PyPI - pangea-sdk - Versions diffs - 3.8.0b1__py3-none-any.whl → 5.3.0__py3-none-any.whl - Mend

pangea-sdk 3.8.0b1py3-none-any.whl → 5.3.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

pangea/__init__.py +1 -1
pangea/asyncio/file_uploader.py +1 -1
pangea/asyncio/request.py +49 -31
pangea/asyncio/services/__init__.py +2 -0
pangea/asyncio/services/audit.py +192 -31
pangea/asyncio/services/authn.py +187 -109
pangea/asyncio/services/authz.py +285 -0
pangea/asyncio/services/base.py +21 -2
pangea/asyncio/services/embargo.py +2 -2
pangea/asyncio/services/file_scan.py +24 -9
pangea/asyncio/services/intel.py +108 -34
pangea/asyncio/services/redact.py +72 -4
pangea/asyncio/services/sanitize.py +217 -0
pangea/asyncio/services/share.py +246 -73
pangea/asyncio/services/vault.py +1710 -750
pangea/crypto/rsa.py +135 -0
pangea/deep_verify.py +7 -1
pangea/dump_audit.py +9 -8
pangea/request.py +83 -59
pangea/response.py +49 -31
pangea/services/__init__.py +2 -0
pangea/services/audit/audit.py +205 -42
pangea/services/audit/models.py +56 -8
pangea/services/audit/signing.py +6 -5
pangea/services/audit/util.py +3 -3
pangea/services/authn/authn.py +140 -70
pangea/services/authn/models.py +167 -11
pangea/services/authz.py +400 -0
pangea/services/base.py +39 -8
pangea/services/embargo.py +2 -2
pangea/services/file_scan.py +32 -15
pangea/services/intel.py +157 -32
pangea/services/redact.py +152 -4
pangea/services/sanitize.py +388 -0
pangea/services/share/share.py +683 -107
pangea/services/vault/models/asymmetric.py +120 -18
pangea/services/vault/models/common.py +439 -141
pangea/services/vault/models/keys.py +94 -0
pangea/services/vault/models/secret.py +27 -3
pangea/services/vault/models/symmetric.py +68 -22
pangea/services/vault/vault.py +1690 -749
pangea/tools.py +6 -7
pangea/utils.py +16 -27
pangea/verify_audit.py +270 -83
{pangea_sdk-3.8.0b1.dist-info → pangea_sdk-5.3.0.dist-info}/METADATA +43 -35
pangea_sdk-5.3.0.dist-info/RECORD +56 -0
{pangea_sdk-3.8.0b1.dist-info → pangea_sdk-5.3.0.dist-info}/WHEEL +1 -1
pangea_sdk-3.8.0b1.dist-info/RECORD +0 -50

pangea/asyncio/services/vault.py CHANGED Viewed

@@ -1,36 +1,50 @@
 # Copyright 2022 Pangea Cyber Corporation
 # Author: Pangea Cyber Corporation
-import datetime
-from typing import Dict, Optional, Union
+from __future__ import annotations
+from collections.abc import Mapping
+from typing import TYPE_CHECKING, Any, List, Literal, Optional, Union, cast, overload
+from pydantic import Field, TypeAdapter
+from typing_extensions import Annotated
 from pangea.asyncio.services.base import ServiceBaseAsync
-from pangea.response import PangeaResponse
+from pangea.config import PangeaConfig
+from pangea.response import PangeaResponse, PangeaResponseResult
 from pangea.services.vault.models.asymmetric import (
-    AsymmetricGenerateRequest,
-    AsymmetricGenerateResult,
-    AsymmetricStoreRequest,
-    AsymmetricStoreResult,
+    AsymmetricKey,
+    AsymmetricKeyAlgorithm,
+    AsymmetricKeyEncryptionAlgorithm,
+    AsymmetricKeyJwtAlgorithm,
+    AsymmetricKeyPkiAlgorithm,
+    AsymmetricKeyPurpose,
+    AsymmetricKeySigningAlgorithm,
     SignRequest,
     SignResult,
     VerifyRequest,
     VerifyResult,
 )
 from pangea.services.vault.models.common import (
-    AsymmetricAlgorithm,
+    ClientSecret,
+    ClientSecretRotateRequest,
+    DecryptTransformRequest,
+    DecryptTransformResult,
     DeleteRequest,
     DeleteResult,
-    EncodedPrivateKey,
-    EncodedPublicKey,
-    EncodedSymmetricKey,
     EncryptStructuredRequest,
     EncryptStructuredResult,
+    EncryptTransformRequest,
+    EncryptTransformResult,
+    ExportEncryptionAlgorithm,
+    ExportRequest,
+    ExportResult,
+    Folder,
     FolderCreateRequest,
     FolderCreateResult,
+    GetBulkRequest,
     GetRequest,
-    GetResult,
     ItemOrder,
     ItemOrderBy,
-    ItemState,
     ItemType,
     ItemVersionState,
     JWKGetRequest,
@@ -39,37 +53,53 @@ from pangea.services.vault.models.common import (
     JWTSignResult,
     JWTVerifyRequest,
     JWTVerifyResult,
-    KeyPurpose,
-    KeyRotateRequest,
-    KeyRotateResult,
     ListRequest,
     ListResult,
     Metadata,
+    PangeaToken,
+    PangeaTokenRotateRequest,
+    RequestManualRotationState,
+    RequestRotationState,
+    RotationState,
+    Secret,
     StateChangeRequest,
-    StateChangeResult,
-    SymmetricAlgorithm,
     Tags,
     TDict,
+    TransformAlphabet,
     UpdateRequest,
     UpdateResult,
 )
-from pangea.services.vault.models.secret import (
-    SecretRotateRequest,
-    SecretRotateResult,
-    SecretStoreRequest,
-    SecretStoreResult,
-)
+from pangea.services.vault.models.keys import CommonGenerateRequest, KeyRotateRequest, KeyStoreRequest
+from pangea.services.vault.models.secret import SecretRotateRequest, SecretStoreRequest, SecretStoreResult
 from pangea.services.vault.models.symmetric import (
     DecryptRequest,
     DecryptResult,
     EncryptRequest,
     EncryptResult,
-    SymmetricGenerateRequest,
-    SymmetricGenerateResult,
-    SymmetricStoreRequest,
-    SymmetricStoreResult,
+    SymmetricKey,
+    SymmetricKeyAlgorithm,
+    SymmetricKeyEncryptionAlgorithm,
+    SymmetricKeyFpeAlgorithm,
+    SymmetricKeyJwtAlgorithm,
+    SymmetricKeyPurpose,
 )
+if TYPE_CHECKING:
+    import datetime
+    from collections.abc import Mapping
+    from pangea.config import PangeaConfig
+    from pangea.request import TResult
+VaultItem = Annotated[
+    Union[AsymmetricKey, SymmetricKey, Secret, ClientSecret, Folder, PangeaToken], Field(discriminator="type")
+]
+vault_item_adapter: TypeAdapter[VaultItem] = TypeAdapter(VaultItem)
+class GetBulkResponse(PangeaResponseResult):
+    items: List[VaultItem]
 class VaultAsync(ServiceBaseAsync):
     """Vault service client.
@@ -84,140 +114,182 @@ class VaultAsync(ServiceBaseAsync):
         import os
         # Pangea SDK
+        from pangea.asyncio.services import VaultAsync
         from pangea.config import PangeaConfig
-        from pangea.services.vault import Vault
         PANGEA_VAULT_TOKEN = os.getenv("PANGEA_VAULT_TOKEN")
         vault_config = PangeaConfig(domain="pangea.cloud")
         # Setup Pangea Vault service
-        vault = Vault(token=PANGEA_VAULT_TOKEN, config=vault_config)
+        vault = VaultAsync(token=PANGEA_VAULT_TOKEN, config=vault_config)
     """
     service_name = "vault"
     def __init__(
         self,
-        token,
-        config=None,
-        logger_name="pangea",
-    ):
+        token: str,
+        config: PangeaConfig | None = None,
+        logger_name: str = "pangea",
+    ) -> None:
+        """
+        Vault client
+        Initializes a new Vault client.
+        Args:
+            token: Pangea API token.
+            config: Configuration.
+            logger_name: Logger name.
+        Examples:
+             config = PangeaConfig(domain="pangea_domain")
+             vault = VaultAsync(token="pangea_token", config=config)
+        """
         super().__init__(token, config, logger_name)
-    # Delete endpoint
-    async def delete(self, id: str) -> PangeaResponse[DeleteResult]:
+    async def delete(self, item_id: str, *, recursive: bool = False) -> PangeaResponse[DeleteResult]:
         """
         Delete
         Delete a secret or key
-        OperationId: vault_post_v1_delete
+        OperationId: vault_post_v2_delete
         Args:
-            id (str): The item ID
-        Raises:
-            PangeaAPIException: If an API Error happens
+            item_id: The item ID.
+            recursive: Whether to delete the item and all its children
+              recursively. Only applicable to folders.
         Returns:
             A PangeaResponse where the id of the deleted secret or key
                 is returned in the response.result field.
                 Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#delete).
+        Raises:
+            PangeaAPIException: If an API Error happens
         Examples:
-            vault.delete(id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5")
+            await vault.delete(id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5")
         """
-        input = DeleteRequest(
-            id=id,
-        )
-        return await self.request.post("v1/delete", DeleteResult, data=input.dict(exclude_none=True))
+        return await self.request.post("v2/delete", DeleteResult, data=DeleteRequest(id=item_id, recursive=recursive))
-    # Get endpoint
     async def get(
         self,
-        id: str,
-        version: Optional[Union[str, int]] = None,
-        version_state: Optional[ItemVersionState] = None,
-        verbose: Optional[bool] = None,
-    ) -> PangeaResponse[GetResult]:
+        item_id: str,
+        *,
+        version: Union[Literal["all"], int, None] = None,
+    ) -> PangeaResponse[VaultItem]:
         """
         Retrieve
-        Retrieve a secret or key, and any associated information
+        Retrieve a secret, key or folder, and any associated information.
-        OperationId: vault_post_v1_get
+        OperationId: vault_post_v2_get
         Args:
-            id (str): The item ID
-            version (str, int, optional): The key version(s).
-                - `all` for all versions
-                - `num` for a specific version
-                - `-num` for the `num` latest versions
-            version_state (ItemVersionState, optional): The state of the item version
-            verbose (bool, optional): Return metadata and extra fields. Default is `False`.
-        Raises:
-            PangeaAPIException: If an API Error happens
+            item_id: The item ID
+            version: The key version(s).
+              - `all` for all versions
+              - `num` for a specific version
+              - `-num` for the `num` latest versions
         Returns:
             A PangeaResponse where the secret or key
                 is returned in the response.result field.
                 Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#retrieve).
+        Raises:
+            PangeaAPIException: If an API Error happens
         Examples:
-            response = vault.get(
+            response = await vault.get(
                 id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
                 version=1,
-                version_state=ItemVersionState.ACTIVE,
-                verbose=True,
             )
         """
-        input = GetRequest(
-            id=id,
-            version=version,
-            verbose=verbose,
-            version_state=version_state,
+        response = await self.request.post("v2/get", PangeaResponseResult, data=GetRequest(id=item_id, version=version))
+        response.result = vault_item_adapter.validate_python(response.json["result"])
+        return cast(PangeaResponse[VaultItem], response)
+    async def get_bulk(
+        self,
+        filter_: Mapping[str, str],
+        *,
+        size: int | None = None,
+        order: ItemOrder | None = None,
+        order_by: ItemOrderBy | None = None,
+        last: str | None = None,
+    ) -> PangeaResponse[GetBulkResponse]:
+        """
+        Get bulk
+        Retrieve details for multiple Vault items, including keys, secrets,
+        tokens, or folders, that match a given filter specification.
+        OperationId: vault_post_v2_get_bulk
+        Args:
+            filter: Filters to customize your search.
+            size: Maximum number of items in the response.
+            order: Direction for ordering the results.
+            order_by: Property by which to order the results.
+            last: Internal ID returned in the previous look up response. Used
+              for pagination.
+        Examples:
+            response = await vault.get_bulk({"id": "pvi_..."})
+        """
+        return await self.request.post(
+            "v2/get_bulk",
+            GetBulkResponse,
+            data=GetBulkRequest(filter=filter_, size=size, order=order, order_by=order_by, last=last),
         )
-        return await self.request.post("v1/get", GetResult, data=input.dict(exclude_none=True))
-    # List endpoint
     async def list(
         self,
-        filter: Optional[Dict[str, str]] = None,
-        last: Optional[str] = None,
+        *,
+        filter: Optional[Mapping[str, str]] = None,
+        size: int = 50,
         order: Optional[ItemOrder] = None,
-        order_by: Optional[ItemOrderBy] = None,
-        size: Optional[int] = None,
+        order_by: ItemOrderBy | None = None,
+        last: str | None = None,
     ) -> PangeaResponse[ListResult]:
         """
         List
-        Look up a list of secrets, keys and folders, and their associated information
+        Retrieve a list of secrets, keys and folders, and their associated information.
-        OperationId: vault_post_v1_list
+        OperationId: vault_post_v2_list
         Args:
-            filter (dict, optional): A set of filters to help you customize your search. Examples:
-                - "folder": "/tmp"
-                - "tags": "personal"
-                - "name__contains": "xxx"
-                - "created_at__gt": "2020-02-05T10:00:00Z"
-                For metadata, use: "metadata_": "\<value\>"
-            last (str, optional): Internal ID returned in the previous look up response. Used for pagination.
-            order (ItemOrder, optional): Ordering direction: `asc` or `desc`
-            order_by (ItemOrderBy, optional): Property used to order the results. Supported properties: `id`,
+            filter: A set of filters to help you customize your search.
+              Examples:
+              - "folder": "/tmp"
+              - "tags": "personal"
+              - "name__contains": "xxx"
+              - "created_at__gt": "2020-02-05T10:00:00Z"
+              For metadata, use: "metadata_{key}": "{value}"
+            size: Maximum number of items in the response. Default is `50`.
+            order: Ordering direction: `asc` or `desc`
+            order_by: Property used to order the results. Supported properties: `id`,
                 `type`, `created_at`, `algorithm`, `purpose`, `expiration`, `last_rotated`, `next_rotation`,
                 `name`, `folder`, `item_state`.
-            size (int, optional): Maximum number of items in the response. Default is `50`.
-        Raises:
-            PangeaAPIException: If an API Error happens
+            last: Internal ID returned in the previous look up response. Used
+              for pagination.
         Returns:
             A PangeaResponse where a list of secrets or keys
                 is returned in the response.result field.
                 Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#list).
+        Raises:
+            PangeaAPIException: If an API Error happens
         Examples:
-            response = vault.list(
+            response = await vault.list(
                 filter={
                     "folder": "/",
                     "type": "asymmetric_key",
@@ -231,58 +303,55 @@ class VaultAsync(ServiceBaseAsync):
                 size=20,
             )
         """
-        input = ListRequest(filter=filter, last=last, order=order, order_by=order_by, size=size)
-        return await self.request.post("v1/list", ListResult, data=input.dict(exclude_none=True))
+        return await self.request.post(
+            "v2/list",
+            ListResult,
+            data=ListRequest(filter=filter, size=size, order=order, order_by=order_by, last=last),
+        )
-    # Update endpoint
     async def update(
         self,
-        id: str,
-        name: Optional[str] = None,
-        folder: Optional[str] = None,
-        metadata: Optional[Metadata] = None,
-        tags: Optional[Tags] = None,
-        rotation_frequency: Optional[str] = None,
-        rotation_state: Optional[ItemVersionState] = None,
-        rotation_grace_period: Optional[str] = None,
-        expiration: Optional[datetime.datetime] = None,
-        item_state: Optional[ItemState] = None,
+        item_id: str,
+        *,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        disabled_at: str | None = None,
+        enabled: bool | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState = RequestRotationState.INHERITED,
+        rotation_grace_period: str | None = None,
     ) -> PangeaResponse[UpdateResult]:
         """
         Update
-        Update information associated with a secret or key.
+        Update information associated with a secret, key or folder.
-        OperationId: vault_post_v1_update
+        OperationId: vault_post_v2_update
         Args:
-            id (str): The item ID
-            name (str, optional): The name of this item
-            folder (string, optional): The folder where this item is stored
-            metadata (dict, optional): User-provided metadata
-            tags (list[str], optional): A list of user-defined tags
-            rotation_frequency (str, optional): Period of time between item rotations
-            rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
-                Supported options:
-                - `deactivated`
-                - `destroyed`
-                Default is `deactivated`.
-            rotation_grace_period (str, optional): Grace period for the previous version of the Pangea Token
-            expiration (str, optional): Expiration timestamp
-            item_state (ItemState, optional): The new state of the item. Supported options:
-                - `enabled`
-                - `disabled`
-        Raises:
-            PangeaAPIException: If an API Error happens
+            item_id: The item ID.
+            name: The name of this item
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            enabled: True if the item is enabled.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should transition upon rotation.
+            rotation_grace_period: Grace period for the previous version of the Pangea Token.
         Returns:
-            A PangeaResponse where the item ID
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#update).
+            A PangeaResponse where the item ID is returned in the
+            response.result field. Available response fields can be found in our
+            [API documentation](https://pangea.cloud/docs/api/vault#update).
+        Raises:
+            PangeaAPIException: If an API Error happens
         Examples:
-            response = vault.update(
+            response = await vault.update(
                 id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
                 name="my-very-secret-secret",
                 folder="/personal",
@@ -296,703 +365,1422 @@ class VaultAsync(ServiceBaseAsync):
                 ],
                 rotation_frequency="10d",
                 rotation_state=ItemVersionState.DEACTIVATED,
-                rotation_grace_period="1d",
-                expiration="2025-01-01T10:00:00Z",
-                item_state=ItemState.DISABLED,
             )
         """
-        input = UpdateRequest(
-            id=id,
+        return await self.request.post(
+            "v2/update",
+            UpdateResult,
+            data=UpdateRequest(
+                id=item_id,
+                name=name,
+                folder=folder,
+                metadata=metadata,
+                tags=tags,
+                disabled_at=disabled_at,
+                enabled=enabled,
+                rotation_frequency=rotation_frequency,
+                rotation_state=rotation_state,
+                rotation_grace_period=rotation_grace_period,
+            ),
+        )
+    async def _secret_store(
+        self,
+        *,
+        item_type: Literal["secret", "pangea_token", "pangea_client_secret"] = "secret",
+        result_class: type[TResult] = SecretStoreResult,  # type: ignore[assignment]
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        disabled_at: datetime.datetime | None = None,
+        **kwargs: Any,
+    ) -> PangeaResponse[TResult]:
+        return await self.request.post(
+            "v2/secret/store",
+            result_class,
+            data=SecretStoreRequest(
+                type=item_type,
+                name=name,
+                folder=folder,
+                metadata=metadata,
+                tags=tags,
+                disabled_at=disabled_at,
+                **kwargs,
+            ),
+        )
+    async def store_secret(
+        self,
+        secret: str,
+        *,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        disabled_at: datetime.datetime | None = None,
+    ) -> PangeaResponse[Secret]:
+        """
+        Store secret
+        Store a secret.
+        Args:
+            secret: The secret value.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            disabled_at: Timestamp indicating when the item will be disabled.
