pangea-sdk 3.8.0__py3-none-any.whl → 5.3.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. pangea/__init__.py +2 -1
  2. pangea/asyncio/__init__.py +1 -0
  3. pangea/asyncio/file_uploader.py +39 -0
  4. pangea/asyncio/request.py +46 -23
  5. pangea/asyncio/services/__init__.py +2 -0
  6. pangea/asyncio/services/audit.py +46 -20
  7. pangea/asyncio/services/authn.py +123 -61
  8. pangea/asyncio/services/authz.py +57 -31
  9. pangea/asyncio/services/base.py +21 -2
  10. pangea/asyncio/services/embargo.py +2 -2
  11. pangea/asyncio/services/file_scan.py +24 -9
  12. pangea/asyncio/services/intel.py +104 -30
  13. pangea/asyncio/services/redact.py +52 -3
  14. pangea/asyncio/services/sanitize.py +217 -0
  15. pangea/asyncio/services/share.py +733 -0
  16. pangea/asyncio/services/vault.py +1709 -766
  17. pangea/crypto/rsa.py +135 -0
  18. pangea/deep_verify.py +7 -1
  19. pangea/dump_audit.py +9 -8
  20. pangea/file_uploader.py +35 -0
  21. pangea/request.py +70 -49
  22. pangea/response.py +36 -17
  23. pangea/services/__init__.py +2 -0
  24. pangea/services/audit/audit.py +57 -29
  25. pangea/services/audit/models.py +12 -3
  26. pangea/services/audit/signing.py +6 -5
  27. pangea/services/audit/util.py +3 -3
  28. pangea/services/authn/authn.py +120 -66
  29. pangea/services/authn/models.py +167 -11
  30. pangea/services/authz.py +53 -30
  31. pangea/services/base.py +16 -2
  32. pangea/services/embargo.py +2 -2
  33. pangea/services/file_scan.py +32 -15
  34. pangea/services/intel.py +155 -30
  35. pangea/services/redact.py +132 -3
  36. pangea/services/sanitize.py +388 -0
  37. pangea/services/share/file_format.py +170 -0
  38. pangea/services/share/share.py +1440 -0
  39. pangea/services/vault/models/asymmetric.py +120 -18
  40. pangea/services/vault/models/common.py +439 -141
  41. pangea/services/vault/models/keys.py +94 -0
  42. pangea/services/vault/models/secret.py +27 -3
  43. pangea/services/vault/models/symmetric.py +68 -22
  44. pangea/services/vault/vault.py +1690 -766
  45. pangea/tools.py +6 -7
  46. pangea/utils.py +94 -33
  47. pangea/verify_audit.py +270 -83
  48. {pangea_sdk-3.8.0.dist-info → pangea_sdk-5.3.0.dist-info}/METADATA +21 -29
  49. pangea_sdk-5.3.0.dist-info/RECORD +56 -0
  50. {pangea_sdk-3.8.0.dist-info → pangea_sdk-5.3.0.dist-info}/WHEEL +1 -1
  51. pangea_sdk-3.8.0.dist-info/RECORD +0 -46
@@ -1,10 +1,11 @@
1
1
  # Copyright 2022 Pangea Cyber Corporation
2
2
  # Author: Pangea Cyber Corporation
3
- import datetime
3
+ from __future__ import annotations
4
+
4
5
  import enum
5
- from typing import Dict, Generic, List, NewType, Optional, TypeVar, Union
6
+ from typing import Dict, Generic, List, Literal, Mapping, NewType, Optional, TypeVar, Union
6
7
 
7
- from pangea.response import APIRequestModel, PangeaResponseResult
8
+ from pangea.response import APIRequestModel, PangeaDateTime, PangeaResponseResult
8
9
 
9
10
  # EncodedPublicKey is a PEM public key, with no further encoding (i.e. no base64)
10
11
  # It may be used for example in openssh with no further processing
@@ -18,80 +19,6 @@ EncodedPrivateKey = NewType("EncodedPrivateKey", str)
18
19
  EncodedSymmetricKey = NewType("EncodedSymmetricKey", str)
19
20
 
20
21
 
21
- class KeyPurpose(str, enum.Enum):
22
- SIGNING = "signing"
23
- ENCRYPTION = "encryption"
24
- JWT = "jwt"
25
-
26
- def __str__(self):
27
- return str(self.value)
28
-
29
- def __repr__(self):
30
- return str(self.value)
31
-
32
-
33
- class AsymmetricAlgorithm(str, enum.Enum):
34
- Ed25519 = "ED25519"
35
- RSA2048_PKCS1V15_SHA256 = "RSA-PKCS1V15-2048-SHA256"
36
- RSA2048_OAEP_SHA256 = "RSA-OAEP-2048-SHA256"
37
- ES256 = "ES256"
38
- ES384 = "ES384"
39
- ES512 = "ES512"
40
- ES256K = "ES256K"
41
- RSA2048_OAEP_SHA1 = "RSA-OAEP-2048-SHA1"
42
- RSA2048_OAEP_SHA512 = "RSA-OAEP-2048-SHA512"
43
- RSA3072_OAEP_SHA1 = "RSA-OAEP-3072-SHA1"
44
- RSA3072_OAEP_SHA256 = "RSA-OAEP-3072-SHA256"
45
- RSA3072_OAEP_SHA512 = "RSA-OAEP-3072-SHA512"
46
- RSA4096_OAEP_SHA1 = "RSA-OAEP-4096-SHA1"
47
- RSA4096_OAEP_SHA256 = "RSA-OAEP-4096-SHA256"
48
- RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"
49
- RSA2048_PSS_SHA256 = "RSA-PSS-2048-SHA256"
50
- RSA3072_PSS_SHA256 = "RSA-PSS-3072-SHA256"
51
- RSA4096_PSS_SHA256 = "RSA-PSS-4096-SHA256"
52
- RSA4096_PSS_SHA512 = "RSA-PSS-4096-SHA512"
53
- RSA = "RSA-PKCS1V15-2048-SHA256" # deprecated, use RSA2048_PKCS1V15_SHA256 instead
54
- Ed25519_DILITHIUM2_BETA = "ED25519-DILITHIUM2-BETA"
55
- Ed448_DILITHIUM3_BETA = "ED448-DILITHIUM3-BETA"
56
- SPHINCSPLUS_128F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHAKE256-SIMPLE-BETA"
57
- SPHINCSPLUS_128F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-128F-SHAKE256-ROBUST-BETA"
58
- SPHINCSPLUS_192F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHAKE256-SIMPLE-BETA"
59
- SPHINCSPLUS_192F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-192F-SHAKE256-ROBUST-BETA"
60
- SPHINCSPLUS_256F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHAKE256-SIMPLE-BETA"
61
- SPHINCSPLUS_256F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-256F-SHAKE256-ROBUST-BETA"
62
- SPHINCSPLUS_128F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHA256-SIMPLE-BETA"
63
- SPHINCSPLUS_128F_SHA256_ROBUST_BETA = "SPHINCSPLUS-128F-SHA256-ROBUST-BETA"
64
- SPHINCSPLUS_192F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHA256-SIMPLE-BETA"
65
- SPHINCSPLUS_192F_SHA256_ROBUST_BETA = "SPHINCSPLUS-192F-SHA256-ROBUST-BETA"
66
- SPHINCSPLUS_256F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHA256-SIMPLE-BETA"
67
- SPHINCSPLUS_256F_SHA256_ROBUST_BETA = "SPHINCSPLUS-256F-SHA256-ROBUST-BETA"
68
- FALCON_1024_BETA = "FALCON-1024-BETA"
69
-
70
- def __str__(self):
71
- return str(self.value)
72
-
73
- def __repr__(self):
74
- return str(self.value)
75
-
76
-
77
- class SymmetricAlgorithm(str, enum.Enum):
78
- HS256 = "HS256"
79
- HS384 = "HS384"
80
- HS512 = "HS512"
81
- AES128_CFB = "AES-CFB-128"
82
- AES256_CFB = "AES-CFB-256"
83
- AES256_GCM = "AES-GCM-256"
84
- AES128_CBC = "AES-CBC-128"
85
- AES256_CBC = "AES-CBC-256"
86
- AES = "AES-CFB-128" # deprecated, use AES128_CFB instead
87
-
88
- def __str__(self):
89
- return str(self.value)
90
-
91
- def __repr__(self):
92
- return str(self.value)
93
-
94
-
95
22
  Metadata = NewType("Metadata", Dict[str, str])
96
23
  Tags = NewType("Tags", List[str])
97
24
 
