pangea-sdk 4.4.0__py3-none-any.whl → 5.1.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pangea/__init__.py +1 -1
- pangea/asyncio/request.py +19 -9
- pangea/asyncio/services/__init__.py +1 -0
- pangea/asyncio/services/share.py +621 -0
- pangea/asyncio/services/vault.py +1571 -787
- pangea/crypto/rsa.py +88 -0
- pangea/request.py +46 -41
- pangea/response.py +12 -0
- pangea/services/__init__.py +1 -0
- pangea/services/audit/signing.py +5 -4
- pangea/services/share/file_format.py +170 -0
- pangea/services/share/share.py +1256 -0
- pangea/services/vault/models/asymmetric.py +120 -20
- pangea/services/vault/models/common.py +293 -171
- pangea/services/vault/models/keys.py +94 -0
- pangea/services/vault/models/secret.py +27 -3
- pangea/services/vault/models/symmetric.py +66 -24
- pangea/services/vault/vault.py +1551 -782
- pangea/tools.py +6 -7
- pangea/utils.py +92 -18
- pangea/verify_audit.py +4 -4
- {pangea_sdk-4.4.0.dist-info → pangea_sdk-5.1.0.dist-info}/METADATA +3 -4
- {pangea_sdk-4.4.0.dist-info → pangea_sdk-5.1.0.dist-info}/RECORD +24 -20
- {pangea_sdk-4.4.0.dist-info → pangea_sdk-5.1.0.dist-info}/WHEEL +0 -0
pangea/services/vault/vault.py
CHANGED
|
@@ -2,45 +2,48 @@
|
|
|
2
2
|
# Author: Pangea Cyber Corporation
|
|
3
3
|
from __future__ import annotations
|
|
4
4
|
|
|
5
|
-
import
|
|
6
|
-
from typing import Dict, Optional, Union
|
|
5
|
+
from typing import TYPE_CHECKING, Any, List, Literal, Optional, Union, cast, overload
|
|
7
6
|
|
|
8
|
-
from
|
|
9
|
-
from
|
|
7
|
+
from pydantic import Field, TypeAdapter
|
|
8
|
+
from typing_extensions import Annotated
|
|
9
|
+
|
|
10
|
+
from pangea.response import PangeaResponse, PangeaResponseResult
|
|
10
11
|
from pangea.services.base import ServiceBase
|
|
11
12
|
from pangea.services.vault.models.asymmetric import (
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
AsymmetricKey,
|
|
14
|
+
AsymmetricKeyAlgorithm,
|
|
15
|
+
AsymmetricKeyEncryptionAlgorithm,
|
|
16
|
+
AsymmetricKeyJwtAlgorithm,
|
|
17
|
+
AsymmetricKeyPkiAlgorithm,
|
|
18
|
+
AsymmetricKeyPurpose,
|
|
19
|
+
AsymmetricKeySigningAlgorithm,
|
|
16
20
|
SignRequest,
|
|
17
21
|
SignResult,
|
|
18
22
|
VerifyRequest,
|
|
19
23
|
VerifyResult,
|
|
20
24
|
)
|
|
21
25
|
from pangea.services.vault.models.common import (
|
|
22
|
-
|
|
26
|
+
ClientSecret,
|
|
27
|
+
ClientSecretRotateRequest,
|
|
23
28
|
DecryptTransformRequest,
|
|
24
29
|
DecryptTransformResult,
|
|
25
30
|
DeleteRequest,
|
|
26
31
|
DeleteResult,
|
|
27
|
-
EncodedPrivateKey,
|
|
28
|
-
EncodedPublicKey,
|
|
29
|
-
EncodedSymmetricKey,
|
|
30
32
|
EncryptStructuredRequest,
|
|
31
33
|
EncryptStructuredResult,
|
|
32
34
|
EncryptTransformRequest,
|
|
33
35
|
EncryptTransformResult,
|
|
34
36
|
ExportEncryptionAlgorithm,
|
|
37
|
+
ExportEncryptionType,
|
|
35
38
|
ExportRequest,
|
|
36
39
|
ExportResult,
|
|
40
|
+
Folder,
|
|
37
41
|
FolderCreateRequest,
|
|
38
42
|
FolderCreateResult,
|
|
43
|
+
GetBulkRequest,
|
|
39
44
|
GetRequest,
|
|
40
|
-
GetResult,
|
|
41
45
|
ItemOrder,
|
|
42
46
|
ItemOrderBy,
|
|
43
|
-
ItemState,
|
|
44
47
|
ItemType,
|
|
45
48
|
ItemVersionState,
|
|
46
49
|
JWKGetRequest,
|
|
@@ -49,38 +52,54 @@ from pangea.services.vault.models.common import (
|
|
|
49
52
|
JWTSignResult,
|
|
50
53
|
JWTVerifyRequest,
|
|
51
54
|
JWTVerifyResult,
|
|
52
|
-
KeyPurpose,
|
|
53
|
-
KeyRotateRequest,
|
|
54
|
-
KeyRotateResult,
|
|
55
55
|
ListRequest,
|
|
56
56
|
ListResult,
|
|
57
57
|
Metadata,
|
|
58
|
+
PangeaToken,
|
|
59
|
+
PangeaTokenRotateRequest,
|
|
60
|
+
RequestManualRotationState,
|
|
61
|
+
RequestRotationState,
|
|
62
|
+
RotationState,
|
|
63
|
+
Secret,
|
|
58
64
|
StateChangeRequest,
|
|
59
|
-
StateChangeResult,
|
|
60
|
-
SymmetricAlgorithm,
|
|
61
65
|
Tags,
|
|
62
66
|
TDict,
|
|
63
67
|
TransformAlphabet,
|
|
64
68
|
UpdateRequest,
|
|
65
69
|
UpdateResult,
|
|
66
70
|
)
|
|
67
|
-
from pangea.services.vault.models.
|
|
68
|
-
|
|
69
|
-
SecretRotateResult,
|
|
70
|
-
SecretStoreRequest,
|
|
71
|
-
SecretStoreResult,
|
|
72
|
-
)
|
|
71
|
+
from pangea.services.vault.models.keys import CommonGenerateRequest, KeyRotateRequest, KeyStoreRequest
|
|
72
|
+
from pangea.services.vault.models.secret import SecretRotateRequest, SecretStoreRequest, SecretStoreResult
|
|
73
73
|
from pangea.services.vault.models.symmetric import (
|
|
74
74
|
DecryptRequest,
|
|
75
75
|
DecryptResult,
|
|
76
76
|
EncryptRequest,
|
|
77
77
|
EncryptResult,
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
78
|
+
SymmetricKey,
|
|
79
|
+
SymmetricKeyAlgorithm,
|
|
80
|
+
SymmetricKeyEncryptionAlgorithm,
|
|
81
|
+
SymmetricKeyFpeAlgorithm,
|
|
82
|
+
SymmetricKeyJwtAlgorithm,
|
|
83
|
+
SymmetricKeyPurpose,
|
|
82
84
|
)
|
|
83
85
|
|
|
86
|
+
if TYPE_CHECKING:
|
|
87
|
+
import datetime
|
|
88
|
+
from collections.abc import Mapping
|
|
89
|
+
|
|
90
|
+
from pangea.config import PangeaConfig
|
|
91
|
+
from pangea.request import TResult
|
|
92
|
+
|
|
93
|
+
|
|
94
|
+
VaultItem = Annotated[
|
|
95
|
+
Union[AsymmetricKey, SymmetricKey, Secret, ClientSecret, Folder, PangeaToken], Field(discriminator="type")
|
|
96
|
+
]
|
|
97
|
+
vault_item_adapter: TypeAdapter[VaultItem] = TypeAdapter(VaultItem)
|
|
98
|
+
|
|
99
|
+
|
|
100
|
+
class GetBulkResponse(PangeaResponseResult):
|
|
101
|
+
items: List[VaultItem]
|
|
102
|
+
|
|
84
103
|
|
|
85
104
|
class Vault(ServiceBase):
|
|
86
105
|
"""Vault service client.
|
|
@@ -129,110 +148,137 @@ class Vault(ServiceBase):
|
|
|
129
148
|
"""
|
|
130
149
|
super().__init__(token, config, logger_name)
|
|
131
150
|
|
|
132
|
-
|
|
133
|
-
def delete(self, id: str) -> PangeaResponse[DeleteResult]:
|
|
151
|
+
def delete(self, item_id: str, *, recursive: bool = False) -> PangeaResponse[DeleteResult]:
|
|
134
152
|
"""
|
|
135
153
|
Delete
|
|
136
154
|
|
|
137
155
|
Delete a secret or key
|
|
138
156
|
|
|
139
|
-
OperationId:
|
|
157
|
+
OperationId: vault_post_v2_delete
|
|
140
158
|
|
|
141
159
|
Args:
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
160
|
+
item_id: The item ID.
|
|
161
|
+
recursive: Whether to delete the item and all its children
|
|
162
|
+
recursively. Only applicable to folders.
|
|
145
163
|
|
|
146
164
|
Returns:
|
|
147
165
|
A PangeaResponse where the id of the deleted secret or key
|
|
148
166
|
is returned in the response.result field.
|
|
149
167
|
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#delete).
|
|
150
168
|
|
|
169
|
+
Raises:
|
|
170
|
+
PangeaAPIException: If an API Error happens
|
|
171
|
+
|
|
151
172
|
Examples:
|
|
152
173
|
vault.delete(id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5")
|
|
153
174
|
"""
|
|
154
|
-
|
|
155
|
-
id=id,
|
|
156
|
-
)
|
|
157
|
-
return self.request.post("v1/delete", DeleteResult, data=input.model_dump(exclude_none=True))
|
|
175
|
+
return self.request.post("v2/delete", DeleteResult, data=DeleteRequest(id=item_id, recursive=recursive))
|
|
158
176
|
|
|
159
|
-
# Get endpoint
|
|
160
177
|
def get(
|
|
161
178
|
self,
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
) -> PangeaResponse[GetResult]:
|
|
179
|
+
item_id: str,
|
|
180
|
+
*,
|
|
181
|
+
version: Union[Literal["all"], int, None] = None,
|
|
182
|
+
) -> PangeaResponse[VaultItem]:
|
|
167
183
|
"""
|
|
168
184
|
Retrieve
|
|
169
185
|
|
|
170
|
-
Retrieve a secret or
|
|
186
|
+
Retrieve a secret, key or folder, and any associated information.
|
|
171
187
|
|
|
172
|
-
OperationId:
|
|
188
|
+
OperationId: vault_post_v2_get
|
|
173
189
|
|
|
174
190
|
Args:
|
|
175
|
-
|
|
176
|
-
version
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
version_state (ItemVersionState, optional): The state of the item version
|
|
181
|
-
verbose (bool, optional): Return metadata and extra fields. Default is `False`.
|
|
182
|
-
Raises:
|
|
183
|
-
PangeaAPIException: If an API Error happens
|
|
191
|
+
item_id: The item ID
|
|
192
|
+
version: The key version(s).
|
|
193
|
+
- `all` for all versions
|
|
194
|
+
- `num` for a specific version
|
|
195
|
+
- `-num` for the `num` latest versions
|
|
184
196
|
|
|
185
197
|
Returns:
|
|
186
198
|
A PangeaResponse where the secret or key
|
|
187
199
|
is returned in the response.result field.
|
|
188
200
|
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#retrieve).
|
|
189
201
|
|
|
202
|
+
Raises:
|
|
203
|
+
PangeaAPIException: If an API Error happens
|
|
204
|
+
|
|
190
205
|
Examples:
|
|
191
206
|
response = vault.get(
|
|
192
207
|
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
|
193
208
|
version=1,
|
|
194
|
-
version_state=ItemVersionState.ACTIVE,
|
|
195
|
-
verbose=True,
|
|
196
209
|
)
|
|
197
210
|
"""
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
211
|
+
response = self.request.post("v2/get", PangeaResponseResult, data=GetRequest(id=item_id, version=version))
|
|
212
|
+
response.result = vault_item_adapter.validate_python(response.json["result"])
|
|
213
|
+
return cast(PangeaResponse[VaultItem], response)
|
|
214
|
+
|
|
215
|
+
def get_bulk(
|
|
216
|
+
self,
|
|
217
|
+
filter_: Mapping[str, str],
|
|
218
|
+
*,
|
|
219
|
+
size: int | None = None,
|
|
220
|
+
order: ItemOrder | None = None,
|
|
221
|
+
order_by: ItemOrderBy | None = None,
|
|
222
|
+
last: str | None = None,
|
|
223
|
+
) -> PangeaResponse[GetBulkResponse]:
|
|
224
|
+
"""
|
|
225
|
+
Get bulk
|
|
226
|
+
|
|
227
|
+
Retrieve details for multiple Vault items, including keys, secrets,
|
|
228
|
+
tokens, or folders, that match a given filter specification.
|
|
229
|
+
|
|
230
|
+
OperationId: vault_post_v2_get_bulk
|
|
231
|
+
|
|
232
|
+
Args:
|
|
233
|
+
filter: Filters to customize your search.
|
|
234
|
+
size: Maximum number of items in the response.
|
|
235
|
+
order: Direction for ordering the results.
|
|
236
|
+
order_by: Property by which to order the results.
|
|
237
|
+
last: Internal ID returned in the previous look up response. Used
|
|
238
|
+
for pagination.
|
|
239
|
+
|
|
240
|
+
Examples:
|
|
241
|
+
response = vault.get_bulk({"id": "pvi_..."})
|
|
242
|
+
"""
|
|
243
|
+
return self.request.post(
|
|
244
|
+
"v2/get_bulk",
|
|
245
|
+
GetBulkResponse,
|
|
246
|
+
data=GetBulkRequest(filter=filter_, size=size, order=order, order_by=order_by, last=last),
|
|
203
247
|
)
|
|
204
|
-
return self.request.post("v1/get", GetResult, data=input.model_dump(exclude_none=True))
|
|
205
248
|
|
|
206
|
-
# List endpoint
|
|
207
249
|
def list(
|
|
208
250
|
self,
|
|
209
|
-
|
|
210
|
-
|
|
251
|
+
*,
|
|
252
|
+
filter: Optional[Mapping[str, str]] = None,
|
|
253
|
+
size: int = 50,
|
|
211
254
|
order: Optional[ItemOrder] = None,
|
|
212
|
-
order_by:
|
|
213
|
-
|
|
255
|
+
order_by: ItemOrderBy | None = None,
|
|
256
|
+
last: str | None = None,
|
|
214
257
|
) -> PangeaResponse[ListResult]:
|
|
215
258
|
"""
|
|
216
259
|
List
|
|
217
260
|
|
|
218
|
-
|
|
261
|
+
Retrieve a list of secrets, keys and folders, and their associated information.
|
|
219
262
|
|
|
220
|
-
OperationId:
|
|
263
|
+
OperationId: vault_post_v2_list
|
|
221
264
|
|
|
222
265
|
Args:
|
|
223
|
-
filter
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
266
|
+
filter: A set of filters to help you customize your search.
|
|
267
|
+
|
|
268
|
+
Examples:
|
|
269
|
+
- "folder": "/tmp"
|
|
270
|
+
- "tags": "personal"
|
|
271
|
+
- "name__contains": "xxx"
|
|
272
|
+
- "created_at__gt": "2020-02-05T10:00:00Z"
|
|
273
|
+
|
|
274
|
+
For metadata, use: "metadata_{key}": "{value}"
|
|
275
|
+
size: Maximum number of items in the response. Default is `50`.
|
|
276
|
+
order: Ordering direction: `asc` or `desc`
|
|
277
|
+
order_by: Property used to order the results. Supported properties: `id`,
|
|
233
278
|
`type`, `created_at`, `algorithm`, `purpose`, `expiration`, `last_rotated`, `next_rotation`,
|
|
234
279
|
`name`, `folder`, `item_state`.
|
|
235
|
-
|
|
280
|
+
last: Internal ID returned in the previous look up response. Used
|
|
281
|
+
for pagination.
|
|
236
282
|
Raises:
|
|
237
283
|
PangeaAPIException: If an API Error happens
|
|
238
284
|
|
|
@@ -256,55 +302,52 @@ class Vault(ServiceBase):
|
|
|
256
302
|
size=20,
|
|
257
303
|
)
|
|
258
304
|
"""
|
|
259
|
-
|
|
260
|
-
|
|
305
|
+
return self.request.post(
|
|
306
|
+
"v2/list",
|
|
307
|
+
ListResult,
|
|
308
|
+
data=ListRequest(filter=filter, size=size, order=order, order_by=order_by, last=last),
|
|
309
|
+
)
|
|
261
310
|
|
|
262
|
-
# Update endpoint
|
|
263
311
|
def update(
|
|
264
312
|
self,
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
313
|
+
item_id: str,
|
|
314
|
+
*,
|
|
315
|
+
name: str | None = None,
|
|
316
|
+
folder: str | None = None,
|
|
317
|
+
metadata: Metadata | None = None,
|
|
318
|
+
tags: Tags | None = None,
|
|
319
|
+
disabled_at: str | None = None,
|
|
320
|
+
enabled: bool | None = None,
|
|
321
|
+
rotation_frequency: str | None = None,
|
|
322
|
+
rotation_state: RequestRotationState = RequestRotationState.INHERITED,
|
|
323
|
+
rotation_grace_period: str | None = None,
|
|
275
324
|
) -> PangeaResponse[UpdateResult]:
|
|
276
325
|
"""
|
|
277
326
|
Update
|
|
278
327
|
|
|
279
|
-
Update information associated with a secret or
|
|
328
|
+
Update information associated with a secret, key or folder.
|
|
280
329
|
|
|
281
|
-
OperationId:
|
|
330
|
+
OperationId: vault_post_v2_update
|
|
282
331
|
|
|
283
332
|
Args:
|
|
284
|
-
|
|
285
|
-
name
|
|
286
|
-
folder
|
|
287
|
-
metadata
|
|
288
|
-
tags
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
Default is `deactivated`.
|
|
296
|
-
rotation_grace_period (str, optional): Grace period for the previous version of the Pangea Token
|
|
297
|
-
expiration (str, optional): Expiration timestamp
|
|
298
|
-
item_state (ItemState, optional): The new state of the item. Supported options:
|
|
299
|
-
- `enabled`
|
|
300
|
-
- `disabled`
|
|
301
|
-
Raises:
|
|
302
|
-
PangeaAPIException: If an API Error happens
|
|
333
|
+
item_id: The item ID.
|
|
334
|
+
name: The name of this item
|
|
335
|
+
folder: The folder where this item is stored.
|
|
336
|
+
metadata: User-provided metadata.
|
|
337
|
+
tags: A list of user-defined tags.
|
|
338
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
339
|
+
enabled: True if the item is enabled.
|
|
340
|
+
rotation_frequency: Period of time between item rotations.
|
|
341
|
+
rotation_state: State to which the previous version should transition upon rotation.
|
|
342
|
+
rotation_grace_period: Grace period for the previous version of the Pangea Token.
|
|
303
343
|
|
|
304
344
|
Returns:
|
|
305
|
-
A PangeaResponse where the item ID
|
|
306
|
-
|
|
307
|
-
|
|
345
|
+
A PangeaResponse where the item ID is returned in the
|
|
346
|
+
response.result field. Available response fields can be found in our
|
|
347
|
+
[API documentation](https://pangea.cloud/docs/api/vault#update).
|
|
348
|
+
|
|
349
|
+
Raises:
|
|
350
|
+
PangeaAPIException: If an API Error happens
|
|
308
351
|
|
|
309
352
|
Examples:
|
|
310
353
|
response = vault.update(
|
|
@@ -321,637 +364,1326 @@ class Vault(ServiceBase):
|
|
|
321
364
|
],
|
|
322
365
|
rotation_frequency="10d",
|
|
323
366
|
rotation_state=ItemVersionState.DEACTIVATED,
|
|
324
|
-
rotation_grace_period="1d",
|
|
325
|
-
expiration="2025-01-01T10:00:00Z",
|
|
326
|
-
item_state=ItemState.DISABLED,
|
|
327
367
|
)
|
|
328
368
|
"""
|
|
329
|
-
|
|
330
|
-
|
|
369
|
+
return self.request.post(
|
|
370
|
+
"v2/update",
|
|
371
|
+
UpdateResult,
|
|
372
|
+
data=UpdateRequest(
|
|
373
|
+
id=item_id,
|
|
374
|
+
name=name,
|
|
375
|
+
folder=folder,
|
|
376
|
+
metadata=metadata,
|
|
377
|
+
tags=tags,
|
|
378
|
+
disabled_at=disabled_at,
|
|
379
|
+
enabled=enabled,
|
|
380
|
+
rotation_frequency=rotation_frequency,
|
|
381
|
+
rotation_state=rotation_state,
|
|
382
|
+
rotation_grace_period=rotation_grace_period,
|
|
383
|
+
),
|
|
384
|
+
)
|
|
385
|
+
|
|
386
|
+
def _secret_store(
|
|
387
|
+
self,
|
|
388
|
+
*,
|
|
389
|
+
item_type: Literal["secret", "pangea_token", "pangea_client_secret"] = "secret",
|
|
390
|
+
result_class: type[TResult] = SecretStoreResult, # type: ignore[assignment]
|
|
391
|
+
name: str | None = None,
|
|
392
|
+
folder: str | None = None,
|
|
393
|
+
metadata: Metadata | None = None,
|
|
394
|
+
tags: Tags | None = None,
|
|
395
|
+
disabled_at: datetime.datetime | None = None,
|
|
396
|
+
**kwargs: Any,
|
|
397
|
+
) -> PangeaResponse[TResult]:
|
|
398
|
+
return self.request.post(
|
|
399
|
+
"v2/secret/store",
|
|
400
|
+
result_class,
|
|
401
|
+
data=SecretStoreRequest(
|
|
402
|
+
type=item_type,
|
|
403
|
+
name=name,
|
|
404
|
+
folder=folder,
|
|
405
|
+
metadata=metadata,
|
|
406
|
+
tags=tags,
|
|
407
|
+
disabled_at=disabled_at,
|
|
408
|
+
**kwargs,
|
|
409
|
+
),
|
|
410
|
+
)
|
|
411
|
+
|
|
412
|
+
def store_secret(
|
|
413
|
+
self,
|
|
414
|
+
secret: str,
|
|
415
|
+
*,
|
|
416
|
+
name: str | None = None,
|
|
417
|
+
folder: str | None = None,
|
|
418
|
+
metadata: Metadata | None = None,
|
|
419
|
+
tags: Tags | None = None,
|
|
420
|
+
disabled_at: datetime.datetime | None = None,
|
|
421
|
+
) -> PangeaResponse[Secret]:
|
|
422
|
+
"""
|
|
423
|
+
Store secret
|
|
424
|
+
|
|
425
|
+
Store a secret.
|
|
426
|
+
|
|
427
|
+
Args:
|
|
428
|
+
secret: The secret value.
|
|
429
|
+
name: The name of this item.
|
|
430
|
+
folder: The folder where this item is stored.
|
|
431
|
+
metadata: User-provided metadata.
|
|
432
|
+
tags: A list of user-defined tags.
|
|
433
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
434
|
+
|
|
435
|
+
Raises:
|
|
436
|
+
PangeaAPIException: If an API Error happens
|
|
437
|
+
|
|
438
|
+
Examples:
|
|
439
|
+
response = vault.store_secret(secret="foobar")
|
|
440
|
+
"""
|
|
441
|
+
|
|
442
|
+
return self._secret_store(
|
|
443
|
+
item_type="secret",
|
|
444
|
+
result_class=Secret,
|
|
445
|
+
secret=secret,
|
|
331
446
|
name=name,
|
|
332
447
|
folder=folder,
|
|
333
448
|
metadata=metadata,
|
|
334
449
|
tags=tags,
|
|
335
|
-
|
|
336
|
-
rotation_state=rotation_state,
|
|
337
|
-
rotation_grace_period=rotation_grace_period,
|
|
338
|
-
expiration=expiration,
|
|
339
|
-
item_state=item_state,
|
|
450
|
+
disabled_at=disabled_at,
|
|
340
451
|
)
|
|
341
|
-
return self.request.post("v1/update", UpdateResult, data=input.model_dump(exclude_none=True))
|
|
342
452
|
|
|
343
|
-
def
|
|
453
|
+
def store_pangea_token(
|
|
344
454
|
self,
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
455
|
+
token: str,
|
|
456
|
+
*,
|
|
457
|
+
name: str | None = None,
|
|
458
|
+
folder: str | None = None,
|
|
459
|
+
metadata: Metadata | None = None,
|
|
460
|
+
tags: Tags | None = None,
|
|
461
|
+
disabled_at: datetime.datetime | None = None,
|
|
462
|
+
rotation_frequency: str | None = None,
|
|
463
|
+
rotation_state: RotationState | None = None,
|
|
464
|
+
rotation_grace_period: str | None = None,
|
|
465
|
+
) -> PangeaResponse[PangeaToken]:
|
|
354
466
|
"""
|
|
355
|
-
|
|
467
|
+
Store secret
|
|
356
468
|
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
OperationId: vault_post_v1_secret_store 1
|
|
469
|
+
Store a Pangea token.
|
|
360
470
|
|
|
361
471
|
Args:
|
|
362
|
-
|
|
363
|
-
name
|
|
364
|
-
folder
|
|
365
|
-
metadata
|
|
366
|
-
tags
|
|
367
|
-
|
|
368
|
-
rotation_state (ItemVersionState, optional): State to which the previous version should transition upon rotation.
|
|
369
|
-
Supported options:
|
|
370
|
-
- `deactivated`
|
|
371
|
-
- `destroyed`
|
|
372
|
-
expiration (str, optional): Expiration timestamp
|
|
472
|
+
token: The Pangea token value.
|
|
473
|
+
name: The name of this item.
|
|
474
|
+
folder: The folder where this item is stored.
|
|
475
|
+
metadata: User-provided metadata.
|
|
476
|
+
tags: A list of user-defined tags.
|
|
477
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
373
478
|
|
|
374
479
|
Raises:
|
|
375
480
|
PangeaAPIException: If an API Error happens
|
|
376
481
|
|
|
377
|
-
Returns:
|
|
378
|
-
A PangeaResponse where the secret
|
|
379
|
-
is returned in the response.result field.
|
|
380
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#import-a-secret).
|
|
381
|
-
|
|
382
482
|
Examples:
|
|
383
|
-
response = vault.
|
|
384
|
-
secret="12sdfgs4543qv@#%$casd",
|
|
385
|
-
name="my-very-secret-secret",
|
|
386
|
-
folder="/personal",
|
|
387
|
-
metadata={
|
|
388
|
-
"created_by": "John Doe",
|
|
389
|
-
"used_in": "Google products"
|
|
390
|
-
},
|
|
391
|
-
tags=[
|
|
392
|
-
"irs_2023",
|
|
393
|
-
"personal"
|
|
394
|
-
],
|
|
395
|
-
rotation_frequency="10d",
|
|
396
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
|
397
|
-
expiration="2025-01-01T10:00:00Z",
|
|
398
|
-
)
|
|
483
|
+
response = vault.store_pangea_token(token="foobar")
|
|
399
484
|
"""
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
485
|
+
|
|
486
|
+
return self._secret_store(
|
|
487
|
+
item_type="pangea_token",
|
|
488
|
+
result_class=PangeaToken,
|
|
489
|
+
token=token,
|
|
403
490
|
name=name,
|
|
404
491
|
folder=folder,
|
|
405
492
|
metadata=metadata,
|
|
406
493
|
tags=tags,
|
|
494
|
+
disabled_at=disabled_at,
|
|
407
495
|
rotation_frequency=rotation_frequency,
|
|
408
496
|
rotation_state=rotation_state,
|
|
409
|
-
|
|
497
|
+
rotation_grace_period=rotation_grace_period,
|
|
410
498
|
)
|
|
411
|
-
return self.request.post("v1/secret/store", SecretStoreResult, data=input.model_dump(exclude_none=True))
|
|
412
499
|
|
|
413
|
-
def
|
|
500
|
+
def store_pangea_client_secret(
|
|
414
501
|
self,
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
502
|
+
client_secret: str,
|
|
503
|
+
client_id: str,
|
|
504
|
+
client_secret_id: str,
|
|
505
|
+
*,
|
|
506
|
+
name: str | None = None,
|
|
507
|
+
folder: str | None = None,
|
|
508
|
+
metadata: Metadata | None = None,
|
|
509
|
+
tags: Tags | None = None,
|
|
510
|
+
disabled_at: datetime.datetime | None = None,
|
|
511
|
+
rotation_frequency: str | None = None,
|
|
512
|
+
rotation_state: RotationState | None = None,
|
|
513
|
+
rotation_grace_period: str | None = None,
|
|
514
|
+
) -> PangeaResponse[ClientSecret]:
|
|
424
515
|
"""
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
Import a secret
|
|
516
|
+
Store secret
|
|
428
517
|
|
|
429
|
-
|
|
518
|
+
Store a Pangea client secret.
|
|
430
519
|
|
|
431
520
|
Args:
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
521
|
+
client_secret: The oauth client secret.
|
|
522
|
+
client_id: The oauth client ID.
|
|
523
|
+
client_secret_id: The oauth client secret ID.
|
|
524
|
+
name: The name of this item.
|
|
525
|
+
folder: The folder where this item is stored.
|
|
526
|
+
metadata: User-provided metadata.
|
|
527
|
+
tags: A list of user-defined tags.
|
|
528
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
529
|
+
rotation_frequency: Period of time between item rotations.
|
|
530
|
+
rotation_state: State to which the previous version should
|
|
531
|
+
transition upon rotation.
|
|
532
|
+
rotation_grace_period: Grace period for the previous version of the
|
|
533
|
+
Pangea Token.
|
|
443
534
|
|
|
444
535
|
Raises:
|
|
445
536
|
PangeaAPIException: If an API Error happens
|
|
446
537
|
|
|
447
|
-
Returns:
|
|
448
|
-
A PangeaResponse where the token
|
|
449
|
-
is returned in the response.result field.
|
|
450
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#import-a-secret).
|
|
451
|
-
|
|
452
538
|
Examples:
|
|
453
|
-
response = vault.
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
metadata={
|
|
458
|
-
"created_by": "John Doe",
|
|
459
|
-
"used_in": "Google products"
|
|
460
|
-
},
|
|
461
|
-
tags=[
|
|
462
|
-
"irs_2023",
|
|
463
|
-
"personal"
|
|
464
|
-
],
|
|
465
|
-
rotation_frequency="10d",
|
|
466
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
|
467
|
-
expiration="2025-01-01T10:00:00Z",
|
|
539
|
+
response = vault.store_pangea_client_secret(
|
|
540
|
+
client_secret="foo",
|
|
541
|
+
client_id="bar",
|
|
542
|
+
client_secret_id="baz",
|
|
468
543
|
)
|
|
469
544
|
"""
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
545
|
+
|
|
546
|
+
return self._secret_store(
|
|
547
|
+
item_type="pangea_client_secret",
|
|
548
|
+
result_class=ClientSecret,
|
|
549
|
+
client_secret=client_secret,
|
|
550
|
+
client_id=client_id,
|
|
551
|
+
client_secret_id=client_secret_id,
|
|
473
552
|
name=name,
|
|
474
553
|
folder=folder,
|
|
475
554
|
metadata=metadata,
|
|
476
555
|
tags=tags,
|
|
556
|
+
disabled_at=disabled_at,
|
|
477
557
|
rotation_frequency=rotation_frequency,
|
|
478
558
|
rotation_state=rotation_state,
|
|
479
|
-
|
|
559
|
+
rotation_grace_period=rotation_grace_period,
|
|
480
560
|
)
|
|
481
|
-
return self.request.post("v1/secret/store", SecretStoreResult, data=input.model_dump(exclude_none=True))
|
|
482
561
|
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
562
|
+
def rotate_secret(
|
|
563
|
+
self,
|
|
564
|
+
item_id: str,
|
|
565
|
+
secret: str,
|
|
566
|
+
*,
|
|
567
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
|
568
|
+
) -> PangeaResponse[Secret]:
|
|
569
|
+
"""
|
|
570
|
+
Rotate secret
|
|
571
|
+
|
|
572
|
+
Rotate a secret.
|
|
573
|
+
|
|
574
|
+
Args:
|
|
575
|
+
item_id: The item ID.
|
|
576
|
+
secret: The secret value.
|
|
577
|
+
rotation_state: State to which the previous version should
|
|
578
|
+
transition upon rotation.
|
|
579
|
+
|
|
580
|
+
Raises:
|
|
581
|
+
PangeaAPIException: If an API Error happens
|
|
582
|
+
|
|
583
|
+
Examples:
|
|
584
|
+
response = vault.rotate_secret(item_id="foo", secret="bar")
|
|
487
585
|
"""
|
|
488
|
-
Secret rotate
|
|
489
586
|
|
|
490
|
-
|
|
587
|
+
return self.request.post(
|
|
588
|
+
"v2/secret/rotate",
|
|
589
|
+
Secret,
|
|
590
|
+
data=SecretRotateRequest(id=item_id, secret=secret, rotation_state=rotation_state),
|
|
591
|
+
)
|
|
491
592
|
|
|
492
|
-
|
|
593
|
+
def rotate_pangea_token(
|
|
594
|
+
self,
|
|
595
|
+
item_id: str,
|
|
596
|
+
*,
|
|
597
|
+
rotation_grace_period: str | None = None,
|
|
598
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
|
599
|
+
) -> PangeaResponse[PangeaToken]:
|
|
600
|
+
"""
|
|
601
|
+
Rotate secret
|
|
602
|
+
|
|
603
|
+
Rotate a Pangea token.
|
|
493
604
|
|
|
494
605
|
Args:
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
606
|
+
item_id: The item ID.
|
|
607
|
+
rotation_grace_period: Grace period for the previous version of the
|
|
608
|
+
Pangea Token.
|
|
609
|
+
rotation_state: State to which the previous version should
|
|
610
|
+
transition upon rotation.
|
|
611
|
+
|
|
612
|
+
Raises:
|
|
613
|
+
PangeaAPIException: If an API Error happens.
|
|
502
614
|
|
|
503
|
-
|
|
615
|
+
Examples:
|
|
616
|
+
response = vault.rotate_pangea_token(item_id="foo")
|
|
617
|
+
"""
|
|
618
|
+
|
|
619
|
+
return self.request.post(
|
|
620
|
+
"v2/secret/rotate",
|
|
621
|
+
PangeaToken,
|
|
622
|
+
data=PangeaTokenRotateRequest(
|
|
623
|
+
id=item_id, rotation_grace_period=rotation_grace_period, rotation_state=rotation_state
|
|
624
|
+
),
|
|
625
|
+
)
|
|
626
|
+
|
|
627
|
+
def rotate_client_secret(
|
|
628
|
+
self,
|
|
629
|
+
item_id: str,
|
|
630
|
+
*,
|
|
631
|
+
rotation_grace_period: str | None = None,
|
|
632
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
|
633
|
+
) -> PangeaResponse[ClientSecret]:
|
|
634
|
+
"""
|
|
635
|
+
Rotate secret
|
|
636
|
+
|
|
637
|
+
Rotate a client secret.
|
|
638
|
+
|
|
639
|
+
Args:
|
|
640
|
+
item_id: The item ID.
|
|
641
|
+
rotation_grace_period: Grace period for the previous version of the
|
|
642
|
+
Pangea Token.
|
|
643
|
+
rotation_state: State to which the previous version should
|
|
644
|
+
transition upon rotation.
|
|
504
645
|
|
|
505
646
|
Raises:
|
|
506
|
-
PangeaAPIException: If an API Error happens
|
|
647
|
+
PangeaAPIException: If an API Error happens.
|
|
507
648
|
|
|
508
|
-
|
|
509
|
-
|
|
510
|
-
|
|
511
|
-
|
|
649
|
+
Examples:
|
|
650
|
+
response = vault.rotate_client_secret(item_id="foo")
|
|
651
|
+
"""
|
|
652
|
+
|
|
653
|
+
return self.request.post(
|
|
654
|
+
"v2/secret/rotate",
|
|
655
|
+
ClientSecret,
|
|
656
|
+
data=ClientSecretRotateRequest(
|
|
657
|
+
id=item_id, rotation_grace_period=rotation_grace_period, rotation_state=rotation_state
|
|
658
|
+
),
|
|
659
|
+
)
|
|
660
|
+
|
|
661
|
+
@overload
|
|
662
|
+
def generate_key(
|
|
663
|
+
self,
|
|
664
|
+
*,
|
|
665
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
|
666
|
+
purpose: Literal[AsymmetricKeyPurpose.SIGNING],
|
|
667
|
+
algorithm: AsymmetricKeySigningAlgorithm,
|
|
668
|
+
name: str | None = None,
|
|
669
|
+
folder: str | None = None,
|
|
670
|
+
metadata: Metadata | None = None,
|
|
671
|
+
tags: Tags | None = None,
|
|
672
|
+
rotation_frequency: str | None = None,
|
|
673
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
674
|
+
disabled_at: datetime.datetime | None = None,
|
|
675
|
+
exportable: bool = False,
|
|
676
|
+
) -> PangeaResponse[AsymmetricKey]:
|
|
677
|
+
"""
|
|
678
|
+
Generate key
|
|
679
|
+
|
|
680
|
+
Generate an asymmetric signing key.
|
|
681
|
+
|
|
682
|
+
Args:
|
|
683
|
+
key_type: Key type.
|
|
684
|
+
purpose: The purpose of this key.
|
|
685
|
+
algorithm: The algorithm of the key.
|
|
686
|
+
name: The name of this item.
|
|
687
|
+
folder: The folder where this item is stored.
|
|
688
|
+
metadata: User-provided metadata.
|
|
689
|
+
tags: A list of user-defined tags.
|
|
690
|
+
rotation_frequency: Period of time between item rotations.
|
|
691
|
+
rotation_state: State to which the previous version should
|
|
692
|
+
transition upon rotation.
|
|
693
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
694
|
+
exportable: Whether the key is exportable or not.
|
|
695
|
+
|
|
696
|
+
Raises:
|
|
697
|
+
PangeaAPIException: If an API Error happens.
|
|
512
698
|
|
|
513
699
|
Examples:
|
|
514
|
-
response = vault.
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
700
|
+
response = vault.generate_key(
|
|
701
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
|
702
|
+
purpose=AsymmetricKeyPurpose.SIGNING,
|
|
703
|
+
algorithm=AsymmetricKeySigningAlgorithm.ED25519,
|
|
518
704
|
)
|
|
519
705
|
"""
|
|
520
|
-
input = SecretRotateRequest(id=id, secret=secret, rotation_state=rotation_state)
|
|
521
|
-
return self.request.post("v1/secret/rotate", SecretRotateResult, data=input.model_dump(exclude_none=True))
|
|
522
706
|
|
|
523
|
-
|
|
524
|
-
def
|
|
707
|
+
@overload
|
|
708
|
+
def generate_key(
|
|
709
|
+
self,
|
|
710
|
+
*,
|
|
711
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
|
712
|
+
purpose: Literal[AsymmetricKeyPurpose.ENCRYPTION],
|
|
713
|
+
algorithm: AsymmetricKeyEncryptionAlgorithm,
|
|
714
|
+
name: str | None = None,
|
|
715
|
+
folder: str | None = None,
|
|
716
|
+
metadata: Metadata | None = None,
|
|
717
|
+
tags: Tags | None = None,
|
|
718
|
+
rotation_frequency: str | None = None,
|
|
719
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
720
|
+
disabled_at: datetime.datetime | None = None,
|
|
721
|
+
exportable: bool = False,
|
|
722
|
+
) -> PangeaResponse[AsymmetricKey]:
|
|
723
|
+
"""
|
|
724
|
+
Generate key
|
|
725
|
+
|
|
726
|
+
Generate an asymmetric encryption key.
|
|
727
|
+
|
|
728
|
+
Args:
|
|
729
|
+
key_type: Key type.
|
|
730
|
+
purpose: The purpose of this key.
|
|
731
|
+
algorithm: The algorithm of the key.
|
|
732
|
+
name: The name of this item.
|
|
733
|
+
folder: The folder where this item is stored.
|
|
734
|
+
metadata: User-provided metadata.
|
|
735
|
+
tags: A list of user-defined tags.
|
|
736
|
+
rotation_frequency: Period of time between item rotations.
|
|
737
|
+
rotation_state: State to which the previous version should
|
|
738
|
+
transition upon rotation.
|
|
739
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
740
|
+
exportable: Whether the key is exportable or not.
|
|
741
|
+
|
|
742
|
+
Raises:
|
|
743
|
+
PangeaAPIException: If an API Error happens.
|
|
744
|
+
|
|
745
|
+
Examples:
|
|
746
|
+
response = vault.generate_key(
|
|
747
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
|
748
|
+
purpose=AsymmetricKeyPurpose.ENCRYPTION,
|
|
749
|
+
algorithm=AsymmetricKeyEncryptionAlgorithm.RSA_OAEP_2048_SHA1,
|
|
750
|
+
)
|
|
525
751
|
"""
|
|
526
|
-
Token rotate
|
|
527
752
|
|
|
528
|
-
|
|
753
|
+
@overload
|
|
754
|
+
def generate_key(
|
|
755
|
+
self,
|
|
756
|
+
*,
|
|
757
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
|
758
|
+
purpose: Literal[AsymmetricKeyPurpose.JWT],
|
|
759
|
+
algorithm: AsymmetricKeyJwtAlgorithm,
|
|
760
|
+
name: str | None = None,
|
|
761
|
+
folder: str | None = None,
|
|
762
|
+
metadata: Metadata | None = None,
|
|
763
|
+
tags: Tags | None = None,
|
|
764
|
+
rotation_frequency: str | None = None,
|
|
765
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
766
|
+
disabled_at: datetime.datetime | None = None,
|
|
767
|
+
exportable: bool = False,
|
|
768
|
+
) -> PangeaResponse[AsymmetricKey]:
|
|
769
|
+
"""
|
|
770
|
+
Generate key
|
|
529
771
|
|
|
530
|
-
|
|
772
|
+
Generate an asymmetric JWT key.
|
|
531
773
|
|
|
532
774
|
Args:
|
|
533
|
-
|
|
775
|
+
key_type: Key type.
|
|
776
|
+
purpose: The purpose of this key.
|
|
777
|
+
algorithm: The algorithm of the key.
|
|
778
|
+
name: The name of this item.
|
|
779
|
+
folder: The folder where this item is stored.
|
|
780
|
+
metadata: User-provided metadata.
|
|
781
|
+
tags: A list of user-defined tags.
|
|
782
|
+
rotation_frequency: Period of time between item rotations.
|
|
783
|
+
rotation_state: State to which the previous version should
|
|
784
|
+
transition upon rotation.
|
|
785
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
786
|
+
exportable: Whether the key is exportable or not.
|
|
534
787
|
|
|
535
788
|
Raises:
|
|
536
|
-
PangeaAPIException: If an API Error happens
|
|
789
|
+
PangeaAPIException: If an API Error happens.
|
|
537
790
|
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
791
|
+
Examples:
|
|
792
|
+
response = vault.generate_key(
|
|
793
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
|
794
|
+
purpose=AsymmetricKeyPurpose.JWT,
|
|
795
|
+
algorithm=AsymmetricKeyJwtAlgorithm.ES512,
|
|
796
|
+
)
|
|
797
|
+
"""
|
|
798
|
+
|
|
799
|
+
@overload
|
|
800
|
+
def generate_key(
|
|
801
|
+
self,
|
|
802
|
+
*,
|
|
803
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
|
804
|
+
purpose: Literal[AsymmetricKeyPurpose.PKI],
|
|
805
|
+
algorithm: AsymmetricKeyPkiAlgorithm,
|
|
806
|
+
name: str | None = None,
|
|
807
|
+
folder: str | None = None,
|
|
808
|
+
metadata: Metadata | None = None,
|
|
809
|
+
tags: Tags | None = None,
|
|
810
|
+
rotation_frequency: str | None = None,
|
|
811
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
812
|
+
disabled_at: datetime.datetime | None = None,
|
|
813
|
+
exportable: bool = False,
|
|
814
|
+
) -> PangeaResponse[AsymmetricKey]:
|
|
815
|
+
"""
|
|
816
|
+
Generate key
|
|
817
|
+
|
|
818
|
+
Generate an asymmetric PKI key.
|
|
819
|
+
|
|
820
|
+
Args:
|
|
821
|
+
key_type: Key type.
|
|
822
|
+
purpose: The purpose of this key.
|
|
823
|
+
algorithm: The algorithm of the key.
|
|
824
|
+
name: The name of this item.
|
|
825
|
+
folder: The folder where this item is stored.
|
|
826
|
+
metadata: User-provided metadata.
|
|
827
|
+
tags: A list of user-defined tags.
|
|
828
|
+
rotation_frequency: Period of time between item rotations.
|
|
829
|
+
rotation_state: State to which the previous version should
|
|
830
|
+
transition upon rotation.
|
|
831
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
832
|
+
exportable: Whether the key is exportable or not.
|
|
833
|
+
|
|
834
|
+
Raises:
|
|
835
|
+
PangeaAPIException: If an API Error happens.
|
|
542
836
|
|
|
543
837
|
Examples:
|
|
544
|
-
response = vault.
|
|
545
|
-
|
|
838
|
+
response = vault.generate_key(
|
|
839
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
|
840
|
+
purpose=AsymmetricKeyPurpose.PKI,
|
|
841
|
+
algorithm=AsymmetricKeyPkiAlgorithm.ED25519,
|
|
546
842
|
)
|
|
547
843
|
"""
|
|
548
|
-
input = SecretRotateRequest(id=id) # type: ignore[call-arg]
|
|
549
|
-
return self.request.post("v1/secret/rotate", SecretRotateResult, data=input.model_dump(exclude_none=True))
|
|
550
844
|
|
|
551
|
-
|
|
845
|
+
@overload
|
|
846
|
+
def generate_key(
|
|
552
847
|
self,
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
563
|
-
|
|
848
|
+
*,
|
|
849
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
|
850
|
+
purpose: AsymmetricKeyPurpose,
|
|
851
|
+
algorithm: AsymmetricKeyAlgorithm,
|
|
852
|
+
name: str | None = None,
|
|
853
|
+
folder: str | None = None,
|
|
854
|
+
metadata: Metadata | None = None,
|
|
855
|
+
tags: Tags | None = None,
|
|
856
|
+
rotation_frequency: str | None = None,
|
|
857
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
858
|
+
disabled_at: datetime.datetime | None = None,
|
|
859
|
+
exportable: bool = False,
|
|
860
|
+
) -> PangeaResponse[AsymmetricKey]:
|
|
564
861
|
"""
|
|
565
|
-
|
|
862
|
+
Generate key
|
|
863
|
+
|
|
864
|
+
Generate an asymmetric key.
|
|
566
865
|
|
|
567
|
-
|
|
866
|
+
Args:
|
|
867
|
+
key_type: Key type.
|
|
868
|
+
purpose: The purpose of this key.
|
|
869
|
+
algorithm: The algorithm of the key.
|
|
870
|
+
name: The name of this item.
|
|
871
|
+
folder: The folder where this item is stored.
|
|
872
|
+
metadata: User-provided metadata.
|
|
873
|
+
tags: A list of user-defined tags.
|
|
874
|
+
rotation_frequency: Period of time between item rotations.
|
|
875
|
+
rotation_state: State to which the previous version should
|
|
876
|
+
transition upon rotation.
|
|
877
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
878
|
+
exportable: Whether the key is exportable or not.
|
|
568
879
|
|
|
569
|
-
|
|
880
|
+
Raises:
|
|
881
|
+
PangeaAPIException: If an API Error happens.
|
|
882
|
+
|
|
883
|
+
Examples:
|
|
884
|
+
response = vault.generate_key(
|
|
885
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
|
886
|
+
purpose=AsymmetricKeyPurpose.PKI,
|
|
887
|
+
algorithm=AsymmetricKeyPkiAlgorithm.ED25519,
|
|
888
|
+
)
|
|
889
|
+
"""
|
|
890
|
+
|
|
891
|
+
@overload
|
|
892
|
+
def generate_key(
|
|
893
|
+
self,
|
|
894
|
+
*,
|
|
895
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
|
896
|
+
purpose: Literal[SymmetricKeyPurpose.ENCRYPTION],
|
|
897
|
+
algorithm: SymmetricKeyEncryptionAlgorithm,
|
|
898
|
+
name: str | None = None,
|
|
899
|
+
folder: str | None = None,
|
|
900
|
+
metadata: Metadata | None = None,
|
|
901
|
+
tags: Tags | None = None,
|
|
902
|
+
rotation_frequency: str | None = None,
|
|
903
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
904
|
+
disabled_at: datetime.datetime | None = None,
|
|
905
|
+
exportable: bool = False,
|
|
906
|
+
) -> PangeaResponse[SymmetricKey]:
|
|
907
|
+
"""
|
|
908
|
+
Generate key
|
|
909
|
+
|
|
910
|
+
Generate a symmetric encryption key.
|
|
570
911
|
|
|
571
912
|
Args:
|
|
572
|
-
|
|
573
|
-
purpose
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
|
|
580
|
-
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
exportable (bool, optional): Whether the key is exportable or not
|
|
913
|
+
key_type: Key type.
|
|
914
|
+
purpose: The purpose of this key.
|
|
915
|
+
algorithm: The algorithm of the key.
|
|
916
|
+
name: The name of this item.
|
|
917
|
+
folder: The folder where this item is stored.
|
|
918
|
+
metadata: User-provided metadata.
|
|
919
|
+
tags: A list of user-defined tags.
|
|
920
|
+
rotation_frequency: Period of time between item rotations.
|
|
921
|
+
rotation_state: State to which the previous version should
|
|
922
|
+
transition upon rotation.
|
|
923
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
924
|
+
exportable: Whether the key is exportable or not.
|
|
585
925
|
|
|
586
926
|
Raises:
|
|
587
|
-
PangeaAPIException: If an API Error happens
|
|
927
|
+
PangeaAPIException: If an API Error happens.
|
|
588
928
|
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
|
|
592
|
-
|
|
929
|
+
Examples:
|
|
930
|
+
response = vault.generate_key(
|
|
931
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
|
932
|
+
purpose=SymmetricKeyPurpose.ENCRYPTION,
|
|
933
|
+
algorithm=SymmetricKeyEncryptionAlgorithm.AES_CFB_128,
|
|
934
|
+
)
|
|
935
|
+
"""
|
|
936
|
+
|
|
937
|
+
@overload
|
|
938
|
+
def generate_key(
|
|
939
|
+
self,
|
|
940
|
+
*,
|
|
941
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
|
942
|
+
purpose: Literal[SymmetricKeyPurpose.JWT],
|
|
943
|
+
algorithm: SymmetricKeyJwtAlgorithm,
|
|
944
|
+
name: str | None = None,
|
|
945
|
+
folder: str | None = None,
|
|
946
|
+
metadata: Metadata | None = None,
|
|
947
|
+
tags: Tags | None = None,
|
|
948
|
+
rotation_frequency: str | None = None,
|
|
949
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
950
|
+
disabled_at: datetime.datetime | None = None,
|
|
951
|
+
exportable: bool = False,
|
|
952
|
+
) -> PangeaResponse[SymmetricKey]:
|
|
953
|
+
"""
|
|
954
|
+
Generate key
|
|
955
|
+
|
|
956
|
+
Generate a symmetric JWT key.
|
|
957
|
+
|
|
958
|
+
Args:
|
|
959
|
+
key_type: Key type.
|
|
960
|
+
purpose: The purpose of this key.
|
|
961
|
+
algorithm: The algorithm of the key.
|
|
962
|
+
name: The name of this item.
|
|
963
|
+
folder: The folder where this item is stored.
|
|
964
|
+
metadata: User-provided metadata.
|
|
965
|
+
tags: A list of user-defined tags.
|
|
966
|
+
rotation_frequency: Period of time between item rotations.
|
|
967
|
+
rotation_state: State to which the previous version should
|
|
968
|
+
transition upon rotation.
|
|
969
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
970
|
+
exportable: Whether the key is exportable or not.
|
|
971
|
+
|
|
972
|
+
Raises:
|
|
973
|
+
PangeaAPIException: If an API Error happens.
|
|
593
974
|
|
|
594
975
|
Examples:
|
|
595
|
-
response = vault.
|
|
596
|
-
|
|
597
|
-
purpose=
|
|
598
|
-
|
|
599
|
-
folder="/personal",
|
|
600
|
-
metadata={
|
|
601
|
-
"created_by": "John Doe",
|
|
602
|
-
"used_in": "Google products"
|
|
603
|
-
},
|
|
604
|
-
tags=[
|
|
605
|
-
"irs_2023",
|
|
606
|
-
"personal"
|
|
607
|
-
],
|
|
608
|
-
rotation_frequency="10d",
|
|
609
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
|
610
|
-
expiration="2025-01-01T10:00:00Z",
|
|
976
|
+
response = vault.generate_key(
|
|
977
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
|
978
|
+
purpose=SymmetricKeyPurpose.JWT,
|
|
979
|
+
algorithm=SymmetricKeyJwtAlgorithm.HS512,
|
|
611
980
|
)
|
|
612
981
|
"""
|
|
613
|
-
input = SymmetricGenerateRequest(
|
|
614
|
-
type=ItemType.SYMMETRIC_KEY,
|
|
615
|
-
algorithm=algorithm,
|
|
616
|
-
purpose=purpose,
|
|
617
|
-
name=name, # type: ignore[arg-type]
|
|
618
|
-
folder=folder,
|
|
619
|
-
metadata=metadata,
|
|
620
|
-
tags=tags,
|
|
621
|
-
rotation_frequency=rotation_frequency,
|
|
622
|
-
rotation_state=rotation_state,
|
|
623
|
-
expiration=expiration,
|
|
624
|
-
exportable=exportable,
|
|
625
|
-
)
|
|
626
|
-
return self.request.post(
|
|
627
|
-
"v1/key/generate",
|
|
628
|
-
SymmetricGenerateResult,
|
|
629
|
-
data=input.model_dump(exclude_none=True),
|
|
630
|
-
)
|
|
631
982
|
|
|
632
|
-
|
|
983
|
+
@overload
|
|
984
|
+
def generate_key(
|
|
633
985
|
self,
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
986
|
+
*,
|
|
987
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
|
988
|
+
purpose: Literal[SymmetricKeyPurpose.FPE],
|
|
989
|
+
algorithm: SymmetricKeyFpeAlgorithm,
|
|
990
|
+
name: str | None = None,
|
|
991
|
+
folder: str | None = None,
|
|
992
|
+
metadata: Metadata | None = None,
|
|
993
|
+
tags: Tags | None = None,
|
|
994
|
+
rotation_frequency: str | None = None,
|
|
995
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
996
|
+
disabled_at: datetime.datetime | None = None,
|
|
997
|
+
exportable: bool = False,
|
|
998
|
+
) -> PangeaResponse[SymmetricKey]:
|
|
999
|
+
"""
|
|
1000
|
+
Generate key
|
|
1001
|
+
|
|
1002
|
+
Generate a symmetric FPE key.
|
|
1003
|
+
|
|
1004
|
+
Args:
|
|
1005
|
+
key_type: Key type.
|
|
1006
|
+
purpose: The purpose of this key.
|
|
1007
|
+
algorithm: The algorithm of the key.
|
|
1008
|
+
name: The name of this item.
|
|
1009
|
+
folder: The folder where this item is stored.
|
|
1010
|
+
metadata: User-provided metadata.
|
|
1011
|
+
tags: A list of user-defined tags.
|
|
1012
|
+
rotation_frequency: Period of time between item rotations.
|
|
1013
|
+
rotation_state: State to which the previous version should
|
|
1014
|
+
transition upon rotation.
|
|
1015
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1016
|
+
exportable: Whether the key is exportable or not.
|
|
1017
|
+
|
|
1018
|
+
Raises:
|
|
1019
|
+
PangeaAPIException: If an API Error happens.
|
|
1020
|
+
|
|
1021
|
+
Examples:
|
|
1022
|
+
response = vault.generate_key(
|
|
1023
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
|
1024
|
+
purpose=SymmetricKeyPurpose.FPE,
|
|
1025
|
+
algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
|
|
1026
|
+
)
|
|
645
1027
|
"""
|
|
646
|
-
Asymmetric generate
|
|
647
1028
|
|
|
648
|
-
|
|
1029
|
+
@overload
|
|
1030
|
+
def generate_key(
|
|
1031
|
+
self,
|
|
1032
|
+
*,
|
|
1033
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
|
1034
|
+
purpose: SymmetricKeyPurpose,
|
|
1035
|
+
algorithm: SymmetricKeyAlgorithm,
|
|
1036
|
+
name: str | None = None,
|
|
1037
|
+
folder: str | None = None,
|
|
1038
|
+
metadata: Metadata | None = None,
|
|
1039
|
+
tags: Tags | None = None,
|
|
1040
|
+
rotation_frequency: str | None = None,
|
|
1041
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
1042
|
+
disabled_at: datetime.datetime | None = None,
|
|
1043
|
+
exportable: bool = False,
|
|
1044
|
+
) -> PangeaResponse[SymmetricKey]:
|
|
1045
|
+
"""
|
|
1046
|
+
Generate key
|
|
649
1047
|
|
|
650
|
-
|
|
1048
|
+
Generate a symmetric key.
|
|
651
1049
|
|
|
652
1050
|
Args:
|
|
653
|
-
|
|
654
|
-
purpose
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
658
|
-
|
|
659
|
-
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
exportable (bool, optional): Whether the key is exportable or not
|
|
1051
|
+
key_type: Key type.
|
|
1052
|
+
purpose: The purpose of this key.
|
|
1053
|
+
algorithm: The algorithm of the key.
|
|
1054
|
+
name: The name of this item.
|
|
1055
|
+
folder: The folder where this item is stored.
|
|
1056
|
+
metadata: User-provided metadata.
|
|
1057
|
+
tags: A list of user-defined tags.
|
|
1058
|
+
rotation_frequency: Period of time between item rotations.
|
|
1059
|
+
rotation_state: State to which the previous version should
|
|
1060
|
+
transition upon rotation.
|
|
1061
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1062
|
+
exportable: Whether the key is exportable or not.
|
|
666
1063
|
|
|
667
1064
|
Raises:
|
|
668
|
-
PangeaAPIException: If an API Error happens
|
|
1065
|
+
PangeaAPIException: If an API Error happens.
|
|
669
1066
|
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
|
|
673
|
-
|
|
1067
|
+
Examples:
|
|
1068
|
+
response = vault.generate_key(
|
|
1069
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
|
1070
|
+
purpose=SymmetricKeyPurpose.FPE,
|
|
1071
|
+
algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
|
|
1072
|
+
)
|
|
1073
|
+
"""
|
|
1074
|
+
|
|
1075
|
+
def generate_key(
|
|
1076
|
+
self,
|
|
1077
|
+
*,
|
|
1078
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY, ItemType.SYMMETRIC_KEY],
|
|
1079
|
+
purpose: SymmetricKeyPurpose | AsymmetricKeyPurpose,
|
|
1080
|
+
algorithm: AsymmetricKeyAlgorithm | SymmetricKeyAlgorithm,
|
|
1081
|
+
name: str | None = None,
|
|
1082
|
+
folder: str | None = None,
|
|
1083
|
+
metadata: Metadata | None = None,
|
|
1084
|
+
tags: Tags | None = None,
|
|
1085
|
+
rotation_frequency: str | None = None,
|
|
1086
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
1087
|
+
disabled_at: datetime.datetime | None = None,
|
|
1088
|
+
exportable: bool = False,
|
|
1089
|
+
) -> PangeaResponse[Any]:
|
|
1090
|
+
"""
|
|
1091
|
+
Generate key
|
|
1092
|
+
|
|
1093
|
+
Generate a key.
|
|
1094
|
+
|
|
1095
|
+
Args:
|
|
1096
|
+
key_type: Key type.
|
|
1097
|
+
purpose: The purpose of this key.
|
|
1098
|
+
algorithm: The algorithm of the key.
|
|
1099
|
+
name: The name of this item.
|
|
1100
|
+
folder: The folder where this item is stored.
|
|
1101
|
+
metadata: User-provided metadata.
|
|
1102
|
+
tags: A list of user-defined tags.
|
|
1103
|
+
rotation_frequency: Period of time between item rotations.
|
|
1104
|
+
rotation_state: State to which the previous version should
|
|
1105
|
+
transition upon rotation.
|
|
1106
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1107
|
+
exportable: Whether the key is exportable or not.
|
|
1108
|
+
|
|
1109
|
+
Raises:
|
|
1110
|
+
PangeaAPIException: If an API Error happens.
|
|
674
1111
|
|
|
675
1112
|
Examples:
|
|
676
|
-
response = vault.
|
|
677
|
-
|
|
678
|
-
purpose=
|
|
679
|
-
|
|
680
|
-
folder="/personal",
|
|
681
|
-
metadata={
|
|
682
|
-
"created_by": "John Doe",
|
|
683
|
-
"used_in": "Google products"
|
|
684
|
-
},
|
|
685
|
-
tags=[
|
|
686
|
-
"irs_2023",
|
|
687
|
-
"personal"
|
|
688
|
-
],
|
|
689
|
-
rotation_frequency="10d",
|
|
690
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
|
691
|
-
expiration="2025-01-01T10:00:00Z",
|
|
1113
|
+
response = vault.generate_key(
|
|
1114
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
|
1115
|
+
purpose=SymmetricKeyPurpose.FPE,
|
|
1116
|
+
algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
|
|
692
1117
|
)
|
|
693
1118
|
"""
|
|
694
|
-
|
|
695
|
-
type=ItemType.ASYMMETRIC_KEY,
|
|
696
|
-
algorithm=algorithm,
|
|
697
|
-
purpose=purpose,
|
|
698
|
-
name=name, # type: ignore[arg-type]
|
|
699
|
-
folder=folder,
|
|
700
|
-
metadata=metadata,
|
|
701
|
-
tags=tags,
|
|
702
|
-
rotation_frequency=rotation_frequency,
|
|
703
|
-
rotation_state=rotation_state,
|
|
704
|
-
expiration=expiration,
|
|
705
|
-
exportable=exportable,
|
|
706
|
-
)
|
|
1119
|
+
|
|
707
1120
|
return self.request.post(
|
|
708
|
-
"
|
|
709
|
-
|
|
710
|
-
data=
|
|
1121
|
+
"v2/key/generate",
|
|
1122
|
+
AsymmetricKey if key_type == ItemType.ASYMMETRIC_KEY else SymmetricKey,
|
|
1123
|
+
data=CommonGenerateRequest(
|
|
1124
|
+
type=key_type,
|
|
1125
|
+
purpose=purpose,
|
|
1126
|
+
algorithm=algorithm,
|
|
1127
|
+
name=name,
|
|
1128
|
+
folder=folder,
|
|
1129
|
+
metadata=metadata,
|
|
1130
|
+
tags=tags,
|
|
1131
|
+
rotation_frequency=rotation_frequency,
|
|
1132
|
+
rotation_state=rotation_state,
|
|
1133
|
+
disabled_at=disabled_at,
|
|
1134
|
+
exportable=exportable,
|
|
1135
|
+
),
|
|
711
1136
|
)
|
|
712
1137
|
|
|
713
|
-
|
|
714
|
-
def
|
|
1138
|
+
@overload
|
|
1139
|
+
def store_key(
|
|
715
1140
|
self,
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
|
|
726
|
-
|
|
727
|
-
|
|
728
|
-
|
|
1141
|
+
*,
|
|
1142
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
|
1143
|
+
purpose: Literal[AsymmetricKeyPurpose.SIGNING],
|
|
1144
|
+
algorithm: AsymmetricKeySigningAlgorithm,
|
|
1145
|
+
public_key: str,
|
|
1146
|
+
private_key: str,
|
|
1147
|
+
name: str | None = None,
|
|
1148
|
+
folder: str | None = None,
|
|
1149
|
+
metadata: Metadata | None = None,
|
|
1150
|
+
tags: Tags | None = None,
|
|
1151
|
+
rotation_frequency: str | None = None,
|
|
1152
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
1153
|
+
disabled_at: datetime.datetime | None = None,
|
|
1154
|
+
exportable: bool = False,
|
|
1155
|
+
) -> PangeaResponse[AsymmetricKey]:
|
|
1156
|
+
"""
|
|
1157
|
+
Store key
|
|
1158
|
+
|
|
1159
|
+
Import an asymmetric signing key.
|
|
1160
|
+
|
|
1161
|
+
Args:
|
|
1162
|
+
key_type: Key type.
|
|
1163
|
+
purpose: The purpose of this key.
|
|
1164
|
+
algorithm: The algorithm of the key.
|
|
1165
|
+
public_key: The public key (in PEM format).
|
|
1166
|
+
private_key: The private key (in PEM format).
|
|
1167
|
+
name: The name of this item.
|
|
1168
|
+
folder: The folder where this item is stored.
|
|
1169
|
+
metadata: User-provided metadata.
|
|
1170
|
+
tags: A list of user-defined tags.
|
|
1171
|
+
rotation_frequency: Period of time between item rotations.
|
|
1172
|
+
rotation_state: State to which the previous version should
|
|
1173
|
+
transition upon rotation.
|
|
1174
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1175
|
+
exportable: Whether the key is exportable or not.
|
|
1176
|
+
|
|
1177
|
+
Raises:
|
|
1178
|
+
PangeaAPIException: If an API Error happens.
|
|
1179
|
+
|
|
1180
|
+
Examples:
|
|
1181
|
+
response = vault.store_key(
|
|
1182
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
|
1183
|
+
purpose=AsymmetricKeyPurpose.SIGNING,
|
|
1184
|
+
algorithm=AsymmetricKeySigningAlgorithm.ED25519,
|
|
1185
|
+
)
|
|
729
1186
|
"""
|
|
730
|
-
Asymmetric store
|
|
731
1187
|
|
|
732
|
-
|
|
1188
|
+
@overload
|
|
1189
|
+
def store_key(
|
|
1190
|
+
self,
|
|
1191
|
+
*,
|
|
1192
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
|
1193
|
+
purpose: Literal[AsymmetricKeyPurpose.ENCRYPTION],
|
|
1194
|
+
algorithm: AsymmetricKeyEncryptionAlgorithm,
|
|
1195
|
+
public_key: str,
|
|
1196
|
+
private_key: str,
|
|
1197
|
+
name: str | None = None,
|
|
1198
|
+
folder: str | None = None,
|
|
1199
|
+
metadata: Metadata | None = None,
|
|
1200
|
+
tags: Tags | None = None,
|
|
1201
|
+
rotation_frequency: str | None = None,
|
|
1202
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
1203
|
+
disabled_at: datetime.datetime | None = None,
|
|
1204
|
+
exportable: bool = False,
|
|
1205
|
+
) -> PangeaResponse[AsymmetricKey]:
|
|
1206
|
+
"""
|
|
1207
|
+
Store key
|
|
733
1208
|
|
|
734
|
-
|
|
1209
|
+
Import an asymmetric encryption key.
|
|
735
1210
|
|
|
736
1211
|
Args:
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
algorithm
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
751
|
-
exportable (bool, optional): Whether the key is exportable or not
|
|
1212
|
+
key_type: Key type.
|
|
1213
|
+
purpose: The purpose of this key.
|
|
1214
|
+
algorithm: The algorithm of the key.
|
|
1215
|
+
public_key: The public key (in PEM format).
|
|
1216
|
+
private_key: The private key (in PEM format).
|
|
1217
|
+
name: The name of this item.
|
|
1218
|
+
folder: The folder where this item is stored.
|
|
1219
|
+
metadata: User-provided metadata.
|
|
1220
|
+
tags: A list of user-defined tags.
|
|
1221
|
+
rotation_frequency: Period of time between item rotations.
|
|
1222
|
+
rotation_state: State to which the previous version should
|
|
1223
|
+
transition upon rotation.
|
|
1224
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1225
|
+
exportable: Whether the key is exportable or not.
|
|
752
1226
|
|
|
753
1227
|
Raises:
|
|
754
|
-
PangeaAPIException: If an API Error happens
|
|
1228
|
+
PangeaAPIException: If an API Error happens.
|
|
755
1229
|
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
1230
|
+
Examples:
|
|
1231
|
+
response = vault.store_key(
|
|
1232
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
|
1233
|
+
purpose=AsymmetricKeyPurpose.ENCRYPTION,
|
|
1234
|
+
algorithm=AsymmetricKeyEncryptionAlgorithm.RSA_OAEP_2048_SHA1,
|
|
1235
|
+
)
|
|
1236
|
+
"""
|
|
1237
|
+
|
|
1238
|
+
@overload
|
|
1239
|
+
def store_key(
|
|
1240
|
+
self,
|
|
1241
|
+
*,
|
|
1242
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
|
1243
|
+
purpose: Literal[AsymmetricKeyPurpose.JWT],
|
|
1244
|
+
algorithm: AsymmetricKeyJwtAlgorithm,
|
|
1245
|
+
public_key: str,
|
|
1246
|
+
private_key: str,
|
|
1247
|
+
name: str | None = None,
|
|
1248
|
+
folder: str | None = None,
|
|
1249
|
+
metadata: Metadata | None = None,
|
|
1250
|
+
tags: Tags | None = None,
|
|
1251
|
+
rotation_frequency: str | None = None,
|
|
1252
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
1253
|
+
disabled_at: datetime.datetime | None = None,
|
|
1254
|
+
exportable: bool = False,
|
|
1255
|
+
) -> PangeaResponse[AsymmetricKey]:
|
|
1256
|
+
"""
|
|
1257
|
+
Store key
|
|
1258
|
+
|
|
1259
|
+
Import an asymmetric JWT key.
|
|
1260
|
+
|
|
1261
|
+
Args:
|
|
1262
|
+
key_type: Key type.
|
|
1263
|
+
purpose: The purpose of this key.
|
|
1264
|
+
algorithm: The algorithm of the key.
|
|
1265
|
+
public_key: The public key (in PEM format).
|
|
1266
|
+
private_key: The private key (in PEM format).
|
|
1267
|
+
name: The name of this item.
|
|
1268
|
+
folder: The folder where this item is stored.
|
|
1269
|
+
metadata: User-provided metadata.
|
|
1270
|
+
tags: A list of user-defined tags.
|
|
1271
|
+
rotation_frequency: Period of time between item rotations.
|
|
1272
|
+
rotation_state: State to which the previous version should
|
|
1273
|
+
transition upon rotation.
|
|
1274
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1275
|
+
exportable: Whether the key is exportable or not.
|
|
1276
|
+
|
|
1277
|
+
Raises:
|
|
1278
|
+
PangeaAPIException: If an API Error happens.
|
|
760
1279
|
|
|
761
1280
|
Examples:
|
|
762
|
-
response = vault.
|
|
763
|
-
|
|
764
|
-
|
|
765
|
-
algorithm=
|
|
766
|
-
purpose=KeyPurpose.SIGNING,
|
|
767
|
-
name="my-very-secret-secret",
|
|
768
|
-
folder="/personal",
|
|
769
|
-
metadata={
|
|
770
|
-
"created_by": "John Doe",
|
|
771
|
-
"used_in": "Google products"
|
|
772
|
-
},
|
|
773
|
-
tags=[
|
|
774
|
-
"irs_2023",
|
|
775
|
-
"personal"
|
|
776
|
-
],
|
|
777
|
-
rotation_frequency="10d",
|
|
778
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
|
779
|
-
expiration="2025-01-01T10:00:00Z",
|
|
1281
|
+
response = vault.store_key(
|
|
1282
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
|
1283
|
+
purpose=AsymmetricKeyPurpose.JWT,
|
|
1284
|
+
algorithm=AsymmetricKeyJwtAlgorithm.ES512,
|
|
780
1285
|
)
|
|
781
1286
|
"""
|
|
782
|
-
input = AsymmetricStoreRequest(
|
|
783
|
-
type=ItemType.ASYMMETRIC_KEY,
|
|
784
|
-
algorithm=algorithm,
|
|
785
|
-
purpose=purpose,
|
|
786
|
-
public_key=public_key,
|
|
787
|
-
private_key=private_key,
|
|
788
|
-
name=name,
|
|
789
|
-
folder=folder,
|
|
790
|
-
metadata=metadata,
|
|
791
|
-
tags=tags,
|
|
792
|
-
rotation_frequency=rotation_frequency,
|
|
793
|
-
rotation_state=rotation_state,
|
|
794
|
-
expiration=expiration,
|
|
795
|
-
exportable=exportable,
|
|
796
|
-
)
|
|
797
|
-
return self.request.post("v1/key/store", AsymmetricStoreResult, data=input.model_dump(exclude_none=True))
|
|
798
1287
|
|
|
799
|
-
|
|
1288
|
+
@overload
|
|
1289
|
+
def store_key(
|
|
800
1290
|
self,
|
|
1291
|
+
*,
|
|
1292
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
|
1293
|
+
purpose: Literal[AsymmetricKeyPurpose.PKI],
|
|
1294
|
+
algorithm: AsymmetricKeyPkiAlgorithm,
|
|
1295
|
+
public_key: str,
|
|
1296
|
+
private_key: str,
|
|
1297
|
+
name: str | None = None,
|
|
1298
|
+
folder: str | None = None,
|
|
1299
|
+
metadata: Metadata | None = None,
|
|
1300
|
+
tags: Tags | None = None,
|
|
1301
|
+
rotation_frequency: str | None = None,
|
|
1302
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
1303
|
+
disabled_at: datetime.datetime | None = None,
|
|
1304
|
+
exportable: bool = False,
|
|
1305
|
+
) -> PangeaResponse[AsymmetricKey]:
|
|
1306
|
+
"""
|
|
1307
|
+
Store key
|
|
1308
|
+
|
|
1309
|
+
Import an asymmetric PKI key.
|
|
1310
|
+
|
|
1311
|
+
Args:
|
|
1312
|
+
key_type: Key type.
|
|
1313
|
+
purpose: The purpose of this key.
|
|
1314
|
+
algorithm: The algorithm of the key.
|
|
1315
|
+
public_key: The public key (in PEM format).
|
|
1316
|
+
private_key: The private key (in PEM format).
|
|
1317
|
+
name: The name of this item.
|
|
1318
|
+
folder: The folder where this item is stored.
|
|
1319
|
+
metadata: User-provided metadata.
|
|
1320
|
+
tags: A list of user-defined tags.
|
|
1321
|
+
rotation_frequency: Period of time between item rotations.
|
|
1322
|
+
rotation_state: State to which the previous version should
|
|
1323
|
+
transition upon rotation.
|
|
1324
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1325
|
+
exportable: Whether the key is exportable or not.
|
|
1326
|
+
|
|
1327
|
+
Raises:
|
|
1328
|
+
PangeaAPIException: If an API Error happens.
|
|
1329
|
+
|
|
1330
|
+
Examples:
|
|
1331
|
+
response = vault.store_key(
|
|
1332
|
+
key_type=ItemType.ASYMMETRIC_KEY,
|
|
1333
|
+
purpose=AsymmetricKeyPurpose.PKI,
|
|
1334
|
+
algorithm=AsymmetricKeyPkiAlgorithm.ED25519,
|
|
1335
|
+
)
|
|
1336
|
+
"""
|
|
1337
|
+
|
|
1338
|
+
@overload
|
|
1339
|
+
def store_key(
|
|
1340
|
+
self,
|
|
1341
|
+
*,
|
|
1342
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
|
1343
|
+
purpose: Literal[SymmetricKeyPurpose.ENCRYPTION],
|
|
1344
|
+
algorithm: SymmetricKeyEncryptionAlgorithm,
|
|
801
1345
|
key: str,
|
|
802
|
-
|
|
803
|
-
|
|
804
|
-
|
|
805
|
-
|
|
806
|
-
|
|
807
|
-
|
|
808
|
-
|
|
809
|
-
|
|
810
|
-
|
|
811
|
-
exportable: Optional[bool] = None,
|
|
812
|
-
) -> PangeaResponse[SymmetricStoreResult]:
|
|
1346
|
+
name: str | None = None,
|
|
1347
|
+
folder: str | None = None,
|
|
1348
|
+
metadata: Metadata | None = None,
|
|
1349
|
+
tags: Tags | None = None,
|
|
1350
|
+
rotation_frequency: str | None = None,
|
|
1351
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
1352
|
+
disabled_at: datetime.datetime | None = None,
|
|
1353
|
+
exportable: bool = False,
|
|
1354
|
+
) -> PangeaResponse[SymmetricKey]:
|
|
813
1355
|
"""
|
|
814
|
-
|
|
1356
|
+
Store key
|
|
815
1357
|
|
|
816
|
-
Import a symmetric key
|
|
1358
|
+
Import a symmetric encryption key.
|
|
1359
|
+
|
|
1360
|
+
Args:
|
|
1361
|
+
key_type: Key type.
|
|
1362
|
+
purpose: The purpose of this key.
|
|
1363
|
+
algorithm: The algorithm of the key.
|
|
1364
|
+
key: The key material.
|
|
1365
|
+
name: The name of this item.
|
|
1366
|
+
folder: The folder where this item is stored.
|
|
1367
|
+
metadata: User-provided metadata.
|
|
1368
|
+
tags: A list of user-defined tags.
|
|
1369
|
+
rotation_frequency: Period of time between item rotations.
|
|
1370
|
+
rotation_state: State to which the previous version should
|
|
1371
|
+
transition upon rotation.
|
|
1372
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1373
|
+
exportable: Whether the key is exportable or not.
|
|
817
1374
|
|
|
818
|
-
|
|
1375
|
+
Raises:
|
|
1376
|
+
PangeaAPIException: If an API Error happens.
|
|
1377
|
+
|
|
1378
|
+
Examples:
|
|
1379
|
+
response = vault.store_key(
|
|
1380
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
|
1381
|
+
purpose=SymmetricKeyPurpose.ENCRYPTION,
|
|
1382
|
+
algorithm=SymmetricKeyEncryptionAlgorithm.AES_CFB_128,
|
|
1383
|
+
)
|
|
1384
|
+
"""
|
|
1385
|
+
|
|
1386
|
+
@overload
|
|
1387
|
+
def store_key(
|
|
1388
|
+
self,
|
|
1389
|
+
*,
|
|
1390
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
|
1391
|
+
purpose: Literal[SymmetricKeyPurpose.JWT],
|
|
1392
|
+
algorithm: SymmetricKeyJwtAlgorithm,
|
|
1393
|
+
key: str,
|
|
1394
|
+
name: str | None = None,
|
|
1395
|
+
folder: str | None = None,
|
|
1396
|
+
metadata: Metadata | None = None,
|
|
1397
|
+
tags: Tags | None = None,
|
|
1398
|
+
rotation_frequency: str | None = None,
|
|
1399
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
1400
|
+
disabled_at: datetime.datetime | None = None,
|
|
1401
|
+
exportable: bool = False,
|
|
1402
|
+
) -> PangeaResponse[SymmetricKey]:
|
|
1403
|
+
"""
|
|
1404
|
+
Store key
|
|
1405
|
+
|
|
1406
|
+
Import a symmetric JWT key.
|
|
819
1407
|
|
|
820
1408
|
Args:
|
|
821
|
-
|
|
822
|
-
|
|
823
|
-
|
|
824
|
-
|
|
825
|
-
|
|
826
|
-
|
|
827
|
-
|
|
828
|
-
|
|
829
|
-
|
|
830
|
-
|
|
831
|
-
|
|
832
|
-
|
|
833
|
-
|
|
834
|
-
exportable (bool, optional): Whether the key is exportable or not
|
|
1409
|
+
key_type: Key type.
|
|
1410
|
+
purpose: The purpose of this key.
|
|
1411
|
+
algorithm: The algorithm of the key.
|
|
1412
|
+
key: The key material.
|
|
1413
|
+
name: The name of this item.
|
|
1414
|
+
folder: The folder where this item is stored.
|
|
1415
|
+
metadata: User-provided metadata.
|
|
1416
|
+
tags: A list of user-defined tags.
|
|
1417
|
+
rotation_frequency: Period of time between item rotations.
|
|
1418
|
+
rotation_state: State to which the previous version should
|
|
1419
|
+
transition upon rotation.
|
|
1420
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1421
|
+
exportable: Whether the key is exportable or not.
|
|
835
1422
|
|
|
836
1423
|
Raises:
|
|
837
|
-
PangeaAPIException: If an API Error happens
|
|
1424
|
+
PangeaAPIException: If an API Error happens.
|
|
838
1425
|
|
|
839
|
-
|
|
840
|
-
|
|
841
|
-
|
|
842
|
-
|
|
1426
|
+
Examples:
|
|
1427
|
+
response = vault.store_key(
|
|
1428
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
|
1429
|
+
purpose=SymmetricKeyPurpose.JWT,
|
|
1430
|
+
algorithm=SymmetricKeyJwtAlgorithm.HS512,
|
|
1431
|
+
)
|
|
1432
|
+
"""
|
|
1433
|
+
|
|
1434
|
+
@overload
|
|
1435
|
+
def store_key(
|
|
1436
|
+
self,
|
|
1437
|
+
*,
|
|
1438
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
|
1439
|
+
purpose: Literal[SymmetricKeyPurpose.FPE],
|
|
1440
|
+
algorithm: SymmetricKeyFpeAlgorithm,
|
|
1441
|
+
key: str,
|
|
1442
|
+
name: str | None = None,
|
|
1443
|
+
folder: str | None = None,
|
|
1444
|
+
metadata: Metadata | None = None,
|
|
1445
|
+
tags: Tags | None = None,
|
|
1446
|
+
rotation_frequency: str | None = None,
|
|
1447
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
1448
|
+
disabled_at: datetime.datetime | None = None,
|
|
1449
|
+
exportable: bool = False,
|
|
1450
|
+
) -> PangeaResponse[SymmetricKey]:
|
|
1451
|
+
"""
|
|
1452
|
+
Store key
|
|
1453
|
+
|
|
1454
|
+
Import a symmetric FPE key.
|
|
1455
|
+
|
|
1456
|
+
Args:
|
|
1457
|
+
key_type: Key type.
|
|
1458
|
+
purpose: The purpose of this key.
|
|
1459
|
+
algorithm: The algorithm of the key.
|
|
1460
|
+
key: The key material.
|
|
1461
|
+
name: The name of this item.
|
|
1462
|
+
folder: The folder where this item is stored.
|
|
1463
|
+
metadata: User-provided metadata.
|
|
1464
|
+
tags: A list of user-defined tags.
|
|
1465
|
+
rotation_frequency: Period of time between item rotations.
|
|
1466
|
+
rotation_state: State to which the previous version should
|
|
1467
|
+
transition upon rotation.
|
|
1468
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1469
|
+
exportable: Whether the key is exportable or not.
|
|
1470
|
+
|
|
1471
|
+
Raises:
|
|
1472
|
+
PangeaAPIException: If an API Error happens.
|
|
843
1473
|
|
|
844
1474
|
Examples:
|
|
845
|
-
response = vault.
|
|
846
|
-
|
|
847
|
-
|
|
848
|
-
|
|
849
|
-
name="my-very-secret-secret",
|
|
850
|
-
folder="/personal",
|
|
851
|
-
metadata={
|
|
852
|
-
"created_by": "John Doe",
|
|
853
|
-
"used_in": "Google products"
|
|
854
|
-
},
|
|
855
|
-
tags=[
|
|
856
|
-
"irs_2023",
|
|
857
|
-
"personal"
|
|
858
|
-
],
|
|
859
|
-
rotation_frequency="10d",
|
|
860
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
|
861
|
-
expiration="2025-01-01T10:00:00Z",
|
|
1475
|
+
response = vault.store_key(
|
|
1476
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
|
1477
|
+
purpose=SymmetricKeyPurpose.FPE,
|
|
1478
|
+
algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
|
|
862
1479
|
)
|
|
863
1480
|
"""
|
|
864
|
-
|
|
865
|
-
|
|
866
|
-
|
|
867
|
-
|
|
868
|
-
|
|
869
|
-
|
|
870
|
-
|
|
871
|
-
|
|
872
|
-
|
|
873
|
-
|
|
874
|
-
|
|
875
|
-
|
|
876
|
-
|
|
1481
|
+
|
|
1482
|
+
def store_key(
|
|
1483
|
+
self,
|
|
1484
|
+
*,
|
|
1485
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY, ItemType.SYMMETRIC_KEY],
|
|
1486
|
+
purpose: SymmetricKeyPurpose | AsymmetricKeyPurpose,
|
|
1487
|
+
algorithm: (
|
|
1488
|
+
AsymmetricKeySigningAlgorithm
|
|
1489
|
+
| AsymmetricKeyEncryptionAlgorithm
|
|
1490
|
+
| AsymmetricKeyJwtAlgorithm
|
|
1491
|
+
| AsymmetricKeyPkiAlgorithm
|
|
1492
|
+
| SymmetricKeyEncryptionAlgorithm
|
|
1493
|
+
| SymmetricKeyJwtAlgorithm
|
|
1494
|
+
| SymmetricKeyFpeAlgorithm
|
|
1495
|
+
),
|
|
1496
|
+
public_key: str | None = None,
|
|
1497
|
+
private_key: str | None = None,
|
|
1498
|
+
key: str | None = None,
|
|
1499
|
+
name: str | None = None,
|
|
1500
|
+
folder: str | None = None,
|
|
1501
|
+
metadata: Metadata | None = None,
|
|
1502
|
+
tags: Tags | None = None,
|
|
1503
|
+
rotation_frequency: str | None = None,
|
|
1504
|
+
rotation_state: RequestRotationState | None = RequestRotationState.INHERITED,
|
|
1505
|
+
disabled_at: datetime.datetime | None = None,
|
|
1506
|
+
exportable: bool = False,
|
|
1507
|
+
) -> PangeaResponse[Any]:
|
|
1508
|
+
"""
|
|
1509
|
+
Store key
|
|
1510
|
+
|
|
1511
|
+
Import a key.
|
|
1512
|
+
|
|
1513
|
+
Args:
|
|
1514
|
+
key_type: Key type.
|
|
1515
|
+
purpose: The purpose of this key.
|
|
1516
|
+
algorithm: The algorithm of the key.
|
|
1517
|
+
public_key: The public key (in PEM format).
|
|
1518
|
+
private_key: The private key (in PEM format).
|
|
1519
|
+
key: The key material.
|
|
1520
|
+
name: The name of this item.
|
|
1521
|
+
folder: The folder where this item is stored.
|
|
1522
|
+
metadata: User-provided metadata.
|
|
1523
|
+
tags: A list of user-defined tags.
|
|
1524
|
+
rotation_frequency: Period of time between item rotations.
|
|
1525
|
+
rotation_state: State to which the previous version should
|
|
1526
|
+
transition upon rotation.
|
|
1527
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1528
|
+
exportable: Whether the key is exportable or not.
|
|
1529
|
+
|
|
1530
|
+
Raises:
|
|
1531
|
+
PangeaAPIException: If an API Error happens.
|
|
1532
|
+
|
|
1533
|
+
Examples:
|
|
1534
|
+
response = vault.store_key(
|
|
1535
|
+
key_type=ItemType.SYMMETRIC_KEY,
|
|
1536
|
+
purpose=SymmetricKeyPurpose.FPE,
|
|
1537
|
+
algorithm=SymmetricKeyFpeAlgorithm.AES_FF3_1_256_BETA,
|
|
1538
|
+
)
|
|
1539
|
+
"""
|
|
1540
|
+
|
|
1541
|
+
return self.request.post(
|
|
1542
|
+
"v2/key/store",
|
|
1543
|
+
AsymmetricKey if key_type == ItemType.ASYMMETRIC_KEY else SymmetricKey,
|
|
1544
|
+
data=KeyStoreRequest(
|
|
1545
|
+
type=key_type,
|
|
1546
|
+
purpose=purpose,
|
|
1547
|
+
algorithm=algorithm,
|
|
1548
|
+
public_key=public_key,
|
|
1549
|
+
private_key=private_key,
|
|
1550
|
+
key=key,
|
|
1551
|
+
name=name,
|
|
1552
|
+
folder=folder,
|
|
1553
|
+
metadata=metadata,
|
|
1554
|
+
tags=tags,
|
|
1555
|
+
rotation_frequency=rotation_frequency,
|
|
1556
|
+
rotation_state=rotation_state,
|
|
1557
|
+
disabled_at=disabled_at,
|
|
1558
|
+
exportable=exportable,
|
|
1559
|
+
),
|
|
877
1560
|
)
|
|
878
|
-
return self.request.post("v1/key/store", SymmetricStoreResult, data=input.model_dump(exclude_none=True))
|
|
879
1561
|
|
|
880
|
-
|
|
881
|
-
def
|
|
1562
|
+
@overload
|
|
1563
|
+
def rotate_key(
|
|
882
1564
|
self,
|
|
883
|
-
|
|
884
|
-
|
|
885
|
-
|
|
886
|
-
|
|
887
|
-
|
|
888
|
-
|
|
1565
|
+
key_id: str,
|
|
1566
|
+
*,
|
|
1567
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY],
|
|
1568
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
|
1569
|
+
public_key: str | None = None,
|
|
1570
|
+
private_key: str | None = None,
|
|
1571
|
+
) -> PangeaResponse[AsymmetricKey]:
|
|
889
1572
|
"""
|
|
890
|
-
|
|
1573
|
+
Rotate key
|
|
891
1574
|
|
|
892
|
-
Manually rotate
|
|
1575
|
+
Manually rotate an asymmetric key.
|
|
893
1576
|
|
|
894
|
-
|
|
1577
|
+
Args:
|
|
1578
|
+
key_id: The ID of the key.
|
|
1579
|
+
key_type: Key type.
|
|
1580
|
+
rotation_state: State to which the previous version should
|
|
1581
|
+
transition upon rotation.
|
|
1582
|
+
public_key: The public key (in PEM format).
|
|
1583
|
+
private_key: The private key (in PEM format).
|
|
1584
|
+
|
|
1585
|
+
Raises:
|
|
1586
|
+
PangeaAPIException: If an API Error happens.
|
|
1587
|
+
|
|
1588
|
+
Examples:
|
|
1589
|
+
response = vault.rotate_key("pvi_...", key_type=ItemType.ASYMMETRIC_KEY)
|
|
1590
|
+
"""
|
|
1591
|
+
|
|
1592
|
+
@overload
|
|
1593
|
+
def rotate_key(
|
|
1594
|
+
self,
|
|
1595
|
+
key_id: str,
|
|
1596
|
+
*,
|
|
1597
|
+
key_type: Literal[ItemType.SYMMETRIC_KEY],
|
|
1598
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
|
1599
|
+
key: str | None = None,
|
|
1600
|
+
) -> PangeaResponse[SymmetricKey]:
|
|
1601
|
+
"""
|
|
1602
|
+
Rotate key
|
|
1603
|
+
|
|
1604
|
+
Manually rotate a symmetric key.
|
|
895
1605
|
|
|
896
1606
|
Args:
|
|
897
|
-
|
|
898
|
-
|
|
899
|
-
|
|
900
|
-
|
|
901
|
-
|
|
902
|
-
- `destroyed`
|
|
903
|
-
|
|
904
|
-
Default is `deactivated`.
|
|
905
|
-
public_key (EncodedPublicKey, optional): The public key (in PEM format)
|
|
906
|
-
private_key (EncodedPrivateKey, optional): The private key (in PEM format)
|
|
907
|
-
key (EncodedSymmetricKey, optional): The key material (in base64)
|
|
1607
|
+
key_id: The ID of the key.
|
|
1608
|
+
key_type: Key type.
|
|
1609
|
+
rotation_state: State to which the previous version should
|
|
1610
|
+
transition upon rotation.
|
|
1611
|
+
key: The key material.
|
|
908
1612
|
|
|
909
1613
|
Raises:
|
|
910
|
-
PangeaAPIException: If an API Error happens
|
|
1614
|
+
PangeaAPIException: If an API Error happens.
|
|
911
1615
|
|
|
912
|
-
|
|
913
|
-
|
|
914
|
-
|
|
915
|
-
|
|
1616
|
+
Examples:
|
|
1617
|
+
response = vault.rotate_key("pvi_...", key_type=ItemType.SYMMETRIC_KEY)
|
|
1618
|
+
"""
|
|
1619
|
+
|
|
1620
|
+
def rotate_key(
|
|
1621
|
+
self,
|
|
1622
|
+
key_id: str,
|
|
1623
|
+
*,
|
|
1624
|
+
key_type: Literal[ItemType.ASYMMETRIC_KEY, ItemType.SYMMETRIC_KEY],
|
|
1625
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED,
|
|
1626
|
+
public_key: str | None = None,
|
|
1627
|
+
private_key: str | None = None,
|
|
1628
|
+
key: str | None = None,
|
|
1629
|
+
) -> PangeaResponse[Any]:
|
|
1630
|
+
"""
|
|
1631
|
+
Rotate key
|
|
1632
|
+
|
|
1633
|
+
Manually rotate an asymmetric or symmetric key.
|
|
1634
|
+
|
|
1635
|
+
Args:
|
|
1636
|
+
key_id: The ID of the key.
|
|
1637
|
+
key_type: Key type.
|
|
1638
|
+
rotation_state: State to which the previous version should
|
|
1639
|
+
transition upon rotation.
|
|
1640
|
+
public_key: The public key (in PEM format).
|
|
1641
|
+
private_key: The private key (in PEM format).
|
|
1642
|
+
key: The key material.
|
|
1643
|
+
|
|
1644
|
+
Raises:
|
|
1645
|
+
PangeaAPIException: If an API Error happens.
|
|
916
1646
|
|
|
917
1647
|
Examples:
|
|
918
|
-
response = vault.
|
|
919
|
-
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
|
920
|
-
rotation_state=ItemVersionState.DEACTIVATED,
|
|
921
|
-
key="lJkk0gCLux+Q+rPNqLPEYw==",
|
|
922
|
-
)
|
|
1648
|
+
response = vault.rotate_key("pvi_...", key_type=ItemType.SYMMETRIC_KEY)
|
|
923
1649
|
"""
|
|
924
|
-
|
|
925
|
-
|
|
926
|
-
|
|
927
|
-
|
|
928
|
-
|
|
929
|
-
|
|
1650
|
+
|
|
1651
|
+
return self.request.post(
|
|
1652
|
+
"v2/key/rotate",
|
|
1653
|
+
AsymmetricKey if key_type == ItemType.ASYMMETRIC_KEY else SymmetricKey,
|
|
1654
|
+
data=KeyRotateRequest(
|
|
1655
|
+
id=key_id,
|
|
1656
|
+
public_key=public_key,
|
|
1657
|
+
private_key=private_key,
|
|
1658
|
+
key=key,
|
|
1659
|
+
rotation_state=rotation_state,
|
|
1660
|
+
),
|
|
930
1661
|
)
|
|
931
|
-
return self.request.post("v1/key/rotate", KeyRotateResult, data=input.model_dump(exclude_none=True))
|
|
932
1662
|
|
|
933
|
-
|
|
934
|
-
|
|
1663
|
+
def encrypt(
|
|
1664
|
+
self, item_id: str, plain_text: str, *, version: int | None = None, additional_data: str | None = None
|
|
1665
|
+
) -> PangeaResponse[EncryptResult]:
|
|
935
1666
|
"""
|
|
936
1667
|
Encrypt
|
|
937
1668
|
|
|
938
|
-
Encrypt a message using a key
|
|
1669
|
+
Encrypt a message using a key.
|
|
939
1670
|
|
|
940
|
-
OperationId:
|
|
1671
|
+
OperationId: vault_post_v2_key_encrypt
|
|
941
1672
|
|
|
942
1673
|
Args:
|
|
943
|
-
|
|
944
|
-
plain_text
|
|
945
|
-
version
|
|
1674
|
+
item_id: The item ID.
|
|
1675
|
+
plain_text: A message to be encrypted (in base64).
|
|
1676
|
+
version: The item version.
|
|
1677
|
+
additional_data: User provided authentication data.
|
|
1678
|
+
|
|
1679
|
+
Returns:
|
|
1680
|
+
A PangeaResponse where the encrypted message in base64 is returned
|
|
1681
|
+
in the response.result field. Available response fields can be found
|
|
1682
|
+
in our [API documentation](https://pangea.cloud/docs/api/vault#encrypt).
|
|
946
1683
|
|
|
947
1684
|
Raises:
|
|
948
1685
|
PangeaAPIException: If an API Error happens
|
|
949
1686
|
|
|
950
|
-
Returns:
|
|
951
|
-
A PangeaResponse where the encrypted message in base64
|
|
952
|
-
is returned in the response.result field.
|
|
953
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#encrypt).
|
|
954
|
-
|
|
955
1687
|
Examples:
|
|
956
1688
|
response = vault.encrypt(
|
|
957
1689
|
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
|
@@ -959,31 +1691,35 @@ class Vault(ServiceBase):
|
|
|
959
1691
|
version=1,
|
|
960
1692
|
)
|
|
961
1693
|
"""
|
|
962
|
-
|
|
963
|
-
|
|
1694
|
+
return self.request.post(
|
|
1695
|
+
"v2/encrypt",
|
|
1696
|
+
EncryptResult,
|
|
1697
|
+
data=EncryptRequest(id=item_id, plain_text=plain_text, version=version, additional_data=additional_data),
|
|
1698
|
+
)
|
|
964
1699
|
|
|
965
|
-
|
|
966
|
-
|
|
1700
|
+
def decrypt(
|
|
1701
|
+
self, item_id: str, cipher_text: str, *, version: int | None = None, additional_data: str | None = None
|
|
1702
|
+
) -> PangeaResponse[DecryptResult]:
|
|
967
1703
|
"""
|
|
968
1704
|
Decrypt
|
|
969
1705
|
|
|
970
|
-
Decrypt a message using a key
|
|
1706
|
+
Decrypt a message using a key.
|
|
971
1707
|
|
|
972
|
-
OperationId:
|
|
1708
|
+
OperationId: vault_post_v2_key_decrypt
|
|
973
1709
|
|
|
974
1710
|
Args:
|
|
975
|
-
|
|
976
|
-
cipher_text
|
|
977
|
-
version
|
|
1711
|
+
item_id: The item ID.
|
|
1712
|
+
cipher_text: A message encrypted by Vault (in base64).
|
|
1713
|
+
version: The item version.
|
|
1714
|
+
additional_data: User provided authentication data.
|
|
1715
|
+
|
|
1716
|
+
Returns:
|
|
1717
|
+
A PangeaResponse where the decrypted message in base64 is returned
|
|
1718
|
+
in the response.result field. Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#decrypt).
|
|
978
1719
|
|
|
979
1720
|
Raises:
|
|
980
1721
|
PangeaAPIException: If an API Error happens
|
|
981
1722
|
|
|
982
|
-
Returns:
|
|
983
|
-
A PangeaResponse where the decrypted message in base64
|
|
984
|
-
is returned in the response.result field.
|
|
985
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#decrypt).
|
|
986
|
-
|
|
987
1723
|
Examples:
|
|
988
1724
|
response = vault.decrypt(
|
|
989
1725
|
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
|
@@ -991,31 +1727,33 @@ class Vault(ServiceBase):
|
|
|
991
1727
|
version=1,
|
|
992
1728
|
)
|
|
993
1729
|
"""
|
|
994
|
-
|
|
995
|
-
|
|
1730
|
+
return self.request.post(
|
|
1731
|
+
"v2/decrypt",
|
|
1732
|
+
DecryptResult,
|
|
1733
|
+
data=DecryptRequest(id=item_id, cipher_text=cipher_text, version=version, additional_data=additional_data),
|
|
1734
|
+
)
|
|
996
1735
|
|
|
997
|
-
|
|
998
|
-
def sign(self, id: str, message: str, version: Optional[int] = None) -> PangeaResponse[SignResult]:
|
|
1736
|
+
def sign(self, item_id: str, message: str, *, version: int | None = None) -> PangeaResponse[SignResult]:
|
|
999
1737
|
"""
|
|
1000
1738
|
Sign
|
|
1001
1739
|
|
|
1002
1740
|
Sign a message using a key
|
|
1003
1741
|
|
|
1004
|
-
OperationId:
|
|
1742
|
+
OperationId: vault_post_v2_sign
|
|
1005
1743
|
|
|
1006
1744
|
Args:
|
|
1007
|
-
id
|
|
1008
|
-
message
|
|
1009
|
-
version
|
|
1745
|
+
id: The item ID.
|
|
1746
|
+
message: The message to be signed, in base64.
|
|
1747
|
+
version: The item version.
|
|
1748
|
+
|
|
1749
|
+
Returns:
|
|
1750
|
+
A PangeaResponse where the signature of the message in base64 is
|
|
1751
|
+
returned in the response.result field. Available response fields can
|
|
1752
|
+
be found in our [API documentation](https://pangea.cloud/docs/api/vault#sign).
|
|
1010
1753
|
|
|
1011
1754
|
Raises:
|
|
1012
1755
|
PangeaAPIException: If an API Error happens
|
|
1013
1756
|
|
|
1014
|
-
Returns:
|
|
1015
|
-
A PangeaResponse where the signature of the message in base64
|
|
1016
|
-
is returned in the response.result field.
|
|
1017
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#sign).
|
|
1018
|
-
|
|
1019
1757
|
Examples:
|
|
1020
1758
|
response = vault.sign(
|
|
1021
1759
|
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
|
@@ -1023,25 +1761,23 @@ class Vault(ServiceBase):
|
|
|
1023
1761
|
version=1,
|
|
1024
1762
|
)
|
|
1025
1763
|
"""
|
|
1026
|
-
|
|
1027
|
-
return self.request.post("v1/key/sign", SignResult, data=input.model_dump(exclude_none=True))
|
|
1764
|
+
return self.request.post("v2/sign", SignResult, data=SignRequest(id=item_id, message=message, version=version))
|
|
1028
1765
|
|
|
1029
|
-
# Verify
|
|
1030
1766
|
def verify(
|
|
1031
|
-
self,
|
|
1767
|
+
self, item_id: str, message: str, signature: str, *, version: int | None = None
|
|
1032
1768
|
) -> PangeaResponse[VerifyResult]:
|
|
1033
1769
|
"""
|
|
1034
1770
|
Verify
|
|
1035
1771
|
|
|
1036
|
-
Verify a signature using a key
|
|
1772
|
+
Verify a signature using a key.
|
|
1037
1773
|
|
|
1038
|
-
OperationId:
|
|
1774
|
+
OperationId: vault_post_v2_key_verify
|
|
1039
1775
|
|
|
1040
1776
|
Args:
|
|
1041
|
-
id
|
|
1042
|
-
message
|
|
1043
|
-
signature
|
|
1044
|
-
version
|
|
1777
|
+
id: The item ID.
|
|
1778
|
+
message: A message to be verified (in base64).
|
|
1779
|
+
signature: The message signature (in base64).
|
|
1780
|
+
version: The item version.
|
|
1045
1781
|
|
|
1046
1782
|
Raises:
|
|
1047
1783
|
PangeaAPIException: If an API Error happens
|
|
@@ -1059,24 +1795,27 @@ class Vault(ServiceBase):
|
|
|
1059
1795
|
version=1,
|
|
1060
1796
|
)
|
|
1061
1797
|
"""
|
|
1062
|
-
|
|
1063
|
-
|
|
1064
|
-
|
|
1065
|
-
|
|
1066
|
-
|
|
1798
|
+
return self.request.post(
|
|
1799
|
+
"v2/verify",
|
|
1800
|
+
VerifyResult,
|
|
1801
|
+
data=VerifyRequest(
|
|
1802
|
+
id=item_id,
|
|
1803
|
+
message=message,
|
|
1804
|
+
signature=signature,
|
|
1805
|
+
version=version,
|
|
1806
|
+
),
|
|
1067
1807
|
)
|
|
1068
|
-
return self.request.post("v1/key/verify", VerifyResult, data=input.model_dump(exclude_none=True))
|
|
1069
1808
|
|
|
1070
1809
|
def jwt_verify(self, jws: str) -> PangeaResponse[JWTVerifyResult]:
|
|
1071
1810
|
"""
|
|
1072
1811
|
JWT Verify
|
|
1073
1812
|
|
|
1074
|
-
Verify the signature of a JSON Web Token (JWT)
|
|
1813
|
+
Verify the signature of a JSON Web Token (JWT).
|
|
1075
1814
|
|
|
1076
|
-
OperationId:
|
|
1815
|
+
OperationId: vault_post_v2_key_verify_jwt
|
|
1077
1816
|
|
|
1078
1817
|
Args:
|
|
1079
|
-
jws
|
|
1818
|
+
jws: The signed JSON Web Token (JWS).
|
|
1080
1819
|
|
|
1081
1820
|
Raises:
|
|
1082
1821
|
PangeaAPIException: If an API Error happens
|
|
@@ -1087,32 +1826,29 @@ class Vault(ServiceBase):
|
|
|
1087
1826
|
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#verify-jwt).
|
|
1088
1827
|
|
|
1089
1828
|
Examples:
|
|
1090
|
-
response = vault.jwt_verify(
|
|
1091
|
-
jws="ewogICJhbGciO...",
|
|
1092
|
-
)
|
|
1829
|
+
response = vault.jwt_verify(jws="ewogICJhbGciO...")
|
|
1093
1830
|
"""
|
|
1094
|
-
|
|
1095
|
-
return self.request.post("v1/key/verify/jwt", JWTVerifyResult, data=input.model_dump(exclude_none=True))
|
|
1831
|
+
return self.request.post("v2/jwt/verify", JWTVerifyResult, data=JWTVerifyRequest(jws=jws))
|
|
1096
1832
|
|
|
1097
|
-
def jwt_sign(self,
|
|
1833
|
+
def jwt_sign(self, item_id: str, payload: str) -> PangeaResponse[JWTSignResult]:
|
|
1098
1834
|
"""
|
|
1099
1835
|
JWT Sign
|
|
1100
1836
|
|
|
1101
|
-
Sign a JSON Web Token (JWT) using a key
|
|
1837
|
+
Sign a JSON Web Token (JWT) using a key.
|
|
1102
1838
|
|
|
1103
|
-
OperationId:
|
|
1839
|
+
OperationId: vault_post_v2_jwt_sign
|
|
1104
1840
|
|
|
1105
1841
|
Args:
|
|
1106
|
-
id
|
|
1107
|
-
payload
|
|
1842
|
+
id: The item ID.
|
|
1843
|
+
payload: The JWT payload (in JSON).
|
|
1108
1844
|
|
|
1109
1845
|
Raises:
|
|
1110
1846
|
PangeaAPIException: If an API Error happens
|
|
1111
1847
|
|
|
1112
1848
|
Returns:
|
|
1113
|
-
A PangeaResponse where the signed JSON Web Token (JWS)
|
|
1114
|
-
|
|
1115
|
-
|
|
1849
|
+
A PangeaResponse where the signed JSON Web Token (JWS) is returned
|
|
1850
|
+
in the response.result field. Available response fields can be found
|
|
1851
|
+
in our [API documentation](https://pangea.cloud/docs/api/vault#sign-a-jwt).
|
|
1116
1852
|
|
|
1117
1853
|
Examples:
|
|
1118
1854
|
response = vault.jwt_sign(
|
|
@@ -1120,73 +1856,64 @@ class Vault(ServiceBase):
|
|
|
1120
1856
|
payload="{\\"sub\\": \\"1234567890\\",\\"name\\": \\"John Doe\\",\\"admin\\": true}"
|
|
1121
1857
|
)
|
|
1122
1858
|
"""
|
|
1123
|
-
|
|
1124
|
-
return self.request.post("v1/key/sign/jwt", JWTSignResult, data=input.model_dump(exclude_none=True))
|
|
1859
|
+
return self.request.post("v2/jwt/sign", JWTSignResult, data=JWTSignRequest(id=item_id, payload=payload))
|
|
1125
1860
|
|
|
1126
|
-
|
|
1127
|
-
def jwk_get(self, id: str, version: Optional[str] = None) -> PangeaResponse[JWKGetResult]:
|
|
1861
|
+
def jwk_get(self, item_id: str, *, version: str | None = None) -> PangeaResponse[JWKGetResult]:
|
|
1128
1862
|
"""
|
|
1129
1863
|
JWT Retrieve
|
|
1130
1864
|
|
|
1131
|
-
Retrieve a key in JWK format
|
|
1865
|
+
Retrieve a key in JWK format.
|
|
1132
1866
|
|
|
1133
|
-
OperationId:
|
|
1867
|
+
OperationId: vault_post_v2_jwk_get
|
|
1134
1868
|
|
|
1135
1869
|
Args:
|
|
1136
|
-
id
|
|
1137
|
-
version
|
|
1138
|
-
|
|
1139
|
-
|
|
1140
|
-
|
|
1870
|
+
id: The item ID
|
|
1871
|
+
version: The key version(s).
|
|
1872
|
+
- `all` for all versions
|
|
1873
|
+
- `num` for a specific version
|
|
1874
|
+
- `-num` for the `num` latest versions
|
|
1141
1875
|
Raises:
|
|
1142
1876
|
PangeaAPIException: If an API Error happens
|
|
1143
1877
|
|
|
1144
1878
|
Returns:
|
|
1145
|
-
A PangeaResponse where the JSON Web Key Set (JWKS) object
|
|
1146
|
-
|
|
1147
|
-
|
|
1879
|
+
A PangeaResponse where the JSON Web Key Set (JWKS) object is
|
|
1880
|
+
returned in the response.result field. Available response fields can
|
|
1881
|
+
be found in our [API documentation](https://pangea.cloud/docs/api/vault#retrieve-jwk).
|
|
1148
1882
|
|
|
1149
1883
|
Examples:
|
|
1150
|
-
response = vault.jwk_get(
|
|
1151
|
-
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
|
|
1152
|
-
)
|
|
1884
|
+
response = vault.jwk_get("pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5")
|
|
1153
1885
|
"""
|
|
1154
|
-
|
|
1155
|
-
return self.request.post("v1/get/jwk", JWKGetResult, data=input.model_dump(exclude_none=True))
|
|
1886
|
+
return self.request.post("v2/jwk/get", JWKGetResult, data=JWKGetRequest(id=item_id, version=version))
|
|
1156
1887
|
|
|
1157
|
-
# State change
|
|
1158
1888
|
def state_change(
|
|
1159
1889
|
self,
|
|
1160
|
-
|
|
1890
|
+
item_id: str,
|
|
1161
1891
|
state: ItemVersionState,
|
|
1162
|
-
|
|
1163
|
-
|
|
1164
|
-
|
|
1892
|
+
*,
|
|
1893
|
+
version: int | None = None,
|
|
1894
|
+
destroy_period: str | None = None,
|
|
1895
|
+
) -> PangeaResponse[VaultItem]:
|
|
1165
1896
|
"""
|
|
1166
1897
|
State change
|
|
1167
1898
|
|
|
1168
|
-
Change the state of a specific version of a secret or key
|
|
1899
|
+
Change the state of a specific version of a secret or key.
|
|
1169
1900
|
|
|
1170
|
-
OperationId:
|
|
1901
|
+
OperationId: vault_post_v2_state_change
|
|
1171
1902
|
|
|
1172
1903
|
Args:
|
|
1173
|
-
|
|
1174
|
-
state
|
|
1175
|
-
|
|
1176
|
-
|
|
1177
|
-
|
|
1178
|
-
- `compromised`
|
|
1179
|
-
- `destroyed`
|
|
1180
|
-
version (int, optional): the item version
|
|
1181
|
-
destroy_period (str, optional): Period of time for the destruction of a compromised key.
|
|
1182
|
-
Only valid if state=`compromised`
|
|
1183
|
-
Raises:
|
|
1184
|
-
PangeaAPIException: If an API Error happens
|
|
1904
|
+
item_id: The item ID.
|
|
1905
|
+
state: The new state of the item version.
|
|
1906
|
+
version: The item version.
|
|
1907
|
+
destroy_period: Period of time for the destruction of a compromised
|
|
1908
|
+
key. Only valid if state=`compromised`.
|
|
1185
1909
|
|
|
1186
1910
|
Returns:
|
|
1187
|
-
A PangeaResponse where the state change object
|
|
1188
|
-
|
|
1189
|
-
|
|
1911
|
+
A PangeaResponse where the state change object is returned in the
|
|
1912
|
+
response.result field. Available response fields can be found in our
|
|
1913
|
+
[API documentation](https://pangea.cloud/docs/api/vault#change-state).
|
|
1914
|
+
|
|
1915
|
+
Raises:
|
|
1916
|
+
PangeaAPIException: If an API Error happens
|
|
1190
1917
|
|
|
1191
1918
|
Examples:
|
|
1192
1919
|
response = vault.state_change(
|
|
@@ -1194,77 +1921,101 @@ class Vault(ServiceBase):
|
|
|
1194
1921
|
state=ItemVersionState.DEACTIVATED,
|
|
1195
1922
|
)
|
|
1196
1923
|
"""
|
|
1197
|
-
|
|
1198
|
-
|
|
1924
|
+
response = self.request.post(
|
|
1925
|
+
"v2/state/change",
|
|
1926
|
+
PangeaResponseResult,
|
|
1927
|
+
data=StateChangeRequest(id=item_id, state=state, version=version, destroy_period=destroy_period),
|
|
1928
|
+
)
|
|
1929
|
+
response.result = vault_item_adapter.validate_python(response.json["result"])
|
|
1930
|
+
return cast(PangeaResponse[VaultItem], response)
|
|
1199
1931
|
|
|
1200
|
-
# Folder create
|
|
1201
1932
|
def folder_create(
|
|
1202
1933
|
self,
|
|
1203
1934
|
name: str,
|
|
1204
1935
|
folder: str,
|
|
1205
|
-
|
|
1206
|
-
|
|
1936
|
+
*,
|
|
1937
|
+
metadata: Metadata | None = None,
|
|
1938
|
+
tags: Tags | None = None,
|
|
1939
|
+
rotation_frequency: str | None = None,
|
|
1940
|
+
rotation_state: RequestRotationState = RequestRotationState.INHERITED,
|
|
1941
|
+
rotation_grace_period: str | None = None,
|
|
1942
|
+
disabled_at: datetime.datetime | None = None,
|
|
1207
1943
|
) -> PangeaResponse[FolderCreateResult]:
|
|
1208
1944
|
"""
|
|
1209
1945
|
Create
|
|
1210
1946
|
|
|
1211
|
-
Creates a folder
|
|
1947
|
+
Creates a folder.
|
|
1212
1948
|
|
|
1213
|
-
OperationId:
|
|
1949
|
+
OperationId: vault_post_v2_folder_create
|
|
1214
1950
|
|
|
1215
1951
|
Args:
|
|
1216
|
-
name
|
|
1217
|
-
folder
|
|
1218
|
-
metadata
|
|
1219
|
-
tags
|
|
1952
|
+
name: The name of this folder.
|
|
1953
|
+
folder: The parent folder where this folder is stored.
|
|
1954
|
+
metadata: User-provided metadata.
|
|
1955
|
+
tags: A list of user-defined tags.
|
|
1956
|
+
rotation_frequency: Period of time between item rotations.
|
|
1957
|
+
rotation_state: State to which the previous version should
|
|
1958
|
+
transition upon rotation.
|
|
1959
|
+
rotation_grace_period: Grace period for the previous version.
|
|
1960
|
+
disabled_at: Timestamp indicating when the item will be disabled.
|
|
1961
|
+
|
|
1962
|
+
Returns: The created folder object.
|
|
1963
|
+
|
|
1220
1964
|
Raises:
|
|
1221
1965
|
PangeaAPIException: If an API Error happens
|
|
1222
1966
|
|
|
1223
|
-
Returns:
|
|
1224
|
-
A PangeaResponse where the state change object
|
|
1225
|
-
is returned in the response.result field.
|
|
1226
|
-
Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/vault#create).
|
|
1227
|
-
|
|
1228
1967
|
Examples:
|
|
1229
1968
|
response = vault.folder_create(
|
|
1230
1969
|
name="folder_name",
|
|
1231
1970
|
folder="parent/folder/name",
|
|
1232
1971
|
)
|
|
1233
1972
|
"""
|
|
1234
|
-
|
|
1235
|
-
|
|
1973
|
+
return self.request.post(
|
|
1974
|
+
"v2/folder/create",
|
|
1975
|
+
FolderCreateResult,
|
|
1976
|
+
data=FolderCreateRequest(
|
|
1977
|
+
name=name,
|
|
1978
|
+
folder=folder,
|
|
1979
|
+
metadata=metadata,
|
|
1980
|
+
tags=tags,
|
|
1981
|
+
rotation_frequency=rotation_frequency,
|
|
1982
|
+
rotation_state=rotation_state,
|
|
1983
|
+
rotation_grace_period=rotation_grace_period,
|
|
1984
|
+
disabled_at=disabled_at,
|
|
1985
|
+
),
|
|
1986
|
+
)
|
|
1236
1987
|
|
|
1237
|
-
# Encrypt structured
|
|
1238
1988
|
def encrypt_structured(
|
|
1239
1989
|
self,
|
|
1240
|
-
|
|
1990
|
+
key_id: str,
|
|
1241
1991
|
structured_data: TDict,
|
|
1242
|
-
|
|
1243
|
-
|
|
1244
|
-
|
|
1992
|
+
filter_expr: str,
|
|
1993
|
+
*,
|
|
1994
|
+
version: int | None = None,
|
|
1995
|
+
additional_data: str | None = None,
|
|
1245
1996
|
) -> PangeaResponse[EncryptStructuredResult[TDict]]:
|
|
1246
1997
|
"""
|
|
1247
1998
|
Encrypt structured
|
|
1248
1999
|
|
|
1249
2000
|
Encrypt parts of a JSON object.
|
|
1250
2001
|
|
|
1251
|
-
OperationId:
|
|
2002
|
+
OperationId: vault_post_v2_encrypt_structured
|
|
1252
2003
|
|
|
1253
2004
|
Args:
|
|
1254
|
-
|
|
1255
|
-
structured_data
|
|
1256
|
-
|
|
1257
|
-
version
|
|
1258
|
-
additional_data
|
|
1259
|
-
|
|
1260
|
-
Raises:
|
|
1261
|
-
PangeaAPIException: If an API error happens.
|
|
2005
|
+
key_id: The ID of the key to use.
|
|
2006
|
+
structured_data: Structured data for applying bulk operations.
|
|
2007
|
+
filter_expr: A filter expression.
|
|
2008
|
+
version: The item version. Defaults to the current version.
|
|
2009
|
+
additional_data: User provided authentication data.
|
|
1262
2010
|
|
|
1263
2011
|
Returns:
|
|
1264
2012
|
A `PangeaResponse` where the encrypted object is returned in the
|
|
1265
2013
|
`response.result` field. Available response fields can be found in
|
|
1266
2014
|
our [API documentation](https://pangea.cloud/docs/api/vault#encrypt-structured).
|
|
1267
2015
|
|
|
2016
|
+
Raises:
|
|
2017
|
+
PangeaAPIException: If an API error happens.
|
|
2018
|
+
|
|
1268
2019
|
Examples:
|
|
1269
2020
|
data = {"field1": [1, 2, "true", "false"], "field2": "data2"}
|
|
1270
2021
|
response = vault.encrypt_structured(
|
|
@@ -1274,37 +2025,41 @@ class Vault(ServiceBase):
|
|
|
1274
2025
|
)
|
|
1275
2026
|
"""
|
|
1276
2027
|
|
|
1277
|
-
|
|
1278
|
-
id=
|
|
2028
|
+
data: EncryptStructuredRequest[TDict] = EncryptStructuredRequest(
|
|
2029
|
+
id=key_id,
|
|
2030
|
+
structured_data=structured_data,
|
|
2031
|
+
filter=filter_expr,
|
|
2032
|
+
version=version,
|
|
2033
|
+
additional_data=additional_data,
|
|
1279
2034
|
)
|
|
1280
2035
|
return self.request.post(
|
|
1281
|
-
"
|
|
2036
|
+
"v2/encrypt_structured",
|
|
1282
2037
|
EncryptStructuredResult,
|
|
1283
|
-
data=
|
|
2038
|
+
data=data.model_dump(exclude_none=True),
|
|
1284
2039
|
)
|
|
1285
2040
|
|
|
1286
|
-
# Decrypt structured
|
|
1287
2041
|
def decrypt_structured(
|
|
1288
2042
|
self,
|
|
1289
|
-
|
|
2043
|
+
key_id: str,
|
|
1290
2044
|
structured_data: TDict,
|
|
1291
|
-
|
|
1292
|
-
|
|
1293
|
-
|
|
2045
|
+
filter_expr: str,
|
|
2046
|
+
*,
|
|
2047
|
+
version: int | None = None,
|
|
2048
|
+
additional_data: str | None = None,
|
|
1294
2049
|
) -> PangeaResponse[EncryptStructuredResult[TDict]]:
|
|
1295
2050
|
"""
|
|
1296
2051
|
Decrypt structured
|
|
1297
2052
|
|
|
1298
2053
|
Decrypt parts of a JSON object.
|
|
1299
2054
|
|
|
1300
|
-
OperationId:
|
|
2055
|
+
OperationId: vault_post_v2_decrypt_structured
|
|
1301
2056
|
|
|
1302
2057
|
Args:
|
|
1303
|
-
id
|
|
1304
|
-
structured_data
|
|
1305
|
-
filter
|
|
1306
|
-
version
|
|
1307
|
-
additional_data
|
|
2058
|
+
id: The ID of the key to use.
|
|
2059
|
+
structured_data: Structured data for applying bulk operations.
|
|
2060
|
+
filter: A filter expression.
|
|
2061
|
+
version: The item version. Defaults to the current version.
|
|
2062
|
+
additional_data: User provided authentication data.
|
|
1308
2063
|
|
|
1309
2064
|
Raises:
|
|
1310
2065
|
PangeaAPIException: If an API error happens.
|
|
@@ -1323,20 +2078,25 @@ class Vault(ServiceBase):
|
|
|
1323
2078
|
)
|
|
1324
2079
|
"""
|
|
1325
2080
|
|
|
1326
|
-
|
|
1327
|
-
id=
|
|
2081
|
+
data: EncryptStructuredRequest[TDict] = EncryptStructuredRequest(
|
|
2082
|
+
id=key_id,
|
|
2083
|
+
structured_data=structured_data,
|
|
2084
|
+
filter=filter_expr,
|
|
2085
|
+
version=version,
|
|
2086
|
+
additional_data=additional_data,
|
|
1328
2087
|
)
|
|
1329
2088
|
return self.request.post(
|
|
1330
|
-
"
|
|
2089
|
+
"v2/decrypt_structured",
|
|
1331
2090
|
EncryptStructuredResult,
|
|
1332
|
-
data=
|
|
2091
|
+
data=data.model_dump(exclude_none=True),
|
|
1333
2092
|
)
|
|
1334
2093
|
|
|
1335
2094
|
def encrypt_transform(
|
|
1336
2095
|
self,
|
|
1337
|
-
|
|
2096
|
+
item_id: str,
|
|
1338
2097
|
plain_text: str,
|
|
1339
2098
|
alphabet: TransformAlphabet,
|
|
2099
|
+
*,
|
|
1340
2100
|
tweak: str | None = None,
|
|
1341
2101
|
version: int | None = None,
|
|
1342
2102
|
) -> PangeaResponse[EncryptTransformResult]:
|
|
@@ -1345,13 +2105,14 @@ class Vault(ServiceBase):
|
|
|
1345
2105
|
|
|
1346
2106
|
Encrypt using a format-preserving algorithm (FPE).
|
|
1347
2107
|
|
|
1348
|
-
OperationId:
|
|
2108
|
+
OperationId: vault_post_v2_encrypt_transform
|
|
1349
2109
|
|
|
1350
2110
|
Args:
|
|
1351
|
-
|
|
2111
|
+
item_id: The item ID.
|
|
1352
2112
|
plain_text: A message to be encrypted.
|
|
1353
2113
|
alphabet: Set of characters to use for format-preserving encryption (FPE).
|
|
1354
|
-
tweak: User provided tweak string. If not provided, a random string
|
|
2114
|
+
tweak: User provided tweak string. If not provided, a random string
|
|
2115
|
+
will be generated and returned.
|
|
1355
2116
|
version: The item version. Defaults to the current version.
|
|
1356
2117
|
|
|
1357
2118
|
Raises:
|
|
@@ -1369,28 +2130,27 @@ class Vault(ServiceBase):
|
|
|
1369
2130
|
)
|
|
1370
2131
|
"""
|
|
1371
2132
|
|
|
1372
|
-
input = EncryptTransformRequest(
|
|
1373
|
-
id=id,
|
|
1374
|
-
plain_text=plain_text,
|
|
1375
|
-
tweak=tweak,
|
|
1376
|
-
alphabet=alphabet,
|
|
1377
|
-
version=version,
|
|
1378
|
-
)
|
|
1379
2133
|
return self.request.post(
|
|
1380
|
-
"
|
|
2134
|
+
"v2/encrypt_transform",
|
|
1381
2135
|
EncryptTransformResult,
|
|
1382
|
-
data=
|
|
2136
|
+
data=EncryptTransformRequest(
|
|
2137
|
+
id=item_id,
|
|
2138
|
+
plain_text=plain_text,
|
|
2139
|
+
tweak=tweak,
|
|
2140
|
+
alphabet=alphabet,
|
|
2141
|
+
version=version,
|
|
2142
|
+
),
|
|
1383
2143
|
)
|
|
1384
2144
|
|
|
1385
2145
|
def decrypt_transform(
|
|
1386
|
-
self,
|
|
2146
|
+
self, item_id: str, cipher_text: str, tweak: str, alphabet: TransformAlphabet, *, version: int | None = None
|
|
1387
2147
|
) -> PangeaResponse[DecryptTransformResult]:
|
|
1388
2148
|
"""
|
|
1389
2149
|
Decrypt transform
|
|
1390
2150
|
|
|
1391
2151
|
Decrypt using a format-preserving algorithm (FPE).
|
|
1392
2152
|
|
|
1393
|
-
OperationId:
|
|
2153
|
+
OperationId: vault_post_v2_decrypt_transform
|
|
1394
2154
|
|
|
1395
2155
|
Args:
|
|
1396
2156
|
id: The item ID.
|
|
@@ -1399,12 +2159,12 @@ class Vault(ServiceBase):
|
|
|
1399
2159
|
alphabet: Set of characters to use for format-preserving encryption (FPE).
|
|
1400
2160
|
version: The item version. Defaults to the current version.
|
|
1401
2161
|
|
|
1402
|
-
Raises:
|
|
1403
|
-
PangeaAPIException: If an API error happens.
|
|
1404
|
-
|
|
1405
2162
|
Returns:
|
|
1406
2163
|
A `PangeaResponse` containing the decrypted message.
|
|
1407
2164
|
|
|
2165
|
+
Raises:
|
|
2166
|
+
PangeaAPIException: If an API error happens.
|
|
2167
|
+
|
|
1408
2168
|
Examples:
|
|
1409
2169
|
vault.decrypt_transform(
|
|
1410
2170
|
id="pvi_[...]",
|
|
@@ -1414,55 +2174,64 @@ class Vault(ServiceBase):
|
|
|
1414
2174
|
)
|
|
1415
2175
|
"""
|
|
1416
2176
|
|
|
1417
|
-
input = DecryptTransformRequest(id=id, cipher_text=cipher_text, tweak=tweak, alphabet=alphabet, version=version)
|
|
1418
2177
|
return self.request.post(
|
|
1419
|
-
"
|
|
2178
|
+
"v2/decrypt_transform",
|
|
1420
2179
|
DecryptTransformResult,
|
|
1421
|
-
data=
|
|
2180
|
+
data=DecryptTransformRequest(
|
|
2181
|
+
id=item_id, cipher_text=cipher_text, tweak=tweak, alphabet=alphabet, version=version
|
|
2182
|
+
),
|
|
1422
2183
|
)
|
|
1423
2184
|
|
|
1424
2185
|
def export(
|
|
1425
2186
|
self,
|
|
1426
|
-
|
|
2187
|
+
item_id: str,
|
|
2188
|
+
*,
|
|
1427
2189
|
version: int | None = None,
|
|
1428
|
-
|
|
1429
|
-
|
|
2190
|
+
kem_password: str | None = None,
|
|
2191
|
+
asymmetric_public_key: str | None = None,
|
|
2192
|
+
asymmetric_algorithm: ExportEncryptionAlgorithm | None = None,
|
|
1430
2193
|
) -> PangeaResponse[ExportResult]:
|
|
1431
2194
|
"""
|
|
1432
2195
|
Export
|
|
1433
2196
|
|
|
1434
2197
|
Export a symmetric or asymmetric key.
|
|
1435
2198
|
|
|
1436
|
-
OperationId:
|
|
2199
|
+
OperationId: vault_post_v2_export
|
|
1437
2200
|
|
|
1438
2201
|
Args:
|
|
1439
|
-
|
|
2202
|
+
item_id: The item ID.
|
|
1440
2203
|
version: The item version.
|
|
1441
|
-
|
|
1442
|
-
|
|
1443
|
-
|
|
1444
|
-
|
|
1445
|
-
|
|
2204
|
+
kem_password: This is the password that will be used along with a
|
|
2205
|
+
salt to derive the symmetric key that is used to encrypt the
|
|
2206
|
+
exported key material.
|
|
2207
|
+
asymmetric_public_key: Public key in pem format used to encrypt
|
|
2208
|
+
exported key(s).
|
|
2209
|
+
asymmetric_algorithm: The algorithm of the public key.
|
|
1446
2210
|
|
|
1447
2211
|
Returns:
|
|
1448
2212
|
A `PangeaResponse` where the exported key is returned in the
|
|
1449
2213
|
`response.result` field. Available response fields can be found in
|
|
1450
2214
|
our [API documentation](https://pangea.cloud/docs/api/vault#export).
|
|
1451
2215
|
|
|
2216
|
+
Raises:
|
|
2217
|
+
PangeaAPIException: If an API error happens.
|
|
2218
|
+
|
|
1452
2219
|
Examples:
|
|
1453
2220
|
exp_encrypted_resp = self.vault.export(
|
|
1454
2221
|
id=id,
|
|
1455
|
-
|
|
1456
|
-
|
|
1457
|
-
encryption_algorithm=ExportEncryptionAlgorithm.RSA4096_OAEP_SHA512,
|
|
2222
|
+
asymmetric_public_key=rsa_pub_key_pem,
|
|
2223
|
+
asymmetric_algorithm=ExportEncryptionAlgorithm.RSA4096_OAEP_SHA512,
|
|
1458
2224
|
)
|
|
1459
2225
|
"""
|
|
1460
2226
|
|
|
1461
|
-
input: ExportRequest = ExportRequest(
|
|
1462
|
-
id=id, version=version, encryption_algorithm=encryption_algorithm, encryption_key=encryption_key
|
|
1463
|
-
)
|
|
1464
2227
|
return self.request.post(
|
|
1465
|
-
"
|
|
2228
|
+
"v2/export",
|
|
1466
2229
|
ExportResult,
|
|
1467
|
-
data=
|
|
2230
|
+
data=ExportRequest(
|
|
2231
|
+
id=item_id,
|
|
2232
|
+
version=version,
|
|
2233
|
+
kem_password=kem_password,
|
|
2234
|
+
asymmetric_public_key=asymmetric_public_key,
|
|
2235
|
+
asymmetric_algorithm=asymmetric_algorithm,
|
|
2236
|
+
),
|
|
1468
2237
|
)
|