Deriving a Key

Derive a Key

Derive a Key.

Derive Key

POST https://vault.provide.services/api/v1/vaults/:id/keys/:key_id/derive

Derives a specified key; derivation of keys is currently restricted to

Chacha20

spec keys.

Path Parameters

Name
Type
Description

key_id

string

id of key to be used for derivation

id

string

id of target host

Vault

Headers

Name
Type
Description

authorization

string

bearer scoped to an

Application

,

Organization

or

User

Request Body

Name
Type
Description

context

string

machine-readable string describing the key derivation context

description

string

brief description for key to be derived

name

string

name for key to be derived

nonce

string

random 32-bit integer or incrementing counter which must only be used once to avoid exposing the underlying secret; if not provided, a random 32-bit integer is used

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
    -H 'Content-Type: application/json' \
    https://ident.provide.services/api/v1/vaults/a7dd081d-8ad8-499e-a472-587f044c0039/keys/752176e2-f31f-4887-8267-12ba5769ddcb/derive \
    -d '{
      "nonce": 1,
      "context": "channel-6852386c-8a3d-41c6-aa0e-766a31a8faaf",
      "name": "private chat",
      "description": "this is a secure channel"
    }'
HTTP/2 201

Response JSON:

{
  "id": "f22449e7-ed17-4c42-a937-7bf299475af9",
  "created_at": "2020-04-22T13:44:12.613694+00:00",
  "vault_id": "a8bc01e2-08ae-415c-8c6d-f6f873a6a947",
  "type": "symmetric",
  "usage": "encrypt/decrypt",
  "spec": "ChaCha20",
  "name": "private chat",
  "description": "this is a secure channel"
}

Returns 400 Bad Request if the attempted key derivation is based on a key which does not support derivation. Derivation of keys is currently retricted to Chacha20 spec keys.

Request Parameters

Parameter
Description

nonce

random 32-bit integer or incrementing counter which must only be used once to avoid exposing the underlying secret; if not provided, a random 32-bit integer is used

context

machine-readable string describing the key derivation context

name

name for the derived key

description

human-readable description of the derived key

PreviousCreating a KeyNextListing Keys

Last updated