@@ -132,12 +59,11 @@ class ItemType(str, enum.Enum):
132
59
  SYMMETRIC_KEY = "symmetric_key"
133
60
  SECRET = "secret"
134
61
  PANGEA_TOKEN = "pangea_token"
135
-
136
- def __str__(self):
137
- return str(self.value)
138
-
139
- def __repr__(self):
140
- return str(self.value)
62
+ PANGEA_CLIENT_SECRET = "pangea_client_secret"
63
+ FOLDER = "folder"
64
+ CERTIFICATE = "certificate"
65
+ CERTIFICATE_AUTHORITY = "ca"
66
+ CERTIFICATE_REVOCATION_LIST = "crl"
141
67
 
142
68
 
143
69
  class ItemVersionState(str, enum.Enum):
@@ -148,33 +74,45 @@ class ItemVersionState(str, enum.Enum):
148
74
  DESTROYED = "destroyed"
149
75
  INHERITED = "inherited"
150
76
 
151
- def __str__(self):
152
- return str(self.value)
153
77
 
154
- def __repr__(self):
155
- return str(self.value)
78
+ class RotationState(str, enum.Enum):
79
+ DEACTIVATED = "deactivated"
80
+ DESTROYED = "destroyed"
81
+
82
+
83
+ class RequestRotationState(str, enum.Enum):
84
+ DEACTIVATED = "deactivated"
85
+ DESTROYED = "destroyed"
86
+ INHERITED = "inherited"
87
+
88
+
89
+ class RequestManualRotationState(str, enum.Enum):
90
+ DEACTIVATED = "deactivated"
91
+ SUSPENDED = "suspended"
92
+ DESTROYED = "destroyed"
93
+ INHERITED = "inherited"
156
94
 
157
95
 
158
96
  class ItemState(str, enum.Enum):
159
97
  ENABLED = "enabled"
160
98
  DISABLED = "disabled"
161
99
 
162
- def __str__(self):
163
- return str(self.value)
100
+ value: str
164
101
 
165
- def __repr__(self):
166
- return str(self.value)
167
102
 
103
+ class ExportEncryptionType(str, enum.Enum):
104
+ NONE = "none"
105
+ ASYMMETRIC = "asymmetric"
106
+ KEM = "kem"
168
107
 
169
- class CommonStoreRequest(APIRequestModel):
170
- type: ItemType
171
- name: str
172
- folder: Optional[str] = None
173
- metadata: Optional[Metadata] = None
174
- tags: Optional[Tags] = None
175
- rotation_frequency: Optional[str] = None
176
- rotation_state: Optional[ItemVersionState] = None
177
- expiration: Optional[datetime.datetime] = None
108
+
109
+ class ExportEncryptionAlgorithm(str, enum.Enum):
110
+ """Algorithm of an exported public key."""
111
+
112
+ RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"
113
+ """RSA 4096-bit key, OAEP padding, SHA512 digest."""
114
+
115
+ RSA_NO_PADDING_4096_KEM = "RSA-NO-PADDING-4096-KEM"
178
116
 
179
117
 
180
118
  class CommonStoreResult(PangeaResponseResult):
@@ -183,17 +121,6 @@ class CommonStoreResult(PangeaResponseResult):
183
121
  version: int
184
122
 
