@sphereon/ssi-sdk.kms-rest-client 0.34.1-feature.SSISDK.78.306 → 0.34.1-feature.SSISDK.82.and.SSISDK.70.345

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/index.cjs +125 -191
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +28 -52
  4. package/dist/index.d.ts +28 -52
  5. package/dist/index.js +125 -191
  6. package/dist/index.js.map +1 -1
  7. package/package.json +3 -3
  8. package/plugin.schema.json +43 -172
  9. package/src/agent/KmsRestClient.ts +59 -47
  10. package/src/types/IKmsRestClient.ts +44 -61
package/dist/index.js CHANGED
@@ -20,10 +20,7 @@ var plugin_schema_default = {
20
20
  type: "string"
21
21
  }
22
22
  },
23
- required: [
24
- "input",
25
- "keyInfo"
26
- ]
23
+ required: ["input", "keyInfo"]
27
24
  },
28
25
  KeyInfo: {
29
26
  type: "object",
@@ -164,56 +161,28 @@ var plugin_schema_default = {
164
161
  description: "X.509 certificate SHA-256 thumbprint (base64url-encoded)."
165
162
  }
166
163
  },
167
- required: [
168
- "kty"
169
- ],
164
+ required: ["kty"],
170
165
  additionalProperties: false,
171
166
  description: "Represents a JSON Web Key (JWK) as defined by the JSON Web Key specification."
172
167
  },
173
168
  JwkKeyType: {
174
169
  type: "string",
175
- enum: [
176
- "EC",
177
- "RSA",
178
- "OKP",
179
- "oct"
180
- ],
170
+ enum: ["EC", "RSA", "OKP", "oct"],
181
171
  description: "JSON Web Key (JWK) key type parameter identifying the cryptographic algorithm family."
182
172
  },
183
173
  JwkUse: {
184
174
  type: "string",
185
- enum: [
186
- "sig",
187
- "enc"
188
- ],
175
+ enum: ["sig", "enc"],
189
176
  description: "Intended use of the key (signing or encryption)."
190
177
  },
191
178
  KeyOperations: {
192
179
  type: "string",
193
- enum: [
194
- "sign",
195
- "verify",
196
- "encrypt",
197
- "decrypt",
198
- "wrapKey",
199
- "unwrapKey",
200
- "deriveKey",
201
- "deriveBits"
202
- ],
180
+ enum: ["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"],
203
181
  description: "Specific operations the key is intended for."
204
182
  },
205
183
  Curve: {
206
184
  type: "string",
207
- enum: [
208
- "P-256",
209
- "P-384",
210
- "P-521",
211
- "secp256k1",
212
- "Ed25519",
213
- "Ed448",
214
- "X25519",
215
- "X448"
216
- ],
185
+ enum: ["P-256", "P-384", "P-521", "secp256k1", "Ed25519", "Ed448", "X25519", "X448"],
217
186
  description: "Elliptic curve identifier."
218
187
  },
219
188
  SignatureAlgorithm: {
@@ -236,27 +205,17 @@ var plugin_schema_default = {
236
205
  },
237
206
  KeyVisibility: {
238
207
  type: "string",
239
- enum: [
240
- "PUBLIC",
241
- "PRIVATE"
242
- ],
208
+ enum: ["PUBLIC", "PRIVATE"],
243
209
  description: "Indicates the visibility status of a cryptographic key."
244
210
  },
245
211
  KeyType: {
246
212
  type: "string",
247
- enum: [
248
- "OKP",
249
- "EC",
250
- "RSA"
251
- ],
213
+ enum: ["OKP", "EC", "RSA"],
252
214
  description: "Cryptographic key type identifier."
253
215
  },
254
216
  KeyEncoding: {
255
217
  type: "string",
256
- enum: [
257
- "COSE",
258
- "JOSE"
259
- ],
218
+ enum: ["COSE", "JOSE"],
260
219
  description: "The encoding format of the cryptographic key."
261
220
  },
262
221
  CreateRawSignatureResponse: {
@@ -267,9 +226,7 @@ var plugin_schema_default = {
267
226
  description: "The created signature encoded as a base64 string."
268
227
  }
269
228
  },
270
- required: [
271
- "signature"
272
- ],
229
+ required: ["signature"],
273
230
  additionalProperties: false,
274
231
  description: "Response body containing the created signature."
275
232
  },
@@ -283,9 +240,7 @@ var plugin_schema_default = {
283
240
  type: "string"
284
241
  }
285
242
  },
286
- required: [
287
- "aliasOrKid"
288
- ],
243
+ required: ["aliasOrKid"],
289
244
  additionalProperties: false
290
245
  },
291
246
  KmsClientGenerateKeyArgs: {
@@ -324,9 +279,7 @@ var plugin_schema_default = {
324
279
  $ref: "#/components/schemas/ManagedKeyPair"
325
280
  }
326
281
  },
327
- required: [
328
- "keyPair"
329
- ],
282
+ required: ["keyPair"],
330
283
  additionalProperties: false,
331
284
  description: "Response body containing a generated key pair."
332
285
  },
@@ -352,12 +305,7 @@ var plugin_schema_default = {
352
305
  $ref: "#/components/schemas/JoseKeyPair"
353
306
  }
354
307
  },
355
- required: [
356
- "providerId",
357
- "alias",
358
- "cose",
359
- "jose"
360
- ],
308
+ required: ["providerId", "alias", "cose", "jose"],
361
309
  additionalProperties: false,
362
310
  description: "Represents a key pair used by a crypto provider, encapsulating both JOSE and COSE key pairs."
363
311
  },
@@ -371,9 +319,7 @@ var plugin_schema_default = {
371
319
  $ref: "#/components/schemas/CoseKey"
372
320
  }
373
321
  },
374
- required: [
375
- "publicCoseKey"
376
- ],
322
+ required: ["publicCoseKey"],
377
323
  additionalProperties: false,
378
324
  description: "Represents a cryptographic key pair for COSE (CBOR Object Signing and Encryption) operations."
379
325
  },
@@ -426,20 +372,13 @@ var plugin_schema_default = {
426
372
  description: "X.509 certificate chain as base64-encoded certificates."
427
373
  }
428
374
  },
429
- required: [
430
- "kty"
431
- ],
375
+ required: ["kty"],
432
376
  additionalProperties: false,
433
377
  description: "Represents a COSE (CBOR Object Signing and Encryption) key in JSON format."
434
378
  },
435
379
  CoseKeyType: {
436
380
  type: "number",
437
- enum: [
438
- 1,
439
- 2,
440
- 3,
441
- 4
442
- ],
381
+ enum: [1, 2, 3, 4],
443
382
  description: "COSE key type parameter. 1=OKP (Octet Key Pair), 2=EC2 (Elliptic Curve), 3=RSA, 4=Symmetric."
444
383
  },
445
384
  JoseKeyPair: {
@@ -452,9 +391,7 @@ var plugin_schema_default = {
452
391
  $ref: "#/components/schemas/Jwk"
453
392
  }
454
393
  },
455
- required: [
456
- "publicJwk"
457
- ],
394
+ required: ["publicJwk"],
458
395
  additionalProperties: false,
459
396
  description: "Data class representing a cryptographic key pair used with JOSE (JSON Object Signing and Encryption)."
460
397
  },
@@ -468,9 +405,7 @@ var plugin_schema_default = {
468
405
  type: "string"
469
406
  }
470
407
  },
471
- required: [
472
- "aliasOrKid"
473
- ],
408
+ required: ["aliasOrKid"],
474
409
  additionalProperties: false
475
410
  },
476
411
  GetKeyResponse: {
@@ -480,9 +415,7 @@ var plugin_schema_default = {
480
415
  $ref: "#/components/schemas/ManagedKeyInfo"
481
416
  }
482
417
  },
483
- required: [
484
- "keyInfo"
485
- ],
418
+ required: ["keyInfo"],
486
419
  additionalProperties: false,
487
420
  description: "Response body containing a managed key."
488
421
  },
@@ -531,11 +464,7 @@ var plugin_schema_default = {
531
464
  description: "Additional configuration options as key-value pairs."
532
465
  }
533
466
  },
534
- required: [
535
- "key",
536
- "alias",
537
- "providerId"
538
- ],
467
+ required: ["key", "alias", "providerId"],
539
468
  additionalProperties: false,
540
469
  description: "Represents a managed cryptographic key information that is guaranteed to be present and resolved, part of a KMS providing concrete access to the key."
541
470
  },
@@ -549,9 +478,7 @@ var plugin_schema_default = {
549
478
  type: "string"
550
479
  }
551
480
  },
552
- required: [
553
- "providerId"
554
- ],
481
+ required: ["providerId"],
555
482
  additionalProperties: false
556
483
  },
557
484
  KeyProviderResponse: {
@@ -565,20 +492,13 @@ var plugin_schema_default = {
565
492
  $ref: "#/components/schemas/KeyProviderType"
566
493
  }
567
494
  },
568
- required: [
569
- "providerId",
570
- "type"
571
- ],
495
+ required: ["providerId", "type"],
572
496
  additionalProperties: false,
573
497
  description: "Response body containing the details of a Key Provider instance."
574
498
  },
575
499
  KeyProviderType: {
576
500
  type: "string",
577
- enum: [
578
- "SOFTWARE",
579
- "AZURE_KEYVAULT",
580
- "AWS_KMS"
581
- ],
501
+ enum: ["SOFTWARE", "AZURE_KEYVAULT", "AWS_KMS"],
582
502
  description: "The type of Key Provider. Determines the required configuration settings. - AZURE_KEYVAULT: Microsoft Azure Key Vault or Managed HSM. - AWS_KMS: Amazon Web Services Key Management Service."
583
503
  },
584
504
  kmsClientGetResolverArgs: {
@@ -591,9 +511,7 @@ var plugin_schema_default = {
591
511
  type: "string"
592
512
  }
593
513
  },
594
- required: [
595
- "resolverId"
596
- ],
514
+ required: ["resolverId"],
597
515
  additionalProperties: false
598
516
  },
599
517
  Resolver: {
@@ -618,21 +536,13 @@ var plugin_schema_default = {
618
536
  description: "List of key types supported by this resolver."
619
537
  }
620
538
  },
621
- required: [
622
- "resolverId"
623
- ],
539
+ required: ["resolverId"],
624
540
  additionalProperties: false,
625
541
  description: "Represents a key resolver configuration."
626
542
  },
627
543
  IdentifierMethod: {
628
544
  type: "string",
629
- enum: [
630
- "JWK",
631
- "KID",
632
- "COSE_KEY",
633
- "X5C",
634
- "DID"
635
- ],
545
+ enum: ["JWK", "KID", "COSE_KEY", "X5C", "DID"],
636
546
  description: "Method used to identify cryptographic keys."
637
547
  },
638
548
  KmsClientIsValidRawSignatureArgs: {
@@ -652,11 +562,7 @@ var plugin_schema_default = {
652
562
  type: "string"
653
563
  }
654
564
  },
655
- required: [
656
- "input",
657
- "keyInfo",
658
- "signature"
659
- ]
565
+ required: ["input", "keyInfo", "signature"]
660
566
  },
661
567
  VerifyRawSignatureResponse: {
662
568
  type: "object",
@@ -666,9 +572,7 @@ var plugin_schema_default = {
666
572
  description: "Indicates whether the signature is valid or not."
667
573
  }
668
574
  },
669
- required: [
670
- "isValid"
671
- ],
575
+ required: ["isValid"],
672
576
  additionalProperties: false,
673
577
  description: "Response body containing the details of the signature verification."
674
578
  },
@@ -691,9 +595,7 @@ var plugin_schema_default = {
691
595
  }
692
596
  }
693
597
  },
694
- required: [
695
- "providers"
696
- ],
598
+ required: ["providers"],
697
599
  additionalProperties: false,
698
600
  description: "Response body containing the details of a Key Provider instance."
699
601
  },
@@ -708,10 +610,7 @@ var plugin_schema_default = {
708
610
  $ref: "#/components/schemas/KeyProviderType"
709
611
  }
710
612
  },
711
- required: [
712
- "providerId",
713
- "type"
714
- ],
613
+ required: ["providerId", "type"],
715
614
  additionalProperties: false,
716
615
  description: "Response body containing the details of a Key Provider instance."
717
616
  },
@@ -737,9 +636,7 @@ var plugin_schema_default = {
737
636
  }
738
637
  }
739
638
  },
740
- required: [
741
- "keyInfos"
742
- ],
639
+ required: ["keyInfos"],
743
640
  additionalProperties: false,
744
641
  description: "Response body containing all the managed keys."
745
642
  },
@@ -762,9 +659,7 @@ var plugin_schema_default = {
762
659
  }
763
660
  }
764
661
  },
765
- required: [
766
- "resolvers"
767
- ],
662
+ required: ["resolvers"],
768
663
  additionalProperties: false,
769
664
  description: "Response body containing all the resolvers."
770
665
  },
@@ -781,10 +676,7 @@ var plugin_schema_default = {
781
676
  type: "string"
782
677
  }
783
678
  },
784
- required: [
785
- "providerId",
786
- "aliasOrKid"
787
- ],
679
+ required: ["providerId", "aliasOrKid"],
788
680
  additionalProperties: false
789
681
  },
790
682
  KmsClientProviderGenerateKeyArgs: {
@@ -814,9 +706,7 @@ var plugin_schema_default = {
814
706
  type: "string"
815
707
  }
816
708
  },
817
- required: [
818
- "providerId"
819
- ]
709
+ required: ["providerId"]
820
710
  },
821
711
  KmsClientProviderGetKeyArgs: {
822
712
  type: "object",
@@ -831,10 +721,7 @@ var plugin_schema_default = {
831
721
  type: "string"
832
722
  }
833
723
  },
834
- required: [
835
- "providerId",
836
- "aliasOrKid"
837
- ],
724
+ required: ["providerId", "aliasOrKid"],
838
725
  additionalProperties: false
839
726
  },
840
727
  KmsClientProviderListKeysArgs: {
@@ -847,9 +734,7 @@ var plugin_schema_default = {
847
734
  type: "string"
848
735
  }
849
736
  },
850
- required: [
851
- "providerId"
852
- ],
737
+ required: ["providerId"],
853
738
  additionalProperties: false
854
739
  },
855
740
  KmsClientProviderStoreKeyArgs: {
@@ -873,10 +758,7 @@ var plugin_schema_default = {
873
758
  type: "string"
874
759
  }
875
760
  },
876
- required: [
877
- "keyInfo",
878
- "providerId"
879
- ]
761
+ required: ["keyInfo", "providerId"]
880
762
  },
881
763
  ResolvedKeyInfo: {
882
764
  type: "object",
@@ -923,9 +805,7 @@ var plugin_schema_default = {
923
805
  description: "Additional configuration options as key-value pairs."
924
806
  }
925
807
  },
926
- required: [
927
- "key"
928
- ],
808
+ required: ["key"],
929
809
  additionalProperties: false,
930
810
  description: "Represents a resolved cryptographic key information where the key is guaranteed to be present and resolved, providing concrete access to the key."
931
811
  },
@@ -936,9 +816,7 @@ var plugin_schema_default = {
936
816
  $ref: "#/components/schemas/ManagedKeyInfo"
937
817
  }
938
818
  },
939
- required: [
940
- "keyInfo"
941
- ],
819
+ required: ["keyInfo"],
942
820
  additionalProperties: false,
943
821
  description: "Response body containing a stored key."
944
822
  },
@@ -970,10 +848,7 @@ var plugin_schema_default = {
970
848
  $ref: "#/components/schemas/String"
971
849
  }
972
850
  },
973
- required: [
974
- "keyInfo",
975
- "resolverId"
976
- ]
851
+ required: ["keyInfo", "resolverId"]
977
852
  },
978
853
  String: {
979
854
  type: "object",
@@ -982,9 +857,7 @@ var plugin_schema_default = {
982
857
  type: "number"
983
858
  }
984
859
  },
985
- required: [
986
- "length"
987
- ],
860
+ required: ["length"],
988
861
  additionalProperties: {
989
862
  type: "string"
990
863
  }
@@ -1007,9 +880,7 @@ var plugin_schema_default = {
1007
880
  type: "string"
1008
881
  }
1009
882
  },
1010
- required: [
1011
- "keyInfo"
1012
- ]
883
+ required: ["keyInfo"]
1013
884
  }
1014
885
  },
1015
886
  methods: {
@@ -3436,7 +3307,11 @@ var KmsRestClient = class _KmsRestClient {
3436
3307
  const baseUrl = this.assertedAgentBaseUrl(args.baseUrl);
3437
3308
  const url = _KmsRestClient.urlWithBase(`/resolvers/${args.resolverId}`, baseUrl);
3438
3309
  const response = await fetch(url, {
3439
- method: "GET"
3310
+ method: "GET",
3311
+ headers: await this.createHeaders({
3312
+ tenantId: args.tenantId,
3313
+ userId: args.userId
3314
+ })
3440
3315
  });
3441
3316
  logger.debug(`get resolver response: ${response}`);
3442
3317
  if (!response.ok) {
@@ -3449,7 +3324,11 @@ var KmsRestClient = class _KmsRestClient {
3449
3324
  const baseUrl = this.assertedAgentBaseUrl(args?.baseUrl);
3450
3325
  const url = _KmsRestClient.urlWithBase("/resolvers", baseUrl);
3451
3326
  const response = await fetch(url, {
3452
- method: "GET"
3327
+ method: "GET",
3328
+ headers: await this.createHeaders({
3329
+ tenantId: args?.tenantId,
3330
+ userId: args?.userId
3331
+ })
3453
3332
  });
3454
3333
  logger.debug(`list resolvers response: ${response}`);
3455
3334
  if (!response.ok) {
@@ -3470,7 +3349,9 @@ var KmsRestClient = class _KmsRestClient {
3470
3349
  const response = await fetch(url, {
3471
3350
  method: "POST",
3472
3351
  headers: await this.createHeaders({
3473
- "Content-Type": "application/json"
3352
+ contentType: "application/json",
3353
+ tenantId: args.tenantId,
3354
+ userId: args.userId
3474
3355
  }),
3475
3356
  body: JSON.stringify(ResolvePublicKeyToJSONTyped(body))
3476
3357
  });
@@ -3491,7 +3372,9 @@ var KmsRestClient = class _KmsRestClient {
3491
3372
  const response = await fetch(url, {
3492
3373
  method: "POST",
3493
3374
  headers: await this.createHeaders({
3494
- "Content-Type": "application/json"
3375
+ contentType: "application/json",
3376
+ tenantId: args.tenantId,
3377
+ userId: args.userId
3495
3378
  }),
3496
3379
  body: JSON.stringify(CreateRawSignatureToJSONTyped(body))
3497
3380
  });
@@ -3513,7 +3396,9 @@ var KmsRestClient = class _KmsRestClient {
3513
3396
  const response = await fetch(url, {
3514
3397
  method: "POST",
3515
3398
  headers: await this.createHeaders({
3516
- "Content-Type": "application/json"
3399
+ contentType: "application/json",
3400
+ tenantId: args.tenantId,
3401
+ userId: args.userId
3517
3402
  }),
3518
3403
  body: JSON.stringify(VerifyRawSignatureToJSONTyped(body))
3519
3404
  });
@@ -3528,7 +3413,11 @@ var KmsRestClient = class _KmsRestClient {
3528
3413
  const baseUrl = this.assertedAgentBaseUrl(args.baseUrl);
3529
3414
  const url = _KmsRestClient.urlWithBase(`/keys/${args.aliasOrKid}`, baseUrl);
3530
3415
  const response = await fetch(url, {
3531
- method: "GET"
3416
+ method: "GET",
3417
+ headers: await this.createHeaders({
3418
+ tenantId: args.tenantId,
3419
+ userId: args.userId
3420
+ })
3532
3421
  });
3533
3422
  logger.debug(`get key response: ${response}`);
3534
3423
  if (!response.ok) {
@@ -3545,7 +3434,11 @@ var KmsRestClient = class _KmsRestClient {
3545
3434
  }
3546
3435
  });
3547
3436
  const response = await fetch(url, {
3548
- method: "GET"
3437
+ method: "GET",
3438
+ headers: await this.createHeaders({
3439
+ tenantId: args?.tenantId,
3440
+ userId: args?.userId
3441
+ })
3549
3442
  });
3550
3443
  logger.debug(`list keys response: ${response}`);
3551
3444
  if (!response.ok) {
@@ -3564,7 +3457,9 @@ var KmsRestClient = class _KmsRestClient {
3564
3457
  const response = await fetch(url, {
3565
3458
  method: "POST",
3566
3459
  headers: await this.createHeaders({
3567
- "Content-Type": "application/json"
3460
+ contentType: "application/json",
3461
+ tenantId: args.tenantId,
3462
+ userId: args.userId
3568
3463
  }),
3569
3464
  body: JSON.stringify(StoreKeyToJSONTyped(body))
3570
3465
  });
@@ -3587,7 +3482,9 @@ var KmsRestClient = class _KmsRestClient {
3587
3482
  const response = await fetch(url, {
3588
3483
  method: "POST",
3589
3484
  headers: await this.createHeaders({
3590
- "Content-Type": "application/json"
3485
+ contentType: "application/json",
3486
+ tenantId: args.tenantId,
3487
+ userId: args.userId
3591
3488
  }),
3592
3489
  body: JSON.stringify(GenerateKeyGlobalToJSONTyped(body))
3593
3490
  });
@@ -3602,7 +3499,11 @@ var KmsRestClient = class _KmsRestClient {
3602
3499
  const baseUrl = this.assertedAgentBaseUrl(args.baseUrl);
3603
3500
  const url = _KmsRestClient.urlWithBase(`/keys/${args.aliasOrKid}`, baseUrl);
3604
3501
  const response = await fetch(url, {
3605
- method: "DELETE"
3502
+ method: "DELETE",
3503
+ headers: await this.createHeaders({
3504
+ tenantId: args.tenantId,
3505
+ userId: args.userId
3506
+ })
3606
3507
  });
3607
3508
  logger.debug(`delete key response: ${response}`);
3608
3509
  if (!response.ok) {
@@ -3615,7 +3516,11 @@ var KmsRestClient = class _KmsRestClient {
3615
3516
  const baseUrl = this.assertedAgentBaseUrl(args.baseUrl);
3616
3517
  const url = _KmsRestClient.urlWithBase(`/providers/${args.providerId}`, baseUrl);
3617
3518
  const response = await fetch(url, {
3618
- method: "GET"
3519
+ method: "GET",
3520
+ headers: await this.createHeaders({
3521
+ tenantId: args.tenantId,
3522
+ userId: args.userId
3523
+ })
3619
3524
  });
3620
3525
  logger.debug(`get provider response: ${response}`);
3621
3526
  if (!response.ok) {
@@ -3628,7 +3533,11 @@ var KmsRestClient = class _KmsRestClient {
3628
3533
  const baseUrl = this.assertedAgentBaseUrl(args?.baseUrl);
3629
3534
  const url = _KmsRestClient.urlWithBase("/providers", baseUrl);
3630
3535
  const response = await fetch(url, {
3631
- method: "GET"
3536
+ method: "GET",
3537
+ headers: await this.createHeaders({
3538
+ tenantId: args?.tenantId,
3539
+ userId: args?.userId
3540
+ })
3632
3541
  });
3633
3542
  logger.debug(`list providers response: ${response}`);
3634
3543
  if (!response.ok) {
@@ -3641,7 +3550,11 @@ var KmsRestClient = class _KmsRestClient {
3641
3550
  const baseUrl = this.assertedAgentBaseUrl(args.baseUrl);
3642
3551
  const url = _KmsRestClient.urlWithBase(`/providers/${args.providerId}/keys`, baseUrl);
3643
3552
  const response = await fetch(url, {
3644
- method: "GET"
3553
+ method: "GET",
3554
+ headers: await this.createHeaders({
3555
+ tenantId: args.tenantId,
3556
+ userId: args.userId
3557
+ })
3645
3558
  });
3646
3559
  logger.debug(`list provider keys response: ${response}`);
3647
3560
  if (!response.ok) {
@@ -3660,7 +3573,9 @@ var KmsRestClient = class _KmsRestClient {
3660
3573
  const response = await fetch(url, {
3661
3574
  method: "POST",
3662
3575
  headers: await this.createHeaders({
3663
- "Content-Type": "application/json"
3576
+ contentType: "application/json",
3577
+ tenantId: args.tenantId,
3578
+ userId: args.userId
3664
3579
  }),
3665
3580
  body: JSON.stringify(StoreKeyToJSONTyped(body))
3666
3581
  });
@@ -3677,12 +3592,15 @@ var KmsRestClient = class _KmsRestClient {
3677
3592
  const body = {
3678
3593
  alg: args.alg,
3679
3594
  keyOperations: args.keyOperations,
3680
- use: args.use
3595
+ use: args.use,
3596
+ alias: args.alias
3681
3597
  };
3682
3598
  const response = await fetch(url, {
3683
3599
  method: "POST",
3684
3600
  headers: await this.createHeaders({
3685
- "Content-Type": "application/json"
3601
+ contentType: "application/json",
3602
+ tenantId: args.tenantId,
3603
+ userId: args.userId
3686
3604
  }),
3687
3605
  body: JSON.stringify(GenerateKeyToJSONTyped(body))
3688
3606
  });
@@ -3697,7 +3615,11 @@ var KmsRestClient = class _KmsRestClient {
3697
3615
  const baseUrl = this.assertedAgentBaseUrl(args.baseUrl);
3698
3616
  const url = _KmsRestClient.urlWithBase(`/providers/${args.providerId}/keys/${args.aliasOrKid}`, baseUrl);
3699
3617
  const response = await fetch(url, {
3700
- method: "GET"
3618
+ method: "GET",
3619
+ headers: await this.createHeaders({
3620
+ tenantId: args.tenantId,
3621
+ userId: args.userId
3622
+ })
3701
3623
  });
3702
3624
  logger.debug(`get provider key response: ${response}`);
3703
3625
  if (!response.ok) {
@@ -3710,7 +3632,11 @@ var KmsRestClient = class _KmsRestClient {
3710
3632
  const baseUrl = this.assertedAgentBaseUrl(args.baseUrl);
3711
3633
  const url = _KmsRestClient.urlWithBase(`providers/${args.providerId}/keys/${args.aliasOrKid}`, baseUrl);
3712
3634
  const response = await fetch(url, {
3713
- method: "DELETE"
3635
+ method: "DELETE",
3636
+ headers: await this.createHeaders({
3637
+ tenantId: args.tenantId,
3638
+ userId: args.userId
3639
+ })
3714
3640
  });
3715
3641
  logger.debug(`delete key response: ${response}`);
3716
3642
  if (!response.ok) {
@@ -3726,9 +3652,17 @@ var KmsRestClient = class _KmsRestClient {
3726
3652
  }
3727
3653
  throw new Error("No base url has been provided");
3728
3654
  }
3729
- async createHeaders(existing) {
3655
+ async createHeaders(args) {
3730
3656
  const headers = {
3731
- ...existing,
3657
+ ...args?.contentType ? {
3658
+ "Content-Type": args.contentType
3659
+ } : {},
3660
+ ...args?.tenantId ? {
3661
+ "X-Tenant-ID": args.tenantId
3662
+ } : {},
3663
+ ...args?.userId ? {
3664
+ "X-User-ID": args.userId
3665
+ } : {},
3732
3666
  Accept: "application/json"
3733
3667
  };
3734
3668
  if (this.authOpts?.enabled === true) {