Add a key for encrypting secrets.
the algorithm used by the key.
the options for the algorithm. The properties used depend on the algorithm given.
Optional
keyId: stringthe ID of the key. If not given, a random ID will be generated.
details about the key.
Check whether a key matches what we expect based on the key info
the key to check
the key info
whether or not the key matches
Get a secret from storage, and decrypt it.
the name of the secret - i.e., the "event type" stored in the account data
the decrypted contents of the secret, or "undefined" if name
is not found in
the user's account data.
Get the key information for a given ID.
Optional
keyId: null | stringThe ID of the key to check for. Defaults to the default key ID if not provided.
If the key was found, the return value is an array of the form [keyId, keyInfo]. Otherwise, null is returned. XXX: why is this an array when addKey returns an object?
Check if a secret is stored on the server.
the name of the secret
map of key name to key info the secret is encrypted with, or null if it is not present or not encrypted with a trusted key
Set the default key ID for encrypting secrets.
If keyId is null
, the default key id value in the account data will be set to an empty object.
This is considered as "disabling" the default key.
The new default key ID
Store an encrypted secret on the server.
Details of the encryption keys to be used must previously have been stored in account data (for example, via ServerSideSecretStorage#addKey.
The name of the secret - i.e., the "event type" to be stored in the account data
The secret contents.
Optional
keys: null | string[]The IDs of the keys to use to encrypt the secret, or null/undefined to use the default key (will throw if no default key is set).
Interface provided by SecretStorage implementations
Normally this will just be an ServerSideSecretStorageImpl, but for backwards compatibility some methods allow other implementations.