Interface provided by SecretStorage implementations

Normally this will just be an ServerSideSecretStorageImpl, but for backwards compatibility some methods allow other implementations.

interface ServerSideSecretStorage {
    addKey(
        algorithm: string,
        opts: AddSecretStorageKeyOpts,
        keyId?: string,
    ): Promise<SecretStorageKeyObject>;
    checkKey(
        key: Uint8Array<ArrayBufferLike>,
        info: SecretStorageKeyDescriptionAesV1,
    ): Promise<boolean>;
    get(name: string): Promise<undefined | string>;
    getDefaultKeyId(): Promise<null | string>;
    getKey(keyId?: null | string): Promise<null | SecretStorageKeyTuple>;
    hasKey(keyId?: string): Promise<boolean>;
    isStored(
        name: string,
    ): Promise<null | Record<string, SecretStorageKeyDescriptionAesV1>>;
    setDefaultKeyId(keyId: string): Promise<void>;
    store(name: string, secret: string, keys?: null | string[]): Promise<void>;
}

Implemented by

Methods

  • Get a secret from storage, and decrypt it.

    Parameters

    • name: string

      the name of the secret - i.e., the "event type" stored in the account data

    Returns Promise<undefined | string>

    the decrypted contents of the secret, or "undefined" if name is not found in the user's account data.

  • Get the current default key ID for encrypting secrets.

    Returns Promise<null | string>

    The default key ID or null if no default key ID is set

  • Get the key information for a given ID.

    Parameters

    • OptionalkeyId: null | string

      The ID of the key to check for. Defaults to the default key ID if not provided.

    Returns Promise<null | SecretStorageKeyTuple>

    If the key was found, the return value is an array of the form [keyId, keyInfo]. Otherwise, null is returned. XXX: why is this an array when addKey returns an object?

  • Check whether we have a key with a given ID.

    Parameters

    • OptionalkeyId: string

      The ID of the key to check for. Defaults to the default key ID if not provided.

    Returns Promise<boolean>

    Whether we have the key.

  • Set the default key ID for encrypting secrets.

    Parameters

    • keyId: string

      The new default key ID

    Returns Promise<void>

  • Store an encrypted secret on the server.

    Details of the encryption keys to be used must previously have been stored in account data (for example, via ServerSideSecretStorage#addKey.

    Parameters

    • name: string

      The name of the secret - i.e., the "event type" to be stored in the account data

    • secret: string

      The secret contents.

    • Optionalkeys: null | string[]

      The IDs of the keys to use to encrypt the secret, or null/undefined to use the default key (will throw if no default key is set).

    Returns Promise<void>