diff --git a/builtin/logical/transit/path_decrypt.go b/builtin/logical/transit/path_decrypt.go index 429279e65..046388db6 100644 --- a/builtin/logical/transit/path_decrypt.go +++ b/builtin/logical/transit/path_decrypt.go @@ -74,6 +74,15 @@ plaintext. On successful decryption, both the ciphertext and the associated data are attested not to have been tampered with. `, }, + + "batch_input": { + Type: framework.TypeSlice, + Description: ` +Specifies a list of items to be decrypted in a single batch. When this +parameter is set, if the parameters 'ciphertext', 'context' and 'nonce' are +also set, they will be ignored. Any batch output will preserve the order +of the batch input.`, + }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ diff --git a/builtin/logical/transit/path_encrypt.go b/builtin/logical/transit/path_encrypt.go index 5c2b029d9..c04d271d6 100644 --- a/builtin/logical/transit/path_encrypt.go +++ b/builtin/logical/transit/path_encrypt.go @@ -152,6 +152,14 @@ plaintext. On successful decryption, both the ciphertext and the associated data are attested not to have been tampered with. `, }, + + "batch_input": { + Type: framework.TypeSlice, + Description: ` +Specifies a list of items to be encrypted in a single batch. When this parameter +is set, if the parameters 'plaintext', 'context' and 'nonce' are also set, they +will be ignored. Any batch output will preserve the order of the batch input.`, + }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ diff --git a/builtin/logical/transit/path_hmac.go b/builtin/logical/transit/path_hmac.go index 2376f4926..a9aad9736 100644 --- a/builtin/logical/transit/path_hmac.go +++ b/builtin/logical/transit/path_hmac.go @@ -83,6 +83,14 @@ Defaults to "sha2-256".`, Must be 0 (for latest) or a value greater than or equal to the min_encryption_version configured on the key.`, }, + + "batch_input": { + Type: framework.TypeSlice, + Description: ` +Specifies a list of items to be processed in a single batch. When this parameter +is set, if the parameter 'input' is also set, it will be ignored. +Any batch output will preserve the order of the batch input.`, + }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ diff --git a/builtin/logical/transit/path_rewrap.go b/builtin/logical/transit/path_rewrap.go index 24e772eae..2bb4bcbc9 100644 --- a/builtin/logical/transit/path_rewrap.go +++ b/builtin/logical/transit/path_rewrap.go @@ -43,6 +43,14 @@ func (b *backend) pathRewrap() *framework.Path { Must be 0 (for latest) or a value greater than or equal to the min_encryption_version configured on the key.`, }, + + "batch_input": { + Type: framework.TypeSlice, + Description: ` +Specifies a list of items to be re-encrypted in a single batch. When this parameter is set, +if the parameters 'ciphertext', 'context' and 'nonce' are also set, they will be ignored. +Any batch output will preserve the order of the batch input.`, + }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ diff --git a/builtin/logical/transit/path_sign_verify.go b/builtin/logical/transit/path_sign_verify.go index 8a983eb5b..04cfcdba5 100644 --- a/builtin/logical/transit/path_sign_verify.go +++ b/builtin/logical/transit/path_sign_verify.go @@ -154,6 +154,14 @@ Options are 'pss' or 'pkcs1v15'. Defaults to 'pss'`, Description: `The salt length used to sign. Currently only applies to the RSA PSS signature scheme. Options are 'auto' (the default used by Golang, causing the salt to be as large as possible when signing), 'hash' (causes the salt length to equal the length of the hash used in the signature), or an integer between the minimum and the maximum permissible salt lengths for the given RSA key size. Defaults to 'auto'.`, }, + + "batch_input": { + Type: framework.TypeSlice, + Description: `Specifies a list of items for processing. When this parameter is set, +any supplied 'input' or 'context' parameters will be ignored. Responses are returned in the +'batch_results' array component of the 'data' element of the response. Any batch output will +preserve the order of the batch input`, + }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ @@ -249,6 +257,14 @@ Options are 'pss' or 'pkcs1v15'. Defaults to 'pss'`, Description: `The salt length used to sign. Currently only applies to the RSA PSS signature scheme. Options are 'auto' (the default used by Golang, causing the salt to be as large as possible when signing), 'hash' (causes the salt length to equal the length of the hash used in the signature), or an integer between the minimum and the maximum permissible salt lengths for the given RSA key size. Defaults to 'auto'.`, }, + + "batch_input": { + Type: framework.TypeSlice, + Description: `Specifies a list of items for processing. When this parameter is set, +any supplied 'input', 'hmac' or 'signature' parameters will be ignored. Responses are returned in the +'batch_results' array component of the 'data' element of the response. Any batch output will +preserve the order of the batch input`, + }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ diff --git a/changelog/18299.txt b/changelog/18299.txt new file mode 100644 index 000000000..b340b9523 --- /dev/null +++ b/changelog/18299.txt @@ -0,0 +1,3 @@ +```release-note:bug +secrets/transit: Do not warn about unrecognized parameter 'batch_input' +``` diff --git a/website/content/api-docs/secret/transit.mdx b/website/content/api-docs/secret/transit.mdx index b11e3c80c..7ddb726e0 100644 --- a/website/content/api-docs/secret/transit.mdx +++ b/website/content/api-docs/secret/transit.mdx @@ -843,8 +843,8 @@ functionality to untrusted users or scripts. when using ‘batch_input’ below. - `batch_input` `(array: nil)` – Specifies a list of items to be - decrypted in a single batch. When this parameter is set, if the parameters - 'ciphertext', 'context' and 'nonce' are also set, they will be ignored. + re-encrypted in a single batch. When this parameter is set, if the parameters + 'ciphertext', 'context' and 'nonce' are also set, they will be ignored. Any batch output will preserve the order of the batch input. Format for the input goes like this: