AzureKeyVaultEncryptionKeyResolver class
Implementation of EncryptionKeyResolver that uses Azure Key Vault for customer managed keys.
Constructors
| Azure |
Properties
| encryption |
Name of the resolver to use for client side encryption. Currently only AzureKeyVault implementation is supported. |
Methods
| unwrap |
Unwraps the given wrapped key using the specified key encryption key path and algorithm. |
| wrap |
wraps the given key using the specified key encryption key path and algorithm. |
Constructor Details
AzureKeyVaultEncryptionKeyResolver(TokenCredential)
new AzureKeyVaultEncryptionKeyResolver(credentials: TokenCredential)Parameters
- credentials
- TokenCredential
Property Details
encryptionKeyResolverName
Name of the resolver to use for client side encryption. Currently only AzureKeyVault implementation is supported.
encryptionKeyResolverName: AzureKeyVaultProperty Value
Method Details
unwrapKey(string, string, Uint8Array)
Unwraps the given wrapped key using the specified key encryption key path and algorithm.
function unwrapKey(encryptionKeyId: string, algorithm: string, wrappedKey: Uint8Array): Promise<Uint8Array>Parameters
- encryptionKeyId
-
string
path to the customer managed key to be used for unwrapping. For Azure Key Vault, this is url of the key in the vault.
- algorithm
-
string
algorithm to be used for unwrapping.
- wrappedKey
-
Uint8Array
wrapped DEK.
Returns
Promise<Uint8Array>
unwrapped DEK.
wrapKey(string, string, Uint8Array)
wraps the given key using the specified key encryption key path and algorithm.
function wrapKey(encryptionKeyId: string, algorithm: string, unwrappedKey: Uint8Array): Promise<Uint8Array>Parameters
- encryptionKeyId
-
string
path to the customer managed key to be used for wrapping. For Azure Key Vault, this is url of the key in the vault.
- algorithm
-
string
algorithm to be used for wrapping.
- unwrappedKey
-
Uint8Array
dek to be wrapped.
Returns
Promise<Uint8Array>
wrapped DEK.