Update transit

CubeQuence · Oct 20, 2021 · 923ddd7 · 923ddd7
1 parent 226ad99
commit 923ddd7
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 25 deletions.
diff --git a/.github/SECURITY.md → examples/.github/SECURITY.md b/.github/SECURITY.md → examples/.github/SECURITY.md
diff --git a/.github/dependabot.yml → examples/.github/dependabot.yml b/.github/dependabot.yml → examples/.github/dependabot.yml
diff --git a/examples/Transit.php b/examples/Transit.php
@@ -20,27 +20,24 @@
 
     $transit = new Transit(
         client: $client,
-        path: 'transit' // optional
+        path: 'transit', // optional
+        // key: 'key1-aes256' // this can be set if you already know the key you want to use
     );
 
     $string = 'Hello World';
 
     $listKeys = $transit->listKeys();
-    $key = $listKeys[0];
+    $transit->setKey(key: $listKeys[0]);
 
-    $encrypt = $transit->encrypt(key: $key, plaintext: $string);
-    $decrypt = $transit->decrypt(key: $key, ciphertext: $encrypt);
+    $encrypt = $transit->encrypt(plaintext: $string);
+    $decrypt = $transit->decrypt(ciphertext: $encrypt);
 
-    $sign = $transit->sign(key: $key, plaintext: $string);
-    $verify = $transit->verify(
-        key: $key,
-        plaintext: $string,
-        signature: $sign
-    );
+    $sign = $transit->sign(plaintext: $string);
+    $verify = $transit->verify(plaintext: $string, signature: $sign);
 
-    $rotateKey = $transit->rotateKey(key: $key);
+    $rotateKey = $transit->rotateKey();
 
-    $rewrap = $transit->rewrap(key: $key, ciphertext: $encrypt);
+    $rewrap = $transit->rewrap(ciphertext: $encrypt);
 } catch (\Throwable $th) {
     echo $th->getMessage();
     exit;

diff --git a/src/Vault/Engines/Transit.php b/src/Vault/Engines/Transit.php
@@ -10,10 +10,16 @@ final class Transit
 {
     public function __construct(
         private Client $client,
-        private string $path = 'transit'
+        private string $path = 'transit',
+        private string $key = ''
     ) {
     }
 
+    public function setKey(string $key): void
+    {
+        $this->key = $key;
+    }
+
     // TODO: createKey
 
     public function listKeys(): array
@@ -23,52 +29,52 @@ public function listKeys(): array
         return $response->data->keys;
     }
 
-    public function rotateKey(string $key): void
+    public function rotateKey(): void
     {
-        $this->client->post("/{$this->path}/keys/{$key}/rotate", ['json' => 'required']);
+        $this->client->post("/{$this->path}/keys/{$this->key}/rotate", ['json' => 'required']);
     }
 
     // TODO: deleteKey
 
-    public function encrypt(string $key, string $plaintext): string
+    public function encrypt(string $plaintext): string
     {
-        $response = $this->client->post("/{$this->path}/encrypt/{$key}", [
+        $response = $this->client->post("/{$this->path}/encrypt/{$this->key}", [
             'plaintext' => base64_encode($plaintext),
         ]);
 
         return $response->data->ciphertext;
     }
 
-    public function decrypt(string $key, string $ciphertext): string
+    public function decrypt(string $ciphertext): string
     {
-        $response = $this->client->post("/{$this->path}/decrypt/{$key}", [
+        $response = $this->client->post("/{$this->path}/decrypt/{$this->key}", [
             'ciphertext' => $ciphertext,
         ]);
 
         return base64_decode($response->data->plaintext);
     }
 
-    public function rewrap(string $key, string $ciphertext): string
+    public function rewrap(string $ciphertext): string
     {
-        $response = $this->client->post("/{$this->path}/rewrap/{$key}", [
+        $response = $this->client->post("/{$this->path}/rewrap/{$this->key}", [
             'ciphertext' => $ciphertext,
         ]);
 
         return $response->data->ciphertext;
     }
 
-    public function sign(string $key, string $plaintext): string
+    public function sign(string $plaintext): string
     {
-        $response = $this->client->post("/{$this->path}/hmac/{$key}", [
+        $response = $this->client->post("/{$this->path}/hmac/{$this->key}", [
             'input' => base64_encode($plaintext),
         ]);
 
         return $response->data->hmac;
     }
 
-    public function verify(string $key, string $plaintext, string $signature): bool
+    public function verify(string $plaintext, string $signature): bool
     {
-        $response = $this->client->post("/{$this->path}/verify/{$key}", [
+        $response = $this->client->post("/{$this->path}/verify/{$this->key}", [
             'input' => base64_encode($plaintext),
             'hmac' => $signature,
         ]);