Interface ServerSideSecretStorage

Interface provided by SecretStorage implementations

Normally this will just be an ServerSideSecretStorageImpl, but for backwards compatibility some methods allow other implementations.

interface ServerSideSecretStorage {
    addKey(
        algorithm: string,
        opts: AddSecretStorageKeyOpts,
        keyId?: string,
    ): Promise<SecretStorageKeyObject>;
    checkKey(
        key: Uint8Array,
        info: SecretStorageKeyDescriptionAesV1,
    ): Promise<boolean>;
    get(name: string): Promise<undefined | string>;
    getDefaultKeyId(): Promise<null | string>;
    getKey(keyId?: null | string): Promise<null | SecretStorageKeyTuple>;
    hasKey(keyId?: string): Promise<boolean>;
    isStored(
        name: keyof SecretStorageAccountDataEvents,
    ): Promise<null | Record<string, SecretStorageKeyDescriptionAesV1>>;
    setDefaultKeyId(keyId: null | string): Promise<void>;
    store(name: string, secret: string, keys?: null | string[]): Promise<void>;
}

Implemented by

Methods

addKey checkKey get getDefaultKeyId getKey hasKey isStored setDefaultKeyId store

Methods

addKey

checkKey

get

  • get(name: string): Promise<undefined | string>

  • Get a secret from storage, and decrypt it.

    Parameters

    • name: string

      the name of the secret - i.e., the "event type" stored in the account data

    Returns Promise<undefined | string>

    the decrypted contents of the secret, or "undefined" if name is not found in the user's account data.

getDefaultKeyId

  • getDefaultKeyId(): Promise<null | string>

  • Get the current default key ID for encrypting secrets.

    Returns Promise<null | string>

    The default key ID or null if no default key ID is set

getKey

  • getKey(keyId?: null | string): Promise<null | SecretStorageKeyTuple>

  • Get the key information for a given ID.

    Parameters

    • OptionalkeyId: null | string

      The ID of the key to check for. Defaults to the default key ID if not provided.

    Returns Promise<null | SecretStorageKeyTuple>

    If the key was found, the return value is an array of the form [keyId, keyInfo]. Otherwise, null is returned. XXX: why is this an array when addKey returns an object?

hasKey

  • hasKey(keyId?: string): Promise<boolean>

  • Check whether we have a key with a given ID.

    Parameters

    • OptionalkeyId: string

      The ID of the key to check for. Defaults to the default key ID if not provided.

    Returns Promise<boolean>

    Whether we have the key.

isStored

setDefaultKeyId

  • setDefaultKeyId(keyId: null | string): Promise<void>

  • Set the default key ID for encrypting secrets.

    If keyId is null, the default key id value in the account data will be set to an empty object. This is considered as "disabling" the default key.

    Parameters

    • keyId: null | string

      The new default key ID

    Returns Promise<void>

store

  • store(name: string, secret: string, keys?: null | string[]): Promise<void>

  • Store an encrypted secret on the server.

    Details of the encryption keys to be used must previously have been stored in account data (for example, via ServerSideSecretStorage#addKey.

    Parameters

    • name: string

      The name of the secret - i.e., the "event type" to be stored in the account data

    • secret: string

      The secret contents.

    • Optionalkeys: null | string[]

      The IDs of the keys to use to encrypt the secret, or null/undefined to use the default key (will throw if no default key is set).

    Returns Promise<void>

Settings

Member Visibility

On This Page

Methods