185
123
 
186
- class CommonGenerateRequest(APIRequestModel):
187
- type: ItemType
188
- name: str
189
- folder: Optional[str] = None
190
- metadata: Optional[Metadata] = None
191
- tags: Optional[Tags] = None
192
- rotation_frequency: Optional[str] = None
193
- rotation_state: Optional[ItemVersionState] = None
194
- expiration: Optional[datetime.datetime] = None
195
-
196
-
197
124
  class CommonGenerateResult(PangeaResponseResult):
198
125
  type: str
199
126
  version: int
@@ -202,25 +129,40 @@ class CommonGenerateResult(PangeaResponseResult):
202
129
 
203
130
  class GetRequest(APIRequestModel):
204
131
  id: str
205
- version: Optional[Union[str, int]] = None
206
- verbose: Optional[bool] = None
207
- version_state: Optional[ItemVersionState] = None
132
+ version: Union[Literal["all"], int, None] = None
133
+
134
+
135
+ class GetBulkRequest(APIRequestModel):
136
+ filter: Mapping[str, str]
137
+ """Filters to customize a search."""
138
+
139
+ size: Optional[int] = None
140
+ """Maximum number of items in the response."""
141
+
142
+ order: Optional[ItemOrder] = None
143
+ """Direction for ordering the results."""
144
+
145
+ order_by: Optional[ItemOrderBy] = None
146
+ """Property by which to order the results."""
147
+
148
+ last: Optional[str] = None
149
+ """
150
+ Internal ID returned in the previous look up response. Used for pagination.
151
+ """
208
152
 
209
153
 
210
- class ItemVersionData(PangeaResponseResult):
154
+ class ItemVersion(PangeaResponseResult):
211
155
  version: int
212
- state: str
213
156
  created_at: str
214
- destroy_at: Optional[str] = None
215
- public_key: Optional[EncodedPublicKey] = None
216
- secret: Optional[str] = None
157
+ state: ItemVersionState
158
+ destroyed_at: Optional[str] = None
217
159
 
218
160
 
219
161
  class ItemData(PangeaResponseResult):
220
162
  type: str
221
163
  id: Optional[str] = None
222
164
  item_state: Optional[str] = None
223
- current_version: Optional[ItemVersionData] = None
165
+ current_version: Optional[ItemVersion] = None
224
166
  name: Optional[str] = None
225
167
  folder: Optional[str] = None
226
168
  metadata: Optional[Metadata] = None
@@ -233,6 +175,8 @@ class ItemData(PangeaResponseResult):
233
175
  created_at: Optional[str] = None
234
176
  algorithm: Optional[str] = None
235
177
  purpose: Optional[str] = None
178
+ exportable: Optional[bool] = None
179
+ """Whether the key is exportable or not."""
236
180
 
237
181
 
238
182
  class InheritedSettings(PangeaResponseResult):
@@ -241,24 +185,105 @@ class InheritedSettings(PangeaResponseResult):
241
185
  rotation_grace_period: Optional[str] = None
242
186
 
243
187
 
244
- class GetResult(ItemData):
245
- versions: List[ItemVersionData] = []
246
- rotation_grace_period: Optional[str] = None
247
- inherited_settings: Optional[InheritedSettings] = None
188
+ class Key(PangeaResponseResult):
189
+ id: str
190
+ type: ItemType
191
+ item_state: Optional[ItemState] = None
192
+ enabled: bool
193
+ current_version: Optional[ItemVersion] = None
194
+ name: str
195
+ folder: str
196
+ metadata: Optional[Metadata] = None
197
+ tags: Optional[Tags] = None
198
+ rotation_frequency: str
199
+ rotation_state: RotationState
200
+ last_rotated: Optional[str] = None
201
+ next_rotation: str
202
+ disabled_at: Optional[str] = None
203
+ created_at: str
204
+ algorithm: str
205
+ purpose: str
206
+ encrypting_item_id: Optional[str] = None
207
+ inherited_settings: InheritedSettings
208
+ exportable: bool
209
+ """Whether the key is exportable or not."""
248
210
 
249
211
 
250
- class ListItemData(ItemData):
251
- compromised_versions: Optional[List[ItemVersionData]] = None
212
+ class SecretVersion(ItemVersion):
213
+ secret: Optional[str] = None
214
+
215
+
216
+ class Secret(PangeaResponseResult):
217
+ id: str
218
+ type: Literal[ItemType.SECRET] = ItemType.SECRET
219
+ enabled: bool
220
+ name: str
221
+ folder: str
222
+ metadata: Optional[Metadata] = None
223
+ tags: Optional[Tags] = None
224
+ expiration: Optional[str] = None
225
+ created_at: str
226
+ encrypting_item_id: Optional[str] = None
227
+ item_versions: List[SecretVersion]
228
+
229
+
230
+ class ClientSecret(PangeaResponseResult):
231
+ id: str
232
+ type: Literal[ItemType.PANGEA_CLIENT_SECRET] = ItemType.PANGEA_CLIENT_SECRET
233
+ enabled: bool
234
+ name: str
235
+ folder: str
236
+ metadata: Metadata
237
+ tags: Tags
238
+ expiration: str
239
+ created_at: str
240
+ encrypting_item_id: str
241
+ rotation_frequency: str
242
+ rotation_state: RotationState
243
+ rotation_grace_period: str
244
+ inherited_settings: InheritedSettings
245
+ item_versions: List[SecretVersion]
246
+
247
+
248
+ class Folder(PangeaResponseResult):
249
+ id: str
250
+ type: Literal[ItemType.FOLDER] = ItemType.FOLDER
251
+ name: str
252
+ folder: str
253
+ metadata: Metadata
254
+ tags: Tags
255
+ created_at: str
256
+ inherited_settings: InheritedSettings
257
+
258
+
259
+ class ListItemData(PangeaResponseResult):
260
+ id: str
261
+ type: ItemType
262
+ name: str
263
+ folder: str
264
+ created_at: str
265
+ tags: Optional[Tags] = None
266
+ metadata: Optional[Metadata] = None
267
+ last_rotated: Optional[str] = None
268
+ next_rotation: Optional[str] = None
269
+ disabled_at: Optional[str] = None
270
+ rotation_frequency: Optional[str] = None
271
+ rotation_state: Optional[RotationState] = None
272
+ algorithm: Optional[str] = None
273
+ purpose: Optional[str] = None
274
+ inherited_settings: Optional[InheritedSettings] = None
275
+ compromised_versions: Optional[List[ItemVersion]] = None
252
276
 
253
277
 
254
278
  class ListResult(PangeaResponseResult):
255
- items: List[ListItemData] = []
256
- count: int
257
- last: Optional[str]
279
+ items: List[ListItemData]
280
+
281
+ last: Optional[str] = None
282
+ """Internal ID returned in the previous look up response. Used for pagination."""
258
283
 
259
284
 
260
285
  class ListRequest(APIRequestModel):
261
- filter: Optional[Dict[str, str]] = None
286
+ filter: Optional[Mapping[str, str]] = None
262
287
  size: Optional[int] = None
263
288
  order: Optional[ItemOrder] = None
264
289
  order_by: Optional[ItemOrderBy] = None
@@ -267,7 +292,7 @@ class ListRequest(APIRequestModel):
267
292
 
268
293
  class CommonRotateRequest(APIRequestModel):
269
294
  id: str
270
- rotation_state: Optional[ItemVersionState] = None
295
+ rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED
271
296
 
272
297
 
273
298
  class CommonRotateResult(PangeaResponseResult):
@@ -276,12 +301,6 @@ class CommonRotateResult(PangeaResponseResult):
276
301
  type: str
277
302
 
278
303
 
279
- class KeyRotateRequest(CommonRotateRequest):
280
- key: Optional[str] = None
281
- public_key: Optional[EncodedPublicKey] = None
282
- private_key: Optional[EncodedPrivateKey] = None
283
-
284
-
285
304
  class KeyRotateResult(CommonRotateResult):
286
305
  public_key: Optional[EncodedPublicKey] = None
287
306
  algorithm: str
@@ -290,10 +309,12 @@ class KeyRotateResult(CommonRotateResult):
290
309
 
291
310
  class DeleteRequest(APIRequestModel):
292
311
  id: str
312
+ recursive: bool = False
293
313
 
294
314
 
295
315
  class DeleteResult(PangeaResponseResult):
296
316
  id: str
317
+ """The ID of the item."""
297
318
 
298
319
 
299
320
  class UpdateRequest(APIRequestModel):
@@ -302,11 +323,11 @@ class UpdateRequest(APIRequestModel):
302
323
  folder: Optional[str] = None
303
324
  metadata: Optional[Metadata] = None
304
325
  tags: Optional[Tags] = None
326
+ disabled_at: Optional[str] = None
327
+ enabled: Optional[bool] = None
305
328
  rotation_frequency: Optional[str] = None
306
- rotation_state: Optional[ItemVersionState] = None
329
+ rotation_state: RequestRotationState = RequestRotationState.INHERITED
307
330
  rotation_grace_period: Optional[str] = None
308
- expiration: Optional[datetime.datetime] = None
309
- item_state: Optional[ItemState] = None
310
331
 
311
332
 
312
333
  class UpdateResult(PangeaResponseResult):
@@ -355,6 +376,7 @@ class JWTVerifyRequest(APIRequestModel):
355
376
 
356
377
  class JWTVerifyResult(PangeaResponseResult):
357
378
  valid_signature: bool
379
+ """Indicates if messages have been verified."""
358
380
 
359
381
 
360
382
  class JWTSignRequest(APIRequestModel):
@@ -364,6 +386,7 @@ class JWTSignRequest(APIRequestModel):
364
386
 
365
387
  class JWTSignResult(PangeaResponseResult):
366
388
  jws: str
389
+ """The signed JSON Web Token (JWS)."""
367
390
 
368
391
 
369
392
  class StateChangeRequest(APIRequestModel):
@@ -386,12 +409,38 @@ class FolderCreateRequest(APIRequestModel):
386
409
  metadata: Optional[Metadata] = None
387
410
  tags: Optional[Tags] = None
388
411
  rotation_frequency: Optional[str] = None
389
- rotation_state: Optional[ItemVersionState] = None
412
+ rotation_state: Optional[RequestRotationState] = None
390
413
  rotation_grace_period: Optional[str] = None
414
+ disabled_at: Optional[PangeaDateTime] = None
391
415
 
392
416
 
393
417
  class FolderCreateResult(PangeaResponseResult):
394
418
  id: str
419
+ """The ID of the item."""
420
+
421
+ type: str
422
+ """The type of the folder."""
423
+
424
+ name: str
425
+ """The name of this item."""
426
+
427
+ folder: str
428
+ """The folder where this item is stored."""
429
+
430
+ metadata: Optional[Metadata] = None
431
+ """User-provided metadata."""
432
+
433
+ tags: Optional[Tags] = None
434
+ """A list of user-defined tags."""
435
+
436
+ created_at: str
437
+ """Timestamp indicating when the item was created."""
438
+
439
+ inherited_settings: InheritedSettings
440
+ """
441
+ For settings that inherit a value from a parent folder, the full path of the
442
+ folder where the value is set.
443
+ """
395
444
 
396
445
 
397
446
  TDict = TypeVar("TDict", bound=Dict)
@@ -427,3 +476,252 @@ class EncryptStructuredResult(PangeaResponseResult, Generic[TDict]):
427
476
 
428
477
  structured_data: TDict
429
478
  """Encrypted structured data."""
479
+
480
+
481
+ class TransformAlphabet(str, enum.Enum):
482
+ """Set of characters to use for format-preserving encryption (FPE)."""
483
+
484
+ NUMERIC = "numeric"
485
+ """Numeric (0-9)."""
486
+
487
+ ALPHA_LOWER = "alphalower"
488
+ """Lowercase alphabet (a-z)."""
489
+
490
+ ALPHA_UPPER = "alphaupper"
491
+ """Uppercase alphabet (A-Z)."""
492
+
493
+ ALPHANUMERIC_LOWER = "alphanumericlower"
494
+ """Lowercase alphabet with numbers (a-z, 0-9)."""
495
+
496
+ ALPHANUMERIC_UPPER = "alphanumericupper"
497
+ """Uppercase alphabet with numbers (A-Z, 0-9)."""
498
+
499
+ ALPHANUMERIC = "alphanumeric"
500
+ """Alphanumeric (a-z, A-Z, 0-9)."""
501
+
502
+
503
+ class EncryptTransformRequest(APIRequestModel):
504
+ id: str
505
+ """The item ID."""
506
+
507
+ plain_text: str
508
+ """A message to be encrypted."""
509
+
510
+ alphabet: TransformAlphabet
511
+ """Set of characters to use for format-preserving encryption (FPE)."""
512
+
513
+ tweak: Optional[str] = None
514
+ """
515
+ User provided tweak string. If not provided, a random string will be
516
+ generated and returned. The user must securely store the tweak source which
517
+ will be needed to decrypt the data.
518
+ """
519
+
520
+ version: Optional[int] = None
521
+ """The item version."""
522
+
523
+
524
+ class EncryptTransformResult(PangeaResponseResult):
525
+ id: str
526
+ """The item ID."""
527
+
528
+ version: int
529
+ """The item version."""
530
+
531
+ algorithm: str
532
+ """The algorithm of the key."""
533
+
534
+ cipher_text: str
535
+ """The encrypted message."""
536
+
537
+ tweak: str
538
+ """
539
+ User provided tweak string. If not provided, a random string will be
540
+ generated and returned. The user must securely store the tweak source which
541
+ will be needed to decrypt the data.
542
+ """
543
+
544
+ alphabet: str
545
+ """Set of characters to use for format-preserving encryption (FPE)."""
546
+
547
+
548
+ class DecryptTransformRequest(APIRequestModel):
549
+ id: str
550
+ """The item ID."""
551
+
552
+ cipher_text: str
553
+ """A message encrypted by Vault."""
554
+
555
+ tweak: str
556
+ """
557
+ User provided tweak string. If not provided, a random string will be
558
+ generated and returned. The user must securely store the tweak source which
559
+ will be needed to decrypt the data.
560
+ """
561
+
562
+ alphabet: TransformAlphabet
563
+ """Set of characters to use for format-preserving encryption (FPE)."""
564
+
565
+ version: Optional[int] = None
566
+ """The item version."""
567
+
568
+
569
+ class DecryptTransformResult(PangeaResponseResult):
570
+ id: str
571
+ """The item ID."""
572
+
573
+ version: int
574
+ """The item version."""
575
+
576
+ algorithm: str
577
+ """The algorithm of the key."""
578
+
579
+ plain_text: str
580
+ """Decrypted message."""
581
+
582
+
583
+ class ExportRequest(APIRequestModel):
584
+ id: str
585
+ """The ID of the item."""
586
+
587
+ version: Optional[int] = None
588
+ """The item version."""
589
+
590
+ kem_password: Optional[str] = None
591
+ """
592
+ This is the password that will be used along with a salt to derive the
593
+ symmetric key that is used to encrypt the exported key material.
594
+ """
595
+
596
+ asymmetric_public_key: Optional[str] = None
597
+ """Public key in pem format used to encrypt exported key(s)."""
598
+
599
+ asymmetric_algorithm: Optional[ExportEncryptionAlgorithm] = None
600
+ """The algorithm of the public key."""
601
+
602
+
603
+ class ExportResult(PangeaResponseResult):
604
+ id: str
605
+ """The ID of the key."""
606
+
607
+ type: ItemType
608
+ """The type of the key."""
609
+
610
+ version: int
611
+ """The item version."""
612
+
613
+ enabled: bool
614
+ """True if the item is enabled."""
615
+
616
+ algorithm: str
617
+ """The algorithm of the key."""
618
+
619
+ asymmetric_algorithm: Optional[ExportEncryptionAlgorithm] = None
620
+ """The algorithm of the public key used to encrypt exported material."""
621
+
622
+ symmetric_algorithm: Optional[str] = None
623
+
624
+ encryption_type: ExportEncryptionType
625
+ """
626
+ Encryption format of the exported key(s). It could be `none` if returned in
627
+ plain text, `asymmetric` if it is encrypted just with the public key sent in
628
+ `encryption_public_key`, or `kem` if it was encrypted using KEM protocol.
629
+ """
630
+
631
+ kdf: Optional[str] = None
632
+ """
633
+ Key derivation function used to derivate the symmetric key when
634
+ `encryption_type` is `kem`.
635
+ """
636
+
637
+ hash_algorithm: Optional[str] = None
638
+ """
639
+ Hash algorithm used to derivate the symmetric key when `encryption_type` is
640
+ `kem`.
641
+ """
642
+
643
+ iteration_count: Optional[int] = None
644
+ """
645
+ Iteration count used to derivate the symmetric key when `encryption_type` is
646
+ `kem`.
647
+ """
648
+
649
+ encrypted_salt: Optional[str] = None
650
+ """
651
+ Salt used to derivate the symmetric key when `encryption_type` is `kem`,
652
+ encrypted with the public key provided in `asymmetric_key`.
653
+ """
654
+
655
+ public_key: Optional[str] = None
656
+ """The public key (in PEM format)."""
657
+
658
+ private_key: Optional[str] = None
659
+ """The private key (in PEM format)."""
660
+
661
+ key: Optional[str] = None
662
+ """The key material."""
663
+
664
+
665
+ class PangeaTokenVersion(ItemVersion):
666
+ token: Optional[str] = None
667
+ """Pangea token value."""
668
+
669
+
670
+ class PangeaToken(PangeaResponseResult):
671
+ id: str
672
+ """ID of the token."""
673
+
674
+ type: Literal[ItemType.PANGEA_TOKEN] = ItemType.PANGEA_TOKEN
675
+ """Type of the Vault item."""
676
+
677
+ item_versions: List[PangeaTokenVersion]
678
+
679
+ metadata: Optional[Metadata] = None
680
+ """Metadata provided by the user."""
681
+
682
+ num_versions: int
683
+ """Total number of versions of the item."""
684
+
685
+ enabled: bool
686
+ """`true` if the item is enabled."""
687
+
688
+ name: str
689
+ """Name of the item."""
690
+
691
+ folder: str
692
+ """Folder where the item is stored."""
693
+
694
+ tags: Tags
695
+ """List of user-defined tags."""
696
+
697
+ last_rotated: Optional[str] = None
698
+ """Timestamp of the last rotation."""
699
+
700
+ next_rotation: Optional[str] = None
701
+ """Timestamp of the next rotation if auto-rotation is enabled."""
702
+
703
+ disabled_at: Optional[str] = None
704
+ """Timestamp indicating when the item will be disabled."""
705
+
706
+ created_at: str
707
+ """Timestamp indicating when the item was created."""
708
+
709
+ rotation_frequency: str
710
+ """Time interval between item rotations."""
711
+
712
+ rotation_state: RotationState
713
+ """Target state for the previous version after rotation."""
714
+
715
+ rotation_grace_period: str
716
+ """Grace period for the previous version."""
717
+
718
+ inherited_settings: InheritedSettings
719
+ """Full paths of the parent folders from which settings inherit their values."""
720
+
721
+
722
+ class PangeaTokenRotateRequest(CommonRotateRequest):
723
+ rotation_grace_period: Optional[str] = None
724
+
725
+
726
+ class ClientSecretRotateRequest(CommonRotateRequest):
727
+ rotation_grace_period: Optional[str] = None