Class: OCI::KeyManagement::KmsCryptoClient

Inherits:

Object

• Object
• OCI::KeyManagement::KmsCryptoClient

Defined in:

lib/oci/key_management/kms_crypto_client.rb

Overview

API for managing and performing operations with keys and vaults. (For the API for managing secrets, see the Vault Service Secret Management API. For the API for retrieving secrets, see the Vault Service Secret Retrieval API.)

Instance Attribute Summary

• #api_client ⇒ OCI::ApiClient readonly

  Client used to make HTTP requests.

• #endpoint ⇒ String readonly

  Fully qualified endpoint URL.

• #retry_config ⇒ OCI::Retry::RetryConfig readonly

  The default retry configuration to apply to all operations in this service client.

Instance Method Summary

• #decrypt(decrypt_data_details, opts = {}) ⇒ Response

  Decrypts data using the given [DecryptDataDetails](docs.cloud.oracle.com/api/#/en/key/latest/datatypes/DecryptDataDetails) resource.

• #encrypt(encrypt_data_details, opts = {}) ⇒ Response

  Encrypts data using the given [EncryptDataDetails](docs.cloud.oracle.com/api/#/en/key/latest/datatypes/EncryptDataDetails) resource.

• #export_key(export_key_details, opts = {}) ⇒ Response

  Exports a specific version of a master encryption key according to the details of the request.

• #generate_data_encryption_key(generate_key_details, opts = {}) ⇒ Response

  Generates a key that you can use to encrypt or decrypt data.

• #initialize(config: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ KmsCryptoClient constructor

  Creates a new KmsCryptoClient.

• #logger ⇒ Logger

  The logger for this client.

• #sign(sign_data_details, opts = {}) ⇒ Response

  Creates a digital signature for a message or message digest by using the private key of a public-private key pair, also known as an asymmetric key.

• #verify(verify_data_details, opts = {}) ⇒ Response

  Verifies a digital signature that was generated by the [Sign](docs.cloud.oracle.com/api/#/en/key/latest/SignedData/Sign) operation by using the public key of the same asymmetric key that was used to sign the data.

Constructor Details

#initialize(config: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ KmsCryptoClient

Creates a new KmsCryptoClient. Notes:

If a config is not specified, then the global OCI.config will be used.

This client is not thread-safe

Parameters:

• config (Config) (defaults to: nil) —

  A Config object.

• endpoint (String) (defaults to: nil) —

  The fully qualified endpoint URL

• signer (OCI::BaseSigner) (defaults to: nil) —

  A signer implementation which can be used by this client. If this is not provided then a signer will be constructed via the provided config. One use case of this parameter is instance principals authentication, so that the instance principals signer can be provided to the client

• proxy_settings (OCI::ApiClientProxySettings) (defaults to: nil) —

  If your environment requires you to use a proxy server for outgoing HTTP requests the details for the proxy can be provided in this parameter

• retry_config (OCI::Retry::RetryConfig) (defaults to: nil) —

  The retry configuration for this service client. This represents the default retry configuration to apply across all operations. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries

# File 'lib/oci/key_management/kms_crypto_client.rb', line 44

def initialize(config: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil)
  raise 'A fully qualified endpoint URL must be defined' unless endpoint

  @endpoint = endpoint + '/'

  # If the signer is an InstancePrincipalsSecurityTokenSigner or SecurityTokenSigner and no config was supplied (they are self-sufficient signers)
  # then create a dummy config to pass to the ApiClient constructor. If customers wish to create a client which uses instance principals
  # and has config (either populated programmatically or loaded from a file), they must construct that config themselves and then
  # pass it to this constructor.
  #
  # If there is no signer (or the signer is not an instance principals signer) and no config was supplied, this is not valid
  # so try and load the config from the default file.
  config = OCI::Config.validate_and_build_config_with_signer(config, signer)

  signer = OCI::Signer.config_file_auth_builder(config) if signer.nil?

  @api_client = OCI::ApiClient.new(config, signer, proxy_settings: proxy_settings)
  @retry_config = retry_config
  logger.info "KmsCryptoClient endpoint set to '#{@endpoint}'." if logger
end

Instance Attribute Details

#api_client ⇒ OCI::ApiClient (readonly)

Client used to make HTTP requests.

Returns:

• (OCI::ApiClient)

# File 'lib/oci/key_management/kms_crypto_client.rb', line 14

def api_client
  @api_client
end

#endpoint ⇒ String (readonly)

Fully qualified endpoint URL

Returns:

• (String)

# File 'lib/oci/key_management/kms_crypto_client.rb', line 18

def endpoint
  @endpoint
end

#retry_config ⇒ OCI::Retry::RetryConfig (readonly)

The default retry configuration to apply to all operations in this service client. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries

Returns:

• (OCI::Retry::RetryConfig)

# File 'lib/oci/key_management/kms_crypto_client.rb', line 24

def retry_config
  @retry_config
end

Instance Method Details

#decrypt(decrypt_data_details, opts = {}) ⇒ Response

Note:

Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/decrypt.rb.html) to see an example of how to use decrypt API.

Decrypts data using the given [DecryptDataDetails](docs.cloud.oracle.com/api/#/en/key/latest/datatypes/DecryptDataDetails) resource.

Parameters:

• decrypt_data_details (OCI::KeyManagement::Models::DecryptDataDetails) —

  DecryptDataDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.

Returns:

• (Response) —

  A Response object with data of type DecryptedData

# File 'lib/oci/key_management/kms_crypto_client.rb', line 88

def decrypt(decrypt_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#decrypt.' if logger

  raise "Missing the required parameter 'decrypt_data_details' when calling decrypt." if decrypt_data_details.nil?

  path = '/20180608/decrypt'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(decrypt_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#decrypt') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::DecryptedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#encrypt(encrypt_data_details, opts = {}) ⇒ Response

Note:

Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/encrypt.rb.html) to see an example of how to use encrypt API.

Encrypts data using the given [EncryptDataDetails](docs.cloud.oracle.com/api/#/en/key/latest/datatypes/EncryptDataDetails) resource. Plaintext included in the example request is a base64-encoded value of a UTF-8 string.

Parameters:

• encrypt_data_details (OCI::KeyManagement::Models::EncryptDataDetails) —

  EncryptDataDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.

Returns:

• (Response) —

  A Response object with data of type EncryptedData

# File 'lib/oci/key_management/kms_crypto_client.rb', line 146

def encrypt(encrypt_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#encrypt.' if logger

  raise "Missing the required parameter 'encrypt_data_details' when calling encrypt." if encrypt_data_details.nil?

  path = '/20180608/encrypt'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(encrypt_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#encrypt') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::EncryptedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#export_key(export_key_details, opts = {}) ⇒ Response

Note:

Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/export_key.rb.html) to see an example of how to use export_key API.

Exports a specific version of a master encryption key according to the details of the request. For their protection, keys that you create and store on a hardware security module (HSM) can never leave the HSM. You can only export keys stored on the server. For export, the key version is encrypted by an RSA public key that you provide.

Parameters:

• export_key_details (OCI::KeyManagement::Models::ExportKeyDetails) —

  ExportKeyDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

Returns:

• (Response) —

  A Response object with data of type ExportedKeyData

# File 'lib/oci/key_management/kms_crypto_client.rb', line 202

def export_key(export_key_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#export_key.' if logger

  raise "Missing the required parameter 'export_key_details' when calling export_key." if export_key_details.nil?

  path = '/20180608/exportKey'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(export_key_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#export_key') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::ExportedKeyData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#generate_data_encryption_key(generate_key_details, opts = {}) ⇒ Response

Note:

Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/generate_data_encryption_key.rb.html) to see an example of how to use generate_data_encryption_key API.

Generates a key that you can use to encrypt or decrypt data.

Parameters:

• generate_key_details (OCI::KeyManagement::Models::GenerateKeyDetails) —

  GenerateKeyDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.

Returns:

• (Response) —

  A Response object with data of type GeneratedKey

# File 'lib/oci/key_management/kms_crypto_client.rb', line 259

def generate_data_encryption_key(generate_key_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#generate_data_encryption_key.' if logger

  raise "Missing the required parameter 'generate_key_details' when calling generate_data_encryption_key." if generate_key_details.nil?

  path = '/20180608/generateDataEncryptionKey'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(generate_key_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#generate_data_encryption_key') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::GeneratedKey'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#logger ⇒ Logger

Returns The logger for this client. May be nil.

Returns:

• (Logger) —

  The logger for this client. May be nil.

# File 'lib/oci/key_management/kms_crypto_client.rb', line 67

def logger
  @api_client.config.logger
end

#sign(sign_data_details, opts = {}) ⇒ Response

Note:

Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/sign.rb.html) to see an example of how to use sign API.

Creates a digital signature for a message or message digest by using the private key of a public-private key pair, also known as an asymmetric key. To verify the generated signature, you can use the [Verify](docs.cloud.oracle.com/api/#/en/key/latest/VerifiedData/Verify) operation. Or, if you want to validate the signature outside of the service, you can do so by using the public key of the same asymmetric key.

Parameters:

• sign_data_details (OCI::KeyManagement::Models::SignDataDetails) —

  SignDataDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.

Returns:

• (Response) —

  A Response object with data of type SignedData

# File 'lib/oci/key_management/kms_crypto_client.rb', line 318

def sign(sign_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#sign.' if logger

  raise "Missing the required parameter 'sign_data_details' when calling sign." if sign_data_details.nil?

  path = '/20180608/sign'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(sign_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#sign') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::SignedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#verify(verify_data_details, opts = {}) ⇒ Response

Note:

Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/keymanagement/verify.rb.html) to see an example of how to use verify API.

Verifies a digital signature that was generated by the [Sign](docs.cloud.oracle.com/api/#/en/key/latest/SignedData/Sign) operation by using the public key of the same asymmetric key that was used to sign the data. If you want to validate the digital signature outside of the service, you can do so by using the public key of the asymmetric key.

Parameters:

• verify_data_details (OCI::KeyManagement::Models::VerifyDataDetails) —

  VerifyDataDetails

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service.

Returns:

• (Response) —

  A Response object with data of type VerifiedData

# File 'lib/oci/key_management/kms_crypto_client.rb', line 377

def verify(verify_data_details, opts = {})
  logger.debug 'Calling operation KmsCryptoClient#verify.' if logger

  raise "Missing the required parameter 'verify_data_details' when calling verify." if verify_data_details.nil?

  path = '/20180608/verify'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(verify_data_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'KmsCryptoClient#verify') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::KeyManagement::Models::VerifiedData'
    )
  end
  # rubocop:enable Metrics/BlockLength
end