Package com.oracle.bmc.keymanagement

Interface KmsVault

  • All Superinterfaces:
    AutoCloseable
    All Known Implementing Classes:
    KmsVaultClient
    @Generated(value="OracleSDKGenerator",
           comments="API Version: release")
public interface KmsVault
extends AutoCloseable
    Use the Key Management API to manage vaults and keys.

    For more information, see Managing Vaults and Managing Keys.

    This service client uses CircuitBreakerUtils.DEFAULT_CIRCUIT_BREAKER for all the operations by default if no circuit breaker configuration is defined by the user.

    • Method Detail

      • refreshClient

        void refreshClient()
        Rebuilds the client from scratch.

        Useful to refresh certificates.

      • setEndpoint

        void setEndpoint​(String endpoint)
        Sets the endpoint to call (ex, https://www.example.com).
        Parameters:
        endpoint - The endpoint of the service.

      • getEndpoint

        String getEndpoint()
        Gets the set endpoint for REST call (ex, https://www.example.com)

      • setRegion

        void setRegion​(Region region)
        Sets the region to call (ex, Region.US_PHOENIX_1).

        Note, this will call setEndpoint after resolving the endpoint. If the service is not available in this Region, however, an IllegalArgumentException will be raised.

        Parameters:
        region - The region of the service.

      • setRegion

        void setRegion​(String regionId)
        Sets the region to call (ex, ‘us-phoenix-1’).

        Note, this will first try to map the region ID to a known Region and call setRegion.

        If no known Region could be determined, it will create an endpoint based on the default endpoint format (Region.formatDefaultRegionEndpoint(Service, String) and then call setEndpoint.

        Parameters:
        regionId - The public region ID.

      • useRealmSpecificEndpointTemplate

        void useRealmSpecificEndpointTemplate​(boolean realmSpecificEndpointTemplateEnabled)
        Determines whether realm specific endpoint should be used or not.

        Set realmSpecificEndpointTemplateEnabled to “true” if the user wants to enable use of realm specific endpoint template, otherwise set it to “false”

        Parameters:
        realmSpecificEndpointTemplateEnabled - flag to enable the use of realm specific endpoint template

      • backupVault

        BackupVaultResponse backupVault​(BackupVaultRequest request)
        Backs up an encrypted file that contains all the metadata of a vault so that you can restore the vault later.

        You can backup a vault whether or not it contains keys. This operation only backs up the metadata of the vault, and does not include key metadata.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/BackupVaultExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use BackupVault API.

      • cancelVaultDeletion

        CancelVaultDeletionResponse cancelVaultDeletion​(CancelVaultDeletionRequest request)
        Cancels the scheduled deletion of the specified vault.

        Canceling a scheduled deletion restores the vault and all keys in it to their respective states from before their scheduled deletion. All keys that were scheduled for deletion prior to vault deletion retain their lifecycle state and time of deletion.

        As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/CancelVaultDeletionExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use CancelVaultDeletion API.

      • changeVaultCompartment

        ChangeVaultCompartmentResponse changeVaultCompartment​(ChangeVaultCompartmentRequest request)
        Moves a vault into a different compartment within the same tenancy.

        For information about moving resources between compartments, see Moving Resources to a Different Compartment.

        When provided, if-match is checked against the ETag values of the resource.

        As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/ChangeVaultCompartmentExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use ChangeVaultCompartment API.

      • createVault

        CreateVaultResponse createVault​(CreateVaultRequest request)
        Creates a new vault.

        The type of vault you create determines key placement, pricing, and available options. Options include storage isolation, a dedicated service endpoint instead of a shared service endpoint for API calls, and either a dedicated hardware security module (HSM) or a multitenant HSM.

        As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/CreateVaultExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use CreateVault API.

      • createVaultReplica

        CreateVaultReplicaResponse createVaultReplica​(CreateVaultReplicaRequest request)
        Creates a replica for the vault in another region in the same realm

        The API is a no-op if called for same region that a vault is already replicated to. 409 if called on a vault that is already replicated to a different region. Users need to delete existing replica first before calling it with a different region.

        As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/CreateVaultReplicaExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use CreateVaultReplica API.

      • deleteVaultReplica

        DeleteVaultReplicaResponse deleteVaultReplica​(DeleteVaultReplicaRequest request)
        Deletes a vault replica

        As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/DeleteVaultReplicaExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use DeleteVaultReplica API.

      • getVault

        GetVaultResponse getVault​(GetVaultRequest request)
        Gets the specified vault’s configuration information.

        As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning read operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning read operations exceeds 10 requests per second for a given tenancy.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/GetVaultExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use GetVault API.

      • getVaultUsage

        GetVaultUsageResponse getVaultUsage​(GetVaultUsageRequest request)
        Gets the count of keys and key versions in the specified vault to calculate usage against service limits.
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/GetVaultUsageExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use GetVaultUsage API.

      • listVaultReplicas

        ListVaultReplicasResponse listVaultReplicas​(ListVaultReplicasRequest request)
        Lists the replicas for a vault

        As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/ListVaultReplicasExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use ListVaultReplicas API.

      • listVaults

        ListVaultsResponse listVaults​(ListVaultsRequest request)
        Lists the vaults in the specified compartment.

        As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning read operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning read operations exceeds 10 requests per second for a given tenancy.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/ListVaultsExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use ListVaults API.

      • restoreVaultFromFile

        RestoreVaultFromFileResponse restoreVaultFromFile​(RestoreVaultFromFileRequest request)
        Restores a vault from an encrypted backup file.

        If a vault with the same OCID already exists, this operation returns a response with a 409 HTTP status error code.

        Note: This operation consumes a stream.

        If the stream supports InputStream.mark(int) and InputStream.reset(), when a retry is necessary, the stream is reset so it starts at the beginning (or whatever the stream's position was at the time this operation is called}.

        Note this means that if the caller has used InputStream.mark(int) before, then the mark will not be the same anymore after this operation, and a subsequent call to InputStream.reset() by the caller will reset the stream not to the caller's mark, but to the position the stream was in when this operation was called.

        If the stream is a FileInputStream, and the stream's FileChannel position can be changed (like for a regular file), the stream will be wrapped in such a way that it does provide support for InputStream.mark(int) and InputStream.reset(). Then the same procedure as above is followed. If the stream's FileChannel position cannot be changed (like for a named pipe), then the stream's contents will be buffered in memory, as described below.

        If the stream does not support InputStream.mark(int) and InputStream.reset(), then the stream is wrapped in a BufferedInputStream, which means the entire contents may be buffered in memory. Then the same procedure as above is followed.

        The contents of the stream, except when the stream is a FileInputStream whose FileChannel position can be changed, should be less than 2 GiB in size if retries are used. This is because streams 2 GiB in size or larger do no guarantee that mark-and-reset can be performed. If the stream is larger, do not use built-in retries and manage retries yourself.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/RestoreVaultFromFileExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use RestoreVaultFromFile API.

      • restoreVaultFromObjectStore

        RestoreVaultFromObjectStoreResponse restoreVaultFromObjectStore​(RestoreVaultFromObjectStoreRequest request)
        Restores a vault from an encrypted backup file stored in Oracle Cloud Infrastructure Object Storage.

        If a vault with the same OCID already exists, this operation returns a response with a 409 HTTP status error code.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/RestoreVaultFromObjectStoreExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use RestoreVaultFromObjectStore API.

      • scheduleVaultDeletion

        ScheduleVaultDeletionResponse scheduleVaultDeletion​(ScheduleVaultDeletionRequest request)
        Schedules the deletion of the specified vault.

        This sets the lifecycle state of the vault and all keys in it that are not already scheduled for deletion to PENDING_DELETION and then deletes them after the retention period ends. The lifecycle state and time of deletion for keys already scheduled for deletion won’t change. If any keys in the vault are scheduled to be deleted after the specified time of deletion for the vault, the call is rejected with the error code 409.

        As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/ScheduleVaultDeletionExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use ScheduleVaultDeletion API.

      • updateVault

        UpdateVaultResponse updateVault​(UpdateVaultRequest request)
        Updates the properties of a vault.

        Specifically, you can update the displayName, freeformTags, and definedTags properties. Furthermore, the vault must be in an ACTIVE or CREATING state to be updated.

        As a provisioning operation, this call is subject to a Key Management limit that applies to the total number of requests across all provisioning write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of provisioning write operations exceeds 10 requests per second for a given tenancy.

        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation
        Throws:
        BmcException - when an error occurs. This operation will not retry by default, users can also use RetryConfiguration.SDK_DEFAULT_RETRY_CONFIGURATION provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdkconcepts.htm#javasdkconcepts_topic_Retries

        Example: Click <a href=“https://docs.oracle.com/en-us/iaas/tools/java-sdk-examples/3.63.0/keymanagement/UpdateVaultExample.java.html"target=”_blank"rel=“noopener noreferrer”>here to see how to use UpdateVault API.

      • getWaiters

        KmsVaultWaiters getWaiters()
        Gets the pre-configured waiters available for resources for this service.
        Returns:
        The service waiters.

      • getPaginators

        KmsVaultPaginators getPaginators()
        Gets the pre-configured paginators available for list operations in this service which may return multiple pages of data.

        These paginators provide an Iterable interface so that service responses, or resources/records, can be iterated through without having to manually deal with pagination and page tokens.

        Returns:
        The service paginators.