pangea-sdk 3.8.0__py3-none-any.whl → 5.3.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pangea/__init__.py +2 -1
- pangea/asyncio/__init__.py +1 -0
- pangea/asyncio/file_uploader.py +39 -0
- pangea/asyncio/request.py +46 -23
- pangea/asyncio/services/__init__.py +2 -0
- pangea/asyncio/services/audit.py +46 -20
- pangea/asyncio/services/authn.py +123 -61
- pangea/asyncio/services/authz.py +57 -31
- pangea/asyncio/services/base.py +21 -2
- pangea/asyncio/services/embargo.py +2 -2
- pangea/asyncio/services/file_scan.py +24 -9
- pangea/asyncio/services/intel.py +104 -30
- pangea/asyncio/services/redact.py +52 -3
- pangea/asyncio/services/sanitize.py +217 -0
- pangea/asyncio/services/share.py +733 -0
- pangea/asyncio/services/vault.py +1709 -766
- pangea/crypto/rsa.py +135 -0
- pangea/deep_verify.py +7 -1
- pangea/dump_audit.py +9 -8
- pangea/file_uploader.py +35 -0
- pangea/request.py +70 -49
- pangea/response.py +36 -17
- pangea/services/__init__.py +2 -0
- pangea/services/audit/audit.py +57 -29
- pangea/services/audit/models.py +12 -3
- pangea/services/audit/signing.py +6 -5
- pangea/services/audit/util.py +3 -3
- pangea/services/authn/authn.py +120 -66
- pangea/services/authn/models.py +167 -11
- pangea/services/authz.py +53 -30
- pangea/services/base.py +16 -2
- pangea/services/embargo.py +2 -2
- pangea/services/file_scan.py +32 -15
- pangea/services/intel.py +155 -30
- pangea/services/redact.py +132 -3
- pangea/services/sanitize.py +388 -0
- pangea/services/share/file_format.py +170 -0
- pangea/services/share/share.py +1440 -0
- pangea/services/vault/models/asymmetric.py +120 -18
- pangea/services/vault/models/common.py +439 -141
- pangea/services/vault/models/keys.py +94 -0
- pangea/services/vault/models/secret.py +27 -3
- pangea/services/vault/models/symmetric.py +68 -22
- pangea/services/vault/vault.py +1690 -766
- pangea/tools.py +6 -7
- pangea/utils.py +94 -33
- pangea/verify_audit.py +270 -83
- {pangea_sdk-3.8.0.dist-info → pangea_sdk-5.3.0.dist-info}/METADATA +21 -29
- pangea_sdk-5.3.0.dist-info/RECORD +56 -0
- {pangea_sdk-3.8.0.dist-info → pangea_sdk-5.3.0.dist-info}/WHEEL +1 -1
- pangea_sdk-3.8.0.dist-info/RECORD +0 -46
pangea/services/vault/vault.py
CHANGED
@@ -2,38 +2,48 @@
|
|
2
2
|
# Author: Pangea Cyber Corporation
|
3
3
|
from __future__ import annotations
|
4
4
|
|
5
|
-
import
|
6
|
-
from typing import Dict, Optional, Union
|
5
|
+
from typing import TYPE_CHECKING, Any, List, Literal, Optional, Union, cast, overload
|
7
6
|
|
8
|
-
from
|
9
|
-
from
|
7
|
+
from pydantic import Field, TypeAdapter
|
8
|
+
from typing_extensions import Annotated
|
9
|
+
|
10
|
+
from pangea.response import PangeaResponse, PangeaResponseResult
|
10
11
|
from pangea.services.base import ServiceBase
|
11
12
|
from pangea.services.vault.models.asymmetric import (
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
AsymmetricKey,
|
14
|
+
AsymmetricKeyAlgorithm,
|
15
|
+
AsymmetricKeyEncryptionAlgorithm,
|
16
|
+
AsymmetricKeyJwtAlgorithm,
|
17
|
+
AsymmetricKeyPkiAlgorithm,
|
18
|
+
AsymmetricKeyPurpose,
|
19
|
+
AsymmetricKeySigningAlgorithm,
|
16
20
|
SignRequest,
|
17
21
|
SignResult,
|
18
22
|
VerifyRequest,
|
19
23
|
VerifyResult,
|
20
24
|
)
|
21
25
|
from pangea.services.vault.models.common import (
|
22
|
-
|
26
|
+
ClientSecret,
|
27
|
+
ClientSecretRotateRequest,
|
28
|
+
DecryptTransformRequest,
|
29
|
+
DecryptTransformResult,
|
23
30
|
DeleteRequest,
|
24
31
|
DeleteResult,
|
25
|
-
EncodedPrivateKey,
|
26
|
-
EncodedPublicKey,
|
27
|
-
EncodedSymmetricKey,
|
28
32
|
EncryptStructuredRequest,
|
29
33
|
EncryptStructuredResult,
|
34
|
+
EncryptTransformRequest,
|
35
|
+
EncryptTransformResult,
|
36
|
+
ExportEncryptionAlgorithm,
|
37
|
+
ExportEncryptionType,
|
38
|
+
ExportRequest,
|
39
|
+
ExportResult,
|
40
|
+
Folder,
|
30
41
|
FolderCreateRequest,
|
31
42
|
FolderCreateResult,
|
43
|
+
GetBulkRequest,
|
32
44
|
GetRequest,
|
33
|
-
GetResult,
|
34
45
|
ItemOrder,
|
35
46
|
ItemOrderBy,
|
36
|
-
ItemState,
|
37
47
|
ItemType,
|
38
48
|
ItemVersionState,
|
39
49
|
JWKGetRequest,
|
@@ -42,37 +52,54 @@ from pangea.services.vault.models.common import (
|
|
42
52
|
JWTSignResult,
|
43
53
|
JWTVerifyRequest,
|
44
54
|
JWTVerifyResult,
|
45
|
-
KeyPurpose,
|
46
|
-
KeyRotateRequest,
|
47
|
-
KeyRotateResult,
|
48
55
|
ListRequest,
|
49
56
|
ListResult,
|
50
57
|
Metadata,
|
58
|
+
PangeaToken,
|
59
|
+
PangeaTokenRotateRequest,
|
60
|
+
RequestManualRotationState,
|
61
|
+
RequestRotationState,
|
62
|
+
RotationState,
|
63
|
+
Secret,
|
51
64
|
StateChangeRequest,
|
52
|
-
StateChangeResult,
|
53
|
-
SymmetricAlgorithm,
|
54
65
|
Tags,
|
55
66
|
TDict,
|
67
|
+
TransformAlphabet,
|
56
68
|
UpdateRequest,
|
57
69
|
UpdateResult,
|
58
70
|
)
|
59
|
-
from pangea.services.vault.models.
|
60
|
-
|
61
|
-
SecretRotateResult,
|
62
|
-
SecretStoreRequest,
|
63
|
-
SecretStoreResult,
|
64
|
-
)
|
71
|
+
from pangea.services.vault.models.keys import CommonGenerateRequest, KeyRotateRequest, KeyStoreRequest
|
72
|
+
from pangea.services.vault.models.secret import SecretRotateRequest, SecretStoreRequest, SecretStoreResult
|
65
73
|
from pangea.services.vault.models.symmetric import (
|
66
74
|
DecryptRequest,
|
67
75
|
DecryptResult,
|
68
76
|
EncryptRequest,
|
69
77
|
EncryptResult,
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
78
|
+
SymmetricKey,
|
79
|
+
SymmetricKeyAlgorithm,
|
80
|
+
SymmetricKeyEncryptionAlgorithm,
|
81
|
+
SymmetricKeyFpeAlgorithm,
|
82
|
+
SymmetricKeyJwtAlgorithm,
|
83
|
+
SymmetricKeyPurpose,
|
74
84
|
)
|
75
85
|
|
86
|
+
if TYPE_CHECKING:
|
87
|
+
import datetime
|
88
|
+
from collections.abc import Mapping
|
89
|
+
|
90
|
+
from pangea.config import PangeaConfig
|
91
|
+
from pangea.request import TResult
|
92
|
+
|
93
|
+
|
94
|
+
VaultItem = Annotated[
|
95
|
+
Union[AsymmetricKey, SymmetricKey, Secret, ClientSecret, Folder, PangeaToken], Field(discriminator="type")
|
96
|
+
]
|
97
|
+
vault_item_adapter: TypeAdapter[VaultItem] = TypeAdapter(VaultItem)
|
98
|
+
|
99
|
+
|
100
|
+
class GetBulkResponse(PangeaResponseResult):
|
101
|
+
items: List[VaultItem]
|
102
|
+
|
76
103
|
|
77
104
|
class Vault(ServiceBase):
|
78
105
|
"""Vault service client.
|
@@ -121,110 +148,137 @@ class Vault(ServiceBase):
|
|
121
148
|
"""
|
122
149
|
super().__init__(token, config, logger_name)
|
123
150
|
|
124
|
-
|
125
|
-
def delete(self, id: str) -> PangeaResponse[DeleteResult]:
|
151
|
+
def delete(self, item_id: str, *, recursive: bool = False) -> PangeaResponse[DeleteResult]:
|
126
152
|
"""
|
127
153
|
Delete
|
128
154
|
|
129
155
|
Delete a secret or key
|
130
156
|
|
131
|
-
OperationId:
|
157
|
+
OperationId: vault_post_v2_delete
|
132
158
|
|
133
159
|
Args:
|
134
|
-
|
135
|
-
|
136
|
-
|
160
|
+
item_id: The item ID.
|
161
|
+
recursive: Whether to delete the item and all its children
|
162
|
+
recursively. Only applicable to folders.
|
137
163
|
|
138
164
|
Returns:
|
139
165
|
A PangeaResponse where the id of the deleted secret or key
|
140
166
|
is returned in the response.result field.
|
141
167
|
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#delete).
|
142
168
|
|
169
|
+
Raises:
|
170
|
+
PangeaAPIException: If an API Error happens
|
171
|
+
|
143
172
|
Examples:
|
144
173
|
vault.delete(id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5")
|
145
174
|
"""
|
146
|
-
|
147
|
-
id=id,
|
148
|
-
)
|
149
|
-
return self.request.post("v1/delete", DeleteResult, data=input.dict(exclude_none=True))
|
175
|
+
return self.request.post("v2/delete", DeleteResult, data=DeleteRequest(id=item_id, recursive=recursive))
|
150
176
|
|
151
|
-
# Get endpoint
|
152
177
|
def get(
|
153
178
|
self,
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
) -> PangeaResponse[GetResult]:
|
179
|
+
item_id: str,
|
180
|
+
*,
|
181
|
+
version: Union[Literal["all"], int, None] = None,
|
182
|
+
) -> PangeaResponse[VaultItem]:
|
159
183
|
"""
|
160
184
|
Retrieve
|
161
185
|
|
162
|
-
Retrieve a secret or
|
186
|
+
Retrieve a secret, key or folder, and any associated information.
|
163
187
|
|
164
|
-
OperationId:
|
188
|
+
OperationId: vault_post_v2_get
|
165
189
|
|
166
190
|
Args:
|
167
|
-
|
168
|
-
version
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
version_state (ItemVersionState, optional): The state of the item version
|
173
|
-
verbose (bool, optional): Return metadata and extra fields. Default is `False`.
|
174
|
-
Raises:
|
175
|
-
PangeaAPIException: If an API Error happens
|
191
|
+
item_id: The item ID
|
192
|
+
version: The key version(s).
|
193
|
+
- `all` for all versions
|
194
|
+
- `num` for a specific version
|
195
|
+
- `-num` for the `num` latest versions
|
176
196
|
|
177
197
|
Returns:
|
178
198
|
A PangeaResponse where the secret or key
|
179
199
|
is returned in the response.result field.
|
180
200
|
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#retrieve).
|
181
201
|
|
202
|
+
Raises:
|
203
|
+
PangeaAPIException: If an API Error happens
|
204
|
+
|
182
205
|
Examples:
|
183
206
|
response = vault.get(
|
184
207
|
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
185
208
|
version=1,
|
186
|
-
version_state=ItemVersionState.ACTIVE,
|
187
|
-
verbose=True,
|
188
209
|
)
|
189
210
|
"""
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
211
|
+
response = self.request.post("v2/get", PangeaResponseResult, data=GetRequest(id=item_id, version=version))
|
212
|
+
response.result = vault_item_adapter.validate_python(response.json["result"])
|
213
|
+
return cast(PangeaResponse[VaultItem], response)
|
214
|
+
|
215
|
+
def get_bulk(
|
216
|
+
self,
|
217
|
+
filter_: Mapping[str, str],
|
218
|
+
*,
|
219
|
+
size: int | None = None,
|
220
|
+
order: ItemOrder | None = None,
|
221
|
+
order_by: ItemOrderBy | None = None,
|
222
|
+
last: str | None = None,
|
223
|
+
) -> PangeaResponse[GetBulkResponse]:
|
224
|
+
"""
|
225
|
+
Get bulk
|
226
|
+
|
227
|
+
Retrieve details for multiple Vault items, including keys, secrets,
|
228
|
+
tokens, or folders, that match a given filter specification.
|
229
|
+
|
230
|
+
OperationId: vault_post_v2_get_bulk
|
231
|
+
|
232
|
+
Args:
|
233
|
+
filter: Filters to customize your search.
|
234
|
+
size: Maximum number of items in the response.
|
235
|
+
order: Direction for ordering the results.
|
236
|
+
order_by: Property by which to order the results.
|
237
|
+
last: Internal ID returned in the previous look up response. Used
|
238
|
+
for pagination.
|
239
|
+
|
240
|
+
Examples:
|
241
|
+
response = vault.get_bulk({"id": "pvi_..."})
|
242
|
+
"""
|
243
|
+
return self.request.post(
|
244
|
+
"v2/get_bulk",
|
245
|
+
GetBulkResponse,
|
246
|
+
data=GetBulkRequest(filter=filter_, size=size, order=order, order_by=order_by, last=last),
|
195
247
|
)
|
196
|
-
return self.request.post("v1/get", GetResult, data=input.dict(exclude_none=True))
|
197
248
|
|
198
|
-
# List endpoint
|
199
249
|
def list(
|
200
250
|
self,
|
201
|
-
|
202
|
-
|
251
|
+
*,
|
252
|
+
filter: Optional[Mapping[str, str]] = None,
|
253
|
+
size: int = 50,
|
203
254
|
order: Optional[ItemOrder] = None,
|
204
|
-
order_by:
|
205
|
-
|
255
|
+
order_by: ItemOrderBy | None = None,
|
256
|
+
last: str | None = None,
|
206
257
|
) -> PangeaResponse[ListResult]:
|
207
258
|
"""
|
208
259
|
List
|
209
260
|
|
210
|
-
|
261
|
+
Retrieve a list of secrets, keys and folders, and their associated information.
|
211
262
|
|
212
|
-
OperationId:
|
263
|
+
OperationId: vault_post_v2_list
|
213
264
|
|
214
265
|
Args:
|
215
|
-
filter
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
266
|
+
filter: A set of filters to help you customize your search.
|
267
|
+
|
268
|
+
Examples:
|
269
|
+
- "folder": "/tmp"
|
270
|
+
- "tags": "personal"
|
271
|
+
- "name__contains": "xxx"
|
272
|
+
- "created_at__gt": "2020-02-05T10:00:00Z"
|
273
|
+
|
274
|
+
For metadata, use: "metadata_{key}": "{value}"
|
275
|
+
size: Maximum number of items in the response. Default is `50`.
|
276
|
+
order: Ordering direction: `asc` or `desc`
|
277
|
+
order_by: Property used to order the results. Supported properties: `id`,
|
225
278
|
`type`, `created_at`, `algorithm`, `purpose`, `expiration`, `last_rotated`, `next_rotation`,
|
226
279
|
`name`, `folder`, `item_state`.
|
227
|
-
|
280
|
+
last: Internal ID returned in the previous look up response. Used
|
281
|
+
for pagination.
|
228
282
|
Raises:
|
229
283
|
PangeaAPIException: If an API Error happens
|
230
284
|
|
@@ -248,55 +302,52 @@ class Vault(ServiceBase):
|
|
248
302
|
size=20,
|
249
303
|
)
|
250
304
|
"""
|
251
|
-
|
252
|
-
|
305
|
+
return self.request.post(
|
306
|
+
"v2/list",
|
307
|
+
ListResult,
|
308
|
+
data=ListRequest(filter=filter, size=size, order=order, order_by=order_by, last=last),
|
309
|
+
)
|
253
310
|
|
254
|
-
# Update endpoint
|
255
311
|
def update(
|
256
312
|
self,
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
313
|
+
item_id: str,
|
314
|
+
*,
|
315
|
+
name: str | None = None,
|
316
|
+
folder: str | None = None,
|
317
|
+
metadata: Metadata | None = None,
|
318
|
+
tags: Tags | None = None,
|
319
|
+
disabled_at: str | None = None,
|
320
|
+
enabled: bool | None = None,
|
321
|
+
rotation_frequency: str | None = None,
|
322
|
+
rotation_state: RequestRotationState = RequestRotationState.INHERITED,
|
323
|
+
rotation_grace_period: str | None = None,
|
267
324
|
) -> PangeaResponse[UpdateResult]:
|
268
325
|
"""
|
269
326
|
Update
|
270
327
|
|
271
|
-
Update information associated with a secret or
|
328
|
+
Update information associated with a secret, key or folder.
|
272
329
|
|
273
|
-
OperationId:
|
330
|
+
OperationId: vault_post_v2_update
|
274
331
|
|
275
332
|
Args:
|
276
|
-
|
277
|
-
name
|
278
|
-
folder
|
279
|
-
metadata
|
280
|
-
tags
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
Default is `deactivated`.
|
288
|
-
rotation_grace_period (str, optional): Grace period for the previous version of the Pangea Token
|
289
|
-
expiration (str, optional): Expiration timestamp
|
290
|
-
item_state (ItemState, optional): The new state of the item. Supported options:
|
291
|
-
- `enabled`
|
292
|
-
- `disabled`
|
293
|
-
Raises:
|
294
|
-
PangeaAPIException: If an API Error happens
|
333
|
+
item_id: The item ID.
|
334
|
+
name: The name of this item
|
335
|
+
folder: The folder where this item is stored.
|
336
|
+
metadata: User-provided metadata.
|
337
|
+
tags: A list of user-defined tags.
|
338
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
339
|
+
enabled: True if the item is enabled.
|
340
|
+
rotation_frequency: Period of time between item rotations.
|
341
|
+
rotation_state: State to which the previous version should transition upon rotation.
|
342
|
+
rotation_grace_period: Grace period for the previous version of the Pangea Token.
|
295
343
|
|
296
344
|
Returns:
|
297
|
-
A PangeaResponse where the item ID
|
298
|
-
|
299
|
-
|
345
|
+
A PangeaResponse where the item ID is returned in the
|
346
|
+
response.result field. Available response fields can be found in our
|
347
|
+
[API documentation](https://pangea.cloud/docs/api/vault#update).
|
348
|
+
|
349
|
+
Raises:
|
350
|
+
PangeaAPIException: If an API Error happens
|
300
351
|
|
301
352
|
Examples:
|
302
353
|
response = vault.update(
|
@@ -313,688 +364,1395 @@ class Vault(ServiceBase):
|
|
313
364
|
],
|
314
365
|
rotation_frequency="10d",
|
315
366
|
rotation_state=ItemVersionState.DEACTIVATED,
|
316
|
-
rotation_grace_period="1d",
|
317
|
-
expiration="2025-01-01T10:00:00Z",
|
318
|
-
item_state=ItemState.DISABLED,
|
319
367
|
)
|
320
368
|
"""
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
|
327
|
-
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
|
369
|
+
return self.request.post(
|
370
|
+
"v2/update",
|
371
|
+
UpdateResult,
|
372
|
+
data=UpdateRequest(
|
373
|
+
id=item_id,
|
374
|
+
name=name,
|
375
|
+
folder=folder,
|
376
|
+
metadata=metadata,
|
377
|
+
tags=tags,
|
378
|
+
disabled_at=disabled_at,
|
379
|
+
enabled=enabled,
|
380
|
+
rotation_frequency=rotation_frequency,
|
381
|
+
rotation_state=rotation_state,
|
382
|
+
rotation_grace_period=rotation_grace_period,
|
383
|
+
),
|
384
|
+
)
|
385
|
+
|
386
|
+
def _secret_store(
|
387
|
+
self,
|
388
|
+
*,
|
389
|
+
item_type: Literal["secret", "pangea_token", "pangea_client_secret"] = "secret",
|
390
|
+
result_class: type[TResult] = SecretStoreResult, # type: ignore[assignment]
|
391
|
+
name: str | None = None,
|
392
|
+
folder: str | None = None,
|
393
|
+
metadata: Metadata | None = None,
|
394
|
+
tags: Tags | None = None,
|
395
|
+
disabled_at: datetime.datetime | None = None,
|
396
|
+
**kwargs: Any,
|
397
|
+
) -> PangeaResponse[TResult]:
|
398
|
+
return self.request.post(
|
399
|
+
"v2/secret/store",
|
400
|
+
result_class,
|
401
|
+
data=SecretStoreRequest(
|
402
|
+
type=item_type,
|
403
|
+
name=name,
|
404
|
+
folder=folder,
|
405
|
+
metadata=metadata,
|
406
|
+
tags=tags,
|
407
|
+
disabled_at=disabled_at,
|
408
|
+
**kwargs,
|
409
|
+
),
|
332
410
|
)
|
333
|
-
return self.request.post("v1/update", UpdateResult, data=input.dict(exclude_none=True))
|
334
411
|
|
335
|
-
def
|
412
|
+
def store_secret(
|
336
413
|
self,
|
337
414
|
secret: str,
|
338
|
-
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
) -> PangeaResponse[SecretStoreResult]:
|
415
|
+
*,
|
416
|
+
name: str | None = None,
|
417
|
+
folder: str | None = None,
|
418
|
+
metadata: Metadata | None = None,
|
419
|
+
tags: Tags | None = None,
|
420
|
+
disabled_at: datetime.datetime | None = None,
|
421
|
+
) -> PangeaResponse[Secret]:
|
346
422
|
"""
|
347
|
-
|
423
|
+
Store secret
|
348
424
|
|
349
|
-
|
350
|
-
|
351
|
-
OperationId: vault_post_v1_secret_store 1
|
425
|
+
Store a secret.
|
352
426
|
|
353
427
|
Args:
|
354
|
-
secret
|
355
|
-
name
|
356
|
-
folder
|
357
|
-
metadata
|
358
|
-
tags
|
359
|
-
|
360
|
-
rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
|
361
|
-
Supported options:
|
362
|
-
- `deactivated`
|
363
|
-
- `destroyed`
|
364
|
-
expiration (str, optional): Expiration timestamp
|
428
|
+
secret: The secret value.
|
429
|
+
name: The name of this item.
|
430
|
+
folder: The folder where this item is stored.
|
431
|
+
metadata: User-provided metadata.
|
432
|
+
tags: A list of user-defined tags.
|
433
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
365
434
|
|
366
435
|
Raises:
|
367
436
|
PangeaAPIException: If an API Error happens
|
368
437
|
|
369
|
-
Returns:
|
370
|
-
A PangeaResponse where the secret
|
371
|
-
is returned in the response.result field.
|
372
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#import-a-secret).
|
373
|
-
|
374
438
|
Examples:
|
375
|
-
response = vault.
|
376
|
-
secret="12sdfgs4543qv@#%$casd",
|
377
|
-
name="my-very-secret-secret",
|
378
|
-
folder="/personal",
|
379
|
-
metadata={
|
380
|
-
"created_by": "John Doe",
|
381
|
-
"used_in": "Google products"
|
382
|
-
},
|
383
|
-
tags=[
|
384
|
-
"irs_2023",
|
385
|
-
"personal"
|
386
|
-
],
|
387
|
-
rotation_frequency="10d",
|
388
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
389
|
-
expiration="2025-01-01T10:00:00Z",
|
390
|
-
)
|
439
|
+
response = vault.store_secret(secret="foobar")
|
391
440
|
"""
|
392
|
-
|
393
|
-
|
441
|
+
|
442
|
+
return self._secret_store(
|
443
|
+
item_type="secret",
|
444
|
+
result_class=Secret,
|
394
445
|
secret=secret,
|
395
446
|
name=name,
|
396
447
|
folder=folder,
|
397
448
|
metadata=metadata,
|
398
449
|
tags=tags,
|
399
|
-
|
400
|
-
rotation_state=rotation_state,
|
401
|
-
expiration=expiration,
|
450
|
+
disabled_at=disabled_at,
|
402
451
|
)
|
403
|
-
return self.request.post("v1/secret/store", SecretStoreResult, data=input.dict(exclude_none=True))
|
404
452
|
|
405
|
-
def
|
453
|
+
def store_pangea_token(
|
406
454
|
self,
|
407
|
-
|
408
|
-
|
409
|
-
|
410
|
-
|
411
|
-
|
412
|
-
|
413
|
-
|
414
|
-
|
415
|
-
|
455
|
+
token: str,
|
456
|
+
*,
|
457
|
+
name: str | None = None,
|
458
|
+
folder: str | None = None,
|
459
|
+
metadata: Metadata | None = None,
|
460
|
+
tags: Tags | None = None,
|
461
|
+
disabled_at: datetime.datetime | None = None,
|
462
|
+
rotation_frequency: str | None = None,
|
463
|
+
rotation_state: RotationState | None = None,
|
464
|
+
rotation_grace_period: str | None = None,
|
465
|
+
) -> PangeaResponse[PangeaToken]:
|
416
466
|
"""
|
417
|
-
|
467
|
+
Store secret
|
418
468
|
|
419
|
-
|
420
|
-
|
421
|
-
OperationId: vault_post_v1_secret_store 2
|
469
|
+
Store a Pangea token.
|
422
470
|
|
423
471
|
Args:
|
424
|
-
|
425
|
-
name
|
426
|
-
folder
|
427
|
-
metadata
|
428
|
-
tags
|
429
|
-
|
430
|
-
rotation_state (ItemVersionState, optional): State to which the previous version should
|
431
|
-
transition upon rotation. Supported options:
|
432
|
-
- `deactivated`
|
433
|
-
- `destroyed`
|
434
|
-
expiration (str, optional): Expiration timestamp
|
472
|
+
token: The Pangea token value.
|
473
|
+
name: The name of this item.
|
474
|
+
folder: The folder where this item is stored.
|
475
|
+
metadata: User-provided metadata.
|
476
|
+
tags: A list of user-defined tags.
|
477
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
435
478
|
|
436
479
|
Raises:
|
437
480
|
PangeaAPIException: If an API Error happens
|
438
481
|
|
439
|
-
Returns:
|
440
|
-
A PangeaResponse where the token
|
441
|
-
is returned in the response.result field.
|
442
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#import-a-secret).
|
443
|
-
|
444
482
|
Examples:
|
445
|
-
response = vault.
|
446
|
-
pangea_token="ptv_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd",
|
447
|
-
name="my-very-secret-secret",
|
448
|
-
folder="/personal",
|
449
|
-
metadata={
|
450
|
-
"created_by": "John Doe",
|
451
|
-
"used_in": "Google products"
|
452
|
-
},
|
453
|
-
tags=[
|
454
|
-
"irs_2023",
|
455
|
-
"personal"
|
456
|
-
],
|
457
|
-
rotation_frequency="10d",
|
458
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
459
|
-
expiration="2025-01-01T10:00:00Z",
|
460
|
-
)
|
483
|
+
response = vault.store_pangea_token(token="foobar")
|
461
484
|
"""
|
462
|
-
|
463
|
-
|
464
|
-
|
485
|
+
|
486
|
+
return self._secret_store(
|
487
|
+
item_type="pangea_token",
|
488
|
+
result_class=PangeaToken,
|
489
|
+
token=token,
|
465
490
|
name=name,
|
466
491
|
folder=folder,
|
467
492
|
metadata=metadata,
|
468
493
|
tags=tags,
|
494
|
+
disabled_at=disabled_at,
|
469
495
|
rotation_frequency=rotation_frequency,
|
470
496
|
rotation_state=rotation_state,
|
471
|
-
|
497
|
+
rotation_grace_period=rotation_grace_period,
|
472
498
|
)
|
473
|
-
return self.request.post("v1/secret/store", SecretStoreResult, data=input.dict(exclude_none=True))
|
474
499
|
|
475
|
-
|
476
|
-
|
477
|
-
|
478
|
-
|
500
|
+
def store_pangea_client_secret(
|
501
|
+
self,
|
502
|
+
client_secret: str,
|
503
|
+
client_id: str,
|
504
|
+
client_secret_id: str,
|
505
|
+
*,
|
506
|
+
name: str | None = None,
|
507
|
+
folder: str | None = None,
|
508
|
+
metadata: Metadata | None = None,
|
509
|
+
tags: Tags | None = None,
|
510
|
+
disabled_at: datetime.datetime | None = None,
|
511
|
+
rotation_frequency: str | None = None,
|
512
|
+
rotation_state: RotationState | None = None,
|
513
|
+
rotation_grace_period: str | None = None,
|
514
|
+
) -> PangeaResponse[ClientSecret]:
|
479
515
|
"""
|
480
|
-
|
516
|
+
Store secret
|
481
517
|
|
482
|
-
|
483
|
-
|
484
|
-
OperationId: vault_post_v1_secret_rotate 1
|
518
|
+
Store a Pangea client secret.
|
485
519
|
|
486
520
|
Args:
|
487
|
-
|
488
|
-
|
489
|
-
|
490
|
-
|
491
|
-
|
492
|
-
|
493
|
-
|
494
|
-
|
495
|
-
|
521
|
+
client_secret: The oauth client secret.
|
522
|
+
client_id: The oauth client ID.
|
523
|
+
client_secret_id: The oauth client secret ID.
|
524
|
+
name: The name of this item.
|
525
|
+
folder: The folder where this item is stored.
|
526
|
+
metadata: User-provided metadata.
|
527
|
+
tags: A list of user-defined tags.
|
528
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
529
|
+
rotation_frequency: Period of time between item rotations.
|
530
|
+
rotation_state: State to which the previous version should
|
531
|
+
transition upon rotation.
|
532
|
+
rotation_grace_period: Grace period for the previous version of the
|
533
|
+
Pangea Token.
|
496
534
|
|
497
535
|
Raises:
|
498
536
|
PangeaAPIException: If an API Error happens
|
499
537
|
|
500
|
-
Returns:
|
501
|
-
A PangeaResponse where the secret
|
502
|
-
is returned in the response.result field.
|
503
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#rotate-a-secret).
|
504
|
-
|
505
538
|
Examples:
|
506
|
-
response = vault.
|
507
|
-
|
508
|
-
|
509
|
-
|
539
|
+
response = vault.store_pangea_client_secret(
|
540
|
+
client_secret="foo",
|
541
|
+
client_id="bar",
|
542
|
+
client_secret_id="baz",
|
510
543
|
)
|
511
544
|
"""
|
512
|
-
input = SecretRotateRequest(id=id, secret=secret, rotation_state=rotation_state)
|
513
|
-
return self.request.post("v1/secret/rotate", SecretRotateResult, data=input.dict(exclude_none=True))
|
514
545
|
|
515
|
-
|
516
|
-
|
517
|
-
|
518
|
-
|
546
|
+
return self._secret_store(
|
547
|
+
item_type="pangea_client_secret",
|
548
|
+
result_class=ClientSecret,
|
549
|
+
client_secret=client_secret,
|
550
|
+
client_id=client_id,
|
551
|
+
client_secret_id=client_secret_id,
|
552
|
+
name=name,
|
553
|
+
folder=folder,
|
554
|
+
metadata=metadata,
|
555
|
+
tags=tags,
|
556
|
+
disabled_at=disabled_at,
|
557
|
+
rotation_frequency=rotation_frequency,
|
558
|
+
rotation_state=rotation_state,
|
559
|
+
rotation_grace_period=rotation_grace_period,
|
560
|
+
)
|
519
561
|
|
520
|
-
|
562
|
+
def rotate_secret(
|
563
|
+
self,
|
564
|
+
item_id: str,
|
565
|
+
secret: str,
|
566
|
+
*,
|
567
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
568
|
+
) -> PangeaResponse[Secret]:
|
569
|
+
"""
|
570
|
+
Rotate secret
|
521
571
|
|
522
|
-
|
572
|
+
Rotate a secret.
|
523
573
|
|
524
574
|
Args:
|
525
|
-
|
575
|
+
item_id: The item ID.
|
576
|
+
secret: The secret value.
|
577
|
+
rotation_state: State to which the previous version should
|
578
|
+
transition upon rotation.
|
526
579
|
|
527
580
|
Raises:
|
528
581
|
PangeaAPIException: If an API Error happens
|
529
582
|
|
530
|
-
Returns:
|
531
|
-
A PangeaResponse where the token
|
532
|
-
is returned in the response.result field.
|
533
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#rotate-a-secret).
|
534
|
-
|
535
583
|
Examples:
|
536
|
-
response = vault.
|
537
|
-
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
538
|
-
)
|
584
|
+
response = vault.rotate_secret(item_id="foo", secret="bar")
|
539
585
|
"""
|
540
|
-
input = SecretRotateRequest(id=id) # type: ignore[call-arg]
|
541
|
-
return self.request.post("v1/secret/rotate", SecretRotateResult, data=input.dict(exclude_none=True))
|
542
586
|
|
543
|
-
|
587
|
+
return self.request.post(
|
588
|
+
"v2/secret/rotate",
|
589
|
+
Secret,
|
590
|
+
data=SecretRotateRequest(id=item_id, secret=secret, rotation_state=rotation_state),
|
591
|
+
)
|
592
|
+
|
593
|
+
def rotate_pangea_token(
|
544
594
|
self,
|
545
|
-
|
546
|
-
|
547
|
-
|
548
|
-
|
549
|
-
|
550
|
-
tags: Optional[Tags] = None,
|
551
|
-
rotation_frequency: Optional[str] = None,
|
552
|
-
rotation_state: Optional[ItemVersionState] = None,
|
553
|
-
expiration: Optional[datetime.datetime] = None,
|
554
|
-
) -> PangeaResponse[SymmetricGenerateResult]:
|
595
|
+
item_id: str,
|
596
|
+
*,
|
597
|
+
rotation_grace_period: str | None = None,
|
598
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
599
|
+
) -> PangeaResponse[PangeaToken]:
|
555
600
|
"""
|
556
|
-
|
557
|
-
|
558
|
-
Generate a symmetric key
|
601
|
+
Rotate secret
|
559
602
|
|
560
|
-
|
603
|
+
Rotate a Pangea token.
|
561
604
|
|
562
605
|
Args:
|
563
|
-
|
564
|
-
|
565
|
-
|
566
|
-
|
567
|
-
|
568
|
-
tags (list[str], optional): A list of user-defined tags
|
569
|
-
rotation_frequency (str, optional): Period of time between item rotations, or `never` to disallow rotation
|
570
|
-
rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
|
571
|
-
Supported options:
|
572
|
-
- `deactivated`
|
573
|
-
- `destroyed`
|
574
|
-
expiration (str, optional): Expiration timestamp
|
606
|
+
item_id: The item ID.
|
607
|
+
rotation_grace_period: Grace period for the previous version of the
|
608
|
+
Pangea Token.
|
609
|
+
rotation_state: State to which the previous version should
|
610
|
+
transition upon rotation.
|
575
611
|
|
576
612
|
Raises:
|
577
|
-
PangeaAPIException: If an API Error happens
|
578
|
-
|
579
|
-
Returns:
|
580
|
-
A PangeaResponse where the ID of the key
|
581
|
-
is returned in the response.result field.
|
582
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#generate).
|
613
|
+
PangeaAPIException: If an API Error happens.
|
583
614
|
|
584
615
|
Examples:
|
585
|
-
response = vault.
|
586
|
-
algorithm=SymmetricAlgorithm.AES,
|
587
|
-
purpose=KeyPurpose.ENCRYPTION,
|
588
|
-
name="my-very-secret-secret",
|
589
|
-
folder="/personal",
|
590
|
-
metadata={
|
591
|
-
"created_by": "John Doe",
|
592
|
-
"used_in": "Google products"
|
593
|
-
},
|
594
|
-
tags=[
|
595
|
-
"irs_2023",
|
596
|
-
"personal"
|
597
|
-
],
|
598
|
-
rotation_frequency="10d",
|
599
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
600
|
-
expiration="2025-01-01T10:00:00Z",
|
601
|
-
)
|
616
|
+
response = vault.rotate_pangea_token(item_id="foo")
|
602
617
|
"""
|
603
|
-
|
604
|
-
type=ItemType.SYMMETRIC_KEY,
|
605
|
-
algorithm=algorithm,
|
606
|
-
purpose=purpose,
|
607
|
-
name=name, # type: ignore[arg-type]
|
608
|
-
folder=folder,
|
609
|
-
metadata=metadata,
|
610
|
-
tags=tags,
|
611
|
-
rotation_frequency=rotation_frequency,
|
612
|
-
rotation_state=rotation_state,
|
613
|
-
expiration=expiration,
|
614
|
-
)
|
618
|
+
|
615
619
|
return self.request.post(
|
616
|
-
"
|
617
|
-
|
618
|
-
data=
|
620
|
+
"v2/secret/rotate",
|
621
|
+
PangeaToken,
|
622
|
+
data=PangeaTokenRotateRequest(
|
623
|
+
id=item_id, rotation_grace_period=rotation_grace_period, rotation_state=rotation_state
|
624
|
+
),
|
619
625
|
)
|
620
626
|
|
621
|
-
def
|
627
|
+
def rotate_client_secret(
|
622
628
|
self,
|
623
|
-
|
624
|
-
|
625
|
-
|
626
|
-
|
627
|
-
|
628
|
-
tags: Optional[Tags] = None,
|
629
|
-
rotation_frequency: Optional[str] = None,
|
630
|
-
rotation_state: Optional[ItemVersionState] = None,
|
631
|
-
expiration: Optional[datetime.datetime] = None,
|
632
|
-
) -> PangeaResponse[AsymmetricGenerateResult]:
|
629
|
+
item_id: str,
|
630
|
+
*,
|
631
|
+
rotation_grace_period: str | None = None,
|
632
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
633
|
+
) -> PangeaResponse[ClientSecret]:
|
633
634
|
"""
|
634
|
-
|
635
|
+
Rotate secret
|
635
636
|
|
636
|
-
|
637
|
-
|
638
|
-
OperationId: vault_post_v1_key_generate 1
|
637
|
+
Rotate a client secret.
|
639
638
|
|
640
639
|
Args:
|
641
|
-
|
642
|
-
|
643
|
-
|
644
|
-
|
645
|
-
|
646
|
-
tags (list[str], optional): A list of user-defined tags
|
647
|
-
rotation_frequency (str, optional): Period of time between item rotations, or `never` to disallow rotation
|
648
|
-
rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
|
649
|
-
Supported options:
|
650
|
-
- `deactivated`
|
651
|
-
- `destroyed`
|
652
|
-
expiration (str, optional): Expiration timestamp
|
640
|
+
item_id: The item ID.
|
641
|
+
rotation_grace_period: Grace period for the previous version of the
|
642
|
+
Pangea Token.
|
643
|
+
rotation_state: State to which the previous version should
|
644
|
+
transition upon rotation.
|
653
645
|
|
654
646
|
Raises:
|
655
|
-
PangeaAPIException: If an API Error happens
|
656
|
-
|
657
|
-
Returns:
|
658
|
-
A PangeaResponse where the ID of the key
|
659
|
-
is returned in the response.result field.
|
660
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#generate).
|
647
|
+
PangeaAPIException: If an API Error happens.
|
661
648
|
|
662
649
|
Examples:
|
663
|
-
response = vault.
|
664
|
-
algorithm=AsymmetricAlgorithm.RSA,
|
665
|
-
purpose=KeyPurpose.SIGNING,
|
666
|
-
name="my-very-secret-secret",
|
667
|
-
folder="/personal",
|
668
|
-
metadata={
|
669
|
-
"created_by": "John Doe",
|
670
|
-
"used_in": "Google products"
|
671
|
-
},
|
672
|
-
tags=[
|
673
|
-
"irs_2023",
|
674
|
-
"personal"
|
675
|
-
],
|
676
|
-
rotation_frequency="10d",
|
677
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
678
|
-
expiration="2025-01-01T10:00:00Z",
|
679
|
-
)
|
650
|
+
response = vault.rotate_client_secret(item_id="foo")
|
680
651
|
"""
|
681
|
-
|
682
|
-
type=ItemType.ASYMMETRIC_KEY,
|
683
|
-
algorithm=algorithm,
|
684
|
-
purpose=purpose,
|
685
|
-
name=name, # type: ignore[arg-type]
|
686
|
-
folder=folder,
|
687
|
-
metadata=metadata,
|
688
|
-
tags=tags,
|
689
|
-
rotation_frequency=rotation_frequency,
|
690
|
-
rotation_state=rotation_state,
|
691
|
-
expiration=expiration,
|
692
|
-
)
|
652
|
+
|
693
653
|
return self.request.post(
|
694
|
-
"
|
695
|
-
|
696
|
-
data=
|
654
|
+
"v2/secret/rotate",
|
655
|
+
ClientSecret,
|
656
|
+
data=ClientSecretRotateRequest(
|
657
|
+
id=item_id, rotation_grace_period=rotation_grace_period, rotation_state=rotation_state
|
658
|
+
),
|
697
659
|
)
|
698
660
|
|
699
|
-
|
700
|
-
def
|
661
|
+
@overload
|
662
|
+
def generate_key(
|
701
663
|
self,
|
702
|
-
|
703
|
-
|
704
|
-
|
705
|
-
|
706
|
-
name: str,
|
707
|
-
folder:
|
708
|
-
metadata:
|
709
|
-
tags:
|
710
|
-
rotation_frequency:
|
711
|
-
rotation_state:
|
712
|
-
|
713
|
-
|
664
|
+
*,
|
665
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
666
|
+
purpose: Literal[AsymmetricKeyPurpose.SIGNING],
|
667
|
+
algorithm: AsymmetricKeySigningAlgorithm,
|
668
|
+
name: str | None = None,
|
669
|
+
folder: str | None = None,
|
670
|
+
metadata: Metadata | None = None,
|
671
|
+
tags: Tags | None = None,
|
672
|
+
rotation_frequency: str | None = None,
|
673
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
674
|
+
disabled_at: datetime.datetime | None = None,
|
675
|
+
exportable: bool = False,
|
676
|
+
) -> PangeaResponse[AsymmetricKey]:
|
714
677
|
"""
|
715
|
-
|
678
|
+
Generate key
|
716
679
|
|
717
|
-
|
718
|
-
|
719
|
-
OperationId: vault_post_v1_key_store 1
|
680
|
+
Generate an asymmetric signing key.
|
720
681
|
|
721
682
|
Args:
|
722
|
-
|
723
|
-
|
724
|
-
algorithm
|
725
|
-
|
726
|
-
|
727
|
-
|
728
|
-
|
729
|
-
|
730
|
-
|
731
|
-
|
732
|
-
|
733
|
-
|
734
|
-
- `destroyed`
|
735
|
-
expiration (str, optional): Expiration timestamp
|
683
|
+
key_type: Key type.
|
684
|
+
purpose: The purpose of this key.
|
685
|
+
algorithm: The algorithm of the key.
|
686
|
+
name: The name of this item.
|
687
|
+
folder: The folder where this item is stored.
|
688
|
+
metadata: User-provided metadata.
|
689
|
+
tags: A list of user-defined tags.
|
690
|
+
rotation_frequency: Period of time between item rotations.
|
691
|
+
rotation_state: State to which the previous version should
|
692
|
+
transition upon rotation.
|
693
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
694
|
+
exportable: Whether the key is exportable or not.
|
736
695
|
|
737
696
|
Raises:
|
738
|
-
PangeaAPIException: If an API Error happens
|
739
|
-
|
740
|
-
Returns:
|
741
|
-
A PangeaResponse where the ID and public key
|
742
|
-
is returned in the response.result field.
|
743
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#import-a-key).
|
697
|
+
PangeaAPIException: If an API Error happens.
|
744
698
|
|
745
699
|
Examples:
|
746
|
-
response = vault.
|
747
|
-
|
748
|
-
|
749
|
-
algorithm=
|
750
|
-
purpose=KeyPurpose.SIGNING,
|
751
|
-
name="my-very-secret-secret",
|
752
|
-
folder="/personal",
|
753
|
-
metadata={
|
754
|
-
"created_by": "John Doe",
|
755
|
-
"used_in": "Google products"
|
756
|
-
},
|
757
|
-
tags=[
|
758
|
-
"irs_2023",
|
759
|
-
"personal"
|
760
|
-
],
|
761
|
-
rotation_frequency="10d",
|
762
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
763
|
-
expiration="2025-01-01T10:00:00Z",
|
700
|
+
response = vault.generate_key(
|
701
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
702
|
+
purpose=AsymmetricKeyPurpose.SIGNING,
|
703
|
+
algorithm=AsymmetricKeySigningAlgorithm.ED25519,
|
764
704
|
)
|
765
705
|
"""
|
766
|
-
input = AsymmetricStoreRequest(
|
767
|
-
type=ItemType.ASYMMETRIC_KEY,
|
768
|
-
algorithm=algorithm,
|
769
|
-
purpose=purpose,
|
770
|
-
public_key=public_key,
|
771
|
-
private_key=private_key,
|
772
|
-
name=name,
|
773
|
-
folder=folder,
|
774
|
-
metadata=metadata,
|
775
|
-
tags=tags,
|
776
|
-
rotation_frequency=rotation_frequency,
|
777
|
-
rotation_state=rotation_state,
|
778
|
-
expiration=expiration,
|
779
|
-
)
|
780
|
-
return self.request.post("v1/key/store", AsymmetricStoreResult, data=input.dict(exclude_none=True))
|
781
706
|
|
782
|
-
|
707
|
+
@overload
|
708
|
+
def generate_key(
|
783
709
|
self,
|
784
|
-
|
785
|
-
|
786
|
-
purpose:
|
787
|
-
|
788
|
-
|
789
|
-
|
790
|
-
|
791
|
-
|
792
|
-
|
793
|
-
|
794
|
-
|
710
|
+
*,
|
711
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
712
|
+
purpose: Literal[AsymmetricKeyPurpose.ENCRYPTION],
|
713
|
+
algorithm: AsymmetricKeyEncryptionAlgorithm,
|
714
|
+
name: str | None = None,
|
715
|
+
folder: str | None = None,
|
716
|
+
metadata: Metadata | None = None,
|
717
|
+
tags: Tags | None = None,
|
718
|
+
rotation_frequency: str | None = None,
|
719
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
720
|
+
disabled_at: datetime.datetime | None = None,
|
721
|
+
exportable: bool = False,
|
722
|
+
) -> PangeaResponse[AsymmetricKey]:
|
795
723
|
"""
|
796
|
-
|
724
|
+
Generate key
|
797
725
|
|
798
|
-
|
799
|
-
|
800
|
-
OperationId: vault_post_v1_key_store 2
|
726
|
+
Generate an asymmetric encryption key.
|
801
727
|
|
802
728
|
Args:
|
803
|
-
|
804
|
-
|
805
|
-
|
806
|
-
name
|
807
|
-
folder
|
808
|
-
metadata
|
809
|
-
tags
|
810
|
-
rotation_frequency
|
811
|
-
rotation_state
|
812
|
-
|
813
|
-
|
814
|
-
|
815
|
-
expiration (str, optional): Expiration timestamp
|
729
|
+
key_type: Key type.
|
730
|
+
purpose: The purpose of this key.
|
731
|
+
algorithm: The algorithm of the key.
|
732
|
+
name: The name of this item.
|
733
|
+
folder: The folder where this item is stored.
|
734
|
+
metadata: User-provided metadata.
|
735
|
+
tags: A list of user-defined tags.
|
736
|
+
rotation_frequency: Period of time between item rotations.
|
737
|
+
rotation_state: State to which the previous version should
|
738
|
+
transition upon rotation.
|
739
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
740
|
+
exportable: Whether the key is exportable or not.
|
816
741
|
|
817
742
|
Raises:
|
818
|
-
PangeaAPIException: If an API Error happens
|
819
|
-
|
820
|
-
Returns:
|
821
|
-
A PangeaResponse where the ID
|
822
|
-
is returned in the response.result field.
|
823
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#import-a-key).
|
743
|
+
PangeaAPIException: If an API Error happens.
|
824
744
|
|
825
745
|
Examples:
|
826
|
-
response = vault.
|
827
|
-
|
828
|
-
|
829
|
-
|
830
|
-
name="my-very-secret-secret",
|
831
|
-
folder="/personal",
|
832
|
-
metadata={
|
833
|
-
"created_by": "John Doe",
|
834
|
-
"used_in": "Google products"
|
835
|
-
},
|
836
|
-
tags=[
|
837
|
-
"irs_2023",
|
838
|
-
"personal"
|
839
|
-
],
|
840
|
-
rotation_frequency="10d",
|
841
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
842
|
-
expiration="2025-01-01T10:00:00Z",
|
746
|
+
response = vault.generate_key(
|
747
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
748
|
+
purpose=AsymmetricKeyPurpose.ENCRYPTION,
|
749
|
+
algorithm=AsymmetricKeyEncryptionAlgorithm.RSA_OAEP_2048_SHA1,
|
843
750
|
)
|
844
751
|
"""
|
845
|
-
input = SymmetricStoreRequest(
|
846
|
-
type=ItemType.SYMMETRIC_KEY,
|
847
|
-
algorithm=algorithm,
|
848
|
-
purpose=purpose,
|
849
|
-
key=key, # type: ignore[arg-type]
|
850
|
-
name=name,
|
851
|
-
folder=folder,
|
852
|
-
metadata=metadata,
|
853
|
-
tags=tags,
|
854
|
-
rotation_frequency=rotation_frequency,
|
855
|
-
rotation_state=rotation_state,
|
856
|
-
expiration=expiration,
|
857
|
-
)
|
858
|
-
return self.request.post("v1/key/store", SymmetricStoreResult, data=input.dict(exclude_none=True))
|
859
752
|
|
860
|
-
|
861
|
-
def
|
753
|
+
@overload
|
754
|
+
def generate_key(
|
862
755
|
self,
|
863
|
-
|
864
|
-
|
865
|
-
|
866
|
-
|
867
|
-
|
868
|
-
|
756
|
+
*,
|
757
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
758
|
+
purpose: Literal[AsymmetricKeyPurpose.JWT],
|
759
|
+
algorithm: AsymmetricKeyJwtAlgorithm,
|
760
|
+
name: str | None = None,
|
761
|
+
folder: str | None = None,
|
762
|
+
metadata: Metadata | None = None,
|
763
|
+
tags: Tags | None = None,
|
764
|
+
rotation_frequency: str | None = None,
|
765
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
766
|
+
disabled_at: datetime.datetime | None = None,
|
767
|
+
exportable: bool = False,
|
768
|
+
) -> PangeaResponse[AsymmetricKey]:
|
869
769
|
"""
|
870
|
-
|
770
|
+
Generate key
|
871
771
|
|
872
|
-
|
873
|
-
|
874
|
-
OperationId: vault_post_v1_key_rotate
|
772
|
+
Generate an asymmetric JWT key.
|
875
773
|
|
876
774
|
Args:
|
877
|
-
|
878
|
-
|
879
|
-
|
880
|
-
|
881
|
-
|
882
|
-
|
883
|
-
|
884
|
-
|
885
|
-
|
886
|
-
|
887
|
-
|
775
|
+
key_type: Key type.
|
776
|
+
purpose: The purpose of this key.
|
777
|
+
algorithm: The algorithm of the key.
|
778
|
+
name: The name of this item.
|
779
|
+
folder: The folder where this item is stored.
|
780
|
+
metadata: User-provided metadata.
|
781
|
+
tags: A list of user-defined tags.
|
782
|
+
rotation_frequency: Period of time between item rotations.
|
783
|
+
rotation_state: State to which the previous version should
|
784
|
+
transition upon rotation.
|
785
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
786
|
+
exportable: Whether the key is exportable or not.
|
888
787
|
|
889
788
|
Raises:
|
890
|
-
PangeaAPIException: If an API Error happens
|
891
|
-
|
892
|
-
Returns:
|
893
|
-
A PangeaResponse where the ID
|
894
|
-
is returned in the response.result field.
|
895
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#rotate).
|
789
|
+
PangeaAPIException: If an API Error happens.
|
896
790
|
|
897
791
|
Examples:
|
898
|
-
response = vault.
|
899
|
-
|
900
|
-
|
901
|
-
|
792
|
+
response = vault.generate_key(
|
793
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
794
|
+
purpose=AsymmetricKeyPurpose.JWT,
|
795
|
+
algorithm=AsymmetricKeyJwtAlgorithm.ES512,
|
902
796
|
)
|
903
797
|
"""
|
904
|
-
input = KeyRotateRequest(
|
905
|
-
id=id,
|
906
|
-
public_key=public_key,
|
907
|
-
private_key=private_key,
|
908
|
-
key=key,
|
909
|
-
rotation_state=rotation_state,
|
910
|
-
)
|
911
|
-
return self.request.post("v1/key/rotate", KeyRotateResult, data=input.dict(exclude_none=True))
|
912
798
|
|
913
|
-
|
914
|
-
def
|
799
|
+
@overload
|
800
|
+
def generate_key(
|
801
|
+
self,
|
802
|
+
*,
|
803
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
804
|
+
purpose: Literal[AsymmetricKeyPurpose.PKI],
|
805
|
+
algorithm: AsymmetricKeyPkiAlgorithm,
|
806
|
+
name: str | None = None,
|
807
|
+
folder: str | None = None,
|
808
|
+
metadata: Metadata | None = None,
|
809
|
+
tags: Tags | None = None,
|
810
|
+
rotation_frequency: str | None = None,
|
811
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
812
|
+
disabled_at: datetime.datetime | None = None,
|
813
|
+
exportable: bool = False,
|
814
|
+
) -> PangeaResponse[AsymmetricKey]:
|
915
815
|
"""
|
916
|
-
|
917
|
-
|
918
|
-
Encrypt a message using a key
|
816
|
+
Generate key
|
919
817
|
|
920
|
-
|
818
|
+
Generate an asymmetric PKI key.
|
921
819
|
|
922
820
|
Args:
|
923
|
-
|
924
|
-
|
925
|
-
|
821
|
+
key_type: Key type.
|
822
|
+
purpose: The purpose of this key.
|
823
|
+
algorithm: The algorithm of the key.
|
824
|
+
name: The name of this item.
|
825
|
+
folder: The folder where this item is stored.
|
826
|
+
metadata: User-provided metadata.
|
827
|
+
tags: A list of user-defined tags.
|
828
|
+
rotation_frequency: Period of time between item rotations.
|
829
|
+
rotation_state: State to which the previous version should
|
830
|
+
transition upon rotation.
|
831
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
832
|
+
exportable: Whether the key is exportable or not.
|
926
833
|
|
927
834
|
Raises:
|
928
|
-
PangeaAPIException: If an API Error happens
|
929
|
-
|
930
|
-
Returns:
|
931
|
-
A PangeaResponse where the encrypted message in base64
|
932
|
-
is returned in the response.result field.
|
933
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#encrypt).
|
835
|
+
PangeaAPIException: If an API Error happens.
|
934
836
|
|
935
837
|
Examples:
|
936
|
-
response = vault.
|
937
|
-
|
938
|
-
|
939
|
-
|
838
|
+
response = vault.generate_key(
|
839
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
840
|
+
purpose=AsymmetricKeyPurpose.PKI,
|
841
|
+
algorithm=AsymmetricKeyPkiAlgorithm.ED25519,
|
940
842
|
)
|
941
843
|
"""
|
942
|
-
input = EncryptRequest(id=id, plain_text=plain_text, version=version) # type: ignore[call-arg]
|
943
|
-
return self.request.post("v1/key/encrypt", EncryptResult, data=input.dict(exclude_none=True))
|
944
844
|
|
945
|
-
|
946
|
-
def
|
845
|
+
@overload
|
846
|
+
def generate_key(
|
847
|
+
self,
|
848
|
+
*,
|
849
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
850
|
+
purpose: AsymmetricKeyPurpose,
|
851
|
+
algorithm: AsymmetricKeyAlgorithm,
|
852
|
+
name: str | None = None,
|
853
|
+
folder: str | None = None,
|
854
|
+
metadata: Metadata | None = None,
|
855
|
+
tags: Tags | None = None,
|
856
|
+
rotation_frequency: str | None = None,
|
857
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
858
|
+
disabled_at: datetime.datetime | None = None,
|
859
|
+
exportable: bool = False,
|
860
|
+
) -> PangeaResponse[AsymmetricKey]:
|
947
861
|
"""
|
948
|
-
|
862
|
+
Generate key
|
949
863
|
|
950
|
-
|
951
|
-
|
952
|
-
OperationId: vault_post_v1_key_decrypt
|
864
|
+
Generate an asymmetric key.
|
953
865
|
|
954
866
|
Args:
|
955
|
-
|
956
|
-
|
957
|
-
|
867
|
+
key_type: Key type.
|
868
|
+
purpose: The purpose of this key.
|
869
|
+
algorithm: The algorithm of the key.
|
870
|
+
name: The name of this item.
|
871
|
+
folder: The folder where this item is stored.
|
872
|
+
metadata: User-provided metadata.
|
873
|
+
tags: A list of user-defined tags.
|
874
|
+
rotation_frequency: Period of time between item rotations.
|
875
|
+
rotation_state: State to which the previous version should
|
876
|
+
transition upon rotation.
|
877
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
878
|
+
exportable: Whether the key is exportable or not.
|
958
879
|
|
959
880
|
Raises:
|
960
|
-
PangeaAPIException: If an API Error happens
|
961
|
-
|
962
|
-
Returns:
|
963
|
-
A PangeaResponse where the decrypted message in base64
|
964
|
-
is returned in the response.result field.
|
965
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#decrypt).
|
881
|
+
PangeaAPIException: If an API Error happens.
|
966
882
|
|
967
883
|
Examples:
|
968
|
-
response = vault.
|
969
|
-
|
970
|
-
|
971
|
-
|
884
|
+
response = vault.generate_key(
|
885
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
886
|
+
purpose=AsymmetricKeyPurpose.PKI,
|
887
|
+
algorithm=AsymmetricKeyPkiAlgorithm.ED25519,
|
972
888
|
)
|
973
889
|
"""
|
974
|
-
input = DecryptRequest(id=id, cipher_text=cipher_text, version=version) # type: ignore[call-arg]
|
975
|
-
return self.request.post("v1/key/decrypt", DecryptResult, data=input.dict(exclude_none=True))
|
976
890
|
|
977
|
-
|
978
|
-
def
|
891
|
+
@overload
|
892
|
+
def generate_key(
|
893
|
+
self,
|
894
|
+
*,
|
895
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
896
|
+
purpose: Literal[SymmetricKeyPurpose.ENCRYPTION],
|
897
|
+
algorithm: SymmetricKeyEncryptionAlgorithm,
|
898
|
+
name: str | None = None,
|
899
|
+
folder: str | None = None,
|
900
|
+
metadata: Metadata | None = None,
|
901
|
+
tags: Tags | None = None,
|
902
|
+
rotation_frequency: str | None = None,
|
903
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
904
|
+
disabled_at: datetime.datetime | None = None,
|
905
|
+
exportable: bool = False,
|
906
|
+
) -> PangeaResponse[SymmetricKey]:
|
979
907
|
"""
|
980
|
-
|
908
|
+
Generate key
|
981
909
|
|
982
|
-
|
910
|
+
Generate a symmetric encryption key.
|
983
911
|
|
984
|
-
|
912
|
+
Args:
|
913
|
+
key_type: Key type.
|
914
|
+
purpose: The purpose of this key.
|
915
|
+
algorithm: The algorithm of the key.
|
916
|
+
name: The name of this item.
|
917
|
+
folder: The folder where this item is stored.
|
918
|
+
metadata: User-provided metadata.
|
919
|
+
tags: A list of user-defined tags.
|
920
|
+
rotation_frequency: Period of time between item rotations.
|
921
|
+
rotation_state: State to which the previous version should
|
922
|
+
transition upon rotation.
|
923
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
924
|
+
exportable: Whether the key is exportable or not.
|
925
|
+
|
926
|
+
Raises:
|
927
|
+
PangeaAPIException: If an API Error happens.
|
928
|
+
|
929
|
+
Examples:
|
930
|
+
response = vault.generate_key(
|
931
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
932
|
+
purpose=SymmetricKeyPurpose.ENCRYPTION,
|
933
|
+
algorithm=SymmetricKeyEncryptionAlgorithm.AES_CFB_128,
|
934
|
+
)
|
935
|
+
"""
|
936
|
+
|
937
|
+
@overload
|
938
|
+
def generate_key(
|
939
|
+
self,
|
940
|
+
*,
|
941
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
942
|
+
purpose: Literal[SymmetricKeyPurpose.JWT],
|
943
|
+
algorithm: SymmetricKeyJwtAlgorithm,
|
944
|
+
name: str | None = None,
|
945
|
+
folder: str | None = None,
|
946
|
+
metadata: Metadata | None = None,
|
947
|
+
tags: Tags | None = None,
|
948
|
+
rotation_frequency: str | None = None,
|
949
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
950
|
+
disabled_at: datetime.datetime | None = None,
|
951
|
+
exportable: bool = False,
|
952
|
+
) -> PangeaResponse[SymmetricKey]:
|
953
|
+
"""
|
954
|
+
Generate key
|
955
|
+
|
956
|
+
Generate a symmetric JWT key.
|
957
|
+
|
958
|
+
Args:
|
959
|
+
key_type: Key type.
|
960
|
+
purpose: The purpose of this key.
|
961
|
+
algorithm: The algorithm of the key.
|
962
|
+
name: The name of this item.
|
963
|
+
folder: The folder where this item is stored.
|
964
|
+
metadata: User-provided metadata.
|
965
|
+
tags: A list of user-defined tags.
|
966
|
+
rotation_frequency: Period of time between item rotations.
|
967
|
+
rotation_state: State to which the previous version should
|
968
|
+
transition upon rotation.
|
969
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
970
|
+
exportable: Whether the key is exportable or not.
|
971
|
+
|
972
|
+
Raises:
|
973
|
+
PangeaAPIException: If an API Error happens.
|
974
|
+
|
975
|
+
Examples:
|
976
|
+
response = vault.generate_key(
|
977
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
978
|
+
purpose=SymmetricKeyPurpose.JWT,
|
979
|
+
algorithm=SymmetricKeyJwtAlgorithm.HS512,
|
980
|
+
)
|
981
|
+
"""
|
982
|
+
|
983
|
+
@overload
|
984
|
+
def generate_key(
|
985
|
+
self,
|
986
|
+
*,
|
987
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
988
|
+
purpose: Literal[SymmetricKeyPurpose.FPE],
|
989
|
+
algorithm: SymmetricKeyFpeAlgorithm,
|
990
|
+
name: str | None = None,
|
991
|
+
folder: str | None = None,
|
992
|
+
metadata: Metadata | None = None,
|
993
|
+
tags: Tags | None = None,
|
994
|
+
rotation_frequency: str | None = None,
|
995
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
996
|
+
disabled_at: datetime.datetime | None = None,
|
997
|
+
exportable: bool = False,
|
998
|
+
) -> PangeaResponse[SymmetricKey]:
|
999
|
+
"""
|
1000
|
+
Generate key
|
1001
|
+
|
1002
|
+
Generate a symmetric FPE key.
|
1003
|
+
|
1004
|
+
Args:
|
1005
|
+
key_type: Key type.
|
1006
|
+
purpose: The purpose of this key.
|
1007
|
+
algorithm: The algorithm of the key.
|
1008
|
+
name: The name of this item.
|
1009
|
+
folder: The folder where this item is stored.
|
1010
|
+
metadata: User-provided metadata.
|
1011
|
+
tags: A list of user-defined tags.
|
1012
|
+
rotation_frequency: Period of time between item rotations.
|
1013
|
+
rotation_state: State to which the previous version should
|
1014
|
+
transition upon rotation.
|
1015
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1016
|
+
exportable: Whether the key is exportable or not.
|
1017
|
+
|
1018
|
+
Raises:
|
1019
|
+
PangeaAPIException: If an API Error happens.
|
1020
|
+
|
1021
|
+
Examples:
|
1022
|
+
response = vault.generate_key(
|
1023
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
1024
|
+
purpose=SymmetricKeyPurpose.FPE,
|
1025
|
+
algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
|
1026
|
+
)
|
1027
|
+
"""
|
1028
|
+
|
1029
|
+
@overload
|
1030
|
+
def generate_key(
|
1031
|
+
self,
|
1032
|
+
*,
|
1033
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
1034
|
+
purpose: SymmetricKeyPurpose,
|
1035
|
+
algorithm: SymmetricKeyAlgorithm,
|
1036
|
+
name: str | None = None,
|
1037
|
+
folder: str | None = None,
|
1038
|
+
metadata: Metadata | None = None,
|
1039
|
+
tags: Tags | None = None,
|
1040
|
+
rotation_frequency: str | None = None,
|
1041
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
1042
|
+
disabled_at: datetime.datetime | None = None,
|
1043
|
+
exportable: bool = False,
|
1044
|
+
) -> PangeaResponse[SymmetricKey]:
|
1045
|
+
"""
|
1046
|
+
Generate key
|
1047
|
+
|
1048
|
+
Generate a symmetric key.
|
1049
|
+
|
1050
|
+
Args:
|
1051
|
+
key_type: Key type.
|
1052
|
+
purpose: The purpose of this key.
|
1053
|
+
algorithm: The algorithm of the key.
|
1054
|
+
name: The name of this item.
|
1055
|
+
folder: The folder where this item is stored.
|
1056
|
+
metadata: User-provided metadata.
|
1057
|
+
tags: A list of user-defined tags.
|
1058
|
+
rotation_frequency: Period of time between item rotations.
|
1059
|
+
rotation_state: State to which the previous version should
|
1060
|
+
transition upon rotation.
|
1061
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1062
|
+
exportable: Whether the key is exportable or not.
|
1063
|
+
|
1064
|
+
Raises:
|
1065
|
+
PangeaAPIException: If an API Error happens.
|
1066
|
+
|
1067
|
+
Examples:
|
1068
|
+
response = vault.generate_key(
|
1069
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
1070
|
+
purpose=SymmetricKeyPurpose.FPE,
|
1071
|
+
algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
|
1072
|
+
)
|
1073
|
+
"""
|
1074
|
+
|
1075
|
+
def generate_key(
|
1076
|
+
self,
|
1077
|
+
*,
|
1078
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY, ItemType.SYMMETRIC_KEY],
|
1079
|
+
purpose: SymmetricKeyPurpose | AsymmetricKeyPurpose,
|
1080
|
+
algorithm: AsymmetricKeyAlgorithm | SymmetricKeyAlgorithm,
|
1081
|
+
name: str | None = None,
|
1082
|
+
folder: str | None = None,
|
1083
|
+
metadata: Metadata | None = None,
|
1084
|
+
tags: Tags | None = None,
|
1085
|
+
rotation_frequency: str | None = None,
|
1086
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
1087
|
+
disabled_at: datetime.datetime | None = None,
|
1088
|
+
exportable: bool = False,
|
1089
|
+
) -> PangeaResponse[Any]:
|
1090
|
+
"""
|
1091
|
+
Generate key
|
1092
|
+
|
1093
|
+
Generate a key.
|
1094
|
+
|
1095
|
+
Args:
|
1096
|
+
key_type: Key type.
|
1097
|
+
purpose: The purpose of this key.
|
1098
|
+
algorithm: The algorithm of the key.
|
1099
|
+
name: The name of this item.
|
1100
|
+
folder: The folder where this item is stored.
|
1101
|
+
metadata: User-provided metadata.
|
1102
|
+
tags: A list of user-defined tags.
|
1103
|
+
rotation_frequency: Period of time between item rotations.
|
1104
|
+
rotation_state: State to which the previous version should
|
1105
|
+
transition upon rotation.
|
1106
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1107
|
+
exportable: Whether the key is exportable or not.
|
1108
|
+
|
1109
|
+
Raises:
|
1110
|
+
PangeaAPIException: If an API Error happens.
|
1111
|
+
|
1112
|
+
Examples:
|
1113
|
+
response = vault.generate_key(
|
1114
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
1115
|
+
purpose=SymmetricKeyPurpose.FPE,
|
1116
|
+
algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
|
1117
|
+
)
|
1118
|
+
"""
|
1119
|
+
|
1120
|
+
return self.request.post(
|
1121
|
+
"v2/key/generate",
|
1122
|
+
AsymmetricKey if key_type == ItemType.ASYMMETRIC_KEY else SymmetricKey,
|
1123
|
+
data=CommonGenerateRequest(
|
1124
|
+
type=key_type,
|
1125
|
+
purpose=purpose,
|
1126
|
+
algorithm=algorithm,
|
1127
|
+
name=name,
|
1128
|
+
folder=folder,
|
1129
|
+
metadata=metadata,
|
1130
|
+
tags=tags,
|
1131
|
+
rotation_frequency=rotation_frequency,
|
1132
|
+
rotation_state=rotation_state,
|
1133
|
+
disabled_at=disabled_at,
|
1134
|
+
exportable=exportable,
|
1135
|
+
),
|
1136
|
+
)
|
1137
|
+
|
1138
|
+
@overload
|
1139
|
+
def store_key(
|
1140
|
+
self,
|
1141
|
+
*,
|
1142
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
1143
|
+
purpose: Literal[AsymmetricKeyPurpose.SIGNING],
|
1144
|
+
algorithm: AsymmetricKeySigningAlgorithm,
|
1145
|
+
public_key: str,
|
1146
|
+
private_key: str,
|
1147
|
+
name: str | None = None,
|
1148
|
+
folder: str | None = None,
|
1149
|
+
metadata: Metadata | None = None,
|
1150
|
+
tags: Tags | None = None,
|
1151
|
+
rotation_frequency: str | None = None,
|
1152
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
1153
|
+
disabled_at: datetime.datetime | None = None,
|
1154
|
+
exportable: bool = False,
|
1155
|
+
) -> PangeaResponse[AsymmetricKey]:
|
1156
|
+
"""
|
1157
|
+
Store key
|
1158
|
+
|
1159
|
+
Import an asymmetric signing key.
|
1160
|
+
|
1161
|
+
Args:
|
1162
|
+
key_type: Key type.
|
1163
|
+
purpose: The purpose of this key.
|
1164
|
+
algorithm: The algorithm of the key.
|
1165
|
+
public_key: The public key (in PEM format).
|
1166
|
+
private_key: The private key (in PEM format).
|
1167
|
+
name: The name of this item.
|
1168
|
+
folder: The folder where this item is stored.
|
1169
|
+
metadata: User-provided metadata.
|
1170
|
+
tags: A list of user-defined tags.
|
1171
|
+
rotation_frequency: Period of time between item rotations.
|
1172
|
+
rotation_state: State to which the previous version should
|
1173
|
+
transition upon rotation.
|
1174
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1175
|
+
exportable: Whether the key is exportable or not.
|
1176
|
+
|
1177
|
+
Raises:
|
1178
|
+
PangeaAPIException: If an API Error happens.
|
1179
|
+
|
1180
|
+
Examples:
|
1181
|
+
response = vault.store_key(
|
1182
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
1183
|
+
purpose=AsymmetricKeyPurpose.SIGNING,
|
1184
|
+
algorithm=AsymmetricKeySigningAlgorithm.ED25519,
|
1185
|
+
)
|
1186
|
+
"""
|
1187
|
+
|
1188
|
+
@overload
|
1189
|
+
def store_key(
|
1190
|
+
self,
|
1191
|
+
*,
|
1192
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
1193
|
+
purpose: Literal[AsymmetricKeyPurpose.ENCRYPTION],
|
1194
|
+
algorithm: AsymmetricKeyEncryptionAlgorithm,
|
1195
|
+
public_key: str,
|
1196
|
+
private_key: str,
|
1197
|
+
name: str | None = None,
|
1198
|
+
folder: str | None = None,
|
1199
|
+
metadata: Metadata | None = None,
|
1200
|
+
tags: Tags | None = None,
|
1201
|
+
rotation_frequency: str | None = None,
|
1202
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
1203
|
+
disabled_at: datetime.datetime | None = None,
|
1204
|
+
exportable: bool = False,
|
1205
|
+
) -> PangeaResponse[AsymmetricKey]:
|
1206
|
+
"""
|
1207
|
+
Store key
|
1208
|
+
|
1209
|
+
Import an asymmetric encryption key.
|
1210
|
+
|
1211
|
+
Args:
|
1212
|
+
key_type: Key type.
|
1213
|
+
purpose: The purpose of this key.
|
1214
|
+
algorithm: The algorithm of the key.
|
1215
|
+
public_key: The public key (in PEM format).
|
1216
|
+
private_key: The private key (in PEM format).
|
1217
|
+
name: The name of this item.
|
1218
|
+
folder: The folder where this item is stored.
|
1219
|
+
metadata: User-provided metadata.
|
1220
|
+
tags: A list of user-defined tags.
|
1221
|
+
rotation_frequency: Period of time between item rotations.
|
1222
|
+
rotation_state: State to which the previous version should
|
1223
|
+
transition upon rotation.
|
1224
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1225
|
+
exportable: Whether the key is exportable or not.
|
1226
|
+
|
1227
|
+
Raises:
|
1228
|
+
PangeaAPIException: If an API Error happens.
|
1229
|
+
|
1230
|
+
Examples:
|
1231
|
+
response = vault.store_key(
|
1232
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
1233
|
+
purpose=AsymmetricKeyPurpose.ENCRYPTION,
|
1234
|
+
algorithm=AsymmetricKeyEncryptionAlgorithm.RSA_OAEP_2048_SHA1,
|
1235
|
+
)
|
1236
|
+
"""
|
1237
|
+
|
1238
|
+
@overload
|
1239
|
+
def store_key(
|
1240
|
+
self,
|
1241
|
+
*,
|
1242
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
1243
|
+
purpose: Literal[AsymmetricKeyPurpose.JWT],
|
1244
|
+
algorithm: AsymmetricKeyJwtAlgorithm,
|
1245
|
+
public_key: str,
|
1246
|
+
private_key: str,
|
1247
|
+
name: str | None = None,
|
1248
|
+
folder: str | None = None,
|
1249
|
+
metadata: Metadata | None = None,
|
1250
|
+
tags: Tags | None = None,
|
1251
|
+
rotation_frequency: str | None = None,
|
1252
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
1253
|
+
disabled_at: datetime.datetime | None = None,
|
1254
|
+
exportable: bool = False,
|
1255
|
+
) -> PangeaResponse[AsymmetricKey]:
|
1256
|
+
"""
|
1257
|
+
Store key
|
1258
|
+
|
1259
|
+
Import an asymmetric JWT key.
|
1260
|
+
|
1261
|
+
Args:
|
1262
|
+
key_type: Key type.
|
1263
|
+
purpose: The purpose of this key.
|
1264
|
+
algorithm: The algorithm of the key.
|
1265
|
+
public_key: The public key (in PEM format).
|
1266
|
+
private_key: The private key (in PEM format).
|
1267
|
+
name: The name of this item.
|
1268
|
+
folder: The folder where this item is stored.
|
1269
|
+
metadata: User-provided metadata.
|
1270
|
+
tags: A list of user-defined tags.
|
1271
|
+
rotation_frequency: Period of time between item rotations.
|
1272
|
+
rotation_state: State to which the previous version should
|
1273
|
+
transition upon rotation.
|
1274
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1275
|
+
exportable: Whether the key is exportable or not.
|
1276
|
+
|
1277
|
+
Raises:
|
1278
|
+
PangeaAPIException: If an API Error happens.
|
1279
|
+
|
1280
|
+
Examples:
|
1281
|
+
response = vault.store_key(
|
1282
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
1283
|
+
purpose=AsymmetricKeyPurpose.JWT,
|
1284
|
+
algorithm=AsymmetricKeyJwtAlgorithm.ES512,
|
1285
|
+
)
|
1286
|
+
"""
|
1287
|
+
|
1288
|
+
@overload
|
1289
|
+
def store_key(
|
1290
|
+
self,
|
1291
|
+
*,
|
1292
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
1293
|
+
purpose: Literal[AsymmetricKeyPurpose.PKI],
|
1294
|
+
algorithm: AsymmetricKeyPkiAlgorithm,
|
1295
|
+
public_key: str,
|
1296
|
+
private_key: str,
|
1297
|
+
name: str | None = None,
|
1298
|
+
folder: str | None = None,
|
1299
|
+
metadata: Metadata | None = None,
|
1300
|
+
tags: Tags | None = None,
|
1301
|
+
rotation_frequency: str | None = None,
|
1302
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
1303
|
+
disabled_at: datetime.datetime | None = None,
|
1304
|
+
exportable: bool = False,
|
1305
|
+
) -> PangeaResponse[AsymmetricKey]:
|
1306
|
+
"""
|
1307
|
+
Store key
|
1308
|
+
|
1309
|
+
Import an asymmetric PKI key.
|
1310
|
+
|
1311
|
+
Args:
|
1312
|
+
key_type: Key type.
|
1313
|
+
purpose: The purpose of this key.
|
1314
|
+
algorithm: The algorithm of the key.
|
1315
|
+
public_key: The public key (in PEM format).
|
1316
|
+
private_key: The private key (in PEM format).
|
1317
|
+
name: The name of this item.
|
1318
|
+
folder: The folder where this item is stored.
|
1319
|
+
metadata: User-provided metadata.
|
1320
|
+
tags: A list of user-defined tags.
|
1321
|
+
rotation_frequency: Period of time between item rotations.
|
1322
|
+
rotation_state: State to which the previous version should
|
1323
|
+
transition upon rotation.
|
1324
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1325
|
+
exportable: Whether the key is exportable or not.
|
1326
|
+
|
1327
|
+
Raises:
|
1328
|
+
PangeaAPIException: If an API Error happens.
|
1329
|
+
|
1330
|
+
Examples:
|
1331
|
+
response = vault.store_key(
|
1332
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
1333
|
+
purpose=AsymmetricKeyPurpose.PKI,
|
1334
|
+
algorithm=AsymmetricKeyPkiAlgorithm.ED25519,
|
1335
|
+
)
|
1336
|
+
"""
|
1337
|
+
|
1338
|
+
@overload
|
1339
|
+
def store_key(
|
1340
|
+
self,
|
1341
|
+
*,
|
1342
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
1343
|
+
purpose: Literal[SymmetricKeyPurpose.ENCRYPTION],
|
1344
|
+
algorithm: SymmetricKeyEncryptionAlgorithm,
|
1345
|
+
key: str,
|
1346
|
+
name: str | None = None,
|
1347
|
+
folder: str | None = None,
|
1348
|
+
metadata: Metadata | None = None,
|
1349
|
+
tags: Tags | None = None,
|
1350
|
+
rotation_frequency: str | None = None,
|
1351
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
1352
|
+
disabled_at: datetime.datetime | None = None,
|
1353
|
+
exportable: bool = False,
|
1354
|
+
) -> PangeaResponse[SymmetricKey]:
|
1355
|
+
"""
|
1356
|
+
Store key
|
1357
|
+
|
1358
|
+
Import a symmetric encryption key.
|
1359
|
+
|
1360
|
+
Args:
|
1361
|
+
key_type: Key type.
|
1362
|
+
purpose: The purpose of this key.
|
1363
|
+
algorithm: The algorithm of the key.
|
1364
|
+
key: The key material.
|
1365
|
+
name: The name of this item.
|
1366
|
+
folder: The folder where this item is stored.
|
1367
|
+
metadata: User-provided metadata.
|
1368
|
+
tags: A list of user-defined tags.
|
1369
|
+
rotation_frequency: Period of time between item rotations.
|
1370
|
+
rotation_state: State to which the previous version should
|
1371
|
+
transition upon rotation.
|
1372
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1373
|
+
exportable: Whether the key is exportable or not.
|
1374
|
+
|
1375
|
+
Raises:
|
1376
|
+
PangeaAPIException: If an API Error happens.
|
1377
|
+
|
1378
|
+
Examples:
|
1379
|
+
response = vault.store_key(
|
1380
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
1381
|
+
purpose=SymmetricKeyPurpose.ENCRYPTION,
|
1382
|
+
algorithm=SymmetricKeyEncryptionAlgorithm.AES_CFB_128,
|
1383
|
+
)
|
1384
|
+
"""
|
1385
|
+
|
1386
|
+
@overload
|
1387
|
+
def store_key(
|
1388
|
+
self,
|
1389
|
+
*,
|
1390
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
1391
|
+
purpose: Literal[SymmetricKeyPurpose.JWT],
|
1392
|
+
algorithm: SymmetricKeyJwtAlgorithm,
|
1393
|
+
key: str,
|
1394
|
+
name: str | None = None,
|
1395
|
+
folder: str | None = None,
|
1396
|
+
metadata: Metadata | None = None,
|
1397
|
+
tags: Tags | None = None,
|
1398
|
+
rotation_frequency: str | None = None,
|
1399
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
1400
|
+
disabled_at: datetime.datetime | None = None,
|
1401
|
+
exportable: bool = False,
|
1402
|
+
) -> PangeaResponse[SymmetricKey]:
|
1403
|
+
"""
|
1404
|
+
Store key
|
1405
|
+
|
1406
|
+
Import a symmetric JWT key.
|
1407
|
+
|
1408
|
+
Args:
|
1409
|
+
key_type: Key type.
|
1410
|
+
purpose: The purpose of this key.
|
1411
|
+
algorithm: The algorithm of the key.
|
1412
|
+
key: The key material.
|
1413
|
+
name: The name of this item.
|
1414
|
+
folder: The folder where this item is stored.
|
1415
|
+
metadata: User-provided metadata.
|
1416
|
+
tags: A list of user-defined tags.
|
1417
|
+
rotation_frequency: Period of time between item rotations.
|
1418
|
+
rotation_state: State to which the previous version should
|
1419
|
+
transition upon rotation.
|
1420
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1421
|
+
exportable: Whether the key is exportable or not.
|
1422
|
+
|
1423
|
+
Raises:
|
1424
|
+
PangeaAPIException: If an API Error happens.
|
1425
|
+
|
1426
|
+
Examples:
|
1427
|
+
response = vault.store_key(
|
1428
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
1429
|
+
purpose=SymmetricKeyPurpose.JWT,
|
1430
|
+
algorithm=SymmetricKeyJwtAlgorithm.HS512,
|
1431
|
+
)
|
1432
|
+
"""
|
1433
|
+
|
1434
|
+
@overload
|
1435
|
+
def store_key(
|
1436
|
+
self,
|
1437
|
+
*,
|
1438
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
1439
|
+
purpose: Literal[SymmetricKeyPurpose.FPE],
|
1440
|
+
algorithm: SymmetricKeyFpeAlgorithm,
|
1441
|
+
key: str,
|
1442
|
+
name: str | None = None,
|
1443
|
+
folder: str | None = None,
|
1444
|
+
metadata: Metadata | None = None,
|
1445
|
+
tags: Tags | None = None,
|
1446
|
+
rotation_frequency: str | None = None,
|
1447
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
1448
|
+
disabled_at: datetime.datetime | None = None,
|
1449
|
+
exportable: bool = False,
|
1450
|
+
) -> PangeaResponse[SymmetricKey]:
|
1451
|
+
"""
|
1452
|
+
Store key
|
1453
|
+
|
1454
|
+
Import a symmetric FPE key.
|
1455
|
+
|
1456
|
+
Args:
|
1457
|
+
key_type: Key type.
|
1458
|
+
purpose: The purpose of this key.
|
1459
|
+
algorithm: The algorithm of the key.
|
1460
|
+
key: The key material.
|
1461
|
+
name: The name of this item.
|
1462
|
+
folder: The folder where this item is stored.
|
1463
|
+
metadata: User-provided metadata.
|
1464
|
+
tags: A list of user-defined tags.
|
1465
|
+
rotation_frequency: Period of time between item rotations.
|
1466
|
+
rotation_state: State to which the previous version should
|
1467
|
+
transition upon rotation.
|
1468
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1469
|
+
exportable: Whether the key is exportable or not.
|
1470
|
+
|
1471
|
+
Raises:
|
1472
|
+
PangeaAPIException: If an API Error happens.
|
1473
|
+
|
1474
|
+
Examples:
|
1475
|
+
response = vault.store_key(
|
1476
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
1477
|
+
purpose=SymmetricKeyPurpose.FPE,
|
1478
|
+
algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
|
1479
|
+
)
|
1480
|
+
"""
|
1481
|
+
|
1482
|
+
def store_key(
|
1483
|
+
self,
|
1484
|
+
*,
|
1485
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY, ItemType.SYMMETRIC_KEY],
|
1486
|
+
purpose: SymmetricKeyPurpose | AsymmetricKeyPurpose,
|
1487
|
+
algorithm: (
|
1488
|
+
AsymmetricKeySigningAlgorithm
|
1489
|
+
| AsymmetricKeyEncryptionAlgorithm
|
1490
|
+
| AsymmetricKeyJwtAlgorithm
|
1491
|
+
| AsymmetricKeyPkiAlgorithm
|
1492
|
+
| SymmetricKeyEncryptionAlgorithm
|
1493
|
+
| SymmetricKeyJwtAlgorithm
|
1494
|
+
| SymmetricKeyFpeAlgorithm
|
1495
|
+
),
|
1496
|
+
public_key: str | None = None,
|
1497
|
+
private_key: str | None = None,
|
1498
|
+
key: str | None = None,
|
1499
|
+
name: str | None = None,
|
1500
|
+
folder: str | None = None,
|
1501
|
+
metadata: Metadata | None = None,
|
1502
|
+
tags: Tags | None = None,
|
1503
|
+
rotation_frequency: str | None = None,
|
1504
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
1505
|
+
disabled_at: datetime.datetime | None = None,
|
1506
|
+
exportable: bool = False,
|
1507
|
+
) -> PangeaResponse[Any]:
|
1508
|
+
"""
|
1509
|
+
Store key
|
1510
|
+
|
1511
|
+
Import a key.
|
1512
|
+
|
1513
|
+
Args:
|
1514
|
+
key_type: Key type.
|
1515
|
+
purpose: The purpose of this key.
|
1516
|
+
algorithm: The algorithm of the key.
|
1517
|
+
public_key: The public key (in PEM format).
|
1518
|
+
private_key: The private key (in PEM format).
|
1519
|
+
key: The key material.
|
1520
|
+
name: The name of this item.
|
1521
|
+
folder: The folder where this item is stored.
|
1522
|
+
metadata: User-provided metadata.
|
1523
|
+
tags: A list of user-defined tags.
|
1524
|
+
rotation_frequency: Period of time between item rotations.
|
1525
|
+
rotation_state: State to which the previous version should
|
1526
|
+
transition upon rotation.
|
1527
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1528
|
+
exportable: Whether the key is exportable or not.
|
1529
|
+
|
1530
|
+
Raises:
|
1531
|
+
PangeaAPIException: If an API Error happens.
|
1532
|
+
|
1533
|
+
Examples:
|
1534
|
+
response = vault.store_key(
|
1535
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
1536
|
+
purpose=SymmetricKeyPurpose.FPE,
|
1537
|
+
algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
|
1538
|
+
)
|
1539
|
+
"""
|
1540
|
+
|
1541
|
+
return self.request.post(
|
1542
|
+
"v2/key/store",
|
1543
|
+
AsymmetricKey if key_type == ItemType.ASYMMETRIC_KEY else SymmetricKey,
|
1544
|
+
data=KeyStoreRequest(
|
1545
|
+
type=key_type,
|
1546
|
+
purpose=purpose,
|
1547
|
+
algorithm=algorithm,
|
1548
|
+
public_key=public_key,
|
1549
|
+
private_key=private_key,
|
1550
|
+
key=key,
|
1551
|
+
name=name,
|
1552
|
+
folder=folder,
|
1553
|
+
metadata=metadata,
|
1554
|
+
tags=tags,
|
1555
|
+
rotation_frequency=rotation_frequency,
|
1556
|
+
rotation_state=rotation_state,
|
1557
|
+
disabled_at=disabled_at,
|
1558
|
+
exportable=exportable,
|
1559
|
+
),
|
1560
|
+
)
|
1561
|
+
|
1562
|
+
@overload
|
1563
|
+
def rotate_key(
|
1564
|
+
self,
|
1565
|
+
key_id: str,
|
1566
|
+
*,
|
1567
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
1568
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
1569
|
+
public_key: str | None = None,
|
1570
|
+
private_key: str | None = None,
|
1571
|
+
) -> PangeaResponse[AsymmetricKey]:
|
1572
|
+
"""
|
1573
|
+
Rotate key
|
1574
|
+
|
1575
|
+
Manually rotate an asymmetric key.
|
1576
|
+
|
1577
|
+
Args:
|
1578
|
+
key_id: The ID of the key.
|
1579
|
+
key_type: Key type.
|
1580
|
+
rotation_state: State to which the previous version should
|
1581
|
+
transition upon rotation.
|
1582
|
+
public_key: The public key (in PEM format).
|
1583
|
+
private_key: The private key (in PEM format).
|
1584
|
+
|
1585
|
+
Raises:
|
1586
|
+
PangeaAPIException: If an API Error happens.
|
1587
|
+
|
1588
|
+
Examples:
|
1589
|
+
response = vault.rotate_key("pvi_...", key_type=ItemType.ASYMMETRIC_KEY)
|
1590
|
+
"""
|
1591
|
+
|
1592
|
+
@overload
|
1593
|
+
def rotate_key(
|
1594
|
+
self,
|
1595
|
+
key_id: str,
|
1596
|
+
*,
|
1597
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
1598
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
1599
|
+
key: str | None = None,
|
1600
|
+
) -> PangeaResponse[SymmetricKey]:
|
1601
|
+
"""
|
1602
|
+
Rotate key
|
1603
|
+
|
1604
|
+
Manually rotate a symmetric key.
|
1605
|
+
|
1606
|
+
Args:
|
1607
|
+
key_id: The ID of the key.
|
1608
|
+
key_type: Key type.
|
1609
|
+
rotation_state: State to which the previous version should
|
1610
|
+
transition upon rotation.
|
1611
|
+
key: The key material.
|
1612
|
+
|
1613
|
+
Raises:
|
1614
|
+
PangeaAPIException: If an API Error happens.
|
1615
|
+
|
1616
|
+
Examples:
|
1617
|
+
response = vault.rotate_key("pvi_...", key_type=ItemType.SYMMETRIC_KEY)
|
1618
|
+
"""
|
1619
|
+
|
1620
|
+
def rotate_key(
|
1621
|
+
self,
|
1622
|
+
key_id: str,
|
1623
|
+
*,
|
1624
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY, ItemType.SYMMETRIC_KEY],
|
1625
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
1626
|
+
public_key: str | None = None,
|
1627
|
+
private_key: str | None = None,
|
1628
|
+
key: str | None = None,
|
1629
|
+
) -> PangeaResponse[Any]:
|
1630
|
+
"""
|
1631
|
+
Rotate key
|
1632
|
+
|
1633
|
+
Manually rotate an asymmetric or symmetric key.
|
1634
|
+
|
1635
|
+
Args:
|
1636
|
+
key_id: The ID of the key.
|
1637
|
+
key_type: Key type.
|
1638
|
+
rotation_state: State to which the previous version should
|
1639
|
+
transition upon rotation.
|
1640
|
+
public_key: The public key (in PEM format).
|
1641
|
+
private_key: The private key (in PEM format).
|
1642
|
+
key: The key material.
|
1643
|
+
|
1644
|
+
Raises:
|
1645
|
+
PangeaAPIException: If an API Error happens.
|
1646
|
+
|
1647
|
+
Examples:
|
1648
|
+
response = vault.rotate_key("pvi_...", key_type=ItemType.SYMMETRIC_KEY)
|
1649
|
+
"""
|
1650
|
+
|
1651
|
+
return self.request.post(
|
1652
|
+
"v2/key/rotate",
|
1653
|
+
AsymmetricKey if key_type == ItemType.ASYMMETRIC_KEY else SymmetricKey,
|
1654
|
+
data=KeyRotateRequest(
|
1655
|
+
id=key_id,
|
1656
|
+
public_key=public_key,
|
1657
|
+
private_key=private_key,
|
1658
|
+
key=key,
|
1659
|
+
rotation_state=rotation_state,
|
1660
|
+
),
|
1661
|
+
)
|
1662
|
+
|
1663
|
+
def encrypt(
|
1664
|
+
self, item_id: str, plain_text: str, *, version: int | None = None, additional_data: str | None = None
|
1665
|
+
) -> PangeaResponse[EncryptResult]:
|
1666
|
+
"""
|
1667
|
+
Encrypt
|
1668
|
+
|
1669
|
+
Encrypt a message using a key.
