Keys
Supported Specs
This section describes the elliptic curves and key specifications which are currently supported by the API. Supported curves and key specs are defined with a type
of either or symmetric
or asymmetric.
Certain symmetric
keys support key derivation (i.e., such as the ChaCha20
stream cipher). Other key specs, such as RSA, are provided for convenience and to achieve table-stakes feature-parity with industry-standard key management solutions such as AWS Key Management Service, Azure Key Vault, Hashicorp Vault, etc.
Symmetric
Key Spec | Description |
---|---|
| default encryption for the master key of each |
| stream cipher useful with double-ratchet messaging algorithm |
| 2048, 3072 and 4096-bit
|
Asymmetric
Key Spec | Description |
---|---|
| a twisted Edwards elliptic curve designed for zk-SNARK circuits |
| BIP39 hierarchical deterministic (HD) wallet for deriving |
| elliptic curve designed for Diffie-Hellman (ECDH) key exchange |
| EdDSA signature scheme using SHA-512 (SHA-2) |
| 2048, 3072 and 4096-bit
|
| elliptic curve used with ECDSA (i.e., ETH, BTC) |
Additional information about keys can be found on the Keys services page.
List Keys
GET
https://vault.provide.services/api/v1/vaults/:id/keys
Returns a list of keys in a specified
Vault
Path Parameters
Name | Type | Description |
---|---|---|
id | string | id of host
containing the desired keys |
Headers
Name | Type | Description |
---|---|---|
authorization | string | bearer scoped to an
,
or
|
Delete Key
DELETE
https://vault.provide.services/api/v1/vaults/:id/keys/:key_id
Deletes a specified key
Path Parameters
Name | Type | Description |
---|---|---|
key_id | string | id of key to be deleted |
id | string | id of host
|
Headers
Name | Type | Description |
---|---|---|
authorization | string | bearer scoped to an
,
or
|
Derive Key
POST
https://vault.provide.services/api/v1/vaults/:id/keys/:key_id/derive
Derives a specified key; derivation of keys is currently restricted to
Chacha20
spec keys.
Path Parameters
Name | Type | Description |
---|---|---|
key_id | string | id of key to be used for derivation |
id | string | id of target host
|
Headers
Name | Type | Description |
---|---|---|
authorization | string | bearer scoped to an
,
or
|
Request Body
Name | Type | Description |
---|---|---|
context | string | machine-readable string describing the key derivation context |
description | string | brief description for key to be derived |
name | string | name for key to be derived |
nonce | string | random 32-bit integer or incrementing counter which must only be used once to avoid exposing the underlying secret; if not provided, a random 32-bit integer is used |
Encrypt
POST
https://vault.provide.services/api/v1/vaults/:id/keys/:key_id/encrypt
Encrypts data using a specified key
Path Parameters
Name | Type | Description |
---|---|---|
id | string | id of
hosting specified key |
key_id | string | id of key to be used for encryption |
Headers
Name | Type | Description |
---|---|---|
authorization | string | bearer scoped to an
,
or
|
Request Body
Name | Type | Description |
---|---|---|
data | string | data to be encrypted |
Decrypt
POST
https://vault.provide.services/api/v1/vaults/:id/keys/:key_id/decrypt
Decrypts data using a specified key
Path Parameters
Name | Type | Description |
---|---|---|
id | string | id of
hosting specified key |
key_id | string | id of key to be used for decryption |
Headers
Name | Type | Description |
---|---|---|
authorization | string | bearer scoped to an
,
or
|
Request Body
Name | Type | Description |
---|---|---|
data | string | data to be decrypted |
Last updated