+     */
+    valid: boolean;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@scaleway/sdk-key-manager",
-  "version": "1.0.1",
+  "version": "1.2.0",
   "description": "Scaleway SDK key-manager",
   "types": "dist/index.d.ts",
   "files": [
@@ -26,21 +26,18 @@
     "directory": "packages_generated/key-manager"
   },
   "engines": {
-    "node": ">=20.18.3"
+    "node": ">=20.19.1"
   },
   "dependencies": {
     "@scaleway/random-name": "5.1.1",
-    "@scaleway/sdk-std": "1.0.1"
+    "@scaleway/sdk-std": "1.0.3"
   },
   "peerDependencies": {
-    "@scaleway/sdk-client": "^1.2.1"
+    "@scaleway/sdk-client": "^1.2.2"
   },
   "devDependencies": {
-    "@scaleway/sdk-client": "^1.2.1"
+    "@scaleway/sdk-client": "^1.2.2"
   },
-  "bundledDependencies": [
-    "@scaleway/random-name"
-  ],
   "scripts": {
     "package:check": "pnpm publint",
     "typecheck": "tsc --noEmit",