Transit key actions (#2254)

* add supports_* for transit key reads * update transit docs with new supports_* fields
2025-11-26 14:55:01 +00:00 · 2017-01-11 10:05:06 -06:00
parent 5ecfe3c477
commit 231f00dff2
2 changed files with 21 additions and 9 deletions
--- a/website/source/docs/secrets/transit/index.html.md
+++ b/website/source/docs/secrets/transit/index.html.md
@@ -86,13 +86,17 @@ the settings of the "foo" key by reading it:
 ```
 $ vault read transit/keys/foo
 Key                     Value
-type                    aes256-gcm96
-deletion_allowed        false
-derived                 false
-keys                    map[1:1.459861712e+09]
-latest_version          1
-min_decryption_version  1
-name                    foo
+deletion_allowed      	false
+derived               	false
+keys                  	map[1:1484070923]
+latest_version        	1
+min_decryption_version	1
+name                  	foo
+supports_decryption   	true
+supports_derivation   	true
+supports_encryption   	true
+supports_signing      	false
+type                  	aes256-gcm96
 ````

 Now, if we wanted to encrypt a piece of plain text, we use the encrypt
@@ -153,7 +157,7 @@ only encrypt or decrypt using the named keys they need access to.
          <li>`aes256-gcm96`: AES-256 wrapped with GCM using a 12-byte nonce size (symmetric)</li>
          <li>`ecdsa-p256`: ECDSA using the P-256 elliptic curve (asymmetric)</li>
        </ul>
-        Defaults to `aes256-gcm`.
+        Defaults to `aes256-gcm96`.
      </li>
      <li>
        <span class="param">derived</span>
@@ -220,7 +224,11 @@ only encrypt or decrypt using the named keys they need access to.
          "1": 1442851412
        },
        "min_decryption_version": 0,
-        "name": "foo"
+        "name": "foo",
+        "supports_encryption": true,
+        "supports_decryption": true,
+        "supports_derivation": true,
+        "supports_signing": false
      }
    }
    ```