Transit¶
Create Key¶
hvac.api.secrets_engines.Transit.create_key()
import hvac
client = hvac.Client()
client.secrets.transit.create_key(name='hvac-key')
Read Key¶
hvac.api.secrets_engines.Transit.read_key()
import hvac
client = hvac.Client()
read_key_response = client.secrets.transit.read_key(name='hvac-key')
latest_version = read_key_response['data']['latest_version']
print('Latest version for key "hvac-key" is: {ver}'.format(ver=latest_version))
List Keys¶
hvac.api.secrets_engines.Transit.list_keys()
import hvac
client = hvac.Client()
list_keys_response = client.secrets.transit.read_key(name='hvac-key')
keys = list_keys_response['data']['keys']
print('Currently configured keys: {keys}'.format(keys=keys))
Delete Key¶
hvac.api.secrets_engines.Transit.delete_key()
import hvac
client = hvac.Client()
client.secrets.transit.delete_key(name='hvac-key')
Update Key Configuration¶
hvac.api.secrets_engines.Transit.update_key_configuration()
import hvac
client = hvac.Client()
# allow key "hvac-key" to be exported in subsequent requests
client.secrets.transit.update_key_configuration(
name='hvac-key',
exportable=True,
)
Rotate Key¶
hvac.api.secrets_engines.Transit.rotate_key()
import hvac
client = hvac.Client()
client.secrets.transit.rotate_key(name='hvac-key')
Export Key¶
hvac.api.secrets_engines.Transit.encrypt_key()
import hvac
client = hvac.Client()
export_key_response = client.secrets.transit.export_key(name='hvac-key')
first_key = export_key_response['keys']['1']
Encrypt Data¶
hvac.api.secrets_engines.Transit.decrypt_data()
import base64
import hvac
client = hvac.Client()
encrypt_data_response = client.secrets.transit.encrypt_data(
name='hvac-key',
plaintext=base64.urlsafe_b64encode('hi its me hvac').decode('ascii'),
)
ciphertext = encrypt_data_response['data']['ciphertext']
print('Encrypted plaintext ciphertext is: {cipher}'.format(cipher=ciphertext))
Decrypt Data¶
hvac.api.secrets_engines.Transit.decrypt_data()
import hvac
client = hvac.Client()
decrypt_data_response = client.secrets.transit.decrypt_data(
name='hvac-key',
ciphertext=ciphertext,
)
plaintext = decrypt_data_response['data']['plaintext']
print('Encrypted plaintext is: {text}'.format(text=plaintext))
Rewrap Data¶
hvac.api.secrets_engines.Transit.rewrap_data()
import hvac
client = hvac.Client()
encrypt_data_response = client.secrets.transit.rewrap_data(
name='hvac-key',
ciphertext=ciphertext,
)
rewrapped_ciphertext = encrypt_data_response['data']['ciphertext']
print('Rewrapped ciphertext is: {cipher}'.format(cipher=rewrapped_ciphertext))
Generate Data Key¶
hvac.api.secrets_engines.Transit.generate_data_key()
import hvac
client = hvac.Client()
gen_key_response = client.secrets.transit.generate_data_key(name='hvac-key')
ciphertext = gen_data_key_response['data']
print('Generated data key is: {cipher}'.format(cipher=ciphertext))
Generate Random Bytes¶
hvac.api.secrets_engines.Transit.generate_random_bytes()
import hvac
client = hvac.Client()
gen_bytes_response = client.secrets.transit.generate_random_bytes(n_bytes=32)
random_bytes = gen_bytes_response['data']['random_bytes']
print('Here are some random bytes: {bytes}'.format(bytes=random_bytes))
Hash Data¶
hvac.api.secrets_engines.Transit.hash_data()
import hvac
client = hvac.Client()
hash_data_response = client.secrets.transit.hash_data(
name='hvac-key',
hash_input=base64.urlsafe_b64encode('hi its me hvac').decode('ascii'),
)
sum = hash_data_response['data']['sum']
print('Hashed data is: {sum}'.format(sum=sum))
Generate Hmac¶
hvac.api.secrets_engines.Transit.generate_hmac()
import hvac
client = hvac.Client()
generate_hmac_response = client.secrets.transit.hash_data(
name='hvac-key',
hash_input=base64.urlsafe_b64encode('hi its me hvac').decode('ascii'),
)
hmac = generate_hmac_response['data']['sum']
print('HMAC'd data is: {hmac}'.format(hmac=hmac))
Sign Data¶
hvac.api.secrets_engines.Transit.sign_data()
import hvac
client = hvac.Client()
sign_data_response = client.secrets.transit.sign_data(
name='hvac-key',
hash_input=base64.urlsafe_b64encode('hi its me hvac').decode('ascii'),
)
signature = sign_data_response['data']['signature']
print('Signature is: {signature}'.format(signature=signature))
Verify Signed Data¶
hvac.api.secrets_engines.Transit.verify_signed_data()
import hvac
client = hvac.Client()
verify_signed_data_response = client.secrets.transit.verify_signed_data(
name='hvac-key',
hash_input=base64.urlsafe_b64encode('hi its me hvac').decode('ascii'),
)
valid = verify_signed_data_response['data']['valid']
print('Signature is valid?: {valid}'.format(valid=valid))
Backup Key¶
hvac.api.secrets_engines.Transit.backup_key()
import hvac
client = hvac.Client()
backup_key_response = client.secrets.transit.backup_key(
name='hvac-key',
mount_point=TEST_MOUNT_POINT,
)
backed_up_key = backup_key_response['data']['backup']
Restore Key¶
hvac.api.secrets_engines.Transit.restore_key()
import hvac
client = hvac.Client()
client.secrets.transit.restore_key(backup=backed_up_key)
Trim Key¶
hvac.api.secrets_engines.Transit.trim_key()
import hvac
client = hvac.Client()
client.secrets.transit.trim_key(
name='hvac-key',
min_version=3,
)