class OCI::KeyManagement::KmsCryptoClient
API for managing and performing operations with keys and vaults. (For the API for managing secrets, see the Vault
Service Secret Management API. For the API for retrieving secrets, see the Vault
Service Secret Retrieval API.)
Attributes
Client used to make HTTP requests. @return [OCI::ApiClient]
Fully qualified endpoint URL @return [String]
The default retry configuration to apply to all operations in this service client. This can be overridden on a per-operation basis. The default retry configuration value is `nil`, which means that an operation will not perform any retries @return [OCI::Retry::RetryConfig]
Public Class Methods
Creates a new KmsCryptoClient
. Notes:
If a config is not specified, then the global OCI.config will be used. This client is not thread-safe
@param [Config] config A Config
object. @param [String] endpoint The fully qualified endpoint URL @param [OCI::BaseSigner] signer A signer implementation which can be used by this client. If this is not provided then
a signer will be constructed via the provided config. One use case of this parameter is instance principals authentication, so that the instance principals signer can be provided to the client
@param [OCI::ApiClientProxySettings] proxy_settings If your environment requires you to use a proxy server for outgoing HTTP requests
the details for the proxy can be provided in this parameter
@param [OCI::Retry::RetryConfig] retry_config
The retry configuration for this service client. This represents the default retry configuration to
apply across all operations. This can be overridden on a per-operation basis. The default retry configuration value is `nil`, which means that an operation will not perform any retries
# File lib/oci/key_management/kms_crypto_client.rb, line 44 def initialize(config: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) raise 'A fully qualified endpoint URL must be defined' unless endpoint @endpoint = endpoint + '/' # If the signer is an InstancePrincipalsSecurityTokenSigner or SecurityTokenSigner and no config was supplied (they are self-sufficient signers) # then create a dummy config to pass to the ApiClient constructor. If customers wish to create a client which uses instance principals # and has config (either populated programmatically or loaded from a file), they must construct that config themselves and then # pass it to this constructor. # # If there is no signer (or the signer is not an instance principals signer) and no config was supplied, this is not valid # so try and load the config from the default file. config = OCI::Config.validate_and_build_config_with_signer(config, signer) signer = OCI::Signer.config_file_auth_builder(config) if signer.nil? @api_client = OCI::ApiClient.new(config, signer, proxy_settings: proxy_settings) @retry_config = retry_config logger.info "KmsCryptoClient endpoint set to '#{@endpoint}'." if logger end
Public Instance Methods
Decrypts data using the given [DecryptDataDetails](docs.cloud.oracle.com/api/#/en/key/latest/datatypes/DecryptDataDetails) resource.
@param [OCI::KeyManagement::Models::DecryptDataDetails] decrypt_data_details DecryptDataDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level
retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry
@option opts [String] :opc_request_id Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be generated by the service.
@return [Response] A Response
object with data of type {OCI::KeyManagement::Models::DecryptedData DecryptedData} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/decrypt.rb.html) to see an example of how to use decrypt API.
# File lib/oci/key_management/kms_crypto_client.rb, line 88 def decrypt(decrypt_data_details, opts = {}) logger.debug 'Calling operation KmsCryptoClient#decrypt.' if logger raise "Missing the required parameter 'decrypt_data_details' when calling decrypt." if decrypt_data_details.nil? path = '/20180608/decrypt' operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id] # rubocop:enable Style/NegatedIf post_body = @api_client.object_to_http_body(decrypt_data_details) # rubocop:disable Metrics/BlockLength OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#decrypt') do @api_client.call_api( :POST, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::KeyManagement::Models::DecryptedData' ) end # rubocop:enable Metrics/BlockLength end
Encrypts data using the given [EncryptDataDetails](docs.cloud.oracle.com/api/#/en/key/latest/datatypes/EncryptDataDetails) resource. Plaintext included in the example request is a base64-encoded value of a UTF-8 string.
@param [OCI::KeyManagement::Models::EncryptDataDetails] encrypt_data_details EncryptDataDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level
retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry
@option opts [String] :opc_request_id Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be generated by the service.
@return [Response] A Response
object with data of type {OCI::KeyManagement::Models::EncryptedData EncryptedData} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/encrypt.rb.html) to see an example of how to use encrypt API.
# File lib/oci/key_management/kms_crypto_client.rb, line 146 def encrypt(encrypt_data_details, opts = {}) logger.debug 'Calling operation KmsCryptoClient#encrypt.' if logger raise "Missing the required parameter 'encrypt_data_details' when calling encrypt." if encrypt_data_details.nil? path = '/20180608/encrypt' operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id] # rubocop:enable Style/NegatedIf post_body = @api_client.object_to_http_body(encrypt_data_details) # rubocop:disable Metrics/BlockLength OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#encrypt') do @api_client.call_api( :POST, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::KeyManagement::Models::EncryptedData' ) end # rubocop:enable Metrics/BlockLength end
Exports a specific version of a master encryption key according to the details of the request. For their protection, keys that you create and store on a hardware security module (HSM) can never leave the HSM. You can only export keys stored on the server. For export, the key version is encrypted by an RSA public key that you provide.
@param [OCI::KeyManagement::Models::ExportKeyDetails] export_key_details ExportKeyDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level
retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry
@return [Response] A Response
object with data of type {OCI::KeyManagement::Models::ExportedKeyData ExportedKeyData} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/export_key.rb.html) to see an example of how to use export_key
API.
# File lib/oci/key_management/kms_crypto_client.rb, line 202 def export_key(export_key_details, opts = {}) logger.debug 'Calling operation KmsCryptoClient#export_key.' if logger raise "Missing the required parameter 'export_key_details' when calling export_key." if export_key_details.nil? path = '/20180608/exportKey' operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' # rubocop:enable Style/NegatedIf post_body = @api_client.object_to_http_body(export_key_details) # rubocop:disable Metrics/BlockLength OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#export_key') do @api_client.call_api( :POST, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::KeyManagement::Models::ExportedKeyData' ) end # rubocop:enable Metrics/BlockLength end
Generates a key that you can use to encrypt or decrypt data.
@param [OCI::KeyManagement::Models::GenerateKeyDetails] generate_key_details GenerateKeyDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level
retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry
@option opts [String] :opc_request_id Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be generated by the service.
@return [Response] A Response
object with data of type {OCI::KeyManagement::Models::GeneratedKey GeneratedKey} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/generate_data_encryption_key.rb.html) to see an example of how to use generate_data_encryption_key
API.
# File lib/oci/key_management/kms_crypto_client.rb, line 259 def generate_data_encryption_key(generate_key_details, opts = {}) logger.debug 'Calling operation KmsCryptoClient#generate_data_encryption_key.' if logger raise "Missing the required parameter 'generate_key_details' when calling generate_data_encryption_key." if generate_key_details.nil? path = '/20180608/generateDataEncryptionKey' operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id] # rubocop:enable Style/NegatedIf post_body = @api_client.object_to_http_body(generate_key_details) # rubocop:disable Metrics/BlockLength OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#generate_data_encryption_key') do @api_client.call_api( :POST, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::KeyManagement::Models::GeneratedKey' ) end # rubocop:enable Metrics/BlockLength end
@return [Logger] The logger for this client. May be nil.
# File lib/oci/key_management/kms_crypto_client.rb, line 67 def logger @api_client.config.logger end
Creates a digital signature for a message or message digest by using the private key of a public-private key pair, also known as an asymmetric key. To verify the generated signature, you can use the [Verify](docs.cloud.oracle.com/api/#/en/key/latest/VerifiedData/Verify) operation. Or, if you want to validate the signature outside of the service, you can do so by using the public key of the same asymmetric key.
@param [OCI::KeyManagement::Models::SignDataDetails] sign_data_details SignDataDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level
retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry
@option opts [String] :opc_request_id Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be generated by the service.
@return [Response] A Response
object with data of type {OCI::KeyManagement::Models::SignedData SignedData} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/sign.rb.html) to see an example of how to use sign API.
# File lib/oci/key_management/kms_crypto_client.rb, line 318 def sign(sign_data_details, opts = {}) logger.debug 'Calling operation KmsCryptoClient#sign.' if logger raise "Missing the required parameter 'sign_data_details' when calling sign." if sign_data_details.nil? path = '/20180608/sign' operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id] # rubocop:enable Style/NegatedIf post_body = @api_client.object_to_http_body(sign_data_details) # rubocop:disable Metrics/BlockLength OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#sign') do @api_client.call_api( :POST, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::KeyManagement::Models::SignedData' ) end # rubocop:enable Metrics/BlockLength end
Verifies a digital signature that was generated by the [Sign](docs.cloud.oracle.com/api/#/en/key/latest/SignedData/Sign) operation by using the public key of the same asymmetric key that was used to sign the data. If you want to validate the digital signature outside of the service, you can do so by using the public key of the asymmetric key.
@param [OCI::KeyManagement::Models::VerifyDataDetails] verify_data_details VerifyDataDetails @param [Hash] opts the optional parameters @option opts [OCI::Retry::RetryConfig] :retry_config The retry configuration to apply to this operation. If no key is provided then the service-level
retry configuration defined by {#retry_config} will be used. If an explicit `nil` value is provided then the operation will not retry
@option opts [String] :opc_request_id Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be generated by the service.
@return [Response] A Response
object with data of type {OCI::KeyManagement::Models::VerifiedData VerifiedData} @note Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/verify.rb.html) to see an example of how to use verify API.
# File lib/oci/key_management/kms_crypto_client.rb, line 377 def verify(verify_data_details, opts = {}) logger.debug 'Calling operation KmsCryptoClient#verify.' if logger raise "Missing the required parameter 'verify_data_details' when calling verify." if verify_data_details.nil? path = '/20180608/verify' operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id] # rubocop:enable Style/NegatedIf post_body = @api_client.object_to_http_body(verify_data_details) # rubocop:disable Metrics/BlockLength OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#verify') do @api_client.call_api( :POST, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::KeyManagement::Models::VerifiedData' ) end # rubocop:enable Metrics/BlockLength end
Private Instance Methods
rubocop:enable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity rubocop:enable Style/IfUnlessModifier, Metrics/ParameterLists rubocop:enable Metrics/MethodLength, Layout/EmptyLines
# File lib/oci/key_management/kms_crypto_client.rb, line 419 def applicable_retry_config(opts = {}) return @retry_config unless opts.key?(:retry_config) opts[:retry_config] end