hashicorp · kiannaquach · May 19, 2026 · May 18, 2026 · May 18, 2026
@@ -266,6 +266,8 @@ src/models/MfaCreateOktaMethodRequest.ts
 src/models/MfaCreatePingIdMethodRequest.ts
 src/models/MfaCreateTotpMethodRequest.ts
 src/models/MfaGenerateTotpSecretRequest.ts
+src/models/MfaListLoginEnforcementsResponse.ts
+src/models/MfaListMethodsResponse.ts
 src/models/MfaSelfEnrollRequest.ts
 src/models/MfaUpdateDuoMethodRequest.ts
 src/models/MfaUpdateOktaMethodRequest.ts
@@ -853,6 +855,7 @@ src/models/TransitHashRequest.ts
 src/models/TransitHashWithAlgorithmRequest.ts
 src/models/TransitImportKeyRequest.ts
 src/models/TransitImportKeyVersionRequest.ts
+src/models/TransitReadKeyResponse.ts
 src/models/TransitRestoreAndRenameKeyRequest.ts
 src/models/TransitRestoreKeyRequest.ts
 src/models/TransitRewrapRequest.ts

@@ -49,6 +49,8 @@ import type {
   MfaCreatePingIdMethodRequest,
   MfaCreateTotpMethodRequest,
   MfaGenerateTotpSecretRequest,
+  MfaListLoginEnforcementsResponse,
+  MfaListMethodsResponse,
   MfaSelfEnrollRequest,
   MfaUpdateDuoMethodRequest,
   MfaUpdateOktaMethodRequest,
@@ -136,6 +138,10 @@ import {
     MfaCreateTotpMethodRequestToJSON,
     MfaGenerateTotpSecretRequestFromJSON,
     MfaGenerateTotpSecretRequestToJSON,
+    MfaListLoginEnforcementsResponseFromJSON,
+    MfaListLoginEnforcementsResponseToJSON,
+    MfaListMethodsResponseFromJSON,
+    MfaListMethodsResponseToJSON,
     MfaSelfEnrollRequestFromJSON,
     MfaSelfEnrollRequestToJSON,
     MfaUpdateDuoMethodRequestFromJSON,
@@ -3276,7 +3282,7 @@ export class IdentityApi extends runtime.BaseAPI {
     /**
      * List login enforcements
      */
-    async mfaListLoginEnforcementsRaw(requestParameters: IdentityApiMfaListLoginEnforcementsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<StandardListResponse>> {
+    async mfaListLoginEnforcementsRaw(requestParameters: IdentityApiMfaListLoginEnforcementsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<MfaListLoginEnforcementsResponse>> {
         if (requestParameters['list'] == null) {
             throw new runtime.RequiredError(
                 'list',
@@ -3300,21 +3306,21 @@ export class IdentityApi extends runtime.BaseAPI {
             query: queryParameters,
         }, initOverrides);
 
-        return new runtime.JSONApiResponse(response, (jsonValue) => StandardListResponseFromJSON(jsonValue));
+        return new runtime.JSONApiResponse(response, (jsonValue) => MfaListLoginEnforcementsResponseFromJSON(jsonValue));
     }
 
     /**
      * List login enforcements
      */
-    async mfaListLoginEnforcements(list: IdentityApiMfaListLoginEnforcementsListEnum, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<StandardListResponse> {
+    async mfaListLoginEnforcements(list: IdentityApiMfaListLoginEnforcementsListEnum, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<MfaListLoginEnforcementsResponse> {
         const response = await this.mfaListLoginEnforcementsRaw({ list: list }, initOverrides);
         return await response.value();
     }
 
     /**
      * List MFA method configurations for all MFA methods
      */
-    async mfaListMethodsRaw(requestParameters: IdentityApiMfaListMethodsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<StandardListResponse>> {
+    async mfaListMethodsRaw(requestParameters: IdentityApiMfaListMethodsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<MfaListMethodsResponse>> {
         if (requestParameters['list'] == null) {
             throw new runtime.RequiredError(
                 'list',
@@ -3338,13 +3344,13 @@ export class IdentityApi extends runtime.BaseAPI {
             query: queryParameters,
         }, initOverrides);
 
-        return new runtime.JSONApiResponse(response, (jsonValue) => StandardListResponseFromJSON(jsonValue));
+        return new runtime.JSONApiResponse(response, (jsonValue) => MfaListMethodsResponseFromJSON(jsonValue));
     }
 
     /**
      * List MFA method configurations for all MFA methods
      */
-    async mfaListMethods(list: IdentityApiMfaListMethodsListEnum, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<StandardListResponse> {
+    async mfaListMethods(list: IdentityApiMfaListMethodsListEnum, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<MfaListMethodsResponse> {
         const response = await this.mfaListMethodsRaw({ list: list }, initOverrides);
         return await response.value();
     }

@@ -431,6 +431,7 @@ import type {
   TransitHashWithAlgorithmRequest,
   TransitImportKeyRequest,
   TransitImportKeyVersionRequest,
+  TransitReadKeyResponse,
   TransitRestoreAndRenameKeyRequest,
   TransitRestoreKeyRequest,
   TransitRewrapRequest,
@@ -1267,6 +1268,8 @@ import {
     TransitImportKeyRequestToJSON,
     TransitImportKeyVersionRequestFromJSON,
     TransitImportKeyVersionRequestToJSON,
+    TransitReadKeyResponseFromJSON,
+    TransitReadKeyResponseToJSON,
     TransitRestoreAndRenameKeyRequestFromJSON,
     TransitRestoreAndRenameKeyRequestToJSON,
     TransitRestoreKeyRequestFromJSON,
@@ -34563,7 +34566,7 @@ export class SecretsApi extends runtime.BaseAPI {
 
     /**
      */
-    async transitReadKeyRaw(requestParameters: SecretsApiTransitReadKeyRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<runtime.VoidResponse>> {
+    async transitReadKeyRaw(requestParameters: SecretsApiTransitReadKeyRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<TransitReadKeyResponse>> {
         if (requestParameters['name'] == null) {
             throw new runtime.RequiredError(
                 'name',
@@ -34590,12 +34593,12 @@ export class SecretsApi extends runtime.BaseAPI {
             query: queryParameters,
         }, initOverrides);
 
-        return new runtime.VoidApiResponse(response);
+        return new runtime.JSONApiResponse(response, (jsonValue) => TransitReadKeyResponseFromJSON(jsonValue));
     }
 
     /**
      */
-    async transitReadKey(name: string, transit_mount_path: string, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.VoidResponse> {
+    async transitReadKey(name: string, transit_mount_path: string, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<TransitReadKeyResponse> {
         const response = await this.transitReadKeyRaw({ name: name, transit_mount_path: transit_mount_path }, initOverrides);
         return await response.value();
     }

@@ -0,0 +1,77 @@
+/**
+ * Copyright IBM Corp. 2025, 2026
+ */
+
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * HashiCorp Vault API
+ * HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`.
+ *
+ * The version of the OpenAPI document: 3.0.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface MfaListLoginEnforcementsResponse
+ */
+export interface MfaListLoginEnforcementsResponse {
+    /**
+     * Login enforcement details keyed by the id
+     * @type {object}
+     * @memberof MfaListLoginEnforcementsResponse
+     */
+    key_info?: object;
+    /**
+     * A list of login enforcement keys
+     * @type {Array<string>}
+     * @memberof MfaListLoginEnforcementsResponse
+     */
+    keys?: Array<string>;
+}
+
+/**
+ * Check if a given object implements the MfaListLoginEnforcementsResponse interface.
+ */
+export function instanceOfMfaListLoginEnforcementsResponse(value: object): value is MfaListLoginEnforcementsResponse {
+    return true;
+}
+
+export function MfaListLoginEnforcementsResponseFromJSON(json: any): MfaListLoginEnforcementsResponse {
+    return MfaListLoginEnforcementsResponseFromJSONTyped(json, false);
+}
+
+export function MfaListLoginEnforcementsResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): MfaListLoginEnforcementsResponse {
+    if (json == null) {
+        return json;
+    }
+    return {
+
+        'key_info': json['key_info'] == null ? undefined : json['key_info'],
+        'keys': json['keys'] == null ? undefined : json['keys'],
+    };
+}
+
+export function MfaListLoginEnforcementsResponseToJSON(json: any): MfaListLoginEnforcementsResponse {
+    return MfaListLoginEnforcementsResponseToJSONTyped(json, false);
+}
+
+export function MfaListLoginEnforcementsResponseToJSONTyped(value?: MfaListLoginEnforcementsResponse | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+
+        'key_info': value['key_info'],
+        'keys': value['keys'],
+    };
+}
+
@@ -0,0 +1,77 @@
+/**
+ * Copyright IBM Corp. 2025, 2026
+ */
+
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * HashiCorp Vault API
+ * HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`.
+ *
+ * The version of the OpenAPI document: 3.0.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface MfaListMethodsResponse
+ */
+export interface MfaListMethodsResponse {
+    /**
+     * MFA method configurations details keyed by the id
+     * @type {object}
+     * @memberof MfaListMethodsResponse
+     */
+    key_info?: object;
+    /**
+     * A list of mfa method configurations keys
+     * @type {Array<string>}
+     * @memberof MfaListMethodsResponse
+     */
+    keys?: Array<string>;
+}
+
+/**
+ * Check if a given object implements the MfaListMethodsResponse interface.
+ */
+export function instanceOfMfaListMethodsResponse(value: object): value is MfaListMethodsResponse {
+    return true;
+}
+
+export function MfaListMethodsResponseFromJSON(json: any): MfaListMethodsResponse {
+    return MfaListMethodsResponseFromJSONTyped(json, false);
+}
+
+export function MfaListMethodsResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): MfaListMethodsResponse {
+    if (json == null) {
+        return json;
+    }
+    return {
+
+        'key_info': json['key_info'] == null ? undefined : json['key_info'],
+        'keys': json['keys'] == null ? undefined : json['keys'],
+    };
+}
+
+export function MfaListMethodsResponseToJSON(json: any): MfaListMethodsResponse {
+    return MfaListMethodsResponseToJSONTyped(json, false);
+}
+
+export function MfaListMethodsResponseToJSONTyped(value?: MfaListMethodsResponse | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+
+        'key_info': value['key_info'],
+        'keys': value['keys'],
+    };
+}
+
@@ -72,7 +72,7 @@ export interface PkiGenerateRootRequest {
      */
     excluded_uri_domains?: Array<string>;
     /**
-     * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem".
+     * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem".
      * @type {string}
      * @memberof PkiGenerateRootRequest
      */
@@ -89,6 +89,18 @@ export interface PkiGenerateRootRequest {
      * @memberof PkiGenerateRootRequest
      */
     issuer_name?: string;
+    /**
+     * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1".
+     * @type {string}
+     * @memberof PkiGenerateRootRequest
+     */
+    jks_alias?: string;
+    /**
+     * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password.
+     * @type {string}
+     * @memberof PkiGenerateRootRequest
+     */
+    jks_password?: string;
     /**
      * The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, 4096 or 8192; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.
      * @type {number}
@@ -273,7 +285,8 @@ export enum PkiGenerateRootRequestFormatEnum {
     PEM = 'pem',
     DER = 'der',
     PEM_BUNDLE = 'pem_bundle',
-    PKCS12_BUNDLE = 'pkcs12_bundle'
+    PKCS12_BUNDLE = 'pkcs12_bundle',
+    JKS_BUNDLE = 'jks_bundle'
 }
 /**
 * @export
@@ -332,6 +345,8 @@ export function PkiGenerateRootRequestFromJSONTyped(json: any, ignoreDiscriminat
         'format': json['format'] == null ? undefined : json['format'],
         'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'],
         'issuer_name': json['issuer_name'] == null ? undefined : json['issuer_name'],
+        'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'],
+        'jks_password': json['jks_password'] == null ? undefined : json['jks_password'],
         'key_bits': json['key_bits'] == null ? undefined : json['key_bits'],
         'key_name': json['key_name'] == null ? undefined : json['key_name'],
         'key_ref': json['key_ref'] == null ? undefined : json['key_ref'],
@@ -386,6 +401,8 @@ export function PkiGenerateRootRequestToJSONTyped(value?: PkiGenerateRootRequest
         'format': value['format'],
         'ip_sans': value['ip_sans'],
         'issuer_name': value['issuer_name'],
+        'jks_alias': value['jks_alias'],
+        'jks_password': value['jks_password'],
         'key_bits': value['key_bits'],
         'key_name': value['key_name'],
         'key_ref': value['key_ref'],

