HashiCorp Vault Signer Factory API Reference

This document provides a concise API reference for the VaultSignerFactory class within the Hedera DID SDK for JavaScript. The VaultSignerFactory class is responsible for creating Vault Signer instances and authenticating with HashiCorp Vault to securely manage cryptographic keys.

Class Diagram

The class diagram below illustrates the core methods of the Vault VaultSignerFactory interface for interacting with HashiCorp Vault.

Constructor

`constructor`

private constructor(vaultApi: VaultApi)

Initializes a new VaultSignerFactory instance. It is a private constructor and should not be called directly.

Parameters

vaultApi: (Required) An internal API object that interacts with HashiCorp Vault.

Static Methods

`loginWithToken`

static loginWithToken(
    options: VaultLoginWithTokenOptions,
): Promise<VaultSignerFactory>

Creates a new VaultSignerFactory instance by authenticating with HashiCorp Vault using an access token.

Parameters

options: An object containing the necessary options to authenticate with HashiCorp Vault using an access token (refer to VaultLoginWithTokenOptions Type for details).

Returns

The new VaultSignerFactory instance.

`loginWithUsernameAndPassword`

static loginWithUsernameAndPassword(
  options: VaultLoginWithUsernameAndPasswordOptions,
): Promise<VaultSignerFactory>

Creates a new VaultSignerFactory instance by authenticating with HashiCorp Vault using a username and password.

Parameters

options: An object containing the necessary options to authenticate with HashiCorp Vault using a username and password (refer to VaultLoginWithUsernameAndPasswordOptions Type for details).

Returns

The new VaultSignerFactory instance.

`loginWithAppRole`

static async loginWithAppRole(
  options: VaultLoginWithAppRoleOptions,
): Promise<VaultSignerFactory>

Creates a new VaultSignerFactory instance by authenticating with HashiCorp Vault using an AppRole.

Parameters

options: An object containing the necessary options to authenticate with HashiCorp Vault using an AppRole (refer to VaultLoginWithAppRoleOptions Type for details).

Returns

The new VaultSignerFactory instance.

Methods

`forKey`

forKey(keyName: string): Promise<Signer>

Returns a Vault Signer instance for the specified key stored in HashiCorp Vault.

Parameters

keyName: The unique identifier for the key stored in HashiCorp Vault.

Returns

A Signer instance for the specified key.

`forNewKey`

forNewKey(keyName: string): Promise<Signer>

Creates a new Ed25519 key pair in HashiCorp Vault and returns a Vault Signer instance for the new key.

Parameters

keyName: The unique identifier for the new key to be stored in HashiCorp Vault.

Returns

A Signer instance for the specified key.

Data Types

This section elaborates on the data types employed within the VaultSignerFactory class.

VaultLoginWithTokenOptions Type

The VaultLoginWithTokenOptions type is an object that contains the necessary options to authenticate with HashiCorp Vault using an access token.

Name Type Description

Name	Type	Description
token	`string`	The access token used to authenticate with HashiCorp Vault.
url	`string \| URL`	The URL of the HashiCorp Vault server.
transitPath?	`string`	The path for the transit secret engine. Default is `transit`.

token

string

The access token used to authenticate with HashiCorp Vault.

url

string | URL

The URL of the HashiCorp Vault server.

transitPath?

string

The path for the transit secret engine. Default is transit.

VaultLoginWithUsernameAndPasswordOptions Type

The VaultLoginWithUsernameAndPasswordOptions type is an object that contains the necessary options to authenticate with HashiCorp Vault using a username and password.

Name Type Description

Name	Type	Description
username	`string`	The username used to authenticate with HashiCorp Vault.
password	`string`	The password used to authenticate with HashiCorp Vault.
url	`string \| URL`	The URL of the HashiCorp Vault server.
transitPath?	`string`	The path for the transit secret engine. Default is `transit`.

username

string

The username used to authenticate with HashiCorp Vault.

password

string

The password used to authenticate with HashiCorp Vault.

url

string | URL

The URL of the HashiCorp Vault server.

transitPath?

string

The path for the transit secret engine. Default is transit.

VaultLoginWithAppRoleOptions Type

The VaultLoginWithAppRoleOptions type is an object that contains the necessary options to authenticate with HashiCorp Vault using an AppRole.

Name Type Description

Name	Type	Description
roleId	`string`	The ID of the AppRole used to authenticate with HashiCorp Vault.
secretId	`string`	The secret ID of the AppRole used to authenticate with HashiCorp Vault.
url	`string \| URL`	The URL of the HashiCorp Vault server.
transitPath?	`string`	The path for the transit secret engine. Default is `transit`.

roleId

string

The ID of the AppRole used to authenticate with HashiCorp Vault.

secretId

string

The secret ID of the AppRole used to authenticate with HashiCorp Vault.

url

string | URL

The URL of the HashiCorp Vault server.

transitPath?

string

The path for the transit secret engine. Default is transit.

Errors

Exception code Description

Exception code	Description
`invalidArgument`	Specified key does not exist or cannot be accessed.
`internalError`	Vault authentication failed.

invalidArgument

Specified key does not exist or cannot be accessed.

internalError

Vault authentication failed.

Class Implementation

The Hashgraph DID SDK provides the VaultSignerFactory class within its signer-hashicorp-vault package. For further details, refer to the @hashgraph-did-sdk-js/signer-hashicorp-vault package documentation.