spring-vault icon indicating copy to clipboard operation
spring-vault copied to clipboard

Published 20 hours ago verified publisher icon spring-projects

Extend `VaultTransitKey` with additional properties returned by the API

Open ehdvudee opened this issue 4 years ago • 1 comments

Hello there.

I'm Vault user. I need community help. Spring-Vault-Core does not return Convergent Encryption Information. Below is my environment.

Spring-Vault-Version: spring-vault-core:2.3.2
Vault-Version: 1.7.2

VaultOperations.opsForTransit().getKey("$keyName") method in Spring-Vault-Core does not return convergentEncryption field. But Vault HTTP API can return it.

[Request to Vault using curl]

curl \
    --header "X-Vault-Token:s.222......2222" \
    --request GET \
    http://127.0.0.1:8200/v1/transit/keys/$keyName

[Vault Response Msg]

{"request_id":"a6fad577-fa6d-83fc-6df1-d1f6e4c925bd",
"lease_id":"",
"renewable":false,
"lease_duration":0,
"data":{
	"allow_plaintext_backup":false,
	"convergent_encryption":true,
	"convergent_encryption_version":-1,
	"deletion_allowed":false,
	"derived":true,
	"exportable":false,
	"kdf":"hkdf_sha256",
	"keys":{"1":1625794134},
	"latest_version":1,
	"min_available_version":0,
	"min_decryption_version":1,
	"min_encryption_version":0,
	"name":"bbe88a5f-44de-4b1d-9352-83c42e2e3cd8",
	"supports_decryption":true,
	"supports_derivation":true,
	"supports_encryption":true,
	"supports_signing":false,
	"type":"aes256-gcm96"
},
"wrap_info":null,
"warnings":null,
"auth":null
}

How can I get Convergent Encryption Information using Spring-Vault-Core?

Thanks.

ehdvudee avatar Jul 26 '21 08:07 ehdvudee

VaultTransitKey supports only a subset of the properties exposed through Vault's API. You can either obtain the details by using the generic VaultOperations.read(…) API that represents responses as Map<String, Object> or you submit a pull request to extend VaultTransitKey.

mp911de avatar Jul 26 '21 08:07 mp911de