mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-12 01:27:01 +02:00
Code Issues Projects Releases Wiki Activity

Transit key actions (#2254)

Browse Source 
* add supports_* for transit key reads

* update transit docs with new supports_* fields
This commit is contained in:
Matthew Irish 2017-01-11 10:05:06 -06:00 committed by GitHub
parent 5ecfe3c477
commit 231f00dff2
2 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
builtin/logical/transit/path_keys.go
View File

@ -154,6 +154,10 @@ func (b *backend) pathPolicyRead(
"deletion_allowed": p.DeletionAllowed, "deletion_allowed": p.DeletionAllowed,
"min_decryption_version": p.MinDecryptionVersion, "min_decryption_version": p.MinDecryptionVersion,
"latest_version": p.LatestVersion, "latest_version": p.LatestVersion,
"supports_encryption": p.Type.EncryptionSupported(),
"supports_decryption": p.Type.DecryptionSupported(),
"supports_signing": p.Type.SigningSupported(),
"supports_derivation": p.Type.DerivationSupported(),
}, },
} }

26
website/source/docs/secrets/transit/index.html.md
View File

@ -86,13 +86,17 @@ the settings of the "foo" key by reading it:
``` ```
$ vault read transit/keys/foo $ vault read transit/keys/foo
Key Value Key Value
type aes256-gcm96 deletion_allowed false
deletion_allowed false derived false
derived false keys map[1:1484070923]
keys map[1:1.459861712e+09] latest_version 1
latest_version 1 min_decryption_version 1
min_decryption_version 1 name foo
name foo supports_decryption true
supports_derivation true
supports_encryption true
supports_signing false
type aes256-gcm96
```` ````
Now, if we wanted to encrypt a piece of plain text, we use the encrypt Now, if we wanted to encrypt a piece of plain text, we use the encrypt
@ -153,7 +157,7 @@ only encrypt or decrypt using the named keys they need access to.
<li>`aes256-gcm96`: AES-256 wrapped with GCM using a 12-byte nonce size (symmetric)</li> <li>`aes256-gcm96`: AES-256 wrapped with GCM using a 12-byte nonce size (symmetric)</li>
<li>`ecdsa-p256`: ECDSA using the P-256 elliptic curve (asymmetric)</li> <li>`ecdsa-p256`: ECDSA using the P-256 elliptic curve (asymmetric)</li>
</ul> </ul>
Defaults to `aes256-gcm`. Defaults to `aes256-gcm96`.
</li> </li>
<li> <li>
<span class="param">derived</span> <span class="param">derived</span>
@ -220,7 +224,11 @@ only encrypt or decrypt using the named keys they need access to.
"1": 1442851412 "1": 1442851412
}, },
"min_decryption_version": 0, "min_decryption_version": 0,
"name": "foo" "name": "foo",
"supports_encryption": true,
"supports_decryption": true,
"supports_derivation": true,
"supports_signing": false
} }
} }
``` ```