def read_key(self, path): key_ciphertext = self._vault_client.retrive_key_from_vault(path) # added decrypt data permission for frdr-user policy key_plaintext = self._vault_client.decrypt_data_key( self._key_ring_name, key_ciphertext) self._key = Util.base64_to_byte(key_plaintext) self._logger.info("key is read from vault")
def generate_key(self): # enable transit engine should be done by vault admin # self._vault_client.enable_transit_engine() # added create encryption key permission for frdr-user policy self._vault_client.create_transit_engine_key_ring(self._key_ring_name) # added generate data key permission for frdr-user policy key_plaintext, key_ciphertext = self._vault_client.generate_data_key( self._key_ring_name) self._key = Util.base64_to_byte(key_plaintext) self._key_ciphertext = key_ciphertext self._logger.info("Key is generated by vault transit secrets engine.")