Skip to content

Query public keys by key namespace and name

Description

The signer must be able to work with multiple transit engines enabled in the Vault.

Each transit engine will represent a key namespace with keys inside it referenced by name.

In order to make a signing operation, the client will have to specify the namespace (transit engine name) and the key name to be used for the signing process. When querying the keys, the client will have to at least specify the namespace (transit engine name).

For example: GET /v1/keys/namespace/keyname

Implementation details

The HTTP endpoint for returning Vault keys must be changed to accept 2 parameters:

  • transit engine name
  • key name (optional)

If the key name is missing, all keys in the given transit engine will be returned.

Key filtering can also be supported by a ?filter=pattern parameter.

GET /v1/keys/transit
GET /v1/keys/transit?filter=pattern
GET /v1/keys/transit/key1

Response is array of public keys info.

The configuration value for Issuer DID should be removed and replaced by this new feature. Also, all key retrievals for other services should be checked and changed for compatibility.

Acceptance Criteria

  • Implementation
  • Unit tests
Edited by Cristina Pauna

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent