diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES index 0e1183c..6c94710 100644 --- a/.openapi-generator/FILES +++ b/.openapi-generator/FILES @@ -266,6 +266,8 @@ src/models/MfaCreateOktaMethodRequest.ts src/models/MfaCreatePingIdMethodRequest.ts src/models/MfaCreateTotpMethodRequest.ts src/models/MfaGenerateTotpSecretRequest.ts +src/models/MfaListLoginEnforcementsResponse.ts +src/models/MfaListMethodsResponse.ts src/models/MfaSelfEnrollRequest.ts src/models/MfaUpdateDuoMethodRequest.ts src/models/MfaUpdateOktaMethodRequest.ts @@ -853,6 +855,7 @@ src/models/TransitHashRequest.ts src/models/TransitHashWithAlgorithmRequest.ts src/models/TransitImportKeyRequest.ts src/models/TransitImportKeyVersionRequest.ts +src/models/TransitReadKeyResponse.ts src/models/TransitRestoreAndRenameKeyRequest.ts src/models/TransitRestoreKeyRequest.ts src/models/TransitRewrapRequest.ts diff --git a/openapi.json b/openapi.json index 759b90f..7a22500 100644 --- a/openapi.json +++ b/openapi.json @@ -9270,7 +9270,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StandardListResponse" + "$ref": "#/components/schemas/MfaListLoginEnforcementsResponse" } } } @@ -9364,7 +9364,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StandardListResponse" + "$ref": "#/components/schemas/MfaListMethodsResponse" } } } @@ -45514,7 +45514,7 @@ "parameters": [ { "name": "name", - "description": "Name of the key", + "description": "Name of the key.", "in": "path", "schema": { "type": "string" @@ -45539,7 +45539,14 @@ ], "responses": { "200": { - "description": "OK" + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TransitReadKeyResponse" + } + } + } } } }, @@ -56257,6 +56264,40 @@ "method_id" ] }, + "MfaListLoginEnforcementsResponse": { + "type": "object", + "properties": { + "key_info": { + "type": "object", + "description": "Login enforcement details keyed by the id", + "format": "map" + }, + "keys": { + "type": "array", + "description": "A list of login enforcement keys", + "items": { + "type": "string" + } + } + } + }, + "MfaListMethodsResponse": { + "type": "object", + "properties": { + "key_info": { + "type": "object", + "description": "MFA method configurations details keyed by the id", + "format": "map" + }, + "keys": { + "type": "array", + "description": "A list of mfa method configurations keys", + "items": { + "type": "string" + } + } + } + }, "MfaSelfEnrollRequest": { "type": "object", "properties": { @@ -59822,12 +59863,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -59848,6 +59890,22 @@ "type": "string", "description": "Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'" }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_bits": { "type": "integer", "description": "The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, 4096 or 8192; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.", @@ -60001,7 +60059,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -60009,7 +60067,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "postal_code": { @@ -60196,12 +60254,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -60223,6 +60282,22 @@ "description": "Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.", "default": "default" }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "not_after": { "type": "string", "description": "Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ" @@ -60246,7 +60321,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -60254,7 +60329,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -60382,12 +60457,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -60404,6 +60480,22 @@ "name": "IP Subject Alternative Names (SANs)" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "not_after": { "type": "string", "description": "Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ" @@ -60427,7 +60519,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -60435,7 +60527,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -60749,12 +60841,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -60775,6 +60868,22 @@ "type": "string", "description": "Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'" }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_usage": { "type": "array", "description": "This list of key usages (not extended key usages) will be added to the existing set of key usages, CRL,CertSign, on the generated certificate. Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To use the issuer for CMPv2, DigitalSignature must be set.", @@ -60890,7 +60999,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -60898,7 +61007,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "postal_code": { @@ -61150,12 +61259,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -61172,6 +61282,22 @@ "name": "IP Subject Alternative Names (SANs)" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_usage": { "type": "array", "description": "A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.", @@ -61207,7 +61333,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -61215,7 +61341,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -61369,12 +61495,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -61391,6 +61518,22 @@ "name": "IP Subject Alternative Names (SANs)" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_usage": { "type": "array", "description": "A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.", @@ -61426,7 +61569,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -61434,7 +61577,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -61572,12 +61715,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -61594,6 +61738,22 @@ "name": "IP Subject Alternative Names (SANs)" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "not_after": { "type": "string", "description": "Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ" @@ -61617,7 +61777,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -61625,7 +61785,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -62034,12 +62194,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -62060,6 +62221,22 @@ "type": "string", "description": "Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'" }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_bits": { "type": "integer", "description": "The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, 4096 or 8192; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.", @@ -62213,7 +62390,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -62221,7 +62398,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "postal_code": { @@ -64790,12 +64967,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -64821,6 +64999,22 @@ "description": "Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.", "default": "default" }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_usage": { "type": "array", "description": "This list of key usages (not extended key usages) will be added to the existing set of key usages, CRL,CertSign, on the generated certificate. Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To use the issuer for CMPv2, DigitalSignature must be set.", @@ -64936,7 +65130,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -64944,7 +65138,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "postal_code": { @@ -65191,12 +65385,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -65217,6 +65412,22 @@ "type": "string", "description": "Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'" }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_bits": { "type": "integer", "description": "The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, 4096 or 8192; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.", @@ -65370,7 +65581,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -65378,7 +65589,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "postal_code": { @@ -65603,12 +65814,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -65630,6 +65842,22 @@ "description": "Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.", "default": "default" }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_usage": { "type": "array", "description": "A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.", @@ -65665,7 +65893,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -65673,7 +65901,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -65827,12 +66055,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -65854,6 +66083,22 @@ "description": "Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.", "default": "default" }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_usage": { "type": "array", "description": "A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.", @@ -65889,7 +66134,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -65897,7 +66142,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -66035,12 +66280,13 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\" or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", "pem_bundle", - "pkcs12_bundle" + "pkcs12_bundle", + "jks_bundle" ], "default": "pem", "x-vault-displayAttrs": { @@ -66062,6 +66308,22 @@ "description": "Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.", "default": "default" }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "not_after": { "type": "string", "description": "Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ" @@ -66085,7 +66347,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -66093,7 +66355,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -66924,7 +67186,7 @@ "properties": { "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -66935,6 +67197,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_bits": { "type": "integer", "description": "The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.", @@ -66965,7 +67243,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -66973,7 +67251,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -67039,7 +67317,7 @@ "properties": { "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -67050,6 +67328,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_bits": { "type": "integer", "description": "The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.", @@ -67080,7 +67374,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -67088,7 +67382,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -67328,7 +67622,7 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -67339,6 +67633,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "pkcs12_encoder": { "type": "string", "description": "Encoder profile to use for PKCS#12 archives when format is set to \"pkcs12_bundle\". Valid values are \"modern2026\" and \"modern2023\". Defaults to \"modern2026\", which uses the newer PKCS#12 integrity format (PBMAC1).", @@ -67348,7 +67658,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -67356,7 +67666,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } } }, @@ -67403,7 +67713,7 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -67414,6 +67724,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "pkcs12_encoder": { "type": "string", "description": "Encoder profile to use for PKCS#12 archives when format is set to \"pkcs12_bundle\". Valid values are \"modern2026\" and \"modern2023\". Defaults to \"modern2026\", which uses the newer PKCS#12 integrity format (PBMAC1).", @@ -67423,7 +67749,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -67431,7 +67757,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } } }, @@ -67478,7 +67804,7 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -67489,6 +67815,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "pkcs12_encoder": { "type": "string", "description": "Encoder profile to use for PKCS#12 archives when format is set to \"pkcs12_bundle\". Valid values are \"modern2026\" and \"modern2023\". Defaults to \"modern2026\", which uses the newer PKCS#12 integrity format (PBMAC1).", @@ -67498,7 +67840,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -67506,7 +67848,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "remove_roots_from_chain": { @@ -67558,7 +67900,7 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -67569,6 +67911,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "pkcs12_encoder": { "type": "string", "description": "Encoder profile to use for PKCS#12 archives when format is set to \"pkcs12_bundle\". Valid values are \"modern2026\" and \"modern2023\". Defaults to \"modern2026\", which uses the newer PKCS#12 integrity format (PBMAC1).", @@ -67578,7 +67936,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -67586,7 +67944,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "remove_roots_from_chain": { @@ -68029,7 +68387,7 @@ "properties": { "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -68040,6 +68398,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_bits": { "type": "integer", "description": "The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.", @@ -68070,7 +68444,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -68078,7 +68452,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -68144,7 +68518,7 @@ "properties": { "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -68155,6 +68529,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "key_bits": { "type": "integer", "description": "The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.", @@ -68185,7 +68575,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -68193,7 +68583,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "private_key_format": { @@ -68433,7 +68823,7 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -68444,6 +68834,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "pkcs12_encoder": { "type": "string", "description": "Encoder profile to use for PKCS#12 archives when format is set to \"pkcs12_bundle\". Valid values are \"modern2026\" and \"modern2023\". Defaults to \"modern2026\", which uses the newer PKCS#12 integrity format (PBMAC1).", @@ -68453,7 +68859,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -68461,7 +68867,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } } }, @@ -68508,7 +68914,7 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -68519,6 +68925,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "pkcs12_encoder": { "type": "string", "description": "Encoder profile to use for PKCS#12 archives when format is set to \"pkcs12_bundle\". Valid values are \"modern2026\" and \"modern2023\". Defaults to \"modern2026\", which uses the newer PKCS#12 integrity format (PBMAC1).", @@ -68528,7 +68950,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -68536,7 +68958,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } } }, @@ -68583,7 +69005,7 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -68594,6 +69016,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "pkcs12_encoder": { "type": "string", "description": "Encoder profile to use for PKCS#12 archives when format is set to \"pkcs12_bundle\". Valid values are \"modern2026\" and \"modern2023\". Defaults to \"modern2026\", which uses the newer PKCS#12 integrity format (PBMAC1).", @@ -68603,7 +69041,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -68611,7 +69049,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "remove_roots_from_chain": { @@ -68663,7 +69101,7 @@ }, "format": { "type": "string", - "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", or \"pkcs12_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\" or \"pkcs12_bundle\", the value will be base64 encoded. Defaults to \"pem\".", + "description": "Format for returned data. Can be \"pem\", \"der\", \"pem_bundle\", \"pkcs12_bundle\" or \"jks_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. Formats \"der\", \"pkcs12_bundle\" or \"jks_bundle\" are base64 encoded. Defaults to \"pem\".", "enum": [ "pem", "der", @@ -68674,6 +69112,22 @@ "value": "pem" } }, + "jks_alias": { + "type": "string", + "description": "The entry alias in the Java keystore (JKS) when format is set to \"jks_bundle\" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to \"1\". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at \"1\".", + "default": "1", + "x-vault-displayAttrs": { + "name": "Java keystore alias" + } + }, + "jks_password": { + "type": "string", + "description": "Password for encrypting the Java keystore when format is set to \"jks_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", + "default": "changeit", + "x-vault-displayAttrs": { + "name": "Java keystore password" + } + }, "pkcs12_encoder": { "type": "string", "description": "Encoder profile to use for PKCS#12 archives when format is set to \"pkcs12_bundle\". Valid values are \"modern2026\" and \"modern2023\". Defaults to \"modern2026\", which uses the newer PKCS#12 integrity format (PBMAC1).", @@ -68683,7 +69137,7 @@ ], "default": "modern2026", "x-vault-displayAttrs": { - "name": "PKCS#12 Encoder Profile" + "name": "PKCS#12 encoder profile" } }, "pkcs12_password": { @@ -68691,7 +69145,7 @@ "description": "Password for encrypting the PKCS#12 archive when format is set to \"pkcs12_bundle\". If not provided, defaults to \"changeit\". It is recommended to use the default password and protect the file using other means or use a high-entropy password.", "default": "changeit", "x-vault-displayAttrs": { - "name": "PKCS#12 Password" + "name": "PKCS#12 password" } }, "remove_roots_from_chain": { @@ -77241,15 +77695,24 @@ }, "hybrid_key_type_ec": { "type": "string", - "description": "The key type of the elliptic curve key to use for hybrid signature schemes. Supported types are: ecdsa-p256, ecdsa-p384, ecdsa-p521, and ed25519." + "description": "The elliptic curve key type to use for hybrid signature schemes. Supported types are: ecdsa-p256, ecdsa-p384, ecdsa-p521, and ed25519.", + "enum": [ + "ecdsa-p256", + "ecdsa-p384", + "ecdsa-p521", + "ed25519" + ] }, "hybrid_key_type_pqc": { "type": "string", - "description": "The key type of the post-quantum key to use for hybrid signature schemes. Supported types are: ML-DSA." + "description": "The post-quantum key type to use for hybrid signature schemes. Supported types are: ml-dsa.", + "enum": [ + "ml-dsa" + ] }, "key_size": { "type": "integer", - "description": "The key size in bytes for the algorithm. Only applies to HMAC and must be no fewer than 32 bytes and no more than 512", + "description": "The key size in bytes for the algorithm. Only applies to HMAC and must be no fewer than 32 bytes and no more than 512.", "default": 0 }, "managed_key_id": { @@ -77262,11 +77725,50 @@ }, "parameter_set": { "type": "string", - "description": "The parameter set to use. Applies to ML-DSA and SLH-DSA key types. For ML-DSA key types, valid values are 44, 65, or 87. For SLH-DSA key types, valid values are SLH-DSA-SHA2-128s, SLH-DSA-SHAKE-128s, SLH-DSA-SHA2-128f, SLH-DSA-SHAKE-128f, SLH-DSA-SHA2-192s, SLH-DSA-SHAKE-192s, SLH-DSA-SHA2-192f, SLH-DSA-SHAKE-192f, SLH-DSA-SHA2-256s, SLH-DSA-SHAKE-256s, SLH-DSA-SHA2-256f, SLH-DSA-SHAKE-256f" + "description": "The parameter set to use for post-quantum key types. For ML-DSA, valid values are 44, 65, or 87. For SLH-DSA, valid values are the full parameter set identifiers (e.g. \"slh-dsa-sha2-128s\"). Applies to ML-DSA, SLH-DSA, and Hybrid key types.", + "enum": [ + "44", + "65", + "87", + "slh-dsa-sha2-128s", + "slh-dsa-shake128s", + "slh-dsa-sha2-128f", + "slh-dsa-shake128f", + "slh-dsa-sha2-192s", + "slh-dsa-shake192s", + "slh-dsa-sha2-192f", + "slh-dsa-shake192f", + "slh-dsa-sha2-256s", + "slh-dsa-shake256s", + "slh-dsa-sha2-256f", + "slh-dsa-shake256f" + ] }, "type": { "type": "string", - "description": "The type of key to create. Currently, \"aes128-gcm96\" (symmetric), \"aes256-gcm96\" (symmetric), \"ecdsa-p256\" (asymmetric), \"ecdsa-p384\" (asymmetric), \"ecdsa-p521\" (asymmetric), \"ed25519\" (asymmetric), \"rsa-2048\" (asymmetric), \"rsa-3072\" (asymmetric), \"rsa-4096\" (asymmetric), \"ml-dsa\" (asymmetric), \"slh-dsa\" (asymmetric) are supported. Defaults to \"aes256-gcm96\".", + "description": "The type of key. Symmetric types: \"aes128-gcm96\", \"aes256-gcm96\", \"chacha20-poly1305\", \"aes128-cbc\", \"aes256-cbc\", \"aes128-cmac\", \"aes192-cmac\", \"aes256-cmac\". Asymmetric types: \"ecdsa-p256\", \"ecdsa-p384\", \"ecdsa-p521\", \"ed25519\", \"rsa-2048\", \"rsa-3072\", \"rsa-4096\", \"ml-dsa\", \"slh-dsa\", \"hybrid\". Defaults to \"aes256-gcm96\"", + "enum": [ + "aes128-gcm96", + "aes256-gcm96", + "chacha20-poly1305", + "aes128-cbc", + "aes256-cbc", + "aes128-cmac", + "aes192-cmac", + "aes256-cmac", + "ecdsa-p256", + "ecdsa-p384", + "ecdsa-p521", + "ed25519", + "rsa-2048", + "rsa-3072", + "rsa-4096", + "hmac", + "managed_key", + "ml-dsa", + "slh-dsa", + "hybrid" + ], "default": "aes256-gcm96" } } @@ -77716,6 +78218,185 @@ } } }, + "TransitReadKeyResponse": { + "type": "object", + "properties": { + "allow_plaintext_backup": { + "type": "boolean", + "description": "Enables taking a backup of the named key in plaintext format. Once set, this cannot be disabled." + }, + "auto_rotate_period": { + "type": "string", + "description": "Amount of time the key should live before being automatically rotated. A value of 0 (default) disables automatic rotation for the key.", + "format": "duration", + "default": 0 + }, + "backup_info": { + "type": "object", + "description": "Information about the most recent backup of this key. Contains \"time\" and \"version\" fields. Only present if the key has been backed up.", + "format": "map" + }, + "convergent_encryption": { + "type": "boolean", + "description": "Whether to support convergent encryption. This is only supported when using a key with key derivation enabled and will require all requests to carry both a context and 96-bit (12-byte) nonce. The given nonce will be used in place of a randomly generated nonce. As a result, when the same context and nonce are supplied, the same ciphertext is generated. It is *very important* when using this mode that you ensure that all nonces are unique for a given context. Failing to do so will severely impact the ciphertext's security." + }, + "convergent_encryption_version": { + "type": "integer", + "description": "The version of convergent encryption. Only present if convergent encryption is enabled." + }, + "deletion_allowed": { + "type": "boolean", + "description": "Whether deletion of the key is allowed." + }, + "derived": { + "type": "boolean", + "description": "Enables key derivation mode. This allows for per-transaction unique keys for encryption operations." + }, + "exportable": { + "type": "boolean", + "description": "Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported." + }, + "hybrid_key_type_ec": { + "type": "string", + "description": "The elliptic curve key type to use for hybrid signature schemes. Supported types are: ecdsa-p256, ecdsa-p384, ecdsa-p521, and ed25519.", + "enum": [ + "ecdsa-p256", + "ecdsa-p384", + "ecdsa-p521", + "ed25519" + ] + }, + "hybrid_key_type_pqc": { + "type": "string", + "description": "The post-quantum key type to use for hybrid signature schemes. Supported types are: ml-dsa.", + "enum": [ + "ml-dsa" + ] + }, + "imported_key": { + "type": "boolean", + "description": "Whether this key was imported rather than generated by Vault." + }, + "imported_key_allow_rotation": { + "type": "boolean", + "description": "Whether rotation is allowed for this imported key. Only present if the key was imported." + }, + "kdf": { + "type": "string", + "description": "The key derivation function used. Only present if key derivation is enabled.", + "enum": [ + "hmac-sha256-counter", + "hkdf_sha256" + ] + }, + "kdf_mode": { + "type": "string", + "description": "The key derivation function mode. Only present if KDF is \"hmac-sha256-counter\".", + "enum": [ + "hmac-sha256-counter" + ] + }, + "key_size": { + "type": "integer", + "description": "The key size in bytes for the algorithm. Only applies to HMAC and must be no fewer than 32 bytes and no more than 512.", + "default": 0 + }, + "keys": { + "type": "object", + "description": "A map of active key versions. For memory efficiency, transit keeps a working set of versions from \"min_decryption_version\" through the latest version. Older versions may still be retained in archived storage if they are at or above \"min_available_version\". Versions older than \"min_available_version\" are permanently deleted. Not present for hmac, managed_key, and CMAC key types.", + "format": "map" + }, + "latest_version": { + "type": "integer", + "description": "The latest (current) version of the key." + }, + "min_available_version": { + "type": "integer", + "description": "The minimum version of the key available for use. Versions below this have been permanently deleted." + }, + "min_decryption_version": { + "type": "integer", + "description": "The minimum version of the key allowed for decryption. For signing keys, the minimum version allowed for verification." + }, + "min_encryption_version": { + "type": "integer", + "description": "The minimum version of the key allowed for encryption. For signing keys, the minimum version allowed for signing. If set to 0, only the latest version is allowed." + }, + "name": { + "type": "string", + "description": "Name of the key." + }, + "parameter_set": { + "type": "string", + "description": "The parameter set to use for post-quantum key types. For ML-DSA, valid values are 44, 65, or 87. For SLH-DSA, valid values are the full parameter set identifiers (e.g. \"slh-dsa-sha2-128s\"). Applies to ML-DSA, SLH-DSA, and Hybrid key types.", + "enum": [ + "44", + "65", + "87", + "slh-dsa-sha2-128s", + "slh-dsa-shake128s", + "slh-dsa-sha2-128f", + "slh-dsa-shake128f", + "slh-dsa-sha2-192s", + "slh-dsa-shake192s", + "slh-dsa-sha2-192f", + "slh-dsa-shake192f", + "slh-dsa-sha2-256s", + "slh-dsa-shake256s", + "slh-dsa-sha2-256f", + "slh-dsa-shake256f" + ] + }, + "restore_info": { + "type": "object", + "description": "Information about when this key was restored from backup. Contains \"time\" and \"version\" fields. Only present if the key has been restored.", + "format": "map" + }, + "supports_decryption": { + "type": "boolean", + "description": "Whether this key type supports decryption operations." + }, + "supports_derivation": { + "type": "boolean", + "description": "Whether this key type supports key derivation." + }, + "supports_encryption": { + "type": "boolean", + "description": "Whether this key type supports encryption operations." + }, + "supports_signing": { + "type": "boolean", + "description": "Whether this key type supports signing operations." + }, + "type": { + "type": "string", + "description": "The type of key. Symmetric types: \"aes128-gcm96\", \"aes256-gcm96\", \"chacha20-poly1305\", \"aes128-cbc\", \"aes256-cbc\", \"aes128-cmac\", \"aes192-cmac\", \"aes256-cmac\". Asymmetric types: \"ecdsa-p256\", \"ecdsa-p384\", \"ecdsa-p521\", \"ed25519\", \"rsa-2048\", \"rsa-3072\", \"rsa-4096\", \"ml-dsa\", \"slh-dsa\", \"hybrid\". Defaults to \"aes256-gcm96\"", + "enum": [ + "aes128-gcm96", + "aes256-gcm96", + "chacha20-poly1305", + "aes128-cbc", + "aes256-cbc", + "aes128-cmac", + "aes192-cmac", + "aes256-cmac", + "ecdsa-p256", + "ecdsa-p384", + "ecdsa-p521", + "ed25519", + "rsa-2048", + "rsa-3072", + "rsa-4096", + "hmac", + "managed_key", + "ml-dsa", + "slh-dsa", + "hybrid" + ], + "default": "aes256-gcm96" + } + } + }, "TransitRestoreAndRenameKeyRequest": { "type": "object", "properties": { diff --git a/src/apis/IdentityApi.ts b/src/apis/IdentityApi.ts index 600e1f9..c7eb1ad 100644 --- a/src/apis/IdentityApi.ts +++ b/src/apis/IdentityApi.ts @@ -49,6 +49,8 @@ import type { MfaCreatePingIdMethodRequest, MfaCreateTotpMethodRequest, MfaGenerateTotpSecretRequest, + MfaListLoginEnforcementsResponse, + MfaListMethodsResponse, MfaSelfEnrollRequest, MfaUpdateDuoMethodRequest, MfaUpdateOktaMethodRequest, @@ -136,6 +138,10 @@ import { MfaCreateTotpMethodRequestToJSON, MfaGenerateTotpSecretRequestFromJSON, MfaGenerateTotpSecretRequestToJSON, + MfaListLoginEnforcementsResponseFromJSON, + MfaListLoginEnforcementsResponseToJSON, + MfaListMethodsResponseFromJSON, + MfaListMethodsResponseToJSON, MfaSelfEnrollRequestFromJSON, MfaSelfEnrollRequestToJSON, MfaUpdateDuoMethodRequestFromJSON, @@ -3276,7 +3282,7 @@ export class IdentityApi extends runtime.BaseAPI { /** * List login enforcements */ - async mfaListLoginEnforcementsRaw(requestParameters: IdentityApiMfaListLoginEnforcementsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { + async mfaListLoginEnforcementsRaw(requestParameters: IdentityApiMfaListLoginEnforcementsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { if (requestParameters['list'] == null) { throw new runtime.RequiredError( 'list', @@ -3300,13 +3306,13 @@ export class IdentityApi extends runtime.BaseAPI { query: queryParameters, }, initOverrides); - return new runtime.JSONApiResponse(response, (jsonValue) => StandardListResponseFromJSON(jsonValue)); + return new runtime.JSONApiResponse(response, (jsonValue) => MfaListLoginEnforcementsResponseFromJSON(jsonValue)); } /** * List login enforcements */ - async mfaListLoginEnforcements(list: IdentityApiMfaListLoginEnforcementsListEnum, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { + async mfaListLoginEnforcements(list: IdentityApiMfaListLoginEnforcementsListEnum, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { const response = await this.mfaListLoginEnforcementsRaw({ list: list }, initOverrides); return await response.value(); } @@ -3314,7 +3320,7 @@ export class IdentityApi extends runtime.BaseAPI { /** * List MFA method configurations for all MFA methods */ - async mfaListMethodsRaw(requestParameters: IdentityApiMfaListMethodsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { + async mfaListMethodsRaw(requestParameters: IdentityApiMfaListMethodsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { if (requestParameters['list'] == null) { throw new runtime.RequiredError( 'list', @@ -3338,13 +3344,13 @@ export class IdentityApi extends runtime.BaseAPI { query: queryParameters, }, initOverrides); - return new runtime.JSONApiResponse(response, (jsonValue) => StandardListResponseFromJSON(jsonValue)); + return new runtime.JSONApiResponse(response, (jsonValue) => MfaListMethodsResponseFromJSON(jsonValue)); } /** * List MFA method configurations for all MFA methods */ - async mfaListMethods(list: IdentityApiMfaListMethodsListEnum, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { + async mfaListMethods(list: IdentityApiMfaListMethodsListEnum, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { const response = await this.mfaListMethodsRaw({ list: list }, initOverrides); return await response.value(); } diff --git a/src/apis/SecretsApi.ts b/src/apis/SecretsApi.ts index 9e24313..55cd1bc 100644 --- a/src/apis/SecretsApi.ts +++ b/src/apis/SecretsApi.ts @@ -431,6 +431,7 @@ import type { TransitHashWithAlgorithmRequest, TransitImportKeyRequest, TransitImportKeyVersionRequest, + TransitReadKeyResponse, TransitRestoreAndRenameKeyRequest, TransitRestoreKeyRequest, TransitRewrapRequest, @@ -1267,6 +1268,8 @@ import { TransitImportKeyRequestToJSON, TransitImportKeyVersionRequestFromJSON, TransitImportKeyVersionRequestToJSON, + TransitReadKeyResponseFromJSON, + TransitReadKeyResponseToJSON, TransitRestoreAndRenameKeyRequestFromJSON, TransitRestoreAndRenameKeyRequestToJSON, TransitRestoreKeyRequestFromJSON, @@ -34563,7 +34566,7 @@ export class SecretsApi extends runtime.BaseAPI { /** */ - async transitReadKeyRaw(requestParameters: SecretsApiTransitReadKeyRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { + async transitReadKeyRaw(requestParameters: SecretsApiTransitReadKeyRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { if (requestParameters['name'] == null) { throw new runtime.RequiredError( 'name', @@ -34590,12 +34593,12 @@ export class SecretsApi extends runtime.BaseAPI { query: queryParameters, }, initOverrides); - return new runtime.VoidApiResponse(response); + return new runtime.JSONApiResponse(response, (jsonValue) => TransitReadKeyResponseFromJSON(jsonValue)); } /** */ - async transitReadKey(name: string, transit_mount_path: string, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { + async transitReadKey(name: string, transit_mount_path: string, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { const response = await this.transitReadKeyRaw({ name: name, transit_mount_path: transit_mount_path }, initOverrides); return await response.value(); } diff --git a/src/models/MfaListLoginEnforcementsResponse.ts b/src/models/MfaListLoginEnforcementsResponse.ts new file mode 100644 index 0000000..88a8393 --- /dev/null +++ b/src/models/MfaListLoginEnforcementsResponse.ts @@ -0,0 +1,77 @@ +/** + * Copyright IBM Corp. 2025, 2026 + */ + +/* tslint:disable */ +/* eslint-disable */ +/** + * HashiCorp Vault API + * HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`. + * + * The version of the OpenAPI document: 3.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + +import { mapValues } from '../runtime'; +/** + * + * @export + * @interface MfaListLoginEnforcementsResponse + */ +export interface MfaListLoginEnforcementsResponse { + /** + * Login enforcement details keyed by the id + * @type {object} + * @memberof MfaListLoginEnforcementsResponse + */ + key_info?: object; + /** + * A list of login enforcement keys + * @type {Array} + * @memberof MfaListLoginEnforcementsResponse + */ + keys?: Array; +} + +/** + * Check if a given object implements the MfaListLoginEnforcementsResponse interface. + */ +export function instanceOfMfaListLoginEnforcementsResponse(value: object): value is MfaListLoginEnforcementsResponse { + return true; +} + +export function MfaListLoginEnforcementsResponseFromJSON(json: any): MfaListLoginEnforcementsResponse { + return MfaListLoginEnforcementsResponseFromJSONTyped(json, false); +} + +export function MfaListLoginEnforcementsResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): MfaListLoginEnforcementsResponse { + if (json == null) { + return json; + } + return { + + 'key_info': json['key_info'] == null ? undefined : json['key_info'], + 'keys': json['keys'] == null ? undefined : json['keys'], + }; +} + +export function MfaListLoginEnforcementsResponseToJSON(json: any): MfaListLoginEnforcementsResponse { + return MfaListLoginEnforcementsResponseToJSONTyped(json, false); +} + +export function MfaListLoginEnforcementsResponseToJSONTyped(value?: MfaListLoginEnforcementsResponse | null, ignoreDiscriminator: boolean = false): any { + if (value == null) { + return value; + } + + return { + + 'key_info': value['key_info'], + 'keys': value['keys'], + }; +} + diff --git a/src/models/MfaListMethodsResponse.ts b/src/models/MfaListMethodsResponse.ts new file mode 100644 index 0000000..306c542 --- /dev/null +++ b/src/models/MfaListMethodsResponse.ts @@ -0,0 +1,77 @@ +/** + * Copyright IBM Corp. 2025, 2026 + */ + +/* tslint:disable */ +/* eslint-disable */ +/** + * HashiCorp Vault API + * HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`. + * + * The version of the OpenAPI document: 3.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + +import { mapValues } from '../runtime'; +/** + * + * @export + * @interface MfaListMethodsResponse + */ +export interface MfaListMethodsResponse { + /** + * MFA method configurations details keyed by the id + * @type {object} + * @memberof MfaListMethodsResponse + */ + key_info?: object; + /** + * A list of mfa method configurations keys + * @type {Array} + * @memberof MfaListMethodsResponse + */ + keys?: Array; +} + +/** + * Check if a given object implements the MfaListMethodsResponse interface. + */ +export function instanceOfMfaListMethodsResponse(value: object): value is MfaListMethodsResponse { + return true; +} + +export function MfaListMethodsResponseFromJSON(json: any): MfaListMethodsResponse { + return MfaListMethodsResponseFromJSONTyped(json, false); +} + +export function MfaListMethodsResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): MfaListMethodsResponse { + if (json == null) { + return json; + } + return { + + 'key_info': json['key_info'] == null ? undefined : json['key_info'], + 'keys': json['keys'] == null ? undefined : json['keys'], + }; +} + +export function MfaListMethodsResponseToJSON(json: any): MfaListMethodsResponse { + return MfaListMethodsResponseToJSONTyped(json, false); +} + +export function MfaListMethodsResponseToJSONTyped(value?: MfaListMethodsResponse | null, ignoreDiscriminator: boolean = false): any { + if (value == null) { + return value; + } + + return { + + 'key_info': value['key_info'], + 'keys': value['keys'], + }; +} + diff --git a/src/models/PkiGenerateRootRequest.ts b/src/models/PkiGenerateRootRequest.ts index edef704..e3860d6 100644 --- a/src/models/PkiGenerateRootRequest.ts +++ b/src/models/PkiGenerateRootRequest.ts @@ -72,7 +72,7 @@ export interface PkiGenerateRootRequest { */ excluded_uri_domains?: Array; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiGenerateRootRequest */ @@ -89,6 +89,18 @@ export interface PkiGenerateRootRequest { * @memberof PkiGenerateRootRequest */ issuer_name?: string; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiGenerateRootRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiGenerateRootRequest + */ + jks_password?: string; /** * The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, 4096 or 8192; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519. * @type {number} @@ -273,7 +285,8 @@ export enum PkiGenerateRootRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -332,6 +345,8 @@ export function PkiGenerateRootRequestFromJSONTyped(json: any, ignoreDiscriminat 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], 'issuer_name': json['issuer_name'] == null ? undefined : json['issuer_name'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_bits': json['key_bits'] == null ? undefined : json['key_bits'], 'key_name': json['key_name'] == null ? undefined : json['key_name'], 'key_ref': json['key_ref'] == null ? undefined : json['key_ref'], @@ -386,6 +401,8 @@ export function PkiGenerateRootRequestToJSONTyped(value?: PkiGenerateRootRequest 'format': value['format'], 'ip_sans': value['ip_sans'], 'issuer_name': value['issuer_name'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_bits': value['key_bits'], 'key_name': value['key_name'], 'key_ref': value['key_ref'], diff --git a/src/models/PkiIssueWithRoleRequest.ts b/src/models/PkiIssueWithRoleRequest.ts index 97defa3..e7c5ee4 100644 --- a/src/models/PkiIssueWithRoleRequest.ts +++ b/src/models/PkiIssueWithRoleRequest.ts @@ -48,7 +48,7 @@ export interface PkiIssueWithRoleRequest { */ exclude_cn_from_sans?: boolean; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiIssueWithRoleRequest */ @@ -65,6 +65,18 @@ export interface PkiIssueWithRoleRequest { * @memberof PkiIssueWithRoleRequest */ issuer_ref?: string; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiIssueWithRoleRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiIssueWithRoleRequest + */ + jks_password?: string; /** * Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ * @type {string} @@ -135,7 +147,8 @@ export enum PkiIssueWithRoleRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -181,6 +194,8 @@ export function PkiIssueWithRoleRequestFromJSONTyped(json: any, ignoreDiscrimina 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], 'issuer_ref': json['issuer_ref'] == null ? undefined : json['issuer_ref'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'not_after': json['not_after'] == null ? undefined : json['not_after'], 'other_sans': json['other_sans'] == null ? undefined : json['other_sans'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], @@ -212,6 +227,8 @@ export function PkiIssueWithRoleRequestToJSONTyped(value?: PkiIssueWithRoleReque 'format': value['format'], 'ip_sans': value['ip_sans'], 'issuer_ref': value['issuer_ref'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'not_after': value['not_after'], 'other_sans': value['other_sans'], 'pkcs12_encoder': value['pkcs12_encoder'], diff --git a/src/models/PkiIssuerIssueWithRoleRequest.ts b/src/models/PkiIssuerIssueWithRoleRequest.ts index a48c999..b5ff23b 100644 --- a/src/models/PkiIssuerIssueWithRoleRequest.ts +++ b/src/models/PkiIssuerIssueWithRoleRequest.ts @@ -48,7 +48,7 @@ export interface PkiIssuerIssueWithRoleRequest { */ exclude_cn_from_sans?: boolean; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiIssuerIssueWithRoleRequest */ @@ -59,6 +59,18 @@ export interface PkiIssuerIssueWithRoleRequest { * @memberof PkiIssuerIssueWithRoleRequest */ ip_sans?: Array; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiIssuerIssueWithRoleRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiIssuerIssueWithRoleRequest + */ + jks_password?: string; /** * Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ * @type {string} @@ -129,7 +141,8 @@ export enum PkiIssuerIssueWithRoleRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -174,6 +187,8 @@ export function PkiIssuerIssueWithRoleRequestFromJSONTyped(json: any, ignoreDisc 'exclude_cn_from_sans': json['exclude_cn_from_sans'] == null ? undefined : json['exclude_cn_from_sans'], 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'not_after': json['not_after'] == null ? undefined : json['not_after'], 'other_sans': json['other_sans'] == null ? undefined : json['other_sans'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], @@ -204,6 +219,8 @@ export function PkiIssuerIssueWithRoleRequestToJSONTyped(value?: PkiIssuerIssueW 'exclude_cn_from_sans': value['exclude_cn_from_sans'], 'format': value['format'], 'ip_sans': value['ip_sans'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'not_after': value['not_after'], 'other_sans': value['other_sans'], 'pkcs12_encoder': value['pkcs12_encoder'], diff --git a/src/models/PkiIssuerSignIntermediateRequest.ts b/src/models/PkiIssuerSignIntermediateRequest.ts index 8f8335f..7114e09 100644 --- a/src/models/PkiIssuerSignIntermediateRequest.ts +++ b/src/models/PkiIssuerSignIntermediateRequest.ts @@ -84,7 +84,7 @@ export interface PkiIssuerSignIntermediateRequest { */ excluded_uri_domains?: Array; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiIssuerSignIntermediateRequest */ @@ -101,6 +101,18 @@ export interface PkiIssuerSignIntermediateRequest { * @memberof PkiIssuerSignIntermediateRequest */ issuer_name?: string; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiIssuerSignIntermediateRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiIssuerSignIntermediateRequest + */ + jks_password?: string; /** * This list of key usages (not extended key usages) will be added to the existing set of key usages, CRL,CertSign, on the generated certificate. Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the "KeyUsage" part of the name. To use the issuer for CMPv2, DigitalSignature must be set. * @type {Array} @@ -261,7 +273,8 @@ export enum PkiIssuerSignIntermediateRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -313,6 +326,8 @@ export function PkiIssuerSignIntermediateRequestFromJSONTyped(json: any, ignoreD 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], 'issuer_name': json['issuer_name'] == null ? undefined : json['issuer_name'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_usage': json['key_usage'] == null ? undefined : json['key_usage'], 'locality': json['locality'] == null ? undefined : json['locality'], 'max_path_length': json['max_path_length'] == null ? undefined : json['max_path_length'], @@ -365,6 +380,8 @@ export function PkiIssuerSignIntermediateRequestToJSONTyped(value?: PkiIssuerSig 'format': value['format'], 'ip_sans': value['ip_sans'], 'issuer_name': value['issuer_name'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_usage': value['key_usage'], 'locality': value['locality'], 'max_path_length': value['max_path_length'], diff --git a/src/models/PkiIssuerSignVerbatimRequest.ts b/src/models/PkiIssuerSignVerbatimRequest.ts index b69ef65..a4b59be 100644 --- a/src/models/PkiIssuerSignVerbatimRequest.ts +++ b/src/models/PkiIssuerSignVerbatimRequest.ts @@ -66,7 +66,7 @@ export interface PkiIssuerSignVerbatimRequest { */ ext_key_usage_oids?: Array; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiIssuerSignVerbatimRequest */ @@ -77,6 +77,18 @@ export interface PkiIssuerSignVerbatimRequest { * @memberof PkiIssuerSignVerbatimRequest */ ip_sans?: Array; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiIssuerSignVerbatimRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiIssuerSignVerbatimRequest + */ + jks_password?: string; /** * A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the "KeyUsage" part of the name. To remove all key usages from being set, set this value to an empty list. * @type {Array} @@ -165,7 +177,8 @@ export enum PkiIssuerSignVerbatimRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -213,6 +226,8 @@ export function PkiIssuerSignVerbatimRequestFromJSONTyped(json: any, ignoreDiscr 'ext_key_usage_oids': json['ext_key_usage_oids'] == null ? undefined : json['ext_key_usage_oids'], 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_usage': json['key_usage'] == null ? undefined : json['key_usage'], 'not_after': json['not_after'] == null ? undefined : json['not_after'], 'other_sans': json['other_sans'] == null ? undefined : json['other_sans'], @@ -249,6 +264,8 @@ export function PkiIssuerSignVerbatimRequestToJSONTyped(value?: PkiIssuerSignVer 'ext_key_usage_oids': value['ext_key_usage_oids'], 'format': value['format'], 'ip_sans': value['ip_sans'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_usage': value['key_usage'], 'not_after': value['not_after'], 'other_sans': value['other_sans'], diff --git a/src/models/PkiIssuerSignVerbatimWithRoleRequest.ts b/src/models/PkiIssuerSignVerbatimWithRoleRequest.ts index de36244..0238300 100644 --- a/src/models/PkiIssuerSignVerbatimWithRoleRequest.ts +++ b/src/models/PkiIssuerSignVerbatimWithRoleRequest.ts @@ -66,7 +66,7 @@ export interface PkiIssuerSignVerbatimWithRoleRequest { */ ext_key_usage_oids?: Array; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiIssuerSignVerbatimWithRoleRequest */ @@ -77,6 +77,18 @@ export interface PkiIssuerSignVerbatimWithRoleRequest { * @memberof PkiIssuerSignVerbatimWithRoleRequest */ ip_sans?: Array; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiIssuerSignVerbatimWithRoleRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiIssuerSignVerbatimWithRoleRequest + */ + jks_password?: string; /** * A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the "KeyUsage" part of the name. To remove all key usages from being set, set this value to an empty list. * @type {Array} @@ -165,7 +177,8 @@ export enum PkiIssuerSignVerbatimWithRoleRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -213,6 +226,8 @@ export function PkiIssuerSignVerbatimWithRoleRequestFromJSONTyped(json: any, ign 'ext_key_usage_oids': json['ext_key_usage_oids'] == null ? undefined : json['ext_key_usage_oids'], 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_usage': json['key_usage'] == null ? undefined : json['key_usage'], 'not_after': json['not_after'] == null ? undefined : json['not_after'], 'other_sans': json['other_sans'] == null ? undefined : json['other_sans'], @@ -249,6 +264,8 @@ export function PkiIssuerSignVerbatimWithRoleRequestToJSONTyped(value?: PkiIssue 'ext_key_usage_oids': value['ext_key_usage_oids'], 'format': value['format'], 'ip_sans': value['ip_sans'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_usage': value['key_usage'], 'not_after': value['not_after'], 'other_sans': value['other_sans'], diff --git a/src/models/PkiIssuerSignWithRoleRequest.ts b/src/models/PkiIssuerSignWithRoleRequest.ts index dff8b4c..a41c28b 100644 --- a/src/models/PkiIssuerSignWithRoleRequest.ts +++ b/src/models/PkiIssuerSignWithRoleRequest.ts @@ -54,7 +54,7 @@ export interface PkiIssuerSignWithRoleRequest { */ exclude_cn_from_sans?: boolean; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiIssuerSignWithRoleRequest */ @@ -65,6 +65,18 @@ export interface PkiIssuerSignWithRoleRequest { * @memberof PkiIssuerSignWithRoleRequest */ ip_sans?: Array; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiIssuerSignWithRoleRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiIssuerSignWithRoleRequest + */ + jks_password?: string; /** * Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ * @type {string} @@ -135,7 +147,8 @@ export enum PkiIssuerSignWithRoleRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -181,6 +194,8 @@ export function PkiIssuerSignWithRoleRequestFromJSONTyped(json: any, ignoreDiscr 'exclude_cn_from_sans': json['exclude_cn_from_sans'] == null ? undefined : json['exclude_cn_from_sans'], 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'not_after': json['not_after'] == null ? undefined : json['not_after'], 'other_sans': json['other_sans'] == null ? undefined : json['other_sans'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], @@ -212,6 +227,8 @@ export function PkiIssuerSignWithRoleRequestToJSONTyped(value?: PkiIssuerSignWit 'exclude_cn_from_sans': value['exclude_cn_from_sans'], 'format': value['format'], 'ip_sans': value['ip_sans'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'not_after': value['not_after'], 'other_sans': value['other_sans'], 'pkcs12_encoder': value['pkcs12_encoder'], diff --git a/src/models/PkiIssuersGenerateRootRequest.ts b/src/models/PkiIssuersGenerateRootRequest.ts index f2655d6..e9e03f0 100644 --- a/src/models/PkiIssuersGenerateRootRequest.ts +++ b/src/models/PkiIssuersGenerateRootRequest.ts @@ -72,7 +72,7 @@ export interface PkiIssuersGenerateRootRequest { */ excluded_uri_domains?: Array; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiIssuersGenerateRootRequest */ @@ -89,6 +89,18 @@ export interface PkiIssuersGenerateRootRequest { * @memberof PkiIssuersGenerateRootRequest */ issuer_name?: string; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiIssuersGenerateRootRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiIssuersGenerateRootRequest + */ + jks_password?: string; /** * The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, 4096 or 8192; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519. * @type {number} @@ -273,7 +285,8 @@ export enum PkiIssuersGenerateRootRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -332,6 +345,8 @@ export function PkiIssuersGenerateRootRequestFromJSONTyped(json: any, ignoreDisc 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], 'issuer_name': json['issuer_name'] == null ? undefined : json['issuer_name'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_bits': json['key_bits'] == null ? undefined : json['key_bits'], 'key_name': json['key_name'] == null ? undefined : json['key_name'], 'key_ref': json['key_ref'] == null ? undefined : json['key_ref'], @@ -386,6 +401,8 @@ export function PkiIssuersGenerateRootRequestToJSONTyped(value?: PkiIssuersGener 'format': value['format'], 'ip_sans': value['ip_sans'], 'issuer_name': value['issuer_name'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_bits': value['key_bits'], 'key_name': value['key_name'], 'key_ref': value['key_ref'], diff --git a/src/models/PkiRootSignIntermediateRequest.ts b/src/models/PkiRootSignIntermediateRequest.ts index c4c47af..862ac29 100644 --- a/src/models/PkiRootSignIntermediateRequest.ts +++ b/src/models/PkiRootSignIntermediateRequest.ts @@ -84,7 +84,7 @@ export interface PkiRootSignIntermediateRequest { */ excluded_uri_domains?: Array; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiRootSignIntermediateRequest */ @@ -107,6 +107,18 @@ export interface PkiRootSignIntermediateRequest { * @memberof PkiRootSignIntermediateRequest */ issuer_ref?: string; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiRootSignIntermediateRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiRootSignIntermediateRequest + */ + jks_password?: string; /** * This list of key usages (not extended key usages) will be added to the existing set of key usages, CRL,CertSign, on the generated certificate. Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the "KeyUsage" part of the name. To use the issuer for CMPv2, DigitalSignature must be set. * @type {Array} @@ -267,7 +279,8 @@ export enum PkiRootSignIntermediateRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -320,6 +333,8 @@ export function PkiRootSignIntermediateRequestFromJSONTyped(json: any, ignoreDis 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], 'issuer_name': json['issuer_name'] == null ? undefined : json['issuer_name'], 'issuer_ref': json['issuer_ref'] == null ? undefined : json['issuer_ref'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_usage': json['key_usage'] == null ? undefined : json['key_usage'], 'locality': json['locality'] == null ? undefined : json['locality'], 'max_path_length': json['max_path_length'] == null ? undefined : json['max_path_length'], @@ -373,6 +388,8 @@ export function PkiRootSignIntermediateRequestToJSONTyped(value?: PkiRootSignInt 'ip_sans': value['ip_sans'], 'issuer_name': value['issuer_name'], 'issuer_ref': value['issuer_ref'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_usage': value['key_usage'], 'locality': value['locality'], 'max_path_length': value['max_path_length'], diff --git a/src/models/PkiRotateRootRequest.ts b/src/models/PkiRotateRootRequest.ts index 72ae7fc..19a4085 100644 --- a/src/models/PkiRotateRootRequest.ts +++ b/src/models/PkiRotateRootRequest.ts @@ -72,7 +72,7 @@ export interface PkiRotateRootRequest { */ excluded_uri_domains?: Array; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiRotateRootRequest */ @@ -89,6 +89,18 @@ export interface PkiRotateRootRequest { * @memberof PkiRotateRootRequest */ issuer_name?: string; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiRotateRootRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiRotateRootRequest + */ + jks_password?: string; /** * The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, 4096 or 8192; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519. * @type {number} @@ -273,7 +285,8 @@ export enum PkiRotateRootRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -332,6 +345,8 @@ export function PkiRotateRootRequestFromJSONTyped(json: any, ignoreDiscriminator 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], 'issuer_name': json['issuer_name'] == null ? undefined : json['issuer_name'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_bits': json['key_bits'] == null ? undefined : json['key_bits'], 'key_name': json['key_name'] == null ? undefined : json['key_name'], 'key_ref': json['key_ref'] == null ? undefined : json['key_ref'], @@ -386,6 +401,8 @@ export function PkiRotateRootRequestToJSONTyped(value?: PkiRotateRootRequest | n 'format': value['format'], 'ip_sans': value['ip_sans'], 'issuer_name': value['issuer_name'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_bits': value['key_bits'], 'key_name': value['key_name'], 'key_ref': value['key_ref'], diff --git a/src/models/PkiSignVerbatimRequest.ts b/src/models/PkiSignVerbatimRequest.ts index e8b5d4b..75ededd 100644 --- a/src/models/PkiSignVerbatimRequest.ts +++ b/src/models/PkiSignVerbatimRequest.ts @@ -66,7 +66,7 @@ export interface PkiSignVerbatimRequest { */ ext_key_usage_oids?: Array; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiSignVerbatimRequest */ @@ -83,6 +83,18 @@ export interface PkiSignVerbatimRequest { * @memberof PkiSignVerbatimRequest */ issuer_ref?: string; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiSignVerbatimRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiSignVerbatimRequest + */ + jks_password?: string; /** * A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the "KeyUsage" part of the name. To remove all key usages from being set, set this value to an empty list. * @type {Array} @@ -171,7 +183,8 @@ export enum PkiSignVerbatimRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -220,6 +233,8 @@ export function PkiSignVerbatimRequestFromJSONTyped(json: any, ignoreDiscriminat 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], 'issuer_ref': json['issuer_ref'] == null ? undefined : json['issuer_ref'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_usage': json['key_usage'] == null ? undefined : json['key_usage'], 'not_after': json['not_after'] == null ? undefined : json['not_after'], 'other_sans': json['other_sans'] == null ? undefined : json['other_sans'], @@ -257,6 +272,8 @@ export function PkiSignVerbatimRequestToJSONTyped(value?: PkiSignVerbatimRequest 'format': value['format'], 'ip_sans': value['ip_sans'], 'issuer_ref': value['issuer_ref'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_usage': value['key_usage'], 'not_after': value['not_after'], 'other_sans': value['other_sans'], diff --git a/src/models/PkiSignVerbatimWithRoleRequest.ts b/src/models/PkiSignVerbatimWithRoleRequest.ts index 04b4333..5ee714b 100644 --- a/src/models/PkiSignVerbatimWithRoleRequest.ts +++ b/src/models/PkiSignVerbatimWithRoleRequest.ts @@ -66,7 +66,7 @@ export interface PkiSignVerbatimWithRoleRequest { */ ext_key_usage_oids?: Array; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiSignVerbatimWithRoleRequest */ @@ -83,6 +83,18 @@ export interface PkiSignVerbatimWithRoleRequest { * @memberof PkiSignVerbatimWithRoleRequest */ issuer_ref?: string; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiSignVerbatimWithRoleRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiSignVerbatimWithRoleRequest + */ + jks_password?: string; /** * A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the "KeyUsage" part of the name. To remove all key usages from being set, set this value to an empty list. * @type {Array} @@ -171,7 +183,8 @@ export enum PkiSignVerbatimWithRoleRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -220,6 +233,8 @@ export function PkiSignVerbatimWithRoleRequestFromJSONTyped(json: any, ignoreDis 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], 'issuer_ref': json['issuer_ref'] == null ? undefined : json['issuer_ref'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_usage': json['key_usage'] == null ? undefined : json['key_usage'], 'not_after': json['not_after'] == null ? undefined : json['not_after'], 'other_sans': json['other_sans'] == null ? undefined : json['other_sans'], @@ -257,6 +272,8 @@ export function PkiSignVerbatimWithRoleRequestToJSONTyped(value?: PkiSignVerbati 'format': value['format'], 'ip_sans': value['ip_sans'], 'issuer_ref': value['issuer_ref'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_usage': value['key_usage'], 'not_after': value['not_after'], 'other_sans': value['other_sans'], diff --git a/src/models/PkiSignWithRoleRequest.ts b/src/models/PkiSignWithRoleRequest.ts index 77d42eb..451ced7 100644 --- a/src/models/PkiSignWithRoleRequest.ts +++ b/src/models/PkiSignWithRoleRequest.ts @@ -54,7 +54,7 @@ export interface PkiSignWithRoleRequest { */ exclude_cn_from_sans?: boolean; /** - * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiSignWithRoleRequest */ @@ -71,6 +71,18 @@ export interface PkiSignWithRoleRequest { * @memberof PkiSignWithRoleRequest */ issuer_ref?: string; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiSignWithRoleRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiSignWithRoleRequest + */ + jks_password?: string; /** * Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ * @type {string} @@ -141,7 +153,8 @@ export enum PkiSignWithRoleRequestFormatEnum { PEM = 'pem', DER = 'der', PEM_BUNDLE = 'pem_bundle', - PKCS12_BUNDLE = 'pkcs12_bundle' + PKCS12_BUNDLE = 'pkcs12_bundle', + JKS_BUNDLE = 'jks_bundle' } /** * @export @@ -188,6 +201,8 @@ export function PkiSignWithRoleRequestFromJSONTyped(json: any, ignoreDiscriminat 'format': json['format'] == null ? undefined : json['format'], 'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'], 'issuer_ref': json['issuer_ref'] == null ? undefined : json['issuer_ref'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'not_after': json['not_after'] == null ? undefined : json['not_after'], 'other_sans': json['other_sans'] == null ? undefined : json['other_sans'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], @@ -220,6 +235,8 @@ export function PkiSignWithRoleRequestToJSONTyped(value?: PkiSignWithRoleRequest 'format': value['format'], 'ip_sans': value['ip_sans'], 'issuer_ref': value['issuer_ref'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'not_after': value['not_after'], 'other_sans': value['other_sans'], 'pkcs12_encoder': value['pkcs12_encoder'], diff --git a/src/models/PkiWriteExternalPolicyIssuePolicyRequest.ts b/src/models/PkiWriteExternalPolicyIssuePolicyRequest.ts index 71ba530..335edef 100644 --- a/src/models/PkiWriteExternalPolicyIssuePolicyRequest.ts +++ b/src/models/PkiWriteExternalPolicyIssuePolicyRequest.ts @@ -25,11 +25,23 @@ import { mapValues } from '../runtime'; export interface PkiWriteExternalPolicyIssuePolicyRequest { [key: string]: any | any; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteExternalPolicyIssuePolicyRequest */ format?: PkiWriteExternalPolicyIssuePolicyRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteExternalPolicyIssuePolicyRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteExternalPolicyIssuePolicyRequest + */ + jks_password?: string; /** * The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519. * @type {number} @@ -124,6 +136,8 @@ export function PkiWriteExternalPolicyIssuePolicyRequestFromJSONTyped(json: any, ...json, 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_bits': json['key_bits'] == null ? undefined : json['key_bits'], 'key_type': json['key_type'] == null ? undefined : json['key_type'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], @@ -146,6 +160,8 @@ export function PkiWriteExternalPolicyIssuePolicyRequestToJSONTyped(value?: PkiW ...value, 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_bits': value['key_bits'], 'key_type': value['key_type'], 'pkcs12_encoder': value['pkcs12_encoder'], diff --git a/src/models/PkiWriteExternalPolicyIssueRequest.ts b/src/models/PkiWriteExternalPolicyIssueRequest.ts index 96c5754..abbff74 100644 --- a/src/models/PkiWriteExternalPolicyIssueRequest.ts +++ b/src/models/PkiWriteExternalPolicyIssueRequest.ts @@ -25,11 +25,23 @@ import { mapValues } from '../runtime'; export interface PkiWriteExternalPolicyIssueRequest { [key: string]: any | any; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteExternalPolicyIssueRequest */ format?: PkiWriteExternalPolicyIssueRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteExternalPolicyIssueRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteExternalPolicyIssueRequest + */ + jks_password?: string; /** * The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519. * @type {number} @@ -124,6 +136,8 @@ export function PkiWriteExternalPolicyIssueRequestFromJSONTyped(json: any, ignor ...json, 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_bits': json['key_bits'] == null ? undefined : json['key_bits'], 'key_type': json['key_type'] == null ? undefined : json['key_type'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], @@ -146,6 +160,8 @@ export function PkiWriteExternalPolicyIssueRequestToJSONTyped(value?: PkiWriteEx ...value, 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_bits': value['key_bits'], 'key_type': value['key_type'], 'pkcs12_encoder': value['pkcs12_encoder'], diff --git a/src/models/PkiWriteExternalPolicySignIntermediatePolicyRequest.ts b/src/models/PkiWriteExternalPolicySignIntermediatePolicyRequest.ts index 752bc4a..351b00b 100644 --- a/src/models/PkiWriteExternalPolicySignIntermediatePolicyRequest.ts +++ b/src/models/PkiWriteExternalPolicySignIntermediatePolicyRequest.ts @@ -31,11 +31,23 @@ export interface PkiWriteExternalPolicySignIntermediatePolicyRequest { */ csr: string; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteExternalPolicySignIntermediatePolicyRequest */ format?: PkiWriteExternalPolicySignIntermediatePolicyRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteExternalPolicySignIntermediatePolicyRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteExternalPolicySignIntermediatePolicyRequest + */ + jks_password?: string; /** * Encoder profile to use for PKCS#12 archives when format is set to "pkcs12_bundle". Valid values are "modern2026" and "modern2023". Defaults to "modern2026", which uses the newer PKCS#12 integrity format (PBMAC1). * @type {string} @@ -90,6 +102,8 @@ export function PkiWriteExternalPolicySignIntermediatePolicyRequestFromJSONTyped ...json, 'csr': json['csr'], 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], 'pkcs12_password': json['pkcs12_password'] == null ? undefined : json['pkcs12_password'], }; @@ -109,6 +123,8 @@ export function PkiWriteExternalPolicySignIntermediatePolicyRequestToJSONTyped(v ...value, 'csr': value['csr'], 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'pkcs12_encoder': value['pkcs12_encoder'], 'pkcs12_password': value['pkcs12_password'], }; diff --git a/src/models/PkiWriteExternalPolicySignIntermediateRequest.ts b/src/models/PkiWriteExternalPolicySignIntermediateRequest.ts index 794f10f..ff52787 100644 --- a/src/models/PkiWriteExternalPolicySignIntermediateRequest.ts +++ b/src/models/PkiWriteExternalPolicySignIntermediateRequest.ts @@ -31,11 +31,23 @@ export interface PkiWriteExternalPolicySignIntermediateRequest { */ csr: string; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteExternalPolicySignIntermediateRequest */ format?: PkiWriteExternalPolicySignIntermediateRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteExternalPolicySignIntermediateRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteExternalPolicySignIntermediateRequest + */ + jks_password?: string; /** * Encoder profile to use for PKCS#12 archives when format is set to "pkcs12_bundle". Valid values are "modern2026" and "modern2023". Defaults to "modern2026", which uses the newer PKCS#12 integrity format (PBMAC1). * @type {string} @@ -90,6 +102,8 @@ export function PkiWriteExternalPolicySignIntermediateRequestFromJSONTyped(json: ...json, 'csr': json['csr'], 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], 'pkcs12_password': json['pkcs12_password'] == null ? undefined : json['pkcs12_password'], }; @@ -109,6 +123,8 @@ export function PkiWriteExternalPolicySignIntermediateRequestToJSONTyped(value?: ...value, 'csr': value['csr'], 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'pkcs12_encoder': value['pkcs12_encoder'], 'pkcs12_password': value['pkcs12_password'], }; diff --git a/src/models/PkiWriteExternalPolicySignPolicyRequest.ts b/src/models/PkiWriteExternalPolicySignPolicyRequest.ts index 9cc4993..71a2fef 100644 --- a/src/models/PkiWriteExternalPolicySignPolicyRequest.ts +++ b/src/models/PkiWriteExternalPolicySignPolicyRequest.ts @@ -31,11 +31,23 @@ export interface PkiWriteExternalPolicySignPolicyRequest { */ csr: string; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteExternalPolicySignPolicyRequest */ format?: PkiWriteExternalPolicySignPolicyRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteExternalPolicySignPolicyRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteExternalPolicySignPolicyRequest + */ + jks_password?: string; /** * Encoder profile to use for PKCS#12 archives when format is set to "pkcs12_bundle". Valid values are "modern2026" and "modern2023". Defaults to "modern2026", which uses the newer PKCS#12 integrity format (PBMAC1). * @type {string} @@ -96,6 +108,8 @@ export function PkiWriteExternalPolicySignPolicyRequestFromJSONTyped(json: any, ...json, 'csr': json['csr'], 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], 'pkcs12_password': json['pkcs12_password'] == null ? undefined : json['pkcs12_password'], 'remove_roots_from_chain': json['remove_roots_from_chain'] == null ? undefined : json['remove_roots_from_chain'], @@ -116,6 +130,8 @@ export function PkiWriteExternalPolicySignPolicyRequestToJSONTyped(value?: PkiWr ...value, 'csr': value['csr'], 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'pkcs12_encoder': value['pkcs12_encoder'], 'pkcs12_password': value['pkcs12_password'], 'remove_roots_from_chain': value['remove_roots_from_chain'], diff --git a/src/models/PkiWriteExternalPolicySignRequest.ts b/src/models/PkiWriteExternalPolicySignRequest.ts index 33e3402..412bdc8 100644 --- a/src/models/PkiWriteExternalPolicySignRequest.ts +++ b/src/models/PkiWriteExternalPolicySignRequest.ts @@ -31,11 +31,23 @@ export interface PkiWriteExternalPolicySignRequest { */ csr: string; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteExternalPolicySignRequest */ format?: PkiWriteExternalPolicySignRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteExternalPolicySignRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteExternalPolicySignRequest + */ + jks_password?: string; /** * Encoder profile to use for PKCS#12 archives when format is set to "pkcs12_bundle". Valid values are "modern2026" and "modern2023". Defaults to "modern2026", which uses the newer PKCS#12 integrity format (PBMAC1). * @type {string} @@ -96,6 +108,8 @@ export function PkiWriteExternalPolicySignRequestFromJSONTyped(json: any, ignore ...json, 'csr': json['csr'], 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], 'pkcs12_password': json['pkcs12_password'] == null ? undefined : json['pkcs12_password'], 'remove_roots_from_chain': json['remove_roots_from_chain'] == null ? undefined : json['remove_roots_from_chain'], @@ -116,6 +130,8 @@ export function PkiWriteExternalPolicySignRequestToJSONTyped(value?: PkiWriteExt ...value, 'csr': value['csr'], 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'pkcs12_encoder': value['pkcs12_encoder'], 'pkcs12_password': value['pkcs12_password'], 'remove_roots_from_chain': value['remove_roots_from_chain'], diff --git a/src/models/PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequest.ts b/src/models/PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequest.ts index 5ffd369..5dfad2d 100644 --- a/src/models/PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequest.ts +++ b/src/models/PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequest.ts @@ -25,11 +25,23 @@ import { mapValues } from '../runtime'; export interface PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequest { [key: string]: any | any; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequest */ format?: PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequest + */ + jks_password?: string; /** * The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519. * @type {number} @@ -124,6 +136,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequestFromJSONT ...json, 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_bits': json['key_bits'] == null ? undefined : json['key_bits'], 'key_type': json['key_type'] == null ? undefined : json['key_type'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], @@ -146,6 +160,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicyIssuePolicyRequestToJSONTyp ...value, 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_bits': value['key_bits'], 'key_type': value['key_type'], 'pkcs12_encoder': value['pkcs12_encoder'], diff --git a/src/models/PkiWriteIssuerIssuerRefExternalPolicyIssueRequest.ts b/src/models/PkiWriteIssuerIssuerRefExternalPolicyIssueRequest.ts index c11ad76..746564b 100644 --- a/src/models/PkiWriteIssuerIssuerRefExternalPolicyIssueRequest.ts +++ b/src/models/PkiWriteIssuerIssuerRefExternalPolicyIssueRequest.ts @@ -25,11 +25,23 @@ import { mapValues } from '../runtime'; export interface PkiWriteIssuerIssuerRefExternalPolicyIssueRequest { [key: string]: any | any; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteIssuerIssuerRefExternalPolicyIssueRequest */ format?: PkiWriteIssuerIssuerRefExternalPolicyIssueRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicyIssueRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicyIssueRequest + */ + jks_password?: string; /** * The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519. * @type {number} @@ -124,6 +136,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicyIssueRequestFromJSONTyped(j ...json, 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'key_bits': json['key_bits'] == null ? undefined : json['key_bits'], 'key_type': json['key_type'] == null ? undefined : json['key_type'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], @@ -146,6 +160,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicyIssueRequestToJSONTyped(val ...value, 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'key_bits': value['key_bits'], 'key_type': value['key_type'], 'pkcs12_encoder': value['pkcs12_encoder'], diff --git a/src/models/PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyRequest.ts b/src/models/PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyRequest.ts index 41889f1..848da8d 100644 --- a/src/models/PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyRequest.ts +++ b/src/models/PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyRequest.ts @@ -31,11 +31,23 @@ export interface PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyRequ */ csr: string; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyRequest */ format?: PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyRequest + */ + jks_password?: string; /** * Encoder profile to use for PKCS#12 archives when format is set to "pkcs12_bundle". Valid values are "modern2026" and "modern2023". Defaults to "modern2026", which uses the newer PKCS#12 integrity format (PBMAC1). * @type {string} @@ -90,6 +102,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyReque ...json, 'csr': json['csr'], 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], 'pkcs12_password': json['pkcs12_password'] == null ? undefined : json['pkcs12_password'], }; @@ -109,6 +123,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicySignIntermediatePolicyReque ...value, 'csr': value['csr'], 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'pkcs12_encoder': value['pkcs12_encoder'], 'pkcs12_password': value['pkcs12_password'], }; diff --git a/src/models/PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequest.ts b/src/models/PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequest.ts index 2b85a45..a67841a 100644 --- a/src/models/PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequest.ts +++ b/src/models/PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequest.ts @@ -31,11 +31,23 @@ export interface PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequest { */ csr: string; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequest */ format?: PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequest + */ + jks_password?: string; /** * Encoder profile to use for PKCS#12 archives when format is set to "pkcs12_bundle". Valid values are "modern2026" and "modern2023". Defaults to "modern2026", which uses the newer PKCS#12 integrity format (PBMAC1). * @type {string} @@ -90,6 +102,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequestFrom ...json, 'csr': json['csr'], 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], 'pkcs12_password': json['pkcs12_password'] == null ? undefined : json['pkcs12_password'], }; @@ -109,6 +123,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicySignIntermediateRequestToJS ...value, 'csr': value['csr'], 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'pkcs12_encoder': value['pkcs12_encoder'], 'pkcs12_password': value['pkcs12_password'], }; diff --git a/src/models/PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequest.ts b/src/models/PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequest.ts index c1f83ef..8488fac 100644 --- a/src/models/PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequest.ts +++ b/src/models/PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequest.ts @@ -31,11 +31,23 @@ export interface PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequest { */ csr: string; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequest */ format?: PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequest + */ + jks_password?: string; /** * Encoder profile to use for PKCS#12 archives when format is set to "pkcs12_bundle". Valid values are "modern2026" and "modern2023". Defaults to "modern2026", which uses the newer PKCS#12 integrity format (PBMAC1). * @type {string} @@ -96,6 +108,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequestFromJSONTy ...json, 'csr': json['csr'], 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], 'pkcs12_password': json['pkcs12_password'] == null ? undefined : json['pkcs12_password'], 'remove_roots_from_chain': json['remove_roots_from_chain'] == null ? undefined : json['remove_roots_from_chain'], @@ -116,6 +130,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicySignPolicyRequestToJSONType ...value, 'csr': value['csr'], 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'pkcs12_encoder': value['pkcs12_encoder'], 'pkcs12_password': value['pkcs12_password'], 'remove_roots_from_chain': value['remove_roots_from_chain'], diff --git a/src/models/PkiWriteIssuerIssuerRefExternalPolicySignRequest.ts b/src/models/PkiWriteIssuerIssuerRefExternalPolicySignRequest.ts index 5802203..66a17db 100644 --- a/src/models/PkiWriteIssuerIssuerRefExternalPolicySignRequest.ts +++ b/src/models/PkiWriteIssuerIssuerRefExternalPolicySignRequest.ts @@ -31,11 +31,23 @@ export interface PkiWriteIssuerIssuerRefExternalPolicySignRequest { */ csr: string; /** - * Format for returned data. Can be "pem", "der", "pem_bundle", or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem". + * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem". * @type {string} * @memberof PkiWriteIssuerIssuerRefExternalPolicySignRequest */ format?: PkiWriteIssuerIssuerRefExternalPolicySignRequestFormatEnum; + /** + * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1". + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicySignRequest + */ + jks_alias?: string; + /** + * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password. + * @type {string} + * @memberof PkiWriteIssuerIssuerRefExternalPolicySignRequest + */ + jks_password?: string; /** * Encoder profile to use for PKCS#12 archives when format is set to "pkcs12_bundle". Valid values are "modern2026" and "modern2023". Defaults to "modern2026", which uses the newer PKCS#12 integrity format (PBMAC1). * @type {string} @@ -96,6 +108,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicySignRequestFromJSONTyped(js ...json, 'csr': json['csr'], 'format': json['format'] == null ? undefined : json['format'], + 'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'], + 'jks_password': json['jks_password'] == null ? undefined : json['jks_password'], 'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'], 'pkcs12_password': json['pkcs12_password'] == null ? undefined : json['pkcs12_password'], 'remove_roots_from_chain': json['remove_roots_from_chain'] == null ? undefined : json['remove_roots_from_chain'], @@ -116,6 +130,8 @@ export function PkiWriteIssuerIssuerRefExternalPolicySignRequestToJSONTyped(valu ...value, 'csr': value['csr'], 'format': value['format'], + 'jks_alias': value['jks_alias'], + 'jks_password': value['jks_password'], 'pkcs12_encoder': value['pkcs12_encoder'], 'pkcs12_password': value['pkcs12_password'], 'remove_roots_from_chain': value['remove_roots_from_chain'], diff --git a/src/models/TransitCreateKeyRequest.ts b/src/models/TransitCreateKeyRequest.ts index 0e9fc42..9e04b84 100644 --- a/src/models/TransitCreateKeyRequest.ts +++ b/src/models/TransitCreateKeyRequest.ts @@ -60,19 +60,19 @@ export interface TransitCreateKeyRequest { */ exportable?: boolean; /** - * The key type of the elliptic curve key to use for hybrid signature schemes. Supported types are: ecdsa-p256, ecdsa-p384, ecdsa-p521, and ed25519. + * The elliptic curve key type to use for hybrid signature schemes. Supported types are: ecdsa-p256, ecdsa-p384, ecdsa-p521, and ed25519. * @type {string} * @memberof TransitCreateKeyRequest */ - hybrid_key_type_ec?: string; + hybrid_key_type_ec?: TransitCreateKeyRequestHybridKeyTypeEcEnum; /** - * The key type of the post-quantum key to use for hybrid signature schemes. Supported types are: ML-DSA. + * The post-quantum key type to use for hybrid signature schemes. Supported types are: ml-dsa. * @type {string} * @memberof TransitCreateKeyRequest */ - hybrid_key_type_pqc?: string; + hybrid_key_type_pqc?: TransitCreateKeyRequestHybridKeyTypePqcEnum; /** - * The key size in bytes for the algorithm. Only applies to HMAC and must be no fewer than 32 bytes and no more than 512 + * The key size in bytes for the algorithm. Only applies to HMAC and must be no fewer than 32 bytes and no more than 512. * @type {number} * @memberof TransitCreateKeyRequest */ @@ -90,19 +90,85 @@ export interface TransitCreateKeyRequest { */ managed_key_name?: string; /** - * The parameter set to use. Applies to ML-DSA and SLH-DSA key types. For ML-DSA key types, valid values are 44, 65, or 87. For SLH-DSA key types, valid values are SLH-DSA-SHA2-128s, SLH-DSA-SHAKE-128s, SLH-DSA-SHA2-128f, SLH-DSA-SHAKE-128f, SLH-DSA-SHA2-192s, SLH-DSA-SHAKE-192s, SLH-DSA-SHA2-192f, SLH-DSA-SHAKE-192f, SLH-DSA-SHA2-256s, SLH-DSA-SHAKE-256s, SLH-DSA-SHA2-256f, SLH-DSA-SHAKE-256f + * The parameter set to use for post-quantum key types. For ML-DSA, valid values are 44, 65, or 87. For SLH-DSA, valid values are the full parameter set identifiers (e.g. "slh-dsa-sha2-128s"). Applies to ML-DSA, SLH-DSA, and Hybrid key types. * @type {string} * @memberof TransitCreateKeyRequest */ - parameter_set?: string; + parameter_set?: TransitCreateKeyRequestParameterSetEnum; /** - * The type of key to create. Currently, "aes128-gcm96" (symmetric), "aes256-gcm96" (symmetric), "ecdsa-p256" (asymmetric), "ecdsa-p384" (asymmetric), "ecdsa-p521" (asymmetric), "ed25519" (asymmetric), "rsa-2048" (asymmetric), "rsa-3072" (asymmetric), "rsa-4096" (asymmetric), "ml-dsa" (asymmetric), "slh-dsa" (asymmetric) are supported. Defaults to "aes256-gcm96". + * The type of key. Symmetric types: "aes128-gcm96", "aes256-gcm96", "chacha20-poly1305", "aes128-cbc", "aes256-cbc", "aes128-cmac", "aes192-cmac", "aes256-cmac". Asymmetric types: "ecdsa-p256", "ecdsa-p384", "ecdsa-p521", "ed25519", "rsa-2048", "rsa-3072", "rsa-4096", "ml-dsa", "slh-dsa", "hybrid". Defaults to "aes256-gcm96" * @type {string} * @memberof TransitCreateKeyRequest */ - type?: string; + type?: TransitCreateKeyRequestTypeEnum; } +/** +* @export +* @enum {string} +*/ +export enum TransitCreateKeyRequestHybridKeyTypeEcEnum { + ECDSA_P256 = 'ecdsa-p256', + ECDSA_P384 = 'ecdsa-p384', + ECDSA_P521 = 'ecdsa-p521', + ED25519 = 'ed25519' +} +/** +* @export +* @enum {string} +*/ +export enum TransitCreateKeyRequestHybridKeyTypePqcEnum { + ML_DSA = 'ml-dsa' +} +/** +* @export +* @enum {string} +*/ +export enum TransitCreateKeyRequestParameterSetEnum { + _44 = '44', + _65 = '65', + _87 = '87', + SLH_DSA_SHA2_128S = 'slh-dsa-sha2-128s', + SLH_DSA_SHAKE128S = 'slh-dsa-shake128s', + SLH_DSA_SHA2_128F = 'slh-dsa-sha2-128f', + SLH_DSA_SHAKE128F = 'slh-dsa-shake128f', + SLH_DSA_SHA2_192S = 'slh-dsa-sha2-192s', + SLH_DSA_SHAKE192S = 'slh-dsa-shake192s', + SLH_DSA_SHA2_192F = 'slh-dsa-sha2-192f', + SLH_DSA_SHAKE192F = 'slh-dsa-shake192f', + SLH_DSA_SHA2_256S = 'slh-dsa-sha2-256s', + SLH_DSA_SHAKE256S = 'slh-dsa-shake256s', + SLH_DSA_SHA2_256F = 'slh-dsa-sha2-256f', + SLH_DSA_SHAKE256F = 'slh-dsa-shake256f' +} +/** +* @export +* @enum {string} +*/ +export enum TransitCreateKeyRequestTypeEnum { + AES128_GCM96 = 'aes128-gcm96', + AES256_GCM96 = 'aes256-gcm96', + CHACHA20_POLY1305 = 'chacha20-poly1305', + AES128_CBC = 'aes128-cbc', + AES256_CBC = 'aes256-cbc', + AES128_CMAC = 'aes128-cmac', + AES192_CMAC = 'aes192-cmac', + AES256_CMAC = 'aes256-cmac', + ECDSA_P256 = 'ecdsa-p256', + ECDSA_P384 = 'ecdsa-p384', + ECDSA_P521 = 'ecdsa-p521', + ED25519 = 'ed25519', + RSA_2048 = 'rsa-2048', + RSA_3072 = 'rsa-3072', + RSA_4096 = 'rsa-4096', + HMAC = 'hmac', + MANAGED_KEY = 'managed_key', + ML_DSA = 'ml-dsa', + SLH_DSA = 'slh-dsa', + HYBRID = 'hybrid' +} + + /** * Check if a given object implements the TransitCreateKeyRequest interface. */ diff --git a/src/models/TransitReadKeyResponse.ts b/src/models/TransitReadKeyResponse.ts new file mode 100644 index 0000000..32f8886 --- /dev/null +++ b/src/models/TransitReadKeyResponse.ts @@ -0,0 +1,366 @@ +/** + * Copyright IBM Corp. 2025, 2026 + */ + +/* tslint:disable */ +/* eslint-disable */ +/** + * HashiCorp Vault API + * HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`. + * + * The version of the OpenAPI document: 3.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + +import { mapValues } from '../runtime'; +/** + * + * @export + * @interface TransitReadKeyResponse + */ +export interface TransitReadKeyResponse { + /** + * Enables taking a backup of the named key in plaintext format. Once set, this cannot be disabled. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + allow_plaintext_backup?: boolean; + /** + * Amount of time the key should live before being automatically rotated. A value of 0 (default) disables automatic rotation for the key. + * @type {string} + * @memberof TransitReadKeyResponse + */ + auto_rotate_period?: string; + /** + * Information about the most recent backup of this key. Contains "time" and "version" fields. Only present if the key has been backed up. + * @type {object} + * @memberof TransitReadKeyResponse + */ + backup_info?: object; + /** + * Whether to support convergent encryption. This is only supported when using a key with key derivation enabled and will require all requests to carry both a context and 96-bit (12-byte) nonce. The given nonce will be used in place of a randomly generated nonce. As a result, when the same context and nonce are supplied, the same ciphertext is generated. It is *very important* when using this mode that you ensure that all nonces are unique for a given context. Failing to do so will severely impact the ciphertext's security. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + convergent_encryption?: boolean; + /** + * The version of convergent encryption. Only present if convergent encryption is enabled. + * @type {number} + * @memberof TransitReadKeyResponse + */ + convergent_encryption_version?: number; + /** + * Whether deletion of the key is allowed. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + deletion_allowed?: boolean; + /** + * Enables key derivation mode. This allows for per-transaction unique keys for encryption operations. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + derived?: boolean; + /** + * Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + exportable?: boolean; + /** + * The elliptic curve key type to use for hybrid signature schemes. Supported types are: ecdsa-p256, ecdsa-p384, ecdsa-p521, and ed25519. + * @type {string} + * @memberof TransitReadKeyResponse + */ + hybrid_key_type_ec?: TransitReadKeyResponseHybridKeyTypeEcEnum; + /** + * The post-quantum key type to use for hybrid signature schemes. Supported types are: ml-dsa. + * @type {string} + * @memberof TransitReadKeyResponse + */ + hybrid_key_type_pqc?: TransitReadKeyResponseHybridKeyTypePqcEnum; + /** + * Whether this key was imported rather than generated by Vault. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + imported_key?: boolean; + /** + * Whether rotation is allowed for this imported key. Only present if the key was imported. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + imported_key_allow_rotation?: boolean; + /** + * The key derivation function used. Only present if key derivation is enabled. + * @type {string} + * @memberof TransitReadKeyResponse + */ + kdf?: TransitReadKeyResponseKdfEnum; + /** + * The key derivation function mode. Only present if KDF is "hmac-sha256-counter". + * @type {string} + * @memberof TransitReadKeyResponse + */ + kdf_mode?: TransitReadKeyResponseKdfModeEnum; + /** + * The key size in bytes for the algorithm. Only applies to HMAC and must be no fewer than 32 bytes and no more than 512. + * @type {number} + * @memberof TransitReadKeyResponse + */ + key_size?: number; + /** + * A map of active key versions. For memory efficiency, transit keeps a working set of versions from "min_decryption_version" through the latest version. Older versions may still be retained in archived storage if they are at or above "min_available_version". Versions older than "min_available_version" are permanently deleted. Not present for hmac, managed_key, and CMAC key types. + * @type {object} + * @memberof TransitReadKeyResponse + */ + keys?: object; + /** + * The latest (current) version of the key. + * @type {number} + * @memberof TransitReadKeyResponse + */ + latest_version?: number; + /** + * The minimum version of the key available for use. Versions below this have been permanently deleted. + * @type {number} + * @memberof TransitReadKeyResponse + */ + min_available_version?: number; + /** + * The minimum version of the key allowed for decryption. For signing keys, the minimum version allowed for verification. + * @type {number} + * @memberof TransitReadKeyResponse + */ + min_decryption_version?: number; + /** + * The minimum version of the key allowed for encryption. For signing keys, the minimum version allowed for signing. If set to 0, only the latest version is allowed. + * @type {number} + * @memberof TransitReadKeyResponse + */ + min_encryption_version?: number; + /** + * Name of the key. + * @type {string} + * @memberof TransitReadKeyResponse + */ + name?: string; + /** + * The parameter set to use for post-quantum key types. For ML-DSA, valid values are 44, 65, or 87. For SLH-DSA, valid values are the full parameter set identifiers (e.g. "slh-dsa-sha2-128s"). Applies to ML-DSA, SLH-DSA, and Hybrid key types. + * @type {string} + * @memberof TransitReadKeyResponse + */ + parameter_set?: TransitReadKeyResponseParameterSetEnum; + /** + * Information about when this key was restored from backup. Contains "time" and "version" fields. Only present if the key has been restored. + * @type {object} + * @memberof TransitReadKeyResponse + */ + restore_info?: object; + /** + * Whether this key type supports decryption operations. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + supports_decryption?: boolean; + /** + * Whether this key type supports key derivation. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + supports_derivation?: boolean; + /** + * Whether this key type supports encryption operations. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + supports_encryption?: boolean; + /** + * Whether this key type supports signing operations. + * @type {boolean} + * @memberof TransitReadKeyResponse + */ + supports_signing?: boolean; + /** + * The type of key. Symmetric types: "aes128-gcm96", "aes256-gcm96", "chacha20-poly1305", "aes128-cbc", "aes256-cbc", "aes128-cmac", "aes192-cmac", "aes256-cmac". Asymmetric types: "ecdsa-p256", "ecdsa-p384", "ecdsa-p521", "ed25519", "rsa-2048", "rsa-3072", "rsa-4096", "ml-dsa", "slh-dsa", "hybrid". Defaults to "aes256-gcm96" + * @type {string} + * @memberof TransitReadKeyResponse + */ + type?: TransitReadKeyResponseTypeEnum; +} + +/** +* @export +* @enum {string} +*/ +export enum TransitReadKeyResponseHybridKeyTypeEcEnum { + ECDSA_P256 = 'ecdsa-p256', + ECDSA_P384 = 'ecdsa-p384', + ECDSA_P521 = 'ecdsa-p521', + ED25519 = 'ed25519' +} +/** +* @export +* @enum {string} +*/ +export enum TransitReadKeyResponseHybridKeyTypePqcEnum { + ML_DSA = 'ml-dsa' +} +/** +* @export +* @enum {string} +*/ +export enum TransitReadKeyResponseKdfEnum { + HMAC_SHA256_COUNTER = 'hmac-sha256-counter', + HKDF_SHA256 = 'hkdf_sha256' +} +/** +* @export +* @enum {string} +*/ +export enum TransitReadKeyResponseKdfModeEnum { + HMAC_SHA256_COUNTER = 'hmac-sha256-counter' +} +/** +* @export +* @enum {string} +*/ +export enum TransitReadKeyResponseParameterSetEnum { + _44 = '44', + _65 = '65', + _87 = '87', + SLH_DSA_SHA2_128S = 'slh-dsa-sha2-128s', + SLH_DSA_SHAKE128S = 'slh-dsa-shake128s', + SLH_DSA_SHA2_128F = 'slh-dsa-sha2-128f', + SLH_DSA_SHAKE128F = 'slh-dsa-shake128f', + SLH_DSA_SHA2_192S = 'slh-dsa-sha2-192s', + SLH_DSA_SHAKE192S = 'slh-dsa-shake192s', + SLH_DSA_SHA2_192F = 'slh-dsa-sha2-192f', + SLH_DSA_SHAKE192F = 'slh-dsa-shake192f', + SLH_DSA_SHA2_256S = 'slh-dsa-sha2-256s', + SLH_DSA_SHAKE256S = 'slh-dsa-shake256s', + SLH_DSA_SHA2_256F = 'slh-dsa-sha2-256f', + SLH_DSA_SHAKE256F = 'slh-dsa-shake256f' +} +/** +* @export +* @enum {string} +*/ +export enum TransitReadKeyResponseTypeEnum { + AES128_GCM96 = 'aes128-gcm96', + AES256_GCM96 = 'aes256-gcm96', + CHACHA20_POLY1305 = 'chacha20-poly1305', + AES128_CBC = 'aes128-cbc', + AES256_CBC = 'aes256-cbc', + AES128_CMAC = 'aes128-cmac', + AES192_CMAC = 'aes192-cmac', + AES256_CMAC = 'aes256-cmac', + ECDSA_P256 = 'ecdsa-p256', + ECDSA_P384 = 'ecdsa-p384', + ECDSA_P521 = 'ecdsa-p521', + ED25519 = 'ed25519', + RSA_2048 = 'rsa-2048', + RSA_3072 = 'rsa-3072', + RSA_4096 = 'rsa-4096', + HMAC = 'hmac', + MANAGED_KEY = 'managed_key', + ML_DSA = 'ml-dsa', + SLH_DSA = 'slh-dsa', + HYBRID = 'hybrid' +} + + +/** + * Check if a given object implements the TransitReadKeyResponse interface. + */ +export function instanceOfTransitReadKeyResponse(value: object): value is TransitReadKeyResponse { + return true; +} + +export function TransitReadKeyResponseFromJSON(json: any): TransitReadKeyResponse { + return TransitReadKeyResponseFromJSONTyped(json, false); +} + +export function TransitReadKeyResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): TransitReadKeyResponse { + if (json == null) { + return json; + } + return { + + 'allow_plaintext_backup': json['allow_plaintext_backup'] == null ? undefined : json['allow_plaintext_backup'], + 'auto_rotate_period': json['auto_rotate_period'] == null ? undefined : json['auto_rotate_period'], + 'backup_info': json['backup_info'] == null ? undefined : json['backup_info'], + 'convergent_encryption': json['convergent_encryption'] == null ? undefined : json['convergent_encryption'], + 'convergent_encryption_version': json['convergent_encryption_version'] == null ? undefined : json['convergent_encryption_version'], + 'deletion_allowed': json['deletion_allowed'] == null ? undefined : json['deletion_allowed'], + 'derived': json['derived'] == null ? undefined : json['derived'], + 'exportable': json['exportable'] == null ? undefined : json['exportable'], + 'hybrid_key_type_ec': json['hybrid_key_type_ec'] == null ? undefined : json['hybrid_key_type_ec'], + 'hybrid_key_type_pqc': json['hybrid_key_type_pqc'] == null ? undefined : json['hybrid_key_type_pqc'], + 'imported_key': json['imported_key'] == null ? undefined : json['imported_key'], + 'imported_key_allow_rotation': json['imported_key_allow_rotation'] == null ? undefined : json['imported_key_allow_rotation'], + 'kdf': json['kdf'] == null ? undefined : json['kdf'], + 'kdf_mode': json['kdf_mode'] == null ? undefined : json['kdf_mode'], + 'key_size': json['key_size'] == null ? undefined : json['key_size'], + 'keys': json['keys'] == null ? undefined : json['keys'], + 'latest_version': json['latest_version'] == null ? undefined : json['latest_version'], + 'min_available_version': json['min_available_version'] == null ? undefined : json['min_available_version'], + 'min_decryption_version': json['min_decryption_version'] == null ? undefined : json['min_decryption_version'], + 'min_encryption_version': json['min_encryption_version'] == null ? undefined : json['min_encryption_version'], + 'name': json['name'] == null ? undefined : json['name'], + 'parameter_set': json['parameter_set'] == null ? undefined : json['parameter_set'], + 'restore_info': json['restore_info'] == null ? undefined : json['restore_info'], + 'supports_decryption': json['supports_decryption'] == null ? undefined : json['supports_decryption'], + 'supports_derivation': json['supports_derivation'] == null ? undefined : json['supports_derivation'], + 'supports_encryption': json['supports_encryption'] == null ? undefined : json['supports_encryption'], + 'supports_signing': json['supports_signing'] == null ? undefined : json['supports_signing'], + 'type': json['type'] == null ? undefined : json['type'], + }; +} + +export function TransitReadKeyResponseToJSON(json: any): TransitReadKeyResponse { + return TransitReadKeyResponseToJSONTyped(json, false); +} + +export function TransitReadKeyResponseToJSONTyped(value?: TransitReadKeyResponse | null, ignoreDiscriminator: boolean = false): any { + if (value == null) { + return value; + } + + return { + + 'allow_plaintext_backup': value['allow_plaintext_backup'], + 'auto_rotate_period': value['auto_rotate_period'], + 'backup_info': value['backup_info'], + 'convergent_encryption': value['convergent_encryption'], + 'convergent_encryption_version': value['convergent_encryption_version'], + 'deletion_allowed': value['deletion_allowed'], + 'derived': value['derived'], + 'exportable': value['exportable'], + 'hybrid_key_type_ec': value['hybrid_key_type_ec'], + 'hybrid_key_type_pqc': value['hybrid_key_type_pqc'], + 'imported_key': value['imported_key'], + 'imported_key_allow_rotation': value['imported_key_allow_rotation'], + 'kdf': value['kdf'], + 'kdf_mode': value['kdf_mode'], + 'key_size': value['key_size'], + 'keys': value['keys'], + 'latest_version': value['latest_version'], + 'min_available_version': value['min_available_version'], + 'min_decryption_version': value['min_decryption_version'], + 'min_encryption_version': value['min_encryption_version'], + 'name': value['name'], + 'parameter_set': value['parameter_set'], + 'restore_info': value['restore_info'], + 'supports_decryption': value['supports_decryption'], + 'supports_derivation': value['supports_derivation'], + 'supports_encryption': value['supports_encryption'], + 'supports_signing': value['supports_signing'], + 'type': value['type'], + }; +} + diff --git a/src/models/index.ts b/src/models/index.ts index cb25940..9e88a59 100644 --- a/src/models/index.ts +++ b/src/models/index.ts @@ -264,6 +264,8 @@ export * from './MfaCreateOktaMethodRequest'; export * from './MfaCreatePingIdMethodRequest'; export * from './MfaCreateTotpMethodRequest'; export * from './MfaGenerateTotpSecretRequest'; +export * from './MfaListLoginEnforcementsResponse'; +export * from './MfaListMethodsResponse'; export * from './MfaSelfEnrollRequest'; export * from './MfaUpdateDuoMethodRequest'; export * from './MfaUpdateOktaMethodRequest'; @@ -851,6 +853,7 @@ export * from './TransitHashRequest'; export * from './TransitHashWithAlgorithmRequest'; export * from './TransitImportKeyRequest'; export * from './TransitImportKeyVersionRequest'; +export * from './TransitReadKeyResponse'; export * from './TransitRestoreAndRenameKeyRequest'; export * from './TransitRestoreKeyRequest'; export * from './TransitRewrapRequest';