Constructor
new Client(configuration)
Construct a new Client using the provided client configuration.
Clients running in a non-browser context pass their Virtru credentials directly into the constructor. T
Clients running in a non-browser context pass their Virtru credentials directly into the constructor. T
Parameters:
| Name | Type | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
configuration |
object | configuration to use for the lifetime of this client instance.
Properties
|
Classes
Members
setupOidcMiddleWare
Methods
(async) _uploadBinaryToS3(stream) → {object}
Sends a stream to Virtru's hosted S3 and returns a corresponding RCA link
Parameters:
| Name | Type | Description |
|---|---|---|
stream |
PlaintextStream |
Returns:
successful upload metadata object
- Type
- object
(async) decrypt(params)
- See:
Decrypt TDF ciphertext into plaintext. One of the core operations of the Virtru SDK.
Parameters:
| Name | Type | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
params |
Properties
|
Returns:
a Readable stream containing the decrypted plaintext.
(async) fetchContract(policyId)
Contract is a public version of policy that can be retrieved both
with owner and recipient. When policy is only for those group of users
https://github.com/virtru-corp/acm/blob/main/lib/business-logic/get-policy-action.js#L180
Side effect is fo
Parameters:
| Name | Type | Description |
|---|---|---|
policyId |
string | contract id get. |
Returns:
contract.
(async) fetchPolicy(policyId) → {Policy}
Fetch an authorization Policy from the Virtru backend.
The Policy is created automatically through an
The policyId for this call is assigned automatically during encrypt setup and must be retrieved in one of two ways.
The first approach is to grab the policyId from the built encrypt params:
The Policy is created automatically through an
encrypt, so this can only be
run after an encrypt has succeeded.
Only the policy owner (creator) may call fetchPolicy.
The policyId for this call is assigned automatically during encrypt setup and must be retrieved in one of two ways.
The first approach is to grab the policyId from the built encrypt params:
// Execute an encrypt normally.
const encryptParams = new Virtru.EncryptParamsBuilder()
.withStringSource("Sokath, his eyes open!")
.build();
const ct = await client.encrypt(encryptParams);
const policyId = encryptParams.getPolicyId();
const policy = await client.fetchPolicy(policyId);
// Now you can update and revoke using this fetched policy.
The second approach is to parse the policyId from the encrypted TDF ciphertext.
// Execute an encrypt normally.
const encryptParams = new Virtru.EncryptParamsBuilder()
.withStringSource("Sokath, his eyes open!")
.build();
const ct = await client.encrypt(encryptParams);
// Write the ciphertext to a file as per typical usage.
await ct.toFile('darmok.html');
// Time passes...
// Some time later we decide to update the policy (e.g., to give a new user access).
const decryptParams = new Virtru.DecryptParamsBuilder()
.withFileSource('darmok.html')
.build();
const policyId = await client.getPolicyId(decryptParams);
const policy = await client.fetchPolicy(policyId);
// Now you can update and revoke using this fetched policy.
Parameters:
| Name | Type | Description |
|---|---|---|
policyId |
string | the unique identifier of the policy. |
Returns:
A Policy object.
- Type
- Policy
(async) generateRcaLink(stream) → {string}
WARNING: if the stream has not ended, this method will fail
Parameters:
| Name | Type | Description |
|---|---|---|
stream |
PlaintextStream |
Returns:
for decrypting in secure reader
- Type
- string
getClientVersion() → {string}
Get the current version of this SDK.
Returns:
the SDK version, in semver form (e.g., "1.2.1").
- Type
- string
getParamsFromRcaLink(rcaLink)
Parameters:
| Name | Type | Description |
|---|---|---|
rcaLink |
string | RCA link for decryption |
(async) getPolicyId(source) → {string}
- See:
Get the unique policyId associated with TDF ciphertext. Useful for managing authorization policies of encrypted data.
The policyId is embedded in the ciphertext so this is a local operation.
The policyId is embedded in the ciphertext so this is a local operation.
Parameters:
| Name | Type | Description |
|---|---|---|
source |
object | Required. TDF data stream, generated using DecryptParamsBuilder's build(). |
Returns:
- the unique policyId, which can be used for tracking purposes or policy management operations.
- Type
- string
(async) revokePolicy(policyId)
"Revoke" an authorization Policy in the Virtru backend. This will
disable access to the Policy (and thus prevent
This operation is not irrevocable - revoked policies may be re-enabled in the dashboard by the policy owner.
Idempotent, succeeds if the policy does not already exist.
decrypt)
for all authorized users except the owner.
Only the policy owner (creator) may call revokePolicy.
This operation is not irrevocable - revoked policies may be re-enabled in the dashboard by the policy owner.
Idempotent, succeeds if the policy does not already exist.
Parameters:
| Name | Type | Description |
|---|---|---|
policyId |
string | the unique identifier of the policy. |
Returns:
nothing.
(async) updatePolicy(policy)
Push an authorization Policy update to the Virtru backend.
The Policy must first be fetched through
The Policy must first be fetched through
fetchPolicy.
Only the policy owner (creator) may call updatePolicy.
// Some time after encryption we decide to give a new user access to the data.
const decryptParams = new Virtru.DecryptParamsBuilder()
.withFileSource('darmok.html')
.build();
const policyId = await client.getPolicyId(decryptParams);
const policy = await client.fetchPolicy(policyId);
const newPolicy = policy.builder()
.addUsersWithAccess('picard@enterprise.fed')
.build();
await client.updatePolicy(newPolicy);
// Now the new user can decrypt the file!
Parameters:
| Name | Type | Description |
|---|---|---|
policy |
Policy | the updated policy to push. |
Returns:
nothing.