def read_key(self, path):
key_ciphertext = self._vault_client.retrive_key_from_vault(path)
# added decrypt data permission for frdr-user policy
key_plaintext = self._vault_client.decrypt_data_key(
self._key_ring_name, key_ciphertext)
self._key = Util.base64_to_byte(key_plaintext)
self._logger.info("key is read from vault")
def generate_key(self):
# enable transit engine should be done by vault admin
# self._vault_client.enable_transit_engine()
# added create encryption key permission for frdr-user policy
self._vault_client.create_transit_engine_key_ring(self._key_ring_name)
# added generate data key permission for frdr-user policy
key_plaintext, key_ciphertext = self._vault_client.generate_data_key(
self._key_ring_name)
self._key = Util.base64_to_byte(key_plaintext)
self._key_ciphertext = key_ciphertext
self._logger.info("Key is generated by vault transit secrets engine.")
