Client

Client

The Client is the entry point for the major Virtru operations, such as encrypt, decrypt, and Policy management.

Constructor

new Client(configuration)

Construct a new Client using the provided client configuration.

Clients running in a non-browser context pass their Virtru credentials directly into the constructor. T
Parameters:
Name Type Description
configuration object configuration to use for the lifetime of this client instance.
Properties
Name Type Description
email string the email address to authenticate as, using Virtru credentials or preprovisioned via the OAuth flow. Any data you encrypt will be owned by this email address. It will also be used to authorize decrypt access to encrypted data. Required.
cryptoService object the cryptography library to use to encrypt your data. Defaults to Web Crypto. Optional.

Classes

Client

Members

setupOidcMiddleWare

Methods

(async) _uploadBinaryToS3(stream) → {object}

Sends a stream to Virtru's hosted S3 and returns a corresponding RCA link
Parameters:
Name Type Description
stream PlaintextStream
Returns:
successful upload metadata object
Type
object

(async) decrypt(params)

See:
Decrypt TDF ciphertext into plaintext. One of the core operations of the Virtru SDK.
Parameters:
Name Type Description
params
Properties
Name Type Description
source A data stream object, one of remote, stream, buffer, etc. types.
rcaSource RCA source information
eo Optional entity object (legacy AuthZ)
Returns:
a Readable stream containing the decrypted plaintext.

(async) fetchContract(policyId)

Contract is a public version of policy that can be retrieved both with owner and recipient. When policy is only for those group of users https://github.com/virtru-corp/acm/blob/main/lib/business-logic/get-policy-action.js#L180 Side effect is fo
Parameters:
Name Type Description
policyId string contract id get.
Returns:
contract.

(async) fetchPolicy(policyId) → {Policy}

Fetch an authorization Policy from the Virtru backend.

The Policy is created automatically through an encrypt, so this can only be run after an encrypt has succeeded. Only the policy owner (creator) may call fetchPolicy.

The policyId for this call is assigned automatically during encrypt setup and must be retrieved in one of two ways.

The first approach is to grab the policyId from the built encrypt params:
// Execute an encrypt normally.
const encryptParams = new Virtru.EncryptParamsBuilder()
     .withStringSource("Sokath, his eyes open!")
     .build();
const ct = await client.encrypt(encryptParams);

const policyId = encryptParams.getPolicyId();
const policy = await client.fetchPolicy(policyId);
// Now you can update and revoke using this fetched policy.
     
The second approach is to parse the policyId from the encrypted TDF ciphertext.
// Execute an encrypt normally.
const encryptParams = new Virtru.EncryptParamsBuilder()
     .withStringSource("Sokath, his eyes open!")
     .build();
const ct = await client.encrypt(encryptParams);
// Write the ciphertext to a file as per typical usage.
await ct.toFile('darmok.html');

 // Time passes...
 // Some time later we decide to update the policy (e.g., to give a new user access).

 const decryptParams = new Virtru.DecryptParamsBuilder()
    .withFileSource('darmok.html')
    .build();
 const policyId = await client.getPolicyId(decryptParams);
 const policy = await client.fetchPolicy(policyId);
 // Now you can update and revoke using this fetched policy.
     
Parameters:
Name Type Description
policyId string the unique identifier of the policy.
Returns:
A Policy object.
Type
Policy
WARNING: if the stream has not ended, this method will fail
Parameters:
Name Type Description
stream PlaintