class OCI::KeyManagement::KmsCryptoClient

API for managing and performing operations with keys and vaults. (For the API for managing secrets, see the Vault Service Secret Management API. For the API for retrieving secrets, see the Vault Service Secret Retrieval API.)

Attributes

api_client[R]

Client used to make HTTP requests. @return [OCI::ApiClient]

endpoint[R]

Fully qualified endpoint URL @return [String]

retry_config[R]

The default retry configuration to apply to all operations in this service client. This can be overridden on a per-operation basis. The default retry configuration value is `nil`, which means that an operation will not perform any retries @return [OCI::Retry::RetryConfig]

Public Class Methods

new(config: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) click to toggle source

Creates a new KmsCryptoClient. Notes:

If a config is not specified, then the global OCI.config will be used.

This client is not thread-safe

@param [Config] config A Config object. @param [String] endpoint The fully qualified endpoint URL @param [OCI::BaseSigner] signer A signer implementation which can be used by this client. If this is not provided then

a signer will be constructed via the provided config. One use case of this parameter is instance principals authentication,
so that the instance principals signer can be provided to the client

@param [OCI::ApiClientProxySettings] proxy_settings If your environment requires you to use a proxy server for outgoing HTTP requests

the details for the proxy can be provided in this parameter

@param [OCI::Retry::RetryConfig] retry_config The retry configuration for this service client. This represents the default retry configuration to

apply across all operations. This can be overridden on a per-operation basis. The default retry configuration value is `nil`, which means that an operation
will not perform any retries
# File lib/oci/key_management/kms_crypto_client.rb, line 44
def initialize(config: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil)
  raise 'A fully qualified endpoint URL must be defined' unless endpoint

  @endpoint = endpoint + '/'

  # If the signer is an InstancePrincipalsSecurityTokenSigner or SecurityTokenSigner and no config was supplied (they are self-sufficient signers)
  # then create a dummy config to pass to the ApiClient constructor. If customers wish to create a client which uses instance principals
  # and has config (either populated programmatically or loaded from a file), they must construct that config themselves and then
  # pass it to this constructor.
  #
  # If there is no signer (or the signer is not an instance principals signer) and no config was supplied, this is not valid
  # so try and load the config from the default file.
  config = OCI::Config.validate_and_build_config_with_signer(config, signer)

  signer = OCI::Signer.config_file_auth_builder(config) if signer.nil?

  @api_client = OCI::ApiClient.new(config, signer, proxy_settings: proxy_settings)
  @retry_config = retry_config
  logger.info "KmsCryptoClient endpoint set to '#{@endpoint}'." if logger
end

Public Instance Methods

decrypt(decrypt_data_details, opts = {}) click to toggle source

Decrypts data using the given [DecryptDataDetails](docs.cloud.oracle.com/api/#/en/key/latest/datatypes/DecryptDataDetails) resource.

@param [OCI::KeyManagement::Models::DecryptDataDetails] decrypt_data_details DecryptDataDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level

retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry

@option opts [String] :opc_request_id Unique identifier for the request. If provided, the returned request ID

will include this value. Otherwise, a random request ID will be
generated by the service.

@return [Response] A Response object with data of type {OCI::KeyManagement::Models::DecryptedData DecryptedData} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/decrypt.rb.html) to see an example of how to use decrypt API.

# File lib/oci/key_management/kms_crypto_client.rb, line 88
def decrypt(decrypt_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#decrypt.' if logger

  raise "Missing the required parameter 'decrypt_data_details' when calling decrypt." if decrypt_data_details.nil?

  path = '/20180608/decrypt'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(decrypt_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#decrypt') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::DecryptedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end
encrypt(encrypt_data_details, opts = {}) click to toggle source

Encrypts data using the given [EncryptDataDetails](docs.cloud.oracle.com/api/#/en/key/latest/datatypes/EncryptDataDetails) resource. Plaintext included in the example request is a base64-encoded value of a UTF-8 string.

@param [OCI::KeyManagement::Models::EncryptDataDetails] encrypt_data_details EncryptDataDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level

retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry

@option opts [String] :opc_request_id Unique identifier for the request. If provided, the returned request ID

will include this value. Otherwise, a random request ID will be
generated by the service.

@return [Response] A Response object with data of type {OCI::KeyManagement::Models::EncryptedData EncryptedData} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/encrypt.rb.html) to see an example of how to use encrypt API.

# File lib/oci/key_management/kms_crypto_client.rb, line 146
def encrypt(encrypt_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#encrypt.' if logger

  raise "Missing the required parameter 'encrypt_data_details' when calling encrypt." if encrypt_data_details.nil?

  path = '/20180608/encrypt'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(encrypt_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#encrypt') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::EncryptedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end
export_key(export_key_details, opts = {}) click to toggle source

Exports a specific version of a master encryption key according to the details of the request. For their protection, keys that you create and store on a hardware security module (HSM) can never leave the HSM. You can only export keys stored on the server. For export, the key version is encrypted by an RSA public key that you provide.

@param [OCI::KeyManagement::Models::ExportKeyDetails] export_key_details ExportKeyDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level

retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry

@return [Response] A Response object with data of type {OCI::KeyManagement::Models::ExportedKeyData ExportedKeyData} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/export_key.rb.html) to see an example of how to use export_key API.

# File lib/oci/key_management/kms_crypto_client.rb, line 202
def export_key(export_key_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#export_key.' if logger

  raise "Missing the required parameter 'export_key_details' when calling export_key." if export_key_details.nil?

  path = '/20180608/exportKey'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(export_key_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#export_key') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::ExportedKeyData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end
generate_data_encryption_key(generate_key_details, opts = {}) click to toggle source

Generates a key that you can use to encrypt or decrypt data.

@param [OCI::KeyManagement::Models::GenerateKeyDetails] generate_key_details GenerateKeyDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level

retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry

@option opts [String] :opc_request_id Unique identifier for the request. If provided, the returned request ID

will include this value. Otherwise, a random request ID will be
generated by the service.

@return [Response] A Response object with data of type {OCI::KeyManagement::Models::GeneratedKey GeneratedKey} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/generate_data_encryption_key.rb.html) to see an example of how to use generate_data_encryption_key API.

# File lib/oci/key_management/kms_crypto_client.rb, line 259
def generate_data_encryption_key(generate_key_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#generate_data_encryption_key.' if logger

  raise "Missing the required parameter 'generate_key_details' when calling generate_data_encryption_key." if generate_key_details.nil?

  path = '/20180608/generateDataEncryptionKey'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(generate_key_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#generate_data_encryption_key') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::GeneratedKey'
    )
  end
  # rubocop:enable Metrics/BlockLength
end
logger() click to toggle source

@return [Logger] The logger for this client. May be nil.

# File lib/oci/key_management/kms_crypto_client.rb, line 67
def logger
  @api_client.config.logger
end
sign(sign_data_details, opts = {}) click to toggle source

Creates a digital signature for a message or message digest by using the private key of a public-private key pair, also known as an asymmetric key. To verify the generated signature, you can use the [Verify](docs.cloud.oracle.com/api/#/en/key/latest/VerifiedData/Verify) operation. Or, if you want to validate the signature outside of the service, you can do so by using the public key of the same asymmetric key.

@param [OCI::KeyManagement::Models::SignDataDetails] sign_data_details SignDataDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level

retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry

@option opts [String] :opc_request_id Unique identifier for the request. If provided, the returned request ID

will include this value. Otherwise, a random request ID will be
generated by the service.

@return [Response] A Response object with data of type {OCI::KeyManagement::Models::SignedData SignedData} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/sign.rb.html) to see an example of how to use sign API.

# File lib/oci/key_management/kms_crypto_client.rb, line 318
def sign(sign_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#sign.' if logger

  raise "Missing the required parameter 'sign_data_details' when calling sign." if sign_data_details.nil?

  path = '/20180608/sign'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(sign_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#sign') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::SignedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end
verify(verify_data_details, opts = {}) click to toggle source

Verifies a digital signature that was generated by the [Sign](docs.cloud.oracle.com/api/#/en/key/latest/SignedData/Sign) operation by using the public key of the same asymmetric key that was used to sign the data. If you want to validate the digital signature outside of the service, you can do so by using the public key of the asymmetric key.

@param [OCI::KeyManagement::Models::VerifyDataDetails] verify_data_details VerifyDataDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level

retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry

@option opts [String] :opc_request_id Unique identifier for the request. If provided, the returned request ID

will include this value. Otherwise, a random request ID will be
generated by the service.

@return [Response] A Response object with data of type {OCI::KeyManagement::Models::VerifiedData VerifiedData} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/verify.rb.html) to see an example of how to use verify API.

# File lib/oci/key_management/kms_crypto_client.rb, line 377
def verify(verify_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#verify.' if logger

  raise "Missing the required parameter 'verify_data_details' when calling verify." if verify_data_details.nil?

  path = '/20180608/verify'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(verify_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#verify') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::VerifiedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

Private Instance Methods

applicable_retry_config(opts = {}) click to toggle source

rubocop:enable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity rubocop:enable Style/IfUnlessModifier, Metrics/ParameterLists rubocop:enable Metrics/MethodLength, Layout/EmptyLines

# File lib/oci/key_management/kms_crypto_client.rb, line 419
def applicable_retry_config(opts = {})
  return @retry_config unless opts.key?(:retry_config)

  opts[:retry_config]
end