Generate Secrets

This handler (com.rierino.handler.SecretEventHandler) provides ability to encrypt/decrypt and hash data.

Handler Parameters

Parameter

Definition

Example

Default

key.state

Name of the state manager with key definitions

secret_key

key

Constant key to use for signing operations

1234567890ABC

encryptkey

Constant key to use for encryption operations

1234567890ABC

provider

Security provider to use (auto for default, BC for bouncy castle)

auto

issuer

Issuer to include in generated tokens

Rierino

algorithm

Default encyption algorithm

AES/ECB/PKCS5Padding

keyAlgorithm

Default key generation algorithm

AES

hashAlgorithm

Default hashing algorithm

SHA-256

certificateKeySize

Default key size for certificate generation

2048

certificateAlgorithm

Default algorithm for certificate key generation

RSA

certificateSignatureAlgorithm

Default algorithm for signing certificates

SHA256withRSA

certificateLifetime

Default lifetime (in days) for generated certificates

certificateDN

Default distinguished name for the generated certificates

CN=rierino.com, O=Rierino

Actions

All actions of this handler share the following event metadata parameters for getting key inputs:

Parameter

Definition

Example

Default

Key

Constant key to use for operations

1234567890ABC

Key Path

Json path of key in event payload

parameters.key

Key Id

ID of the key to use from key state

123

Key Id Path

Json path of key id to use from key state

parameters.id

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "parameters": {
          "type": "object",
          "properties": {
            "key": {
              "type": "string",
              "description": "Constant key to use for operations",
              "example": "1234567890ABC"
            },
            "keyPath": {
              "type": "string",
              "description": "Json path of key in event payload",
              "example": "parameters.key"
            },
            "keyId": {
              "type": ["string", "integer"],
              "description": "ID of the key to use from key state",
              "example": 123
            },
            "keyIdPath": {
              "type": "string",
              "description": "Json path of key id to use from key state",
              "example": "parameters.id"
            }
          }
        }
      }
    }
  }
}

Encrypt

Encrypts a given json node or string value using preferred algorithms. Event metadata fields applicable for this action are as follows:

Field

Definition

Example

Default

Input Element

Json path for the input in request event payload

data

Output Element

Json path for the output in response event payload

secret

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "inputElement": {
          "type": "string",
          "description": "Json path for the input in request event payload",
          "example": "data"
        },
        "outputElement": {
          "type": "string",
          "description": "Json path for the output in response event payload",
          "example": "secret"
        }
      }
    }
  }
}

With event metadata parameters as:

Parameter

Definition

Example

Default

Algorithm

Custom cipher algorithm to use

Handler default

Key Algorithm

Custom SecretKey algorithm to use

Handler default

Provider

Custom security provider to use

Handler default

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "parameters": {
          "type": "object",
          "properties": {
            "algorithm": {
              "type": "string",
              "description": "Custom cipher algorithm to use",
              "default": "Handler default"
            },
            "keyAlgorithm": {
              "type": "string",
              "description": "Custom SecretKey algorithm to use",
              "default": "Handler default"
            },
            "provider": {
              "type": "string",
              "description": "Custom security provider to use",
              "default": "Handler default"
            }
          }
        }
      }
    }
  }
}

Decrypt

Decryptes a previously encrypted value and returns as a json node or string value. This action uses the same fields as Encrypt action, with the addition of following event metadata parameter:

Parameter

Definition

Example

Default

Is Json

Whether encrypted value is json and should be parsed into an object

true

false

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "parameters": {
          "type": "object",
          "properties": {
            "isJson": {
              "type": "boolean",
              "description": "Whether encrypted value is json and should be parsed into an object",
              "default": false,
              "example": true
            }
          }
        }
      }
    }
  }
}

Hash

Hashes a given json node or string value using preferred algorithms. Event metadata fields applicable for this action are as follows:

