File tree Expand file tree Collapse file tree 1 file changed +8
-0
lines changed
content/vault/v1.21.x/content/api-docs/secret Expand file tree Collapse file tree 1 file changed +8
-0
lines changed Original file line number Diff line number Diff line change @@ -70,6 +70,8 @@ values set here cannot be changed after key creation.
7070 - ` aes256-cmac ` - AES-256 CMAC (CMAC generation, verification) <EnterpriseAlert inline = " true"
7171 - ` ml-dsa ` - ML-DSA (asymmetric) (experimental) <EnterpriseAlert inline = " true"
7272 - ` hybrid ` - hybrid signatures combining a post-quantum algorithm and an elliptic curve algorithm (asymmetric) (experimental) <EnterpriseAlert inline = " true"
73+ - ` aes128-cbc ` - AES-128 in CBC mode (symmetric, supports derivation and convergent encryption)
74+ - ` aes256-cbc ` - AES-256 in CBC mode (symmetric, supports derivation and convergent encryption)
7375
7476 ~ > ** Note** : In FIPS 140-3 mode, the following algorithms are not certified
7577 and thus should not be used: ` chacha20-poly1305 ` .
@@ -890,6 +892,12 @@ will be returned.
890892 decrypt) could be indicative of a security breach and should not be
891893 ignored.
892894
895+ - ` iv ` ` (string: "") ` - Specifies the ** base64-encoded** IV value to use with
896+ AES-CBC. The value must be exactly 128 bits (16 bytes) long and the user must ensure that
897+ for any given context (and thus, any given encryption key) this IV value is
898+ ** never reused** . If not provided, a random IV will be generated and prepended
899+ to the ciphertext.
900+
893901~ >** NOTE:** All plaintext data ** must be base64-encoded** . The reason for this
894902requirement is that Vault does not require that the plaintext is "text". It
895903could be a binary file such as a PDF or image. The easiest safe transport
You can’t perform that action at this time.
0 commit comments