+        Raises:
+            PangeaAPIException: If an API Error happens
+        Examples:
+            response = await vault.store_secret(secret="foobar")
+        """
+        return await self._secret_store(
+            item_type="secret",
+            result_class=Secret,
+            secret=secret,
             name=name,
             folder=folder,
             metadata=metadata,
             tags=tags,
-            rotation_frequency=rotation_frequency,
-            rotation_state=rotation_state,
-            rotation_grace_period=rotation_grace_period,
-            expiration=expiration,
-            item_state=item_state,
+            disabled_at=disabled_at,
         )
-        return await self.request.post("v1/update", UpdateResult, data=input.dict(exclude_none=True))
-    async def secret_store(
+    async def store_pangea_token(
         self,
-        secret: str,
-        name: str,
-        folder: Optional[str] = None,
-        metadata: Optional[Metadata] = None,
-        tags: Optional[Tags] = None,
-        rotation_frequency: Optional[str] = None,
-        rotation_state: Optional[ItemVersionState] = None,
-        expiration: Optional[datetime.datetime] = None,
-    ) -> PangeaResponse[SecretStoreResult]:
+        token: str,
+        *,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        disabled_at: datetime.datetime | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RotationState | None = None,
+        rotation_grace_period: str | None = None,
+    ) -> PangeaResponse[PangeaToken]:
         """
-        Secret store
-        Import a secret
+        Store secret
-        OperationId: vault_post_v1_secret_store 1
+        Store a Pangea token.
         Args:
-            secret (str): The secret value
-            name (str): The name of this item
-            folder (str, optional): The folder where this item is stored
-            metadata (dict, optional): User-provided metadata
-            tags (list[str], optional): A list of user-defined tags
-            rotation_frequency (str, optional): Period of time between item rotations
-            rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
-                Supported options:
-                - `deactivated`
-                - `destroyed`
-            expiration (str, optional): Expiration timestamp
+            token: The Pangea token value.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            disabled_at: Timestamp indicating when the item will be disabled.
         Raises:
             PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the secret
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#import-a-secret).
         Examples:
-            response = vault.secret_store(
-                secret="12sdfgs4543qv@#%$casd",
-                name="my-very-secret-secret",
-                folder="/personal",
-                metadata={
-                    "created_by": "John Doe",
-                    "used_in": "Google products"
-                },
-                tags=[
-                    "irs_2023",
-                    "personal"
-                ],
-                rotation_frequency="10d",
-                rotation_state=ItemVersionState.DEACTIVATED,
-                expiration="2025-01-01T10:00:00Z",
-            )
+            response = await vault.store_pangea_token(token="foobar")
         """
-        input = SecretStoreRequest(
-            type=ItemType.SECRET,
-            secret=secret,
+        return await self._secret_store(
+            item_type="pangea_token",
+            result_class=PangeaToken,
+            token=token,
             name=name,
             folder=folder,
             metadata=metadata,
             tags=tags,
+            disabled_at=disabled_at,
             rotation_frequency=rotation_frequency,
             rotation_state=rotation_state,
-            expiration=expiration,
+            rotation_grace_period=rotation_grace_period,
         )
-        return await self.request.post("v1/secret/store", SecretStoreResult, data=input.dict(exclude_none=True))
-    async def pangea_token_store(
+    async def store_pangea_client_secret(
         self,
-        pangea_token: str,
-        name: str,
-        folder: Optional[str] = None,
-        metadata: Optional[Metadata] = None,
-        tags: Optional[Tags] = None,
-        rotation_frequency: Optional[str] = None,
-        rotation_state: Optional[ItemVersionState] = None,
-        expiration: Optional[datetime.datetime] = None,
-    ) -> PangeaResponse[SecretStoreResult]:
+        client_secret: str,
+        client_id: str,
+        client_secret_id: str,
+        *,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        disabled_at: datetime.datetime | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RotationState | None = None,
+        rotation_grace_period: str | None = None,
+    ) -> PangeaResponse[ClientSecret]:
         """
-        Pangea token store
+        Store secret
-        Import a secret
-        OperationId: vault_post_v1_secret_store 2
+        Store a Pangea client secret.
         Args:
-            pangea_token (str): The pangea token to store
-            name (str): the name of this item
-            folder (str, optional): The folder where this item is stored
-            metadata (dict, optional): User-provided metadata
-            tags (list[str], optional): A list of user-defined tags
-            rotation_frequency (str, optional): Period of time between item rotations
-            rotation_state (ItemVersionState, optional): State to which the previous version should
-                transition upon rotation. Supported options:
-                - `deactivated`
-                - `destroyed`
-            expiration (str, optional): Expiration timestamp
+            client_secret: The oauth client secret.
+            client_id: The oauth client ID.
+            client_secret_id: The oauth client secret ID.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            rotation_grace_period: Grace period for the previous version of the
+              Pangea Token.
         Raises:
             PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the token
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#import-a-secret).
         Examples:
-            response = vault.pangea_token_store(
-                pangea_token="ptv_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd",
-                name="my-very-secret-secret",
-                folder="/personal",
-                metadata={
-                    "created_by": "John Doe",
-                    "used_in": "Google products"
-                },
-                tags=[
-                    "irs_2023",
-                    "personal"
-                ],
-                rotation_frequency="10d",
-                rotation_state=ItemVersionState.DEACTIVATED,
-                expiration="2025-01-01T10:00:00Z",
+            response = await vault.store_pangea_client_secret(
+                client_secret="foo",
+                client_id="bar",
+                client_secret_id="baz",
             )
         """
-        input = SecretStoreRequest(
-            type=ItemType.PANGEA_TOKEN,
-            secret=pangea_token,
+        return await self._secret_store(
+            item_type="pangea_client_secret",
+            result_class=ClientSecret,
+            client_secret=client_secret,
+            client_id=client_id,
+            client_secret_id=client_secret_id,
             name=name,
             folder=folder,
             metadata=metadata,
             tags=tags,
+            disabled_at=disabled_at,
             rotation_frequency=rotation_frequency,
             rotation_state=rotation_state,
-            expiration=expiration,
+            rotation_grace_period=rotation_grace_period,
+        )
+    async def rotate_secret(
+        self,
+        item_id: str,
+        secret: str,
+        *,
+        rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
+    ) -> PangeaResponse[Secret]:
+        """
+        Rotate secret
+        Rotate a secret.
+        Args:
+            item_id: The item ID.
+            secret: The secret value.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+        Raises:
+            PangeaAPIException: If an API Error happens
+        Examples:
+            response = await vault.rotate_secret(item_id="foo", secret="bar")
+        """
+        return await self.request.post(
+            "v2/secret/rotate",
+            Secret,
+            data=SecretRotateRequest(id=item_id, secret=secret, rotation_state=rotation_state),
+        )
+    async def rotate_pangea_token(
+        self,
+        item_id: str,
+        *,
+        rotation_grace_period: str | None = None,
+        rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
+    ) -> PangeaResponse[PangeaToken]:
+        """
+        Rotate secret
+        Rotate a Pangea token.
+        Args:
+            item_id: The item ID.
+            rotation_grace_period: Grace period for the previous version of the
+              Pangea Token.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.rotate_pangea_token(item_id="foo")
+        """
+        return await self.request.post(
+            "v2/secret/rotate",
+            PangeaToken,
+            data=PangeaTokenRotateRequest(
+                id=item_id, rotation_grace_period=rotation_grace_period, rotation_state=rotation_state
+            ),
         )
-        return await self.request.post("v1/secret/store", SecretStoreResult, data=input.dict(exclude_none=True))
-    # Rotate endpoint
-    async def secret_rotate(
-        self, id: str, secret: str, rotation_state: Optional[ItemVersionState] = None
-    ) -> PangeaResponse[SecretRotateResult]:
+    async def rotate_client_secret(
+        self,
+        item_id: str,
+        *,
+        rotation_grace_period: str | None = None,
+        rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
+    ) -> PangeaResponse[ClientSecret]:
+        """
+        Rotate secret
+        Rotate a client secret.
+        Args:
+            item_id: The item ID.
+            rotation_grace_period: Grace period for the previous version of the
+              Pangea Token.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.rotate_client_secret(item_id="foo")
+        """
+        return await self.request.post(
+            "v2/secret/rotate",
+            ClientSecret,
+            data=ClientSecretRotateRequest(
+                id=item_id, rotation_grace_period=rotation_grace_period, rotation_state=rotation_state
+            ),
+        )
+    @overload
+    async def generate_key(
+        self,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY],
+        purpose: Literal[AsymmetricKeyPurpose.SIGNING],
+        algorithm: AsymmetricKeySigningAlgorithm,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[AsymmetricKey]:
+        """
+        Generate key
+        Generate an asymmetric signing key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.generate_key(
+                key_type=ItemType.ASYMMETRIC_KEY,
+                purpose=AsymmetricKeyPurpose.SIGNING,
+                algorithm=AsymmetricKeySigningAlgorithm.ED25519,
+            )
+        """
+    @overload
+    async def generate_key(
+        self,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY],
+        purpose: Literal[AsymmetricKeyPurpose.ENCRYPTION],
+        algorithm: AsymmetricKeyEncryptionAlgorithm,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[AsymmetricKey]:
+        """
+        Generate key
+        Generate an asymmetric encryption key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.generate_key(
+                key_type=ItemType.ASYMMETRIC_KEY,
+                purpose=AsymmetricKeyPurpose.ENCRYPTION,
+                algorithm=AsymmetricKeyEncryptionAlgorithm.RSA_OAEP_2048_SHA1,
+            )
+        """
+    @overload
+    async def generate_key(
+        self,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY],
+        purpose: Literal[AsymmetricKeyPurpose.JWT],
+        algorithm: AsymmetricKeyJwtAlgorithm,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[AsymmetricKey]:
+        """
+        Generate key
+        Generate an asymmetric JWT key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.generate_key(
+                key_type=ItemType.ASYMMETRIC_KEY,
+                purpose=AsymmetricKeyPurpose.JWT,
+                algorithm=AsymmetricKeyJwtAlgorithm.ES512,
+            )
+        """
+    @overload
+    async def generate_key(
+        self,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY],
+        purpose: Literal[AsymmetricKeyPurpose.PKI],
+        algorithm: AsymmetricKeyPkiAlgorithm,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[AsymmetricKey]:
+        """
+        Generate key
+        Generate an asymmetric PKI key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.generate_key(
+                key_type=ItemType.ASYMMETRIC_KEY,
+                purpose=AsymmetricKeyPurpose.PKI,
+                algorithm=AsymmetricKeyPkiAlgorithm.ED25519,
+            )
+        """
+    @overload
+    async def generate_key(
+        self,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY],
+        purpose: AsymmetricKeyPurpose,
+        algorithm: AsymmetricKeyAlgorithm,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[AsymmetricKey]:
+        """
+        Generate key
+        Generate an asymmetric key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.generate_key(
+                key_type=ItemType.ASYMMETRIC_KEY,
+                purpose=AsymmetricKeyPurpose.PKI,
+                algorithm=AsymmetricKeyPkiAlgorithm.ED25519,
+            )
+        """
+    @overload
+    async def generate_key(
+        self,
+        *,
+        key_type: Literal[ItemType.SYMMETRIC_KEY],
+        purpose: Literal[SymmetricKeyPurpose.ENCRYPTION],
+        algorithm: SymmetricKeyEncryptionAlgorithm,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[SymmetricKey]:
+        """
+        Generate key
+        Generate a symmetric encryption key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.generate_key(
+                key_type=ItemType.SYMMETRIC_KEY,
+                purpose=SymmetricKeyPurpose.ENCRYPTION,
+                algorithm=SymmetricKeyEncryptionAlgorithm.AES_CFB_128,
+            )
+        """
+    @overload
+    async def generate_key(
+        self,
+        *,
+        key_type: Literal[ItemType.SYMMETRIC_KEY],
+        purpose: Literal[SymmetricKeyPurpose.JWT],
+        algorithm: SymmetricKeyJwtAlgorithm,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[SymmetricKey]:
+        """
+        Generate key
+        Generate a symmetric JWT key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.generate_key(
+                key_type=ItemType.SYMMETRIC_KEY,
+                purpose=SymmetricKeyPurpose.JWT,
+                algorithm=SymmetricKeyJwtAlgorithm.HS512,
+            )
+        """
+    @overload
+    async def generate_key(
+        self,
+        *,
+        key_type: Literal[ItemType.SYMMETRIC_KEY],
+        purpose: Literal[SymmetricKeyPurpose.FPE],
+        algorithm: SymmetricKeyFpeAlgorithm,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[SymmetricKey]:
+        """
+        Generate key
+        Generate a symmetric FPE key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.generate_key(
+                key_type=ItemType.SYMMETRIC_KEY,
+                purpose=SymmetricKeyPurpose.FPE,
+                algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
+            )
+        """
+    @overload
+    async def generate_key(
+        self,
+        *,
+        key_type: Literal[ItemType.SYMMETRIC_KEY],
+        purpose: SymmetricKeyPurpose,
+        algorithm: SymmetricKeyAlgorithm,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[SymmetricKey]:
+        """
+        Generate key
+        Generate a symmetric key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.generate_key(
+                key_type=ItemType.SYMMETRIC_KEY,
+                purpose=SymmetricKeyPurpose.FPE,
+                algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
+            )
+        """
+    async def generate_key(
+        self,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY, ItemType.SYMMETRIC_KEY],
+        purpose: SymmetricKeyPurpose | AsymmetricKeyPurpose,
+        algorithm: AsymmetricKeyAlgorithm | SymmetricKeyAlgorithm,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[Any]:
+        """
+        Generate key
+        Generate a key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.generate_key(
+                key_type=ItemType.SYMMETRIC_KEY,
+                purpose=SymmetricKeyPurpose.FPE,
+                algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
+            )
+        """
+        return await self.request.post(
+            "v2/key/generate",
+            AsymmetricKey if key_type == ItemType.ASYMMETRIC_KEY else SymmetricKey,
+            data=CommonGenerateRequest(
+                type=key_type,
+                purpose=purpose,
+                algorithm=algorithm,
+                name=name,
+                folder=folder,
+                metadata=metadata,
+                tags=tags,
+                rotation_frequency=rotation_frequency,
+                rotation_state=rotation_state,
+                disabled_at=disabled_at,
+                exportable=exportable,
+            ),
+        )
+    @overload
+    async def store_key(
+        self,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY],
+        purpose: Literal[AsymmetricKeyPurpose.SIGNING],
+        algorithm: AsymmetricKeySigningAlgorithm,
+        public_key: str,
+        private_key: str,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[AsymmetricKey]:
+        """
+        Store key
+        Import an asymmetric signing key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            public_key: The public key (in PEM format).
+            private_key: The private key (in PEM format).
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.store_key(
+                key_type=ItemType.ASYMMETRIC_KEY,
+                purpose=AsymmetricKeyPurpose.SIGNING,
+                algorithm=AsymmetricKeySigningAlgorithm.ED25519,
+            )
+        """
+    @overload
+    async def store_key(
+        self,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY],
+        purpose: Literal[AsymmetricKeyPurpose.ENCRYPTION],
+        algorithm: AsymmetricKeyEncryptionAlgorithm,
+        public_key: str,
+        private_key: str,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[AsymmetricKey]:
+        """
+        Store key
+        Import an asymmetric encryption key.
+        Args:
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            public_key: The public key (in PEM format).
+            private_key: The private key (in PEM format).
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.store_key(
+                key_type=ItemType.ASYMMETRIC_KEY,
+                purpose=AsymmetricKeyPurpose.ENCRYPTION,
+                algorithm=AsymmetricKeyEncryptionAlgorithm.RSA_OAEP_2048_SHA1,
+            )
         """
-        Secret rotate
-        Rotate a secret
+    @overload
+    async def store_key(
+        self,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY],
+        purpose: Literal[AsymmetricKeyPurpose.JWT],
+        algorithm: AsymmetricKeyJwtAlgorithm,
+        public_key: str,
+        private_key: str,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[AsymmetricKey]:
+        """
+        Store key
-        OperationId: vault_post_v1_secret_rotate 1
+        Import an asymmetric JWT key.
         Args:
-            id (str): The item ID
-            secret (str): The secret value
-            rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
-                Supported options:
-                - `deactivated`
-                - `suspended`
-                - `destroyed`
-                Default is `deactivated`.
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            public_key: The public key (in PEM format).
+            private_key: The private key (in PEM format).
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
         Raises:
-            PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the secret
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#rotate-a-secret).
+            PangeaAPIException: If an API Error happens.
         Examples:
-            response = vault.secret_rotate(
-                id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
-                secret="12sdfgs4543qv@#%$casd",
-                rotation_state=ItemVersionState.DEACTIVATED,
+            response = await vault.store_key(
+                key_type=ItemType.ASYMMETRIC_KEY,
+                purpose=AsymmetricKeyPurpose.JWT,
+                algorithm=AsymmetricKeyJwtAlgorithm.ES512,
             )
         """
-        input = SecretRotateRequest(id=id, secret=secret, rotation_state=rotation_state)
-        return await self.request.post("v1/secret/rotate", SecretRotateResult, data=input.dict(exclude_none=True))
-    # Rotate endpoint
-    async def pangea_token_rotate(self, id: str) -> PangeaResponse[SecretRotateResult]:
+    @overload
+    async def store_key(
+        self,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY],
+        purpose: Literal[AsymmetricKeyPurpose.PKI],
+        algorithm: AsymmetricKeyPkiAlgorithm,
+        public_key: str,
+        private_key: str,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[AsymmetricKey]:
         """
-        Token rotate
+        Store key
-        Rotate a Pangea token
-        OperationId: vault_post_v1_secret_rotate 2
+        Import an asymmetric PKI key.
         Args:
-            id (str): The item ID
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            public_key: The public key (in PEM format).
+            private_key: The private key (in PEM format).
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
         Raises:
-            PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the token
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#rotate-a-secret).
+            PangeaAPIException: If an API Error happens.
         Examples:
-            response = vault.pangea_token_rotate(
-                id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
+            response = await vault.store_key(
+                key_type=ItemType.ASYMMETRIC_KEY,
+                purpose=AsymmetricKeyPurpose.PKI,
+                algorithm=AsymmetricKeyPkiAlgorithm.ED25519,
             )
         """
-        input = SecretRotateRequest(id=id)  # type: ignore[call-arg]
-        return await self.request.post("v1/secret/rotate", SecretRotateResult, data=input.dict(exclude_none=True))
-    async def symmetric_generate(
+    @overload
+    async def store_key(
         self,
-        algorithm: SymmetricAlgorithm,
-        purpose: KeyPurpose,
-        name: Optional[str] = None,
-        folder: Optional[str] = None,
-        metadata: Optional[Metadata] = None,
-        tags: Optional[Tags] = None,
-        rotation_frequency: Optional[str] = None,
-        rotation_state: Optional[ItemVersionState] = None,
-        expiration: Optional[datetime.datetime] = None,
-    ) -> PangeaResponse[SymmetricGenerateResult]:
+        *,
+        key_type: Literal[ItemType.SYMMETRIC_KEY],
+        purpose: Literal[SymmetricKeyPurpose.ENCRYPTION],
+        algorithm: SymmetricKeyEncryptionAlgorithm,
+        key: str,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[SymmetricKey]:
         """
-        Symmetric generate
-        Generate a symmetric key
+        Store key
-        OperationId: vault_post_v1_key_generate 1
+        Import a symmetric encryption key.
         Args:
-            algorithm (SymmetricAlgorithm): The algorithm of the key
-            purpose (KeyPurpose): The purpose of this key
-            name (str): The name of this item
-            folder (str, optional): The folder where this item is stored
-            metadata (dict, optional): User-provided metadata
-            tags (list[str], optional): A list of user-defined tags
-            rotation_frequency (str, optional): Period of time between item rotations, or `never` to disallow rotation
-            rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
-                Supported options:
-                - `deactivated`
-                - `destroyed`
-            expiration (str, optional): Expiration timestamp
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            key: The key material.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
         Raises:
-            PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the ID of the key
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#generate).
+            PangeaAPIException: If an API Error happens.
         Examples:
-            response = vault.symmetric_generate(
-                algorithm=SymmetricAlgorithm.AES,
-                purpose=KeyPurpose.ENCRYPTION,
-                name="my-very-secret-secret",
-                folder="/personal",
-                metadata={
-                    "created_by": "John Doe",
-                    "used_in": "Google products"
-                },
-                tags=[
-                    "irs_2023",
-                    "personal"
-                ],
-                rotation_frequency="10d",
-                rotation_state=ItemVersionState.DEACTIVATED,
-                expiration="2025-01-01T10:00:00Z",
+            response = await vault.store_key(
+                key_type=ItemType.SYMMETRIC_KEY,
+                purpose=SymmetricKeyPurpose.ENCRYPTION,
+                algorithm=SymmetricKeyEncryptionAlgorithm.AES_CFB_128,
             )
         """
-        input = SymmetricGenerateRequest(
-            type=ItemType.SYMMETRIC_KEY,
-            algorithm=algorithm,
-            purpose=purpose,
-            name=name,  # type: ignore[arg-type]
-            folder=folder,
-            metadata=metadata,
-            tags=tags,
-            rotation_frequency=rotation_frequency,
-            rotation_state=rotation_state,
-            expiration=expiration,
-        )
-        return await self.request.post("v1/key/generate", SymmetricGenerateResult, data=input.dict(exclude_none=True))
-    async def asymmetric_generate(
+    @overload
+    async def store_key(
         self,
-        algorithm: AsymmetricAlgorithm,
-        purpose: KeyPurpose,
-        name: Optional[str] = None,
-        folder: Optional[str] = None,
-        metadata: Optional[Metadata] = None,
-        tags: Optional[Tags] = None,
-        rotation_frequency: Optional[str] = None,
-        rotation_state: Optional[ItemVersionState] = None,
-        expiration: Optional[datetime.datetime] = None,
-    ) -> PangeaResponse[AsymmetricGenerateResult]:
+        *,
+        key_type: Literal[ItemType.SYMMETRIC_KEY],
+        purpose: Literal[SymmetricKeyPurpose.JWT],
+        algorithm: SymmetricKeyJwtAlgorithm,
+        key: str,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[SymmetricKey]:
         """
-        Asymmetric generate
-        Generate an asymmetric key
+        Store key
-        OperationId: vault_post_v1_key_generate 2
+        Import a symmetric JWT key.
         Args:
-            algorithm (AsymmetricAlgorithm): The algorithm of the key
-            purpose (KeyPurpose): The purpose of this key
-            name (str): The name of this item
-            folder (str, optional): The folder where this item is stored
-            metadata (dict, optional): User-provided metadata
-            tags (list[str], optional): A list of user-defined tags
-            rotation_frequency (str, optional): Period of time between item rotations, or `never` to disallow rotation
-            rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
-                Supported options:
-                - `deactivated`
-                - `destroyed`
-            expiration (str, optional): Expiration timestamp
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            key: The key material.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
         Raises:
-            PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the ID of the key
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#generate).
+            PangeaAPIException: If an API Error happens.
         Examples:
-            response = vault.asymmetric_generate(
-                algorithm=AsymmetricAlgorithm.RSA,
-                purpose=KeyPurpose.SIGNING,
-                name="my-very-secret-secret",
-                folder="/personal",
-                metadata={
-                    "created_by": "John Doe",
-                    "used_in": "Google products"
-                },
-                tags=[
-                    "irs_2023",
-                    "personal"
-                ],
-                rotation_frequency="10d",
-                rotation_state=ItemVersionState.DEACTIVATED,
-                expiration="2025-01-01T10:00:00Z",
+            response = await vault.store_key(
+                key_type=ItemType.SYMMETRIC_KEY,
+                purpose=SymmetricKeyPurpose.JWT,
+                algorithm=SymmetricKeyJwtAlgorithm.HS512,
             )
         """
-        input = AsymmetricGenerateRequest(
-            type=ItemType.ASYMMETRIC_KEY,
-            algorithm=algorithm,
-            purpose=purpose,
-            name=name,  # type: ignore[arg-type]
-            folder=folder,
-            metadata=metadata,
-            tags=tags,
-            rotation_frequency=rotation_frequency,
-            rotation_state=rotation_state,
-            expiration=expiration,
-        )
-        return await self.request.post("v1/key/generate", AsymmetricGenerateResult, data=input.dict(exclude_none=True))
-    # Store endpoints
-    async def asymmetric_store(
+    @overload
+    async def store_key(
         self,
-        private_key: EncodedPrivateKey,
-        public_key: EncodedPublicKey,
-        algorithm: AsymmetricAlgorithm,
-        purpose: KeyPurpose,
-        name: str,
-        folder: Optional[str] = None,
-        metadata: Optional[Metadata] = None,
-        tags: Optional[Tags] = None,
-        rotation_frequency: Optional[str] = None,
-        rotation_state: Optional[ItemVersionState] = None,
-        expiration: Optional[datetime.datetime] = None,
-    ) -> PangeaResponse[AsymmetricStoreResult]:
+        *,
+        key_type: Literal[ItemType.SYMMETRIC_KEY],
+        purpose: Literal[SymmetricKeyPurpose.FPE],
+        algorithm: SymmetricKeyFpeAlgorithm,
+        key: str,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[SymmetricKey]:
         """
-        Asymmetric store
+        Store key
-        Import an asymmetric key
-        OperationId: vault_post_v1_key_store 1
+        Import a symmetric FPE key.
         Args:
-            private_key (EncodedPrivateKey): The private key in PEM format
-            public_key (EncodedPublicKey): The public key in PEM format
-            algorithm (AsymmetricAlgorithm): The algorithm of the key
-            purpose (KeyPurpose): The purpose of this key. `signing`, `encryption`, or `jwt`.
-            name (str): The name of this item
-            folder (str, optional): The folder where this item is stored
-            metadata (dict, optional): User-provided metadata
-            tags (list[str], optional): A list of user-defined tags
-            rotation_frequency (str, optional): Period of time between item rotations, or `never` to disallow rotation
-            rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
-                Supported options:
-                - `deactivated`
-                - `destroyed`
-            expiration (str, optional): Expiration timestamp
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            key: The key material.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
         Raises:
-            PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the ID and public key
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#import-a-key).
+            PangeaAPIException: If an API Error happens.
         Examples:
-            response = vault.asymmetric_store(
-                private_key="private key example",
-                public_key="-----BEGIN PUBLIC KEY-----\\nMCowBQYDK2VwAyEA8s5JopbEPGBylPBcMK+L5PqHMqPJW/5KYPgBHzZGncc=\\n-----END PUBLIC KEY-----",
-                algorithm=AsymmetricAlgorithm.RSA,
-                purpose=KeyPurpose.SIGNING,
-                name="my-very-secret-secret",
-                folder="/personal",
-                metadata={
-                    "created_by": "John Doe",
-                    "used_in": "Google products"
-                },
-                tags=[
-                    "irs_2023",
-                    "personal"
-                ],
-                rotation_frequency="10d",
-                rotation_state=ItemVersionState.DEACTIVATED,
-                expiration="2025-01-01T10:00:00Z",
+            response = await vault.store_key(
+                key_type=ItemType.SYMMETRIC_KEY,
+                purpose=SymmetricKeyPurpose.FPE,
+                algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
             )
         """
-        input = AsymmetricStoreRequest(
-            type=ItemType.ASYMMETRIC_KEY,
-            algorithm=algorithm,
-            purpose=purpose,
-            public_key=public_key,
-            private_key=private_key,
-            name=name,
-            folder=folder,
-            metadata=metadata,
-            tags=tags,
-            rotation_frequency=rotation_frequency,
-            rotation_state=rotation_state,
-            expiration=expiration,
-        )
-        return await self.request.post("v1/key/store", AsymmetricStoreResult, data=input.dict(exclude_none=True))
-    async def symmetric_store(
+    async def store_key(
         self,
-        key: str,
-        algorithm: SymmetricAlgorithm,
-        purpose: KeyPurpose,
-        name: str,
-        folder: Optional[str] = None,
-        metadata: Optional[Metadata] = None,
-        tags: Optional[Tags] = None,
-        rotation_frequency: Optional[str] = None,
-        rotation_state: Optional[ItemVersionState] = None,
-        expiration: Optional[datetime.datetime] = None,
-    ) -> PangeaResponse[SymmetricStoreResult]:
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY, ItemType.SYMMETRIC_KEY],
+        purpose: SymmetricKeyPurpose | AsymmetricKeyPurpose,
+        algorithm: (
+            AsymmetricKeySigningAlgorithm
+            | AsymmetricKeyEncryptionAlgorithm
+            | AsymmetricKeyJwtAlgorithm
+            | AsymmetricKeyPkiAlgorithm
+            | SymmetricKeyEncryptionAlgorithm
+            | SymmetricKeyJwtAlgorithm
+            | SymmetricKeyFpeAlgorithm
+        ),
+        public_key: str | None = None,
+        private_key: str | None = None,
+        key: str | None = None,
+        name: str | None = None,
+        folder: str | None = None,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
+        disabled_at: datetime.datetime | None = None,
+        exportable: bool = False,
+    ) -> PangeaResponse[Any]:
         """
-        Symmetric store
+        Store key
-        Import a symmetric key
-        OperationId: vault_post_v1_key_store 2
+        Import a key.
         Args:
-            key (str): The key material (in base64)
-            algorithm (SymmetricAlgorithm): The algorithm of the key
-            purpose (KeyPurpose): The purpose of this key. `encryption` or `jwt`
-            name (str): The name of this item
-            folder (str, optional): The folder where this item is stored
-            metadata (dict, optional): User-provided metadata
-            tags (list[str], optional): A list of user-defined tags
-            rotation_frequency (str, optional): Period of time between item rotations, or `never` to disallow rotation
-            rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
-                Supported options:
-                - `deactivated`
-                - `destroyed`
-            expiration (str, optional): Expiration timestamp
+            key_type: Key type.
+            purpose: The purpose of this key.
+            algorithm: The algorithm of the key.
+            public_key: The public key (in PEM format).
+            private_key: The private key (in PEM format).
+            key: The key material.
+            name: The name of this item.
+            folder: The folder where this item is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            disabled_at: Timestamp indicating when the item will be disabled.
+            exportable: Whether the key is exportable or not.
         Raises:
-            PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the ID
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#import-a-key).
+            PangeaAPIException: If an API Error happens.
         Examples:
-            response = vault.symmetric_store(
-                key="lJkk0gCLux+Q+rPNqLPEYw==",
-                algorithm=SymmetricAlgorithm.AES,
-                purpose=KeyPurpose.ENCRYPTION,
-                name="my-very-secret-secret",
-                folder="/personal",
-                metadata={
-                    "created_by": "John Doe",
-                    "used_in": "Google products"
-                },
-                tags=[
-                    "irs_2023",
-                    "personal"
-                ],
-                rotation_frequency="10d",
-                rotation_state=ItemVersionState.DEACTIVATED,
-                expiration="2025-01-01T10:00:00Z",
+            response = await vault.store_key(
+                key_type=ItemType.SYMMETRIC_KEY,
+                purpose=SymmetricKeyPurpose.FPE,
+                algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
             )
         """
-        input = SymmetricStoreRequest(
-            type=ItemType.SYMMETRIC_KEY,
-            algorithm=algorithm,
-            purpose=purpose,
-            key=key,  # type: ignore[arg-type]
-            name=name,
-            folder=folder,
-            metadata=metadata,
-            tags=tags,
-            rotation_frequency=rotation_frequency,
-            rotation_state=rotation_state,
-            expiration=expiration,
+        return await self.request.post(
+            "v2/key/store",
+            AsymmetricKey if key_type == ItemType.ASYMMETRIC_KEY else SymmetricKey,
+            data=KeyStoreRequest(
+                type=key_type,
+                purpose=purpose,
+                algorithm=algorithm,
+                public_key=public_key,
+                private_key=private_key,
+                key=key,
+                name=name,
+                folder=folder,
+                metadata=metadata,
+                tags=tags,
+                rotation_frequency=rotation_frequency,
+                rotation_state=rotation_state,
+                disabled_at=disabled_at,
+                exportable=exportable,
+            ),
         )
-        return await self.request.post("v1/key/store", SymmetricStoreResult, data=input.dict(exclude_none=True))
-    # Rotate endpoint
-    async def key_rotate(
+    @overload
+    async def rotate_key(
         self,
-        id: str,
-        rotation_state: ItemVersionState,
-        public_key: Optional[EncodedPublicKey] = None,
-        private_key: Optional[EncodedPrivateKey] = None,
-        key: Optional[EncodedSymmetricKey] = None,
-    ) -> PangeaResponse[KeyRotateResult]:
+        key_id: str,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY],
+        rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
+        public_key: str | None = None,
+        private_key: str | None = None,
+    ) -> PangeaResponse[AsymmetricKey]:
+        """
+        Rotate key
+        Manually rotate an asymmetric key.
+        Args:
+            key_id: The ID of the key.
+            key_type: Key type.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            public_key: The public key (in PEM format).
+            private_key: The private key (in PEM format).
+        Raises:
+            PangeaAPIException: If an API Error happens.
+        Examples:
+            response = await vault.rotate_key("pvi_...", key_type=ItemType.ASYMMETRIC_KEY)
         """
-        Key rotate
-        Manually rotate a symmetric or asymmetric key
+    @overload
+    async def rotate_key(
+        self,
+        key_id: str,
+        *,
+        key_type: Literal[ItemType.SYMMETRIC_KEY],
+        rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
+        key: str | None = None,
+    ) -> PangeaResponse[SymmetricKey]:
+        """
+        Rotate key
-        OperationId: vault_post_v1_key_rotate
+        Manually rotate a symmetric key.
         Args:
-            id (str): The ID of the item
-            rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
-                Supported options:
-                - `deactivated`
-                - `suspended`
-                - `destroyed`
-                Default is `deactivated`.
-            public_key (EncodedPublicKey, optional): The public key (in PEM format)
-            private_key (EncodedPrivateKey, optional): The private key (in PEM format)
-            key (EncodedSymmetricKey, optional): The key material (in base64)
+            key_id: The ID of the key.
+            key_type: Key type.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            key: The key material.
         Raises:
-            PangeaAPIException: If an API Error happens
+            PangeaAPIException: If an API Error happens.
-        Returns:
-            A PangeaResponse where the ID
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#rotate).
+        Examples:
+            response = await vault.rotate_key("pvi_...", key_type=ItemType.SYMMETRIC_KEY)
+        """
+    async def rotate_key(
+        self,
+        key_id: str,
+        *,
+        key_type: Literal[ItemType.ASYMMETRIC_KEY, ItemType.SYMMETRIC_KEY],
+        rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
+        public_key: str | None = None,
+        private_key: str | None = None,
+        key: str | None = None,
+    ) -> PangeaResponse[Any]:
+        """
+        Rotate key
+        Manually rotate an asymmetric or symmetric key.
+        Args:
+            key_id: The ID of the key.
+            key_type: Key type.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            public_key: The public key (in PEM format).
+            private_key: The private key (in PEM format).
+            key: The key material.
+        Raises:
+            PangeaAPIException: If an API Error happens.
         Examples:
-            response = vault.key_rotate(
-                id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
-                rotation_state=ItemVersionState.DEACTIVATED,
-                key="lJkk0gCLux+Q+rPNqLPEYw==",
-            )
+            response = await vault.rotate_key("pvi_...", key_type=ItemType.SYMMETRIC_KEY)
         """
-        input = KeyRotateRequest(
-            id=id, public_key=public_key, private_key=private_key, key=key, rotation_state=rotation_state
+        return await self.request.post(
+            "v2/key/rotate",
+            AsymmetricKey if key_type == ItemType.ASYMMETRIC_KEY else SymmetricKey,
+            data=KeyRotateRequest(
+                id=key_id,
+                public_key=public_key,
+                private_key=private_key,
+                key=key,
+                rotation_state=rotation_state,
+            ),
         )
-        return await self.request.post("v1/key/rotate", KeyRotateResult, data=input.dict(exclude_none=True))
-    # Encrypt
-    async def encrypt(self, id: str, plain_text: str, version: Optional[int] = None) -> PangeaResponse[EncryptResult]:
+    async def encrypt(
+        self, item_id: str, plain_text: str, *, version: int | None = None, additional_data: str | None = None
+    ) -> PangeaResponse[EncryptResult]:
         """
         Encrypt
-        Encrypt a message using a key
+        Encrypt a message using a key.
-        OperationId: vault_post_v1_key_encrypt
+        OperationId: vault_post_v2_key_encrypt
         Args:
-            id (str): The item ID
-            plain_text (str): A message to be in encrypted (in base64)
-            version (int, optional): The item version
+            item_id: The item ID.
+            plain_text: A message to be encrypted (in base64).
+            version: The item version.
+            additional_data: User provided authentication data.
+        Returns:
+            A PangeaResponse where the encrypted message in base64 is returned
+            in the response.result field. Available response fields can be found
+            in our [API documentation](https://pangea.cloud/docs/api/vault#encrypt).
         Raises:
             PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the encrypted message in base64
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#encrypt).
         Examples:
-            response = vault.encrypt(
+            response = await vault.encrypt(
                 id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
                 plain_text="lJkk0gCLux+Q+rPNqLPEYw==",
                 version=1,
             )
         """
-        input = EncryptRequest(id=id, plain_text=plain_text, version=version)  # type: ignore[call-arg]
-        return await self.request.post("v1/key/encrypt", EncryptResult, data=input.dict(exclude_none=True))
+        return await self.request.post(
+            "v2/encrypt",
+            EncryptResult,
+            data=EncryptRequest(id=item_id, plain_text=plain_text, version=version, additional_data=additional_data),
+        )
-    # Decrypt
-    async def decrypt(self, id: str, cipher_text: str, version: Optional[int] = None) -> PangeaResponse[DecryptResult]:
+    async def decrypt(
+        self, item_id: str, cipher_text: str, *, version: int | None = None, additional_data: str | None = None
+    ) -> PangeaResponse[DecryptResult]:
         """
         Decrypt
-        Decrypt a message using a key
+        Decrypt a message using a key.
-        OperationId: vault_post_v1_key_decrypt
+        OperationId: vault_post_v2_key_decrypt
         Args:
-            id (str): The item ID
-            cipher_text (str): A message encrypted by Vault (in base64)
-            version (int, optional): The item version
+            item_id: The item ID.
+            cipher_text: A message encrypted by Vault (in base64).
+            version: The item version.
+            additional_data: User provided authentication data.
+        Returns:
+            A PangeaResponse where the decrypted message in base64 is returned
+            in the response.result field. Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#decrypt).
         Raises:
             PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the decrypted message in base64
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#decrypt).
         Examples:
-            response = vault.decrypt(
+            response = await vault.decrypt(
                 id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
                 cipher_text="lJkk0gCLux+Q+rPNqLPEYw==",
                 version=1,
             )
         """
-        input = DecryptRequest(id=id, cipher_text=cipher_text, version=version)  # type: ignore[call-arg]
-        return await self.request.post("v1/key/decrypt", DecryptResult, data=input.dict(exclude_none=True))
+        return await self.request.post(
+            "v2/decrypt",
+            DecryptResult,
+            data=DecryptRequest(id=item_id, cipher_text=cipher_text, version=version, additional_data=additional_data),
+        )
-    # Sign
-    async def sign(self, id: str, message: str, version: Optional[int] = None) -> PangeaResponse[SignResult]:
+    async def sign(self, item_id: str, message: str, *, version: int | None = None) -> PangeaResponse[SignResult]:
         """
         Sign
         Sign a message using a key
-        OperationId: vault_post_v1_key_sign
+        OperationId: vault_post_v2_sign
         Args:
-            id (str): The item ID
-            message (str): The message to be signed, in base64
-            version (int, optional): The item version
+            id: The item ID.