Field

Definition

Example

Default

Input Element

Json path for the input in request event payload

data

Output Element

Json path for the output in response event payload

secret

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "inputElement": {
          "type": "string",
          "description": "Json path for the input in request event payload",
          "example": "data"
        },
        "outputElement": {
          "type": "string",
          "description": "Json path for the output in response event payload",
          "example": "secret"
        }
      }
    }
  }
}

With event metadata parameters as:

Parameter

Definition

Example

Default

Algorithm

Custom hash algorithm to use

Handler default

Provider

Custom security provider to use

Handler default

Iterations

Iterations to update the hash

100

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "parameters": {
          "type": "object",
          "properties": {
            "algorithm": {
              "type": "string",
              "description": "Custom hash algorithm to use",
              "default": "Handler default"
            },
            "provider": {
              "type": "string",
              "description": "Custom security provider to use",
              "default": "Handler default"
            },
            "iterations": {
              "type": "integer",
              "description": "Iterations to update the hash",
              "default": 1,
              "example": 100
            }
          }
        }
      }
    }
  }
}

Hash actions can be used to generate secure API keys, when used together with JmesPath salt_key action that creates secure random key. These keys can be stored with access.roles details for key based authentication.

ValidateHash

Validates the hash of a given json node or string value using preferred algorithms. Event metadata fields applicable for this action are as follows:

Field

Definition

Example

Default

Input Element

Json path for the input in request event payload, with "hash" and "data" elements

parameters

Output Element

Json path for the output in response event payload

secret

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "inputElement": {
          "type": "string",
          "description": "Json path for the input in request event payload, with \"hash\" and \"data\" elements",
          "example": "parameters"
        },
        "outputElement": {
          "type": "string",
          "description": "Json path for the output in response event payload",
          "example": "secret"
        }
      }
    }
  }
}

With event metadata parameters as:

Parameter

Definition

Example

Default

Algorithm

Custom hash algorithm to use

Handler default

Provider

Custom security provider to use

Handler default

Iterations

Iterations to update the hash

100

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "parameters": {
          "type": "object",
          "properties": {
            "algorithm": {
              "type": "string",
              "description": "Custom hash algorithm to use",
              "default": "Handler default"
            },
            "provider": {
              "type": "string",
              "description": "Custom security provider to use",
              "default": "Handler default"
            },
            "iterations": {
              "type": "integer",
              "description": "Iterations to update the hash",
              "default": 1,
              "example": 100
            }
          }
        }
      }
    }
  }
}

GenerateToken

Generates a JWT token for given claims (including special claims such as audience). Event metadata fields applicable for this action are as follows:

Field

Definition

Example

Default

Input Element

Json path for the fields to include as claims in token

parameters

Output Element

Json path to add token at

secret

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "inputElement": {
          "type": "string",
          "description": "Json path for the fields to include as claims in token",
          "example": "parameters"
        },
        "outputElement": {
          "type": "string",
          "description": "Json path to add token at",
          "example": "secret"
        }
      }
    }
  }
}

With event metadata parameters as:

Parameter

Definition

Example

Default

Provider

Custom security provider to use

Handler default

Expiration Time

Milliseconds to expiration of token

60000

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "parameters": {
          "type": "object",
          "properties": {
            "provider": {
              "type": "string",
              "description": "Custom security provider to use",
              "default": "Handler default"
            },
            "expirationTime": {
              "type": "integer",
              "description": "Milliseconds to expiration of token",
              "default": 0,
              "example": 60000
            }
          }
        }
      }
    }
  }
}

ValidateToken

Validates a JWT token. Event metadata fields applicable for this action are as follows:

Field

Definition

Example

Default

Input Element

Json path for the token

parameters.token

Output Element

Json path to add validation result to

isValid

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "inputElement": {
          "type": "string",
          "description": "Json path for the token",
          "example": "parameters.token"
        },
        "outputElement": {
          "type": "string",
          "description": "Json path to add validation result to",
          "example": "isValid"
        }
      }
    }
  }
}

With event metadata parameters as:

Parameter

Definition

Example

Default

Provider

Custom security provider to use

Handler default

Input Pattern

Jmespath expression to apply on input element

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "parameters": {
          "type": "object",
          "properties": {
            "provider": {
              "type": "string",
              "description": "Custom security provider to use",
              "default": "Handler default"
            },
            "inputPattern": {
              "type": "string",
              "description": "Jmespath expression to apply on input element"
            }
          }
        }
      }
    }
  }
}

DecodeToken

Decodes a JWT token and returns its claims. Event metadata fields applicable for this action are as follows:

Field

Definition

Example

Default

Input Element

Json path for the token

parameters.token

Output Element

Json path to add decoded claims to

claims

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "inputElement": {
          "type": "string",
          "description": "Json path for the token",
          "example": "parameters.token"
        },
        "outputElement": {
          "type": "string",
          "description": "Json path to add decoded claims to",
          "example": "claims"
        }
      }
    }
  }
}

With event metadata parameters as:

Parameter

Definition

Example

Default

Provider

Custom security provider to use

Handler default

Input Pattern

Jmespath expression to apply on input element

Validate

Whether the token must be valid to decode

false

true

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "parameters": {
          "type": "object",
          "properties": {
            "provider": {
              "type": "string",
              "description": "Custom security provider to use",
              "default": "Handler default"
            },
            "inputPattern": {
              "type": "string",
              "description": "Jmespath expression to apply on input element"
            },
            "validate": {
              "type": "boolean",
              "description": "Whether the token must be valid to decode",
              "default": true,
              "example": false
            }
          }
        }
      }
    }
  }
}

GenerateCertificate

Generates a certificate, returning private key and public certificate values. Event metadata fields applicable for this action are as follows:

Field

Definition

Example

Default

Input Element

Json path for custom certificate DN and lifetime

parameters.cert

Output Element

Json path to add "key" and "certificate" outputs to

produced

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "inputElement": {
          "type": "string",
          "description": "Json path for custom certificate DN and lifetime",
          "example": "parameters.cert"
        },
        "outputElement": {
          "type": "string",
          "description": "Json path to add \"key\" and \"certificate\" outputs to",
          "example": "produced"
        }
      }
    }
  }
}

With event metadata parameters as:

Parameter

Definition

Example

Default

Provider

Custom security provider to use

Handler default

Certificate Algorithm

Custom certificate algorithm

Handler default

Certificate SignatureAlgorithm

Custom signature algorithm

Handler default

Certificate Key Size

Custom key size

Handler default

Certificate DN

Custom certificate DN

Handler default

Certificate Life Time

Custom certificate lifetime in days

Handler default

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "eventMeta": {
      "type": "object",
      "properties": {
        "parameters": {
          "type": "object",
          "properties": {
            "provider": {
              "type": "string",
              "description": "Custom security provider to use",
              "default": "Handler default"
            },
            "certificateAlgorithm": {
              "type": "string",
              "description": "Custom certificate algorithm",
              "default": "Handler default"
            },
            "certificateSignatureAlgorithm": {
              "type": "string",
              "description": "Custom signature algorithm",
              "default": "Handler default"
            },
            "certificateKeySize": {
              "type": ["integer", "string"],
              "description": "Custom key size",
              "default": "Handler default"
            },
            "certificateDN": {
              "type": "string",
              "description": "Custom certificate DN",
              "default": "Handler default"
            },
            "certificateLifeTime": {
              "type": ["integer", "string"],
              "description": "Custom certificate lifetime in days",
              "default": "Handler default"
            }
          }
        }
      }
    }
  }
}

PreviousParse Html NextOrchestrate User Task

Last updated 22 days ago

hashtagHandler Parameters

hashtagActions

hashtagEncrypt

hashtagDecrypt

hashtagHash

hashtagValidateHash

hashtagGenerateToken

hashtagValidateToken

hashtagDecodeToken

hashtagGenerateCertificate

Handler Parameters

Actions

Encrypt

Decrypt

Hash

ValidateHash

GenerateToken

ValidateToken

DecodeToken

GenerateCertificate