Class VaultCipher


  • public class VaultCipher
    extends CipherSpi
    Cipher implementation for the Hashicorp Vault transit backend. Supports AES-GCM and ChaCha20-Poly1305 authenticated encryption ciphers and RSA encryption with OAEP padding. While the RSA encryption is compatible with JOSE RSA-OAEP-256 encryption, the symmetric encryption algorithms are not compatible with JOSE as they lack support for additional authenticated data. Instead the primary use-case for symmetric encryption with Vault would be to decrypt other secrets that are then used locally, such as keystore passwords read from the filesystem.