|
1670
|
+
|
1671
|
+
OperationId: vault_post_v2_key_encrypt
|
1672
|
+
|
1673
|
+
Args:
|
1674
|
+
item_id: The item ID.
|
1675
|
+
plain_text: A message to be encrypted (in base64).
|
1676
|
+
version: The item version.
|
1677
|
+
additional_data: User provided authentication data.
|
1678
|
+
|
1679
|
+
Returns:
|
1680
|
+
A PangeaResponse where the encrypted message in base64 is returned
|
1681
|
+
in the response.result field. Available response fields can be found
|
1682
|
+
in our [API documentation](https://pangea.cloud/docs/api/vault#encrypt).
|
1683
|
+
|
1684
|
+
Raises:
|
1685
|
+
PangeaAPIException: If an API Error happens
|
1686
|
+
|
1687
|
+
Examples:
|
1688
|
+
response = vault.encrypt(
|
1689
|
+
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
1690
|
+
plain_text="lJkk0gCLux+Q+rPNqLPEYw==",
|
1691
|
+
version=1,
|
1692
|
+
)
|
1693
|
+
"""
|
1694
|
+
return self.request.post(
|
1695
|
+
"v2/encrypt",
|
1696
|
+
EncryptResult,
|
1697
|
+
data=EncryptRequest(id=item_id, plain_text=plain_text, version=version, additional_data=additional_data),
|
1698
|
+
)
|
1699
|
+
|
1700
|
+
def decrypt(
|
1701
|
+
self, item_id: str, cipher_text: str, *, version: int | None = None, additional_data: str | None = None
|
1702
|
+
) -> PangeaResponse[DecryptResult]:
|
1703
|
+
"""
|
1704
|
+
Decrypt
|
1705
|
+
|
1706
|
+
Decrypt a message using a key.
|
1707
|
+
|
1708
|
+
OperationId: vault_post_v2_key_decrypt
|
985
1709
|
|
986
1710
|
Args:
|
987
|
-
|
988
|
-
|
989
|
-
version
|
1711
|
+
item_id: The item ID.
|
1712
|
+
cipher_text: A message encrypted by Vault (in base64).
|
1713
|
+
version: The item version.
|
1714
|
+
additional_data: User provided authentication data.
|
1715
|
+
|
1716
|
+
Returns:
|
1717
|
+
A PangeaResponse where the decrypted message in base64 is returned
|
1718
|
+
in the response.result field. Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#decrypt).
|
990
1719
|
|
991
1720
|
Raises:
|
992
1721
|
PangeaAPIException: If an API Error happens
|
993
1722
|
|
1723
|
+
Examples:
|
1724
|
+
response = vault.decrypt(
|
1725
|
+
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
1726
|
+
cipher_text="lJkk0gCLux+Q+rPNqLPEYw==",
|
1727
|
+
version=1,
|
1728
|
+
)
|
1729
|
+
"""
|
1730
|
+
return self.request.post(
|
1731
|
+
"v2/decrypt",
|
1732
|
+
DecryptResult,
|
1733
|
+
data=DecryptRequest(id=item_id, cipher_text=cipher_text, version=version, additional_data=additional_data),
|
1734
|
+
)
|
1735
|
+
|
1736
|
+
def sign(self, item_id: str, message: str, *, version: int | None = None) -> PangeaResponse[SignResult]:
|
1737
|
+
"""
|
1738
|
+
Sign
|
1739
|
+
|
1740
|
+
Sign a message using a key
|
1741
|
+
|
1742
|
+
OperationId: vault_post_v2_sign
|
1743
|
+
|
1744
|
+
Args:
|
1745
|
+
id: The item ID.
|
1746
|
+
message: The message to be signed, in base64.
|
1747
|
+
version: The item version.
|
1748
|
+
|
994
1749
|
Returns:
|
995
|
-
A PangeaResponse where the signature of the message in base64
|
996
|
-
|
997
|
-
|
1750
|
+
A PangeaResponse where the signature of the message in base64 is
|
1751
|
+
returned in the response.result field. Available response fields can
|
1752
|
+
be found in our [API documentation](https://pangea.cloud/docs/api/vault#sign).
|
1753
|
+
|
1754
|
+
Raises:
|
1755
|
+
PangeaAPIException: If an API Error happens
|
998
1756
|
|
999
1757
|
Examples:
|
1000
1758
|
response = vault.sign(
|
@@ -1003,25 +1761,23 @@ class Vault(ServiceBase):
|
|
1003
1761
|
version=1,
|
1004
1762
|
)
|
1005
1763
|
"""
|
1006
|
-
|
1007
|
-
return self.request.post("v1/key/sign", SignResult, data=input.dict(exclude_none=True))
|
1764
|
+
return self.request.post("v2/sign", SignResult, data=SignRequest(id=item_id, message=message, version=version))
|
1008
1765
|
|
1009
|
-
# Verify
|
1010
1766
|
def verify(
|
1011
|
-
self,
|
1767
|
+
self, item_id: str, message: str, signature: str, *, version: int | None = None
|
1012
1768
|
) -> PangeaResponse[VerifyResult]:
|
1013
1769
|
"""
|
1014
1770
|
Verify
|
1015
1771
|
|
1016
|
-
Verify a signature using a key
|
1772
|
+
Verify a signature using a key.
|
1017
1773
|
|
1018
|
-
OperationId:
|
1774
|
+
OperationId: vault_post_v2_key_verify
|
1019
1775
|
|
1020
1776
|
Args:
|
1021
|
-
id
|
1022
|
-
message
|
1023
|
-
signature
|
1024
|
-
version
|
1777
|
+
id: The item ID.
|
1778
|
+
message: A message to be verified (in base64).
|
1779
|
+
signature: The message signature (in base64).
|
1780
|
+
version: The item version.
|
1025
1781
|
|
1026
1782
|
Raises:
|
1027
1783
|
PangeaAPIException: If an API Error happens
|
@@ -1039,24 +1795,27 @@ class Vault(ServiceBase):
|
|
1039
1795
|
version=1,
|
1040
1796
|
)
|
1041
1797
|
"""
|
1042
|
-
|
1043
|
-
|
1044
|
-
|
1045
|
-
|
1046
|
-
|
1798
|
+
return self.request.post(
|
1799
|
+
"v2/verify",
|
1800
|
+
VerifyResult,
|
1801
|
+
data=VerifyRequest(
|
1802
|
+
id=item_id,
|
1803
|
+
message=message,
|
1804
|
+
signature=signature,
|
1805
|
+
version=version,
|
1806
|
+
),
|
1047
1807
|
)
|
1048
|
-
return self.request.post("v1/key/verify", VerifyResult, data=input.dict(exclude_none=True))
|
1049
1808
|
|
1050
1809
|
def jwt_verify(self, jws: str) -> PangeaResponse[JWTVerifyResult]:
|
1051
1810
|
"""
|
1052
1811
|
JWT Verify
|
1053
1812
|
|
1054
|
-
Verify the signature of a JSON Web Token (JWT)
|
1813
|
+
Verify the signature of a JSON Web Token (JWT).
|
1055
1814
|
|
1056
|
-
OperationId:
|
1815
|
+
OperationId: vault_post_v2_key_verify_jwt
|
1057
1816
|
|
1058
1817
|
Args:
|
1059
|
-
jws
|
1818
|
+
jws: The signed JSON Web Token (JWS).
|
1060
1819
|
|
1061
1820
|
Raises:
|
1062
1821
|
PangeaAPIException: If an API Error happens
|
@@ -1067,32 +1826,29 @@ class Vault(ServiceBase):
|
|
1067
1826
|
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#verify-jwt).
|
1068
1827
|
|
1069
1828
|
Examples:
|
1070
|
-
response = vault.jwt_verify(
|
1071
|
-
jws="ewogICJhbGciO...",
|
1072
|
-
)
|
1829
|
+
response = vault.jwt_verify(jws="ewogICJhbGciO...")
|
1073
1830
|
"""
|
1074
|
-
|
1075
|
-
return self.request.post("v1/key/verify/jwt", JWTVerifyResult, data=input.dict(exclude_none=True))
|
1831
|
+
return self.request.post("v2/jwt/verify", JWTVerifyResult, data=JWTVerifyRequest(jws=jws))
|
1076
1832
|
|
1077
|
-
def jwt_sign(self,
|
1833
|
+
def jwt_sign(self, item_id: str, payload: str) -> PangeaResponse[JWTSignResult]:
|
1078
1834
|
"""
|
1079
1835
|
JWT Sign
|
1080
1836
|
|
1081
|
-
Sign a JSON Web Token (JWT) using a key
|
1837
|
+
Sign a JSON Web Token (JWT) using a key.
|
1082
1838
|
|
1083
|
-
OperationId:
|
1839
|
+
OperationId: vault_post_v2_jwt_sign
|
1084
1840
|
|
1085
1841
|
Args:
|
1086
|
-
id
|
1087
|
-
payload
|
1842
|
+
id: The item ID.
|
1843
|
+
payload: The JWT payload (in JSON).
|
1088
1844
|
|
1089
1845
|
Raises:
|
1090
1846
|
PangeaAPIException: If an API Error happens
|
1091
1847
|
|
1092
1848
|
Returns:
|
1093
|
-
A PangeaResponse where the signed JSON Web Token (JWS)
|
1094
|
-
|
1095
|
-
|
1849
|
+
A PangeaResponse where the signed JSON Web Token (JWS) is returned
|
1850
|
+
in the response.result field. Available response fields can be found
|
1851
|
+
in our [API documentation](https://pangea.cloud/docs/api/vault#sign-a-jwt).
|
1096
1852
|
|
1097
1853
|
Examples:
|
1098
1854
|
response = vault.jwt_sign(
|
@@ -1100,73 +1856,64 @@ class Vault(ServiceBase):
|
|
1100
1856
|
payload="{\\"sub\\": \\"1234567890\\",\\"name\\": \\"John Doe\\",\\"admin\\": true}"
|
1101
1857
|
)
|
1102
1858
|
"""
|
1103
|
-
|
1104
|
-
return self.request.post("v1/key/sign/jwt", JWTSignResult, data=input.dict(exclude_none=True))
|
1859
|
+
return self.request.post("v2/jwt/sign", JWTSignResult, data=JWTSignRequest(id=item_id, payload=payload))
|
1105
1860
|
|
1106
|
-
|
1107
|
-
def jwk_get(self, id: str, version: Optional[str] = None) -> PangeaResponse[JWKGetResult]:
|
1861
|
+
def jwk_get(self, item_id: str, *, version: str | None = None) -> PangeaResponse[JWKGetResult]:
|
1108
1862
|
"""
|
1109
1863
|
JWT Retrieve
|
1110
1864
|
|
1111
|
-
Retrieve a key in JWK format
|
1865
|
+
Retrieve a key in JWK format.
|
1112
1866
|
|
1113
|
-
OperationId:
|
1867
|
+
OperationId: vault_post_v2_jwk_get
|
1114
1868
|
|
1115
1869
|
Args:
|
1116
|
-
id
|
1117
|
-
version
|
1118
|
-
|
1119
|
-
|
1120
|
-
|
1870
|
+
id: The item ID
|
1871
|
+
version: The key version(s).
|
1872
|
+
- `all` for all versions
|
1873
|
+
- `num` for a specific version
|
1874
|
+
- `-num` for the `num` latest versions
|
1121
1875
|
Raises:
|
1122
1876
|
PangeaAPIException: If an API Error happens
|
1123
1877
|
|
1124
1878
|
Returns:
|
1125
|
-
A PangeaResponse where the JSON Web Key Set (JWKS) object
|
1126
|
-
|
1127
|
-
|
1879
|
+
A PangeaResponse where the JSON Web Key Set (JWKS) object is
|
1880
|
+
returned in the response.result field. Available response fields can
|
1881
|
+
be found in our [API documentation](https://pangea.cloud/docs/api/vault#retrieve-jwk).
|
1128
1882
|
|
1129
1883
|
Examples:
|
1130
|
-
response = vault.jwk_get(
|
1131
|
-
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
1132
|
-
)
|
1884
|
+
response = vault.jwk_get("pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5")
|
1133
1885
|
"""
|
1134
|
-
|
1135
|
-
return self.request.post("v1/get/jwk", JWKGetResult, data=input.dict(exclude_none=True))
|
1886
|
+
return self.request.post("v2/jwk/get", JWKGetResult, data=JWKGetRequest(id=item_id, version=version))
|
1136
1887
|
|
1137
|
-
# State change
|
1138
1888
|
def state_change(
|
1139
1889
|
self,
|
1140
|
-
|
1890
|
+
item_id: str,
|
1141
1891
|
state: ItemVersionState,
|
1142
|
-
|
1143
|
-
|
1144
|
-
|
1892
|
+
*,
|
1893
|
+
version: int | None = None,
|
1894
|
+
destroy_period: str | None = None,
|
1895
|
+
) -> PangeaResponse[VaultItem]:
|
1145
1896
|
"""
|
1146
1897
|
State change
|
1147
1898
|
|
1148
|
-
Change the state of a specific version of a secret or key
|
1899
|
+
Change the state of a specific version of a secret or key.
|
1149
1900
|
|
1150
|
-
OperationId:
|
1901
|
+
OperationId: vault_post_v2_state_change
|
1151
1902
|
|
1152
1903
|
Args:
|
1153
|
-
|
1154
|
-
state
|
1155
|
-
|
1156
|
-
|
1157
|
-
|
1158
|
-
- `compromised`
|
1159
|
-
- `destroyed`
|
1160
|
-
version (int, optional): the item version
|
1161
|
-
destroy_period (str, optional): Period of time for the destruction of a compromised key.
|
1162
|
-
Only valid if state=`compromised`
|
1163
|
-
Raises:
|
1164
|
-
PangeaAPIException: If an API Error happens
|
1904
|
+
item_id: The item ID.
|
1905
|
+
state: The new state of the item version.
|
1906
|
+
version: The item version.
|
1907
|
+
destroy_period: Period of time for the destruction of a compromised
|
1908
|
+
key. Only valid if state=`compromised`.
|
1165
1909
|
|
1166
1910
|
Returns:
|
1167
|
-
A PangeaResponse where the state change object
|
1168
|
-
|
1169
|
-
|
1911
|
+
A PangeaResponse where the state change object is returned in the
|
1912
|
+
response.result field. Available response fields can be found in our
|
1913
|
+
[API documentation](https://pangea.cloud/docs/api/vault#change-state).
|
1914
|
+
|
1915
|
+
Raises:
|
1916
|
+
PangeaAPIException: If an API Error happens
|
1170
1917
|
|
1171
1918
|
Examples:
|
1172
1919
|
response = vault.state_change(
|
@@ -1174,77 +1921,101 @@ class Vault(ServiceBase):
|
|
1174
1921
|
state=ItemVersionState.DEACTIVATED,
|
1175
1922
|
)
|
1176
1923
|
"""
|
1177
|
-
|
1178
|
-
|
1924
|
+
response = self.request.post(
|
1925
|
+
"v2/state/change",
|
1926
|
+
PangeaResponseResult,
|
1927
|
+
data=StateChangeRequest(id=item_id, state=state, version=version, destroy_period=destroy_period),
|
1928
|
+
)
|
1929
|
+
response.result = vault_item_adapter.validate_python(response.json["result"])
|
1930
|
+
return cast(PangeaResponse[VaultItem], response)
|
1179
1931
|
|
1180
|
-
# Folder create
|
1181
1932
|
def folder_create(
|
1182
1933
|
self,
|
1183
1934
|
name: str,
|
1184
1935
|
folder: str,
|
1185
|
-
|
1186
|
-
|
1936
|
+
*,
|
1937
|
+
metadata: Metadata | None = None,
|
1938
|
+
tags: Tags | None = None,
|
1939
|
+
rotation_frequency: str | None = None,
|
1940
|
+
rotation_state: RequestRotationState = RequestRotationState.INHERITED,
|
1941
|
+
rotation_grace_period: str | None = None,
|
1942
|
+
disabled_at: datetime.datetime | None = None,
|
1187
1943
|
) -> PangeaResponse[FolderCreateResult]:
|
1188
1944
|
"""
|
1189
1945
|
Create
|
1190
1946
|
|
1191
|
-
Creates a folder
|
1947
|
+
Creates a folder.
|
1192
1948
|
|
1193
|
-
OperationId:
|
1949
|
+
OperationId: vault_post_v2_folder_create
|
1194
1950
|
|
1195
1951
|
Args:
|
1196
|
-
name
|
1197
|
-
folder
|
1198
|
-
metadata
|
1199
|
-
tags
|
1952
|
+
name: The name of this folder.
|
1953
|
+
folder: The parent folder where this folder is stored.
|
1954
|
+
metadata: User-provided metadata.
|
1955
|
+
tags: A list of user-defined tags.
|
1956
|
+
rotation_frequency: Period of time between item rotations.
|
1957
|
+
rotation_state: State to which the previous version should
|
1958
|
+
transition upon rotation.
|
1959
|
+
rotation_grace_period: Grace period for the previous version.
|
1960
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
1961
|
+
|
1962
|
+
Returns: The created folder object.
|
1963
|
+
|
1200
1964
|
Raises:
|
1201
1965
|
PangeaAPIException: If an API Error happens
|
1202
1966
|
|
1203
|
-
Returns:
|
1204
|
-
A PangeaResponse where the state change object
|
1205
|
-
is returned in the response.result field.
|
1206
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#create).
|
1207
|
-
|
1208
1967
|
Examples:
|
1209
1968
|
response = vault.folder_create(
|
1210
1969
|
name="folder_name",
|
1211
1970
|
folder="parent/folder/name",
|
1212
1971
|
)
|
1213
1972
|
"""
|
1214
|
-
|
1215
|
-
|
1973
|
+
return self.request.post(
|
1974
|
+
"v2/folder/create",
|
1975
|
+
FolderCreateResult,
|
1976
|
+
data=FolderCreateRequest(
|
1977
|
+
name=name,
|
1978
|
+
folder=folder,
|
1979
|
+
metadata=metadata,
|
1980
|
+
tags=tags,
|
1981
|
+
rotation_frequency=rotation_frequency,
|
1982
|
+
rotation_state=rotation_state,
|
1983
|
+
rotation_grace_period=rotation_grace_period,
|
1984
|
+
disabled_at=disabled_at,
|
1985
|
+
),
|
1986
|
+
)
|
1216
1987
|
|
1217
|
-
# Encrypt structured
|
1218
1988
|
def encrypt_structured(
|
1219
1989
|
self,
|
1220
|
-
|
1990
|
+
key_id: str,
|
1221
1991
|
structured_data: TDict,
|
1222
|
-
|
1223
|
-
|
1224
|
-
|
1992
|
+
filter_expr: str,
|
1993
|
+
*,
|
1994
|
+
version: int | None = None,
|
1995
|
+
additional_data: str | None = None,
|
1225
1996
|
) -> PangeaResponse[EncryptStructuredResult[TDict]]:
|
1226
1997
|
"""
|
1227
1998
|
Encrypt structured
|
1228
1999
|
|
1229
2000
|
Encrypt parts of a JSON object.
|
1230
2001
|
|
1231
|
-
OperationId:
|
2002
|
+
OperationId: vault_post_v2_encrypt_structured
|
1232
2003
|
|
1233
2004
|
Args:
|
1234
|
-
|
1235
|
-
structured_data
|
1236
|
-
|
1237
|
-
version
|
1238
|
-
additional_data
|
1239
|
-
|
1240
|
-
Raises:
|
1241
|
-
PangeaAPIException: If an API error happens.
|
2005
|
+
key_id: The ID of the key to use.
|
2006
|
+
structured_data: Structured data for applying bulk operations.
|
2007
|
+
filter_expr: A filter expression.
|
2008
|
+
version: The item version. Defaults to the current version.
|
2009
|
+
additional_data: User provided authentication data.
|
1242
2010
|
|
1243
2011
|
Returns:
|
1244
2012
|
A `PangeaResponse` where the encrypted object is returned in the
|
1245
2013
|
`response.result` field. Available response fields can be found in
|
1246
2014
|
our [API documentation](https://pangea.cloud/docs/api/vault#encrypt-structured).
|
1247
2015
|
|
2016
|
+
Raises:
|
2017
|
+
PangeaAPIException: If an API error happens.
|
2018
|
+
|
1248
2019
|
Examples:
|
1249
2020
|
data = {"field1": [1, 2, "true", "false"], "field2": "data2"}
|
1250
2021
|
response = vault.encrypt_structured(
|
@@ -1254,37 +2025,41 @@ class Vault(ServiceBase):
|
|
1254
2025
|
)
|
1255
2026
|
"""
|
1256
2027
|
|
1257
|
-
|
1258
|
-
id=
|
2028
|
+
data: EncryptStructuredRequest[TDict] = EncryptStructuredRequest(
|
2029
|
+
id=key_id,
|
2030
|
+
structured_data=structured_data,
|
2031
|
+
filter=filter_expr,
|
2032
|
+
version=version,
|
2033
|
+
additional_data=additional_data,
|
1259
2034
|
)
|
1260
2035
|
return self.request.post(
|
1261
|
-
"
|
2036
|
+
"v2/encrypt_structured",
|
1262
2037
|
EncryptStructuredResult,
|
1263
|
-
data=
|
2038
|
+
data=data.model_dump(exclude_none=True),
|
1264
2039
|
)
|
1265
2040
|
|
1266
|
-
# Decrypt structured
|
1267
2041
|
def decrypt_structured(
|
1268
2042
|
self,
|
1269
|
-
|
2043
|
+
key_id: str,
|
1270
2044
|
structured_data: TDict,
|
1271
|
-
|
1272
|
-
|
1273
|
-
|
2045
|
+
filter_expr: str,
|
2046
|
+
*,
|
2047
|
+
version: int | None = None,
|
2048
|
+
additional_data: str | None = None,
|
1274
2049
|
) -> PangeaResponse[EncryptStructuredResult[TDict]]:
|
1275
2050
|
"""
|
1276
2051
|
Decrypt structured
|
1277
2052
|
|
1278
2053
|
Decrypt parts of a JSON object.
|
1279
2054
|
|
1280
|
-
OperationId:
|
2055
|
+
OperationId: vault_post_v2_decrypt_structured
|
1281
2056
|
|
1282
2057
|
Args:
|
1283
|
-
id
|
1284
|
-
structured_data
|
1285
|
-
filter
|
1286
|
-
version
|
1287
|
-
additional_data
|
2058
|
+
id: The ID of the key to use.
|
2059
|
+
structured_data: Structured data for applying bulk operations.
|
2060
|
+
filter: A filter expression.
|
2061
|
+
version: The item version. Defaults to the current version.
|
2062
|
+
additional_data: User provided authentication data.
|
1288
2063
|
|
1289
2064
|
Raises:
|
1290
2065
|
PangeaAPIException: If an API error happens.
|
@@ -1303,11 +2078,160 @@ class Vault(ServiceBase):
|
|
1303
2078
|
)
|
1304
2079
|
"""
|
1305
2080
|
|
1306
|
-
|
1307
|
-
id=
|
2081
|
+
data: EncryptStructuredRequest[TDict] = EncryptStructuredRequest(
|
2082
|
+
id=key_id,
|
2083
|
+
structured_data=structured_data,
|
2084
|
+
filter=filter_expr,
|
2085
|
+
version=version,
|
2086
|
+
additional_data=additional_data,
|
1308
2087
|
)
|
1309
2088
|
return self.request.post(
|
1310
|
-
"
|
2089
|
+
"v2/decrypt_structured",
|
1311
2090
|
EncryptStructuredResult,
|
1312
|
-
data=
|
2091
|
+
data=data.model_dump(exclude_none=True),
|
2092
|
+
)
|
2093
|
+
|
2094
|
+
def encrypt_transform(
|
2095
|
+
self,
|
2096
|
+
item_id: str,
|
2097
|
+
plain_text: str,
|
2098
|
+
alphabet: TransformAlphabet,
|
2099
|
+
*,
|
2100
|
+
tweak: str | None = None,
|
2101
|
+
version: int | None = None,
|
2102
|
+
) -> PangeaResponse[EncryptTransformResult]:
|
2103
|
+
"""
|
2104
|
+
Encrypt transform
|
2105
|
+
|
2106
|
+
Encrypt using a format-preserving algorithm (FPE).
|
2107
|
+
|
2108
|
+
OperationId: vault_post_v2_encrypt_transform
|
2109
|
+
|
2110
|
+
Args:
|
2111
|
+
item_id: The item ID.
|
2112
|
+
plain_text: A message to be encrypted.
|
2113
|
+
alphabet: Set of characters to use for format-preserving encryption (FPE).
|
2114
|
+
tweak: User provided tweak string. If not provided, a random string
|
2115
|
+
will be generated and returned.
|
2116
|
+
version: The item version. Defaults to the current version.
|
2117
|
+
|
2118
|
+
Raises:
|
2119
|
+
PangeaAPIException: If an API error happens.
|
2120
|
+
|
2121
|
+
Returns:
|
2122
|
+
A `PangeaResponse` containing the encrypted message.
|
2123
|
+
|
2124
|
+
Examples:
|
2125
|
+
vault.encrypt_transform(
|
2126
|
+
id="pvi_[...]",
|
2127
|
+
plain_text="message to encrypt",
|
2128
|
+
alphabet=TransformAlphabet.ALPHANUMERIC,
|
2129
|
+
tweak="MTIzMTIzMT==",
|
2130
|
+
)
|
2131
|
+
"""
|
2132
|
+
|
2133
|
+
return self.request.post(
|
2134
|
+
"v2/encrypt_transform",
|
2135
|
+
EncryptTransformResult,
|
2136
|
+
data=EncryptTransformRequest(
|
2137
|
+
id=item_id,
|
2138
|
+
plain_text=plain_text,
|
2139
|
+
tweak=tweak,
|
2140
|
+
alphabet=alphabet,
|
2141
|
+
version=version,
|
2142
|
+
),
|
2143
|
+
)
|
2144
|
+
|
2145
|
+
def decrypt_transform(
|
2146
|
+
self, item_id: str, cipher_text: str, tweak: str, alphabet: TransformAlphabet, *, version: int | None = None
|
2147
|
+
) -> PangeaResponse[DecryptTransformResult]:
|
2148
|
+
"""
|
2149
|
+
Decrypt transform
|
2150
|
+
|
2151
|
+
Decrypt using a format-preserving algorithm (FPE).
|
2152
|
+
|
2153
|
+
OperationId: vault_post_v2_decrypt_transform
|
2154
|
+
|
2155
|
+
Args:
|
2156
|
+
id: The item ID.
|
2157
|
+
cipher_text: A message encrypted by Vault.
|
2158
|
+
tweak: User provided tweak string.
|
2159
|
+
alphabet: Set of characters to use for format-preserving encryption (FPE).
|
2160
|
+
version: The item version. Defaults to the current version.
|
2161
|
+
|
2162
|
+
Returns:
|
2163
|
+
A `PangeaResponse` containing the decrypted message.
|
2164
|
+
|
2165
|
+
Raises:
|
2166
|
+
PangeaAPIException: If an API error happens.
|
2167
|
+
|
2168
|
+
Examples:
|
2169
|
+
vault.decrypt_transform(
|
2170
|
+
id="pvi_[...]",
|
2171
|
+
cipher_text="encrypted message",
|
2172
|
+
tweak="MTIzMTIzMT==",
|
2173
|
+
alphabet=TransformAlphabet.ALPHANUMERIC,
|
2174
|
+
)
|
2175
|
+
"""
|
2176
|
+
|
2177
|
+
return self.request.post(
|
2178
|
+
"v2/decrypt_transform",
|
2179
|
+
DecryptTransformResult,
|
2180
|
+
data=DecryptTransformRequest(
|
2181
|
+
id=item_id, cipher_text=cipher_text, tweak=tweak, alphabet=alphabet, version=version
|
2182
|
+
),
|
2183
|
+
)
|
2184
|
+
|
2185
|
+
def export(
|
2186
|
+
self,
|
2187
|
+
item_id: str,
|
2188
|
+
*,
|
2189
|
+
version: int | None = None,
|
2190
|
+
kem_password: str | None = None,
|
2191
|
+
asymmetric_public_key: str | None = None,
|
2192
|
+
asymmetric_algorithm: ExportEncryptionAlgorithm | None = None,
|
2193
|
+
) -> PangeaResponse[ExportResult]:
|
2194
|
+
"""
|
2195
|
+
Export
|
2196
|
+
|
2197
|
+
Export a symmetric or asymmetric key.
|
2198
|
+
|
2199
|
+
OperationId: vault_post_v2_export
|
2200
|
+
|
2201
|
+
Args:
|
2202
|
+
item_id: The item ID.
|
2203
|
+
version: The item version.
|
2204
|
+
kem_password: This is the password that will be used along with a
|
2205
|
+
salt to derive the symmetric key that is used to encrypt the
|
2206
|
+
exported key material.
|
2207
|
+
asymmetric_public_key: Public key in pem format used to encrypt
|
2208
|
+
exported key(s).
|
2209
|
+
asymmetric_algorithm: The algorithm of the public key.
|
2210
|
+
|
2211
|
+
Returns:
|
2212
|
+
A `PangeaResponse` where the exported key is returned in the
|
2213
|
+
`response.result` field. Available response fields can be found in
|
2214
|
+
our [API documentation](https://pangea.cloud/docs/api/vault#export).
|
2215
|
+
|
2216
|
+
Raises:
|
2217
|
+
PangeaAPIException: If an API error happens.
|
2218
|
+
|
2219
|
+
Examples:
|
2220
|
+
exp_encrypted_resp = self.vault.export(
|
2221
|
+
id=id,
|
2222
|
+
asymmetric_public_key=rsa_pub_key_pem,
|
2223
|
+
asymmetric_algorithm=ExportEncryptionAlgorithm.RSA4096_OAEP_SHA512,
|
2224
|
+
)
|
2225
|
+
"""
|
2226
|
+
|
2227
|
+
return self.request.post(
|
2228
|
+
"v2/export",
|
2229
|
+
ExportResult,
|
2230
|
+
data=ExportRequest(
|
2231
|
+
id=item_id,
|
2232
|
+
version=version,
|
2233
|
+
kem_password=kem_password,
|
2234
|
+
asymmetric_public_key=asymmetric_public_key,
|
2235
|
+
asymmetric_algorithm=asymmetric_algorithm,
|
2236
|
+
),
|
1313
2237
|
)
|