+            message: The message to be signed, in base64.
+            version: The item version.
+        Returns:
+            A PangeaResponse where the signature of the message in base64 is
+            returned in the response.result field. Available response fields can
+            be found in our [API documentation](https://pangea.cloud/docs/api/vault#sign).
         Raises:
             PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the signature of the message in base64
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#sign).
         Examples:
-            response = vault.sign(
+            response = await vault.sign(
                 id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
                 message="lJkk0gCLux+Q+rPNqLPEYw==",
                 version=1,
             )
         """
-        input = SignRequest(id=id, message=message, version=version)
-        return await self.request.post("v1/key/sign", SignResult, data=input.dict(exclude_none=True))
+        return await self.request.post(
+            "v2/sign", SignResult, data=SignRequest(id=item_id, message=message, version=version)
+        )
-    # Verify
     async def verify(
-        self, id: str, message: str, signature: str, version: Optional[int] = None
+        self, item_id: str, message: str, signature: str, *, version: int | None = None
     ) -> PangeaResponse[VerifyResult]:
         """
         Verify
-        Verify a signature using a key
+        Verify a signature using a key.
-        OperationId: vault_post_v1_key_verify
+        OperationId: vault_post_v2_key_verify
         Args:
-            id (str): The item ID
-            message (str): A message to be verified (in base64)
-            signature (str): The message signature (in base64)
-            version (int, optional): The item version
+            id: The item ID.
+            message: A message to be verified (in base64).
+            signature: The message signature (in base64).
+            version: The item version.
         Raises:
             PangeaAPIException: If an API Error happens
@@ -1003,31 +1791,34 @@ class VaultAsync(ServiceBaseAsync):
                 Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#verify).
         Examples:
-            response = vault.verify(
+            response = await vault.verify(
                 id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
                 message="lJkk0gCLux+Q+rPNqLPEYw==",
                 signature="FfWuT2Mq/+cxa7wIugfhzi7ktZxVf926idJNgBDCysF/knY9B7M6wxqHMMPDEBs86D8OsEGuED21y3J7IGOpCQ==",
                 version=1,
             )
         """
-        input = VerifyRequest(
-            id=id,
-            message=message,
-            signature=signature,
-            version=version,
+        return await self.request.post(
+            "v2/verify",
+            VerifyResult,
+            data=VerifyRequest(
+                id=item_id,
+                message=message,
+                signature=signature,
+                version=version,
+            ),
         )
-        return await self.request.post("v1/key/verify", VerifyResult, data=input.dict(exclude_none=True))
     async def jwt_verify(self, jws: str) -> PangeaResponse[JWTVerifyResult]:
         """
         JWT Verify
-        Verify the signature of a JSON Web Token (JWT)
+        Verify the signature of a JSON Web Token (JWT).
-        OperationId: vault_post_v1_key_verify_jwt
+        OperationId: vault_post_v2_key_verify_jwt
         Args:
-            jws (str): The signed JSON Web Token (JWS)
+            jws: The signed JSON Web Token (JWS).
         Raises:
             PangeaAPIException: If an API Error happens
@@ -1038,180 +1829,196 @@ class VaultAsync(ServiceBaseAsync):
                 Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#verify-jwt).
         Examples:
-            response = vault.jwt_verify(
-                jws="ewogICJhbGciO...",
-            )
+            response = await vault.jwt_verify(jws="ewogICJhbGciO...")
         """
-        input = JWTVerifyRequest(jws=jws)
-        return await self.request.post("v1/key/verify/jwt", JWTVerifyResult, data=input.dict(exclude_none=True))
+        return await self.request.post("v2/jwt/verify", JWTVerifyResult, data=JWTVerifyRequest(jws=jws))
-    async def jwt_sign(self, id: str, payload: str) -> PangeaResponse[JWTSignResult]:
+    async def jwt_sign(self, item_id: str, payload: str) -> PangeaResponse[JWTSignResult]:
         """
         JWT Sign
-        Sign a JSON Web Token (JWT) using a key
+        Sign a JSON Web Token (JWT) using a key.
-        OperationId: vault_post_v1_key_sign_jwt
+        OperationId: vault_post_v2_jwt_sign
         Args:
-            id (str): The item ID
-            payload (str): The JWT payload (in JSON)
+            id: The item ID.
+            payload: The JWT payload (in JSON).
         Raises:
             PangeaAPIException: If an API Error happens
         Returns:
-            A PangeaResponse where the signed JSON Web Token (JWS)
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#sign-a-jwt).
+            A PangeaResponse where the signed JSON Web Token (JWS) is returned
+            in the response.result field. Available response fields can be found
+            in our [API documentation](https://pangea.cloud/docs/api/vault#sign-a-jwt).
         Examples:
-            response = vault.jwt_sign(
+            response = await vault.jwt_sign(
                 id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
                 payload="{\\"sub\\": \\"1234567890\\",\\"name\\": \\"John Doe\\",\\"admin\\": true}"
             )
         """
-        input = JWTSignRequest(id=id, payload=payload)
-        return await self.request.post("v1/key/sign/jwt", JWTSignResult, data=input.dict(exclude_none=True))
+        return await self.request.post("v2/jwt/sign", JWTSignResult, data=JWTSignRequest(id=item_id, payload=payload))
-    # Get endpoint
-    async def jwk_get(self, id: str, version: Optional[str] = None) -> PangeaResponse[JWKGetResult]:
+    async def jwk_get(self, item_id: str, *, version: str | None = None) -> PangeaResponse[JWKGetResult]:
         """
         JWT Retrieve
-        Retrieve a key in JWK format
+        Retrieve a key in JWK format.
-        OperationId: vault_post_v1_get_jwk
+        OperationId: vault_post_v2_jwk_get
         Args:
-            id (str): The item ID
-            version (str, optional): The key version(s).
-                - `all` for all versions
-                - `num` for a specific version
-                - `-num` for the `num` latest versions
+            id: The item ID
+            version: The key version(s).
+              - `all` for all versions
+              - `num` for a specific version
+              - `-num` for the `num` latest versions
         Raises:
             PangeaAPIException: If an API Error happens
         Returns:
-            A PangeaResponse where the JSON Web Key Set (JWKS) object
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#retrieve-jwk).
+            A PangeaResponse where the JSON Web Key Set (JWKS) object is
+            returned in the response.result field. Available response fields can
+            be found in our [API documentation](https://pangea.cloud/docs/api/vault#retrieve-jwk).
         Examples:
-            response = vault.jwk_get(
-                id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
-            )
+            response = await vault.jwk_get("pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5")
         """
-        input = JWKGetRequest(id=id, version=version)
-        return await self.request.post("v1/get/jwk", JWKGetResult, data=input.dict(exclude_none=True))
+        return await self.request.post("v2/jwk/get", JWKGetResult, data=JWKGetRequest(id=item_id, version=version))
-    # State change
     async def state_change(
-        self, id: str, state: ItemVersionState, version: Optional[int] = None, destroy_period: Optional[str] = None
-    ) -> PangeaResponse[StateChangeResult]:
+        self,
+        item_id: str,
+        state: ItemVersionState,
+        *,
+        version: int | None = None,
+        destroy_period: str | None = None,
+    ) -> PangeaResponse[VaultItem]:
         """
         State change
-        Change the state of a specific version of a secret or key
+        Change the state of a specific version of a secret or key.
-        OperationId: vault_post_v1_state_change
+        OperationId: vault_post_v2_state_change
         Args:
-            id (str): The item ID
-            state (ItemVersionState): The new state of the item version. Supported options:
-                - `active`
-                - `deactivated`
-                - `suspended`
-                - `compromised`
-                - `destroyed`
-            version (int, optional): the item version
-            destroy_period (str, optional): Period of time for the destruction of a compromised key.
-                Only valid if state=`compromised`
-        Raises:
-            PangeaAPIException: If an API Error happens
+            item_id: The item ID.
+            state: The new state of the item version.
+            version: The item version.
+            destroy_period: Period of time for the destruction of a compromised
+              key. Only valid if state=`compromised`.
         Returns:
-            A PangeaResponse where the state change object
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#change-state).
+            A PangeaResponse where the state change object is returned in the
+            response.result field. Available response fields can be found in our
+            [API documentation](https://pangea.cloud/docs/api/vault#change-state).
+        Raises:
+            PangeaAPIException: If an API Error happens
         Examples:
-            response = vault.state_change(
+            response = await vault.state_change(
                 id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
                 state=ItemVersionState.DEACTIVATED,
             )
         """
-        input = StateChangeRequest(id=id, state=state, version=version, destroy_period=destroy_period)
-        return await self.request.post("v1/state/change", StateChangeResult, data=input.dict(exclude_none=True))
+        response = await self.request.post(
+            "v2/state/change",
+            PangeaResponseResult,
+            data=StateChangeRequest(id=item_id, state=state, version=version, destroy_period=destroy_period),
+        )
+        response.result = vault_item_adapter.validate_python(response.json["result"])
+        return cast(PangeaResponse[VaultItem], response)
-    # Folder create
     async def folder_create(
         self,
         name: str,
         folder: str,
-        metadata: Optional[Metadata] = None,
-        tags: Optional[Tags] = None,
+        *,
+        metadata: Metadata | None = None,
+        tags: Tags | None = None,
+        rotation_frequency: str | None = None,
+        rotation_state: RequestRotationState = RequestRotationState.INHERITED,
+        rotation_grace_period: str | None = None,
+        disabled_at: datetime.datetime | None = None,
     ) -> PangeaResponse[FolderCreateResult]:
         """
         Create
-        Creates a folder
+        Creates a folder.
-        OperationId: vault_post_v1_folder_create
+        OperationId: vault_post_v2_folder_create
         Args:
-            name (str): The name of this folder
-            folder (str): The parent folder where this folder is stored
-            metadata (Metadata, optional): User-provided metadata
-            tags (Tags, optional): A list of user-defined tags
+            name: The name of this folder.
+            folder: The parent folder where this folder is stored.
+            metadata: User-provided metadata.
+            tags: A list of user-defined tags.
+            rotation_frequency: Period of time between item rotations.
+            rotation_state: State to which the previous version should
+              transition upon rotation.
+            rotation_grace_period: Grace period for the previous version.
+            disabled_at: Timestamp indicating when the item will be disabled.
+        Returns: The created folder object.
         Raises:
             PangeaAPIException: If an API Error happens
-        Returns:
-            A PangeaResponse where the state change object
-                is returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#create).
         Examples:
-            response = vault.folder_create(
+            response = await vault.folder_create(
                 name="folder_name",
                 folder="parent/folder/name",
             )
         """
-        input = FolderCreateRequest(name=name, folder=folder, metadata=metadata, tags=tags)
-        return await self.request.post("v1/folder/create", FolderCreateResult, data=input.dict(exclude_none=True))
+        return await self.request.post(
+            "v2/folder/create",
+            FolderCreateResult,
+            data=FolderCreateRequest(
+                name=name,
+                folder=folder,
+                metadata=metadata,
+                tags=tags,
+                rotation_frequency=rotation_frequency,
+                rotation_state=rotation_state,
+                rotation_grace_period=rotation_grace_period,
+                disabled_at=disabled_at,
+            ),
+        )
-    # Encrypt structured
     async def encrypt_structured(
         self,
-        id: str,
+        key_id: str,
         structured_data: TDict,
-        filter: str,
-        version: Optional[int] = None,
-        additional_data: Optional[str] = None,
+        filter_expr: str,
+        *,
+        version: int | None = None,
+        additional_data: str | None = None,
     ) -> PangeaResponse[EncryptStructuredResult[TDict]]:
         """
         Encrypt structured
         Encrypt parts of a JSON object.
-        OperationId: vault_post_v1_key_encrypt_structured
+        OperationId: vault_post_v2_encrypt_structured
         Args:
-            id (str): The item ID.
-            structured_data (dict): Structured data for applying bulk operations.
-            filter (str, optional): A filter expression for applying bulk operations to the data field.
-            version (int, optional): The item version. Defaults to the current version.
-            additional_data (str, optional): User provided authentication data.
-        Raises:
-            PangeaAPIException: If an API error happens.
+            key_id: The ID of the key to use.
+            structured_data: Structured data for applying bulk operations.
+            filter_expr: A filter expression.
+            version: The item version. Defaults to the current version.
+            additional_data: User provided authentication data.
         Returns:
             A `PangeaResponse` where the encrypted object is returned in the
             `response.result` field. Available response fields can be found in
             our [API documentation](https://pangea.cloud/docs/api/vault#encrypt-structured).
+        Raises:
+            PangeaAPIException: If an API error happens.
         Examples:
             data = {"field1": [1, 2, "true", "false"], "field2": "data2"}
             response = await vault.encrypt_structured(
@@ -1221,37 +2028,41 @@ class VaultAsync(ServiceBaseAsync):
             )
         """
-        input: EncryptStructuredRequest[TDict] = EncryptStructuredRequest(
-            id=id, structured_data=structured_data, filter=filter, version=version, additional_data=additional_data
+        data: EncryptStructuredRequest[TDict] = EncryptStructuredRequest(
+            id=key_id,
+            structured_data=structured_data,
+            filter=filter_expr,
+            version=version,
+            additional_data=additional_data,
         )
         return await self.request.post(
-            "v1/key/encrypt/structured",
+            "v2/encrypt_structured",
             EncryptStructuredResult,
-            data=input.dict(exclude_none=True),
+            data=data.model_dump(exclude_none=True),
         )
-    # Decrypt structured
     async def decrypt_structured(
         self,
-        id: str,
+        key_id: str,
         structured_data: TDict,
-        filter: str,
-        version: Optional[int] = None,
-        additional_data: Optional[str] = None,
+        filter_expr: str,
+        *,
+        version: int | None = None,
+        additional_data: str | None = None,
     ) -> PangeaResponse[EncryptStructuredResult[TDict]]:
         """
         Decrypt structured
         Decrypt parts of a JSON object.
-        OperationId: vault_post_v1_key_decrypt_structured
+        OperationId: vault_post_v2_decrypt_structured
         Args:
-            id (str): The item ID.
-            structured_data (dict): Structured data to decrypt.
-            filter (str, optional): A filter expression for applying bulk operations to the data field.
-            version (int, optional): The item version. Defaults to the current version.
-            additional_data (str, optional): User provided authentication data.
+            id: The ID of the key to use.
+            structured_data: Structured data for applying bulk operations.
+            filter: A filter expression.
+            version: The item version. Defaults to the current version.
+            additional_data: User provided authentication data.
         Raises:
             PangeaAPIException: If an API error happens.
@@ -1270,11 +2081,160 @@ class VaultAsync(ServiceBaseAsync):
             )
         """
-        input: EncryptStructuredRequest[TDict] = EncryptStructuredRequest(
-            id=id, structured_data=structured_data, filter=filter, version=version, additional_data=additional_data
+        data: EncryptStructuredRequest[TDict] = EncryptStructuredRequest(
+            id=key_id,
+            structured_data=structured_data,
+            filter=filter_expr,
+            version=version,
+            additional_data=additional_data,
         )
         return await self.request.post(
-            "v1/key/decrypt/structured",
+            "v2/decrypt_structured",
             EncryptStructuredResult,
-            data=input.dict(exclude_none=True),
+            data=data.model_dump(exclude_none=True),
+        )
+    async def encrypt_transform(
+        self,
+        item_id: str,
+        plain_text: str,
+        alphabet: TransformAlphabet,
+        *,
+        tweak: str | None = None,
+        version: int | None = None,
+    ) -> PangeaResponse[EncryptTransformResult]:
+        """
+        Encrypt transform
+        Encrypt using a format-preserving algorithm (FPE).
+        OperationId: vault_post_v2_encrypt_transform
+        Args:
+            item_id: The item ID.
+            plain_text: A message to be encrypted.
+            alphabet: Set of characters to use for format-preserving encryption (FPE).
+            tweak: User provided tweak string. If not provided, a random string
+              will be generated and returned.
+            version: The item version. Defaults to the current version.
+        Raises:
+            PangeaAPIException: If an API error happens.
+        Returns:
+            A `PangeaResponse` containing the encrypted message.
+        Examples:
+            await vault.encrypt_transform(
+                id="pvi_[...]",
+                plain_text="message to encrypt",
+                alphabet=TransformAlphabet.ALPHANUMERIC,
+                tweak="MTIzMTIzMT==",
+            )
+        """
+        return await self.request.post(
+            "v2/encrypt_transform",
+            EncryptTransformResult,
+            data=EncryptTransformRequest(
+                id=item_id,
+                plain_text=plain_text,
+                tweak=tweak,
+                alphabet=alphabet,
+                version=version,
+            ),
+        )
+    async def decrypt_transform(
+        self, item_id: str, cipher_text: str, tweak: str, alphabet: TransformAlphabet, *, version: int | None = None
+    ) -> PangeaResponse[DecryptTransformResult]:
+        """
+        Decrypt transform
+        Decrypt using a format-preserving algorithm (FPE).
+        OperationId: vault_post_v2_decrypt_transform
+        Args:
+            id: The item ID.
+            cipher_text: A message encrypted by Vault.
+            tweak: User provided tweak string.
+            alphabet: Set of characters to use for format-preserving encryption (FPE).
+            version: The item version. Defaults to the current version.
+        Returns:
+            A `PangeaResponse` containing the decrypted message.
+        Raises:
+            PangeaAPIException: If an API error happens.
+        Examples:
+            await vault.decrypt_transform(
+                id="pvi_[...]",
+                cipher_text="encrypted message",
+                tweak="MTIzMTIzMT==",
+                alphabet=TransformAlphabet.ALPHANUMERIC,
+            )
+        """
+        return await self.request.post(
+            "v2/decrypt_transform",
+            DecryptTransformResult,
+            data=DecryptTransformRequest(
+                id=item_id, cipher_text=cipher_text, tweak=tweak, alphabet=alphabet, version=version
+            ),
+        )
+    async def export(
+        self,
+        item_id: str,
+        *,
+        version: int | None = None,
+        kem_password: str | None = None,
+        asymmetric_public_key: str | None = None,
+        asymmetric_algorithm: ExportEncryptionAlgorithm | None = None,
+    ) -> PangeaResponse[ExportResult]:
+        """
+        Export
+        Export a symmetric or asymmetric key.
+        OperationId: vault_post_v2_export
+        Args:
+            item_id: The item ID.
+            version: The item version.
+            kem_password: This is the password that will be used along with a
+              salt to derive the symmetric key that is used to encrypt the
+              exported key material.
+            asymmetric_public_key: Public key in pem format used to encrypt
+              exported key(s).
+            asymmetric_algorithm: The algorithm of the public key.
+        Returns:
+            A `PangeaResponse` where the exported key is returned in the
+            `response.result` field. Available response fields can be found in
+            our [API documentation](https://pangea.cloud/docs/api/vault#export).
+        Raises:
+            PangeaAPIException: If an API error happens.
+        Examples:
+            exp_encrypted_resp = await vault.export(
+                id=id,
+                asymmetric_public_key=rsa_pub_key_pem,
+                asymmetric_algorithm=ExportEncryptionAlgorithm.RSA4096_OAEP_SHA512,
+            )
+        """
+        return await self.request.post(
+            "v2/export",
+            ExportResult,
+            data=ExportRequest(
+                id=item_id,
+                version=version,
+                kem_password=kem_password,
+                asymmetric_public_key=asymmetric_public_key,
+                asymmetric_algorithm=asymmetric_algorithm,
+            ),
         )

pangea-sdk 3.8.0b1__py3-none-any.whl → 5.3.0__py3-none-any.whl

pangea-sdk 3.8.0b1py3-none-any.whl → 5.3.0py3-none-any.whl