Class: OCI::KeyManagement::KmsCryptoClient

Inherits:

Object

• Object
• OCI::KeyManagement::KmsCryptoClient

Defined in:

lib/oci/key_management/kms_crypto_client.rb

Overview

Use the Key Management API to manage vaults and keys. For more information, see Managing Vaults and Managing Keys.

Instance Attribute Summary

• #api_client ⇒ OCI::ApiClient readonly

  Client used to make HTTP requests.

• #endpoint ⇒ String readonly

  Fully qualified endpoint URL.

• #retry_config ⇒ OCI::Retry::RetryConfig readonly

  The default retry configuration to apply to all operations in this service client.

Instance Method Summary

• #decrypt(decrypt_data_details, opts = {}) ⇒ Response

  Decrypts data using the given DecryptDataDetails resource.

• #encrypt(encrypt_data_details, opts = {}) ⇒ Response

  Encrypts data using the given EncryptDataDetails resource.

• #export_key(export_key_details, opts = {}) ⇒ Response

  Exports a specific version of a master encryption key according to the details of the request.

• #generate_data_encryption_key(generate_key_details, opts = {}) ⇒ Response

  Generates a key that you can use to encrypt or decrypt data.

• #initialize(config: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ KmsCryptoClient constructor

  Creates a new KmsCryptoClient.

• #logger ⇒ Logger

  The logger for this client.

• #sign(sign_data_details, opts = {}) ⇒ Response

  Creates a digital signature for a message or message digest by using the private key of a public-private key pair, also known as an asymmetric key.

• #verify(verify_data_details, opts = {}) ⇒ Response

  Verifies a digital signature that was generated by the Sign operation by using the public key of the same asymmetric key that was used to sign the data.

Constructor Details

#initialize(config: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ KmsCryptoClient

Creates a new KmsCryptoClient. Notes: If a config is not specified, then the global OCI.config will be used.

This client is not thread-safe

Parameters:

• config (Config) (defaults to: nil) —

  A Config object.

• endpoint (String) (defaults to: nil) —

  The fully qualified endpoint URL

• signer (OCI::BaseSigner) (defaults to: nil) —

  A signer implementation which can be used by this client. If this is not provided then a signer will be constructed via the provided config. One use case of this parameter is instance principals authentication, so that the instance principals signer can be provided to the client

• proxy_settings (OCI::ApiClientProxySettings) (defaults to: nil) —

  If your environment requires you to use a proxy server for outgoing HTTP requests the details for the proxy can be provided in this parameter

• retry_config (OCI::Retry::RetryConfig) (defaults to: nil) —

  The retry configuration for this service client. This represents the default retry configuration to apply across all operations. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries

# File 'lib/oci/key_management/kms_crypto_client.rb', line 45

def initialize(config: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil)
  raise 'A fully qualified endpoint URL must be defined' unless endpoint

  @endpoint = endpoint + '/'

  # If the signer is an InstancePrincipalsSecurityTokenSigner or SecurityTokenSigner and no config was supplied (they are self-sufficient signers)
  # then create a dummy config to pass to the ApiClient constructor. If customers wish to create a client which uses instance principals
  # and has config (either populated programmatically or loaded from a file), they must construct that config themselves and then
  # pass it to this constructor.
  #
  # If there is no signer (or the signer is not an instance principals signer) and no config was supplied, this is not valid
  # so try and load the config from the default file.
  config = OCI::Config.validate_and_build_config_with_signer(config, signer)

  signer = OCI::Signer.config_file_auth_builder(config) if signer.nil?

  @api_client = OCI::ApiClient.new(config, signer, proxy_settings: proxy_settings)
  @retry_config = retry_config
  logger.info "KmsCryptoClient endpoint set to '#{@endpoint}'." if logger
end

Instance Attribute Details

#api_client ⇒ OCI::ApiClient (readonly)

Client used to make HTTP requests.

Returns:

• (OCI::ApiClient)

# File 'lib/oci/key_management/kms_crypto_client.rb', line 15

def api_client
  @api_client
end

#endpoint ⇒ String (readonly)

Fully qualified endpoint URL

Returns:

• (String)

# File 'lib/oci/key_management/kms_crypto_client.rb', line 19

def endpoint
  @endpoint
end

#retry_config ⇒ OCI::Retry::RetryConfig (readonly)

The default retry configuration to apply to all operations in this service client. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries

Returns:

• (OCI::Retry::RetryConfig)

# File 'lib/oci/key_management/kms_crypto_client.rb', line 25

def retry_config
  @retry_config
end

Instance Method Details

#decrypt(decrypt_data_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use decrypt API.

Decrypts data using the given DecryptDataDetails resource.

Parameters:

• decrypt_data_details (OCI::KeyManagement::Models::DecryptDataDetails) —

  DecryptDataDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.

Returns:

• (Response) —

  A Response object with data of type DecryptedData

# File 'lib/oci/key_management/kms_crypto_client.rb', line 89

def decrypt(decrypt_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#decrypt.' if logger

  raise "Missing the required parameter 'decrypt_data_details' when calling decrypt." if decrypt_data_details.nil?

  path = '/20180608/decrypt'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(decrypt_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#decrypt') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::DecryptedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#encrypt(encrypt_data_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use encrypt API.

Encrypts data using the given EncryptDataDetails resource. Plaintext included in the example request is a base64-encoded value of a UTF-8 string.

Parameters:

• encrypt_data_details (OCI::KeyManagement::Models::EncryptDataDetails) —

  EncryptDataDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.

Returns:

• (Response) —

  A Response object with data of type EncryptedData

# File 'lib/oci/key_management/kms_crypto_client.rb', line 147

def encrypt(encrypt_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#encrypt.' if logger

  raise "Missing the required parameter 'encrypt_data_details' when calling encrypt." if encrypt_data_details.nil?

  path = '/20180608/encrypt'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(encrypt_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#encrypt') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::EncryptedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#export_key(export_key_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use export_key API.

Exports a specific version of a master encryption key according to the details of the request. For their protection, keys that you create and store on a hardware security module (HSM) can never leave the HSM. You can only export keys stored on the server. For export, the key version is encrypted by an RSA public key that you provide. This operation is not supported for keys having protection mode EXTERNAL.

Parameters:

• export_key_details (OCI::KeyManagement::Models::ExportKeyDetails) —

  ExportKeyDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

Returns:

• (Response) —

  A Response object with data of type ExportedKeyData

# File 'lib/oci/key_management/kms_crypto_client.rb', line 204

def export_key(export_key_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#export_key.' if logger

  raise "Missing the required parameter 'export_key_details' when calling export_key." if export_key_details.nil?

  path = '/20180608/exportKey'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(export_key_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#export_key') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::ExportedKeyData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#generate_data_encryption_key(generate_key_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use generate_data_encryption_key API.

Generates a key that you can use to encrypt or decrypt data.

Parameters:

• generate_key_details (OCI::KeyManagement::Models::GenerateKeyDetails) —

  GenerateKeyDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.

Returns:

• (Response) —

  A Response object with data of type GeneratedKey

# File 'lib/oci/key_management/kms_crypto_client.rb', line 261

def generate_data_encryption_key(generate_key_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#generate_data_encryption_key.' if logger

  raise "Missing the required parameter 'generate_key_details' when calling generate_data_encryption_key." if generate_key_details.nil?

  path = '/20180608/generateDataEncryptionKey'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(generate_key_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#generate_data_encryption_key') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::GeneratedKey'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#logger ⇒ Logger

Returns The logger for this client. May be nil.

Returns:

• (Logger) —

  The logger for this client. May be nil.

# File 'lib/oci/key_management/kms_crypto_client.rb', line 68

def logger
  @api_client.config.logger
end

#sign(sign_data_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use sign API.

Creates a digital signature for a message or message digest by using the private key of a public-private key pair, also known as an asymmetric key. To verify the generated signature, you can use the Verify operation. Or, if you want to validate the signature outside of the service, you can do so by using the public key of the same asymmetric key. This operation is not supported for keys having protection mode EXTERNAL.

Parameters:

• sign_data_details (OCI::KeyManagement::Models::SignDataDetails) —

  SignDataDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.

Returns:

• (Response) —

  A Response object with data of type SignedData

# File 'lib/oci/key_management/kms_crypto_client.rb', line 321

def sign(sign_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#sign.' if logger

  raise "Missing the required parameter 'sign_data_details' when calling sign." if sign_data_details.nil?

  path = '/20180608/sign'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(sign_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#sign') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::SignedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#verify(verify_data_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use verify API.

Verifies a digital signature that was generated by the Sign operation by using the public key of the same asymmetric key that was used to sign the data. If you want to validate the digital signature outside of the service, you can do so by using the public key of the asymmetric key. This operation is not supported for keys having protection mode EXTERNAL.

Parameters:

• verify_data_details (OCI::KeyManagement::Models::VerifyDataDetails) —

  VerifyDataDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.

Returns:

• (Response) —

  A Response object with data of type VerifiedData

# File 'lib/oci/key_management/kms_crypto_client.rb', line 381

def verify(verify_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#verify.' if logger

  raise "Missing the required parameter 'verify_data_details' when calling verify." if verify_data_details.nil?

  path = '/20180608/verify'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(verify_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#verify') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::VerifiedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end