@@ -48,7 +48,7 @@ export interface PkiIssueWithRoleRequest {
      */
     exclude_cn_from_sans?: boolean;
     /**
-     * Format for returned data. Can be "pem", "der", "pem_bundle" or "pkcs12_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. If "der" or "pkcs12_bundle", the value will be base64 encoded. Defaults to "pem".
+     * Format for returned data. Can be "pem", "der", "pem_bundle", "pkcs12_bundle" or "jks_bundle". If "pem_bundle", any private key and issuing cert will be appended to the certificate pem. Formats "der", "pkcs12_bundle" or "jks_bundle" are base64 encoded. Defaults to "pem".
      * @type {string}
      * @memberof PkiIssueWithRoleRequest
      */
@@ -65,6 +65,18 @@ export interface PkiIssueWithRoleRequest {
      * @memberof PkiIssueWithRoleRequest
      */
     issuer_ref?: string;
+    /**
+     * The entry alias in the Java keystore (JKS) when format is set to "jks_bundle" and bundle contains a single PrivateKeyEntry. This field is case-sensitive, but relying on case-only differences for unique aliases is not recommended. Defaults to "1". This parameter is ignored by endpoints that return multiple TrustedCertificateEntry values (trust stores), and entry aliases are assigned incrementing numeric strings starting at "1".
+     * @type {string}
+     * @memberof PkiIssueWithRoleRequest
+     */
+    jks_alias?: string;
+    /**
+     * Password for encrypting the Java keystore when format is set to "jks_bundle". If not provided, defaults to "changeit". It is recommended to use the default password and protect the file using other means or use a high-entropy password.
+     * @type {string}
+     * @memberof PkiIssueWithRoleRequest
+     */
+    jks_password?: string;
     /**
      * Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
      * @type {string}
@@ -135,7 +147,8 @@ export enum PkiIssueWithRoleRequestFormatEnum {
     PEM = 'pem',
     DER = 'der',
     PEM_BUNDLE = 'pem_bundle',
-    PKCS12_BUNDLE = 'pkcs12_bundle'
+    PKCS12_BUNDLE = 'pkcs12_bundle',
+    JKS_BUNDLE = 'jks_bundle'
 }
 /**
 * @export
@@ -181,6 +194,8 @@ export function PkiIssueWithRoleRequestFromJSONTyped(json: any, ignoreDiscrimina
         'format': json['format'] == null ? undefined : json['format'],
         'ip_sans': json['ip_sans'] == null ? undefined : json['ip_sans'],
         'issuer_ref': json['issuer_ref'] == null ? undefined : json['issuer_ref'],
+        'jks_alias': json['jks_alias'] == null ? undefined : json['jks_alias'],
+        'jks_password': json['jks_password'] == null ? undefined : json['jks_password'],
         'not_after': json['not_after'] == null ? undefined : json['not_after'],
         'other_sans': json['other_sans'] == null ? undefined : json['other_sans'],
         'pkcs12_encoder': json['pkcs12_encoder'] == null ? undefined : json['pkcs12_encoder'],
@@ -212,6 +227,8 @@ export function PkiIssueWithRoleRequestToJSONTyped(value?: PkiIssueWithRoleReque
         'format': value['format'],
         'ip_sans': value['ip_sans'],
         'issuer_ref': value['issuer_ref'],
+        'jks_alias': value['jks_alias'],
+        'jks_password': value['jks_password'],
         'not_after': value['not_after'],
         'other_sans': value['other_sans'],
         'pkcs12_encoder': value['pkcs12_encoder'],