@tapis/tapis-typescript-sk 0.0.2

package/dist/apis/VaultApi.js

@@ -0,0 +1,740 @@
+"use strict";
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Tapis Security API
+ * The Tapis Security API provides access to the Tapis Security Kernel authorization and secrets facilities.
+ *
+ * The version of the OpenAPI document: 0.1
+ * Contact: cicsupport@tacc.utexas.edu
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = Object.setPrototypeOf ||
+        ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+        function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
+    return function (d, b) {
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var runtime = require("../runtime");
+var models_1 = require("../models");
+/**
+ *
+ */
+var VaultApi = /** @class */ (function (_super) {
+    __extends(VaultApi, _super);
+    function VaultApi() {
+        return _super !== null && _super.apply(this, arguments) || this;
+    }
+    /**
+     * Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation.  The input versions array is interpreted as follows:     * [-] - empty = delete all versions    * [0] - zero = delete only the latest version    * [1, 3, ...] - list = delete the specified versions  A valid tenant and user must also be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.deleteSecretRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling deleteSecret.');
+                        }
+                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling deleteSecret.');
+                        }
+                        if (requestParameters.reqVersions === null || requestParameters.reqVersions === undefined) {
+                            throw new runtime.RequiredError('reqVersions', 'Required parameter requestParameters.reqVersions was null or undefined when calling deleteSecret.');
+                        }
+                        queryParameters = {};
+                        if (requestParameters.pretty !== undefined) {
+                            queryParameters['pretty'] = requestParameters.pretty;
+                        }
+                        if (requestParameters.sysid !== undefined) {
+                            queryParameters['sysid'] = requestParameters.sysid;
+                        }
+                        if (requestParameters.sysuser !== undefined) {
+                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        }
+                        if (requestParameters.keytype !== undefined) {
+                            queryParameters['keytype'] = requestParameters.keytype;
+                        }
+                        if (requestParameters.dbhost !== undefined) {
+                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        }
+                        if (requestParameters.dbname !== undefined) {
+                            queryParameters['dbname'] = requestParameters.dbname;
+                        }
+                        if (requestParameters.dbservice !== undefined) {
+                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        }
+                        headerParameters = {};
+                        headerParameters['Content-Type'] = 'application/json';
+                        if (this.configuration && this.configuration.apiKey) {
+                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+                        }
+                        return [4 /*yield*/, this.request({
+                                path: "/security/vault/secret/delete/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
+                                method: 'POST',
+                                headers: headerParameters,
+                                query: queryParameters,
+                                body: models_1.ReqVersionsToJSON(requestParameters.reqVersions),
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespVersionsFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation.  The input versions array is interpreted as follows:     * [-] - empty = delete all versions    * [0] - zero = delete only the latest version    * [1, 3, ...] - list = delete the specified versions  A valid tenant and user must also be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.deleteSecret = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.deleteSecretRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret.  The input versions array is interpreted as follows:     * [-] - empty = destroy all versions    * [0] - zero = destroy only the latest version    * [1, 3, ...] - list = destroy the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.destroySecretRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling destroySecret.');
+                        }
+                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling destroySecret.');
+                        }
+                        if (requestParameters.reqVersions === null || requestParameters.reqVersions === undefined) {
+                            throw new runtime.RequiredError('reqVersions', 'Required parameter requestParameters.reqVersions was null or undefined when calling destroySecret.');
+                        }
+                        queryParameters = {};
+                        if (requestParameters.pretty !== undefined) {
+                            queryParameters['pretty'] = requestParameters.pretty;
+                        }
+                        if (requestParameters.sysid !== undefined) {
+                            queryParameters['sysid'] = requestParameters.sysid;
+                        }
+                        if (requestParameters.sysuser !== undefined) {
+                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        }
+                        if (requestParameters.keytype !== undefined) {
+                            queryParameters['keytype'] = requestParameters.keytype;
+                        }
+                        if (requestParameters.dbhost !== undefined) {
+                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        }
+                        if (requestParameters.dbname !== undefined) {
+                            queryParameters['dbname'] = requestParameters.dbname;
+                        }
+                        if (requestParameters.dbservice !== undefined) {
+                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        }
+                        headerParameters = {};
+                        headerParameters['Content-Type'] = 'application/json';
+                        if (this.configuration && this.configuration.apiKey) {
+                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+                        }
+                        return [4 /*yield*/, this.request({
+                                path: "/security/vault/secret/destroy/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
+                                method: 'POST',
+                                headers: headerParameters,
+                                query: queryParameters,
+                                body: models_1.ReqVersionsToJSON(requestParameters.reqVersions),
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespVersionsFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret.  The input versions array is interpreted as follows:     * [-] - empty = destroy all versions    * [0] - zero = destroy only the latest version    * [1, 3, ...] - list = destroy the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.destroySecret = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.destroySecretRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.destroySecretMetaRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling destroySecretMeta.');
+                        }
+                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling destroySecretMeta.');
+                        }
+                        queryParameters = {};
+                        if (requestParameters.tenant !== undefined) {
+                            queryParameters['tenant'] = requestParameters.tenant;
+                        }
+                        if (requestParameters.user !== undefined) {
+                            queryParameters['user'] = requestParameters.user;
+                        }
+                        if (requestParameters.pretty !== undefined) {
+                            queryParameters['pretty'] = requestParameters.pretty;
+                        }
+                        if (requestParameters.sysid !== undefined) {
+                            queryParameters['sysid'] = requestParameters.sysid;
+                        }
+                        if (requestParameters.sysuser !== undefined) {
+                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        }
+                        if (requestParameters.keytype !== undefined) {
+                            queryParameters['keytype'] = requestParameters.keytype;
+                        }
+                        if (requestParameters.dbhost !== undefined) {
+                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        }
+                        if (requestParameters.dbname !== undefined) {
+                            queryParameters['dbname'] = requestParameters.dbname;
+                        }
+                        if (requestParameters.dbservice !== undefined) {
+                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        }
+                        headerParameters = {};
+                        if (this.configuration && this.configuration.apiKey) {
+                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+                        }
+                        return [4 /*yield*/, this.request({
+                                path: "/security/vault/secret/destroy/meta/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
+                                method: 'DELETE',
+                                headers: headerParameters,
+                                query: queryParameters,
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespBasicFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.destroySecretMeta = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.destroySecretMetaRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.listSecretMetaRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling listSecretMeta.');
+                        }
+                        queryParameters = {};
+                        if (requestParameters.tenant !== undefined) {
+                            queryParameters['tenant'] = requestParameters.tenant;
+                        }
+                        if (requestParameters.user !== undefined) {
+                            queryParameters['user'] = requestParameters.user;
+                        }
+                        if (requestParameters.pretty !== undefined) {
+                            queryParameters['pretty'] = requestParameters.pretty;
+                        }
+                        if (requestParameters.sysid !== undefined) {
+                            queryParameters['sysid'] = requestParameters.sysid;
+                        }
+                        if (requestParameters.sysuser !== undefined) {
+                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        }
+                        if (requestParameters.keytype !== undefined) {
+                            queryParameters['keytype'] = requestParameters.keytype;
+                        }
+                        if (requestParameters.dbhost !== undefined) {
+                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        }
+                        if (requestParameters.dbname !== undefined) {
+                            queryParameters['dbname'] = requestParameters.dbname;
+                        }
+                        if (requestParameters.dbservice !== undefined) {
+                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        }
+                        headerParameters = {};
+                        if (this.configuration && this.configuration.apiKey) {
+                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+                        }
+                        return [4 /*yield*/, this.request({
+                                path: "/security/vault/secret/list/meta/{secretType}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))),
+                                method: 'GET',
+                                headers: headerParameters,
+                                query: queryParameters,
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespSecretListFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.listSecretMeta = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.listSecretMetaRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read.  The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed.  The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.readSecretRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling readSecret.');
+                        }
+                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling readSecret.');
+                        }
+                        queryParameters = {};
+                        if (requestParameters.tenant !== undefined) {
+                            queryParameters['tenant'] = requestParameters.tenant;
+                        }
+                        if (requestParameters.user !== undefined) {
+                            queryParameters['user'] = requestParameters.user;
+                        }
+                        if (requestParameters.version !== undefined) {
+                            queryParameters['version'] = requestParameters.version;
+                        }
+                        if (requestParameters.pretty !== undefined) {
+                            queryParameters['pretty'] = requestParameters.pretty;
+                        }
+                        if (requestParameters.sysid !== undefined) {
+                            queryParameters['sysid'] = requestParameters.sysid;
+                        }
+                        if (requestParameters.sysuser !== undefined) {
+                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        }
+                        if (requestParameters.keytype !== undefined) {
+                            queryParameters['keytype'] = requestParameters.keytype;
+                        }
+                        if (requestParameters.dbhost !== undefined) {
+                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        }
+                        if (requestParameters.dbname !== undefined) {
+                            queryParameters['dbname'] = requestParameters.dbname;
+                        }
+                        if (requestParameters.dbservice !== undefined) {
+                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        }
+                        headerParameters = {};
+                        if (this.configuration && this.configuration.apiKey) {
+                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+                        }
+                        return [4 /*yield*/, this.request({
+                                path: "/security/vault/secret/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
+                                method: 'GET',
+                                headers: headerParameters,
+                                query: queryParameters,
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespSecretFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read.  The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed.  The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.readSecret = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.readSecretRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.readSecretMetaRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling readSecretMeta.');
+                        }
+                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling readSecretMeta.');
+                        }
+                        queryParameters = {};
+                        if (requestParameters.tenant !== undefined) {
+                            queryParameters['tenant'] = requestParameters.tenant;
+                        }
+                        if (requestParameters.user !== undefined) {
+                            queryParameters['user'] = requestParameters.user;
+                        }
+                        if (requestParameters.pretty !== undefined) {
+                            queryParameters['pretty'] = requestParameters.pretty;
+                        }
+                        if (requestParameters.sysid !== undefined) {
+                            queryParameters['sysid'] = requestParameters.sysid;
+                        }
+                        if (requestParameters.sysuser !== undefined) {
+                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        }
+                        if (requestParameters.keytype !== undefined) {
+                            queryParameters['keytype'] = requestParameters.keytype;
+                        }
+                        if (requestParameters.dbhost !== undefined) {
+                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        }
+                        if (requestParameters.dbname !== undefined) {
+                            queryParameters['dbname'] = requestParameters.dbname;
+                        }
+                        if (requestParameters.dbservice !== undefined) {
+                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        }
+                        headerParameters = {};
+                        if (this.configuration && this.configuration.apiKey) {
+                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+                        }
+                        return [4 /*yield*/, this.request({
+                                path: "/security/vault/secret/read/meta/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
+                                method: 'GET',
+                                headers: headerParameters,
+                                query: queryParameters,
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespSecretVersionMetadataFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.readSecretMeta = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.readSecretMetaRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint.  The input versions array is interpreted as follows:     * [-] - empty = undelete all versions    * [0] - zero = undelete only the latest version    * [1, 3, ...] - list = undelete the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.undeleteSecretRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling undeleteSecret.');
+                        }
+                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling undeleteSecret.');
+                        }
+                        if (requestParameters.reqVersions === null || requestParameters.reqVersions === undefined) {
+                            throw new runtime.RequiredError('reqVersions', 'Required parameter requestParameters.reqVersions was null or undefined when calling undeleteSecret.');
+                        }
+                        queryParameters = {};
+                        if (requestParameters.pretty !== undefined) {
+                            queryParameters['pretty'] = requestParameters.pretty;
+                        }
+                        if (requestParameters.sysid !== undefined) {
+                            queryParameters['sysid'] = requestParameters.sysid;
+                        }
+                        if (requestParameters.sysuser !== undefined) {
+                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        }
+                        if (requestParameters.keytype !== undefined) {
+                            queryParameters['keytype'] = requestParameters.keytype;
+                        }
+                        if (requestParameters.dbhost !== undefined) {
+                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        }
+                        if (requestParameters.dbname !== undefined) {
+                            queryParameters['dbname'] = requestParameters.dbname;
+                        }
+                        if (requestParameters.dbservice !== undefined) {
+                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        }
+                        headerParameters = {};
+                        headerParameters['Content-Type'] = 'application/json';
+                        if (this.configuration && this.configuration.apiKey) {
+                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+                        }
+                        return [4 /*yield*/, this.request({
+                                path: "/security/vault/secret/undelete/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
+                                method: 'POST',
+                                headers: headerParameters,
+                                query: queryParameters,
+                                body: models_1.ReqVersionsToJSON(requestParameters.reqVersions),
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespVersionsFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint.  The input versions array is interpreted as follows:     * [-] - empty = undelete all versions    * [0] - zero = undelete only the latest version    * [1, 3, ...] - list = undelete the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.undeleteSecret = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.undeleteSecretRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifiedin the X-Tapis-User header. The secret name is the path under whichthe password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request.
+     */
+    VaultApi.prototype.validateServicePasswordRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling validateServicePassword.');
+                        }
+                        if (requestParameters.reqValidateServicePwd === null || requestParameters.reqValidateServicePwd === undefined) {
+                            throw new runtime.RequiredError('reqValidateServicePwd', 'Required parameter requestParameters.reqValidateServicePwd was null or undefined when calling validateServicePassword.');
+                        }
+                        queryParameters = {};
+                        if (requestParameters.pretty !== undefined) {
+                            queryParameters['pretty'] = requestParameters.pretty;
+                        }
+                        headerParameters = {};
+                        headerParameters['Content-Type'] = 'application/json';
+                        if (this.configuration && this.configuration.apiKey) {
+                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+                        }
+                        return [4 /*yield*/, this.request({
+                                path: "/security/vault/secret/validateServicePassword/{secretName}".replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
+                                method: 'POST',
+                                headers: headerParameters,
+                                query: queryParameters,
+                                body: models_1.ReqValidateServicePwdToJSON(requestParameters.reqValidateServicePwd),
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespAuthorizedFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifiedin the X-Tapis-User header. The secret name is the path under whichthe password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request.
+     */
+    VaultApi.prototype.validateServicePassword = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.validateServicePasswordRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object.  It also contains the required tenant and user fields.  The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets.  NOTE: The *cas* option is currently ignored but documented here for future reference.  The *options* object can contain a *cas* key and with an integer value that represents a secret version.  CAS stands for check-and-set and will check an existing secret\'s version before updating.  If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.writeSecretRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling writeSecret.');
+                        }
+                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling writeSecret.');
+                        }
+                        if (requestParameters.reqWriteSecret === null || requestParameters.reqWriteSecret === undefined) {
+                            throw new runtime.RequiredError('reqWriteSecret', 'Required parameter requestParameters.reqWriteSecret was null or undefined when calling writeSecret.');
+                        }
+                        queryParameters = {};
+                        if (requestParameters.pretty !== undefined) {
+                            queryParameters['pretty'] = requestParameters.pretty;
+                        }
+                        if (requestParameters.sysid !== undefined) {
+                            queryParameters['sysid'] = requestParameters.sysid;
+                        }
+                        if (requestParameters.sysuser !== undefined) {
+                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        }
+                        if (requestParameters.keytype !== undefined) {
+                            queryParameters['keytype'] = requestParameters.keytype;
+                        }
+                        if (requestParameters.dbhost !== undefined) {
+                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        }
+                        if (requestParameters.dbname !== undefined) {
+                            queryParameters['dbname'] = requestParameters.dbname;
+                        }
+                        if (requestParameters.dbservice !== undefined) {
+                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        }
+                        headerParameters = {};
+                        headerParameters['Content-Type'] = 'application/json';
+                        if (this.configuration && this.configuration.apiKey) {
+                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+                        }
+                        return [4 /*yield*/, this.request({
+                                path: "/security/vault/secret/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
+                                method: 'POST',
+                                headers: headerParameters,
+                                query: queryParameters,
+                                body: models_1.ReqWriteSecretToJSON(requestParameters.reqWriteSecret),
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespSecretMetaFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object.  It also contains the required tenant and user fields.  The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets.  NOTE: The *cas* option is currently ignored but documented here for future reference.  The *options* object can contain a *cas* key and with an integer value that represents a secret version.  CAS stands for check-and-set and will check an existing secret\'s version before updating.  If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     */
+    VaultApi.prototype.writeSecret = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.writeSecretRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    return VaultApi;
+}(runtime.BaseAPI));
+exports.VaultApi = VaultApi;