Skip to content

ServerSideSecretStorage

Defined in: src/secret-storage.ts:235

Interface provided by SecretStorage implementations

Normally this will just be an ServerSideSecretStorageImpl, but for backwards compatibility some methods allow other implementations.

addKey(algorithm, opts, keyId?): Promise<SecretStorageKeyObject>

Defined in: src/secret-storage.ts:247

Add a key for encrypting secrets.

string

the algorithm used by the key.

AddSecretStorageKeyOpts

the options for the algorithm. The properties used depend on the algorithm given.

string

the ID of the key. If not given, a random ID will be generated.

Promise<SecretStorageKeyObject>

details about the key.


checkKey(key, info): Promise<boolean>

Defined in: src/secret-storage.ts:277

Check whether a key matches what we expect based on the key info

Uint8Array

the key to check

SecretStorageKeyDescriptionAesV1

the key info

Promise<boolean>

whether or not the key matches


get(name): Promise<string | undefined>

Defined in: src/secret-storage.ts:304

Get a secret from storage, and decrypt it.

string

the name of the secret - i.e., the “event type” stored in the account data

Promise<string | undefined>

the decrypted contents of the secret, or “undefined” if name is not found in the user’s account data.


getDefaultKeyId(): Promise<string | null>

Defined in: src/secret-storage.ts:322

Get the current default key ID for encrypting secrets.

Promise<string | null>

The default key ID or null if no default key ID is set


getKey(keyId?): Promise<SecretStorageKeyTuple | null>

Defined in: src/secret-storage.ts:258

Get the key information for a given ID.

string | null

The ID of the key to check for. Defaults to the default key ID if not provided.

Promise<SecretStorageKeyTuple | null>

If the key was found, the return value is an array of the form [keyId, keyInfo]. Otherwise, null is returned. XXX: why is this an array when addKey returns an object?


hasKey(keyId?): Promise<boolean>

Defined in: src/secret-storage.ts:267

Check whether we have a key with a given ID.

string

The ID of the key to check for. Defaults to the default key ID if not provided.

Promise<boolean>

Whether we have the key.


isStored(name): Promise<Record<string, SecretStorageKeyDescriptionAesV1> | null>

Defined in: src/secret-storage.ts:315

Check if a secret is stored on the server.

keyof SecretStorageAccountDataEvents

the name of the secret

Promise<Record<string, SecretStorageKeyDescriptionAesV1> | null>

map of key name to key info the secret is encrypted with, or null if it is not present or not encrypted with a trusted key


setDefaultKeyId(keyId): Promise<void>

Defined in: src/secret-storage.ts:332

Set the default key ID for encrypting secrets.

If keyId is null, the default key id value in the account data will be set to an empty object. This is considered as “disabling” the default key.

string | null

The new default key ID

Promise<void>


store(name, secret, keys?): Promise<void>

Defined in: src/secret-storage.ts:294

Store an encrypted secret on the server.

Details of the encryption keys to be used must previously have been stored in account data (for example, via ServerSideSecretStorageImpl#addKey. SecretStorageCallbacks#getSecretStorageKey will be called to obtain a secret storage key to decrypt the secret.

If the secret is null, the secret value in the account data will be set to an empty object. This is considered as “removing” the secret.

string

The name of the secret - i.e., the “event type” to be stored in the account data

string | null

The secret contents.

string[] | null

The IDs of the keys to use to encrypt the secret, or null/undefined to use the default key (will throw if no default key is set).

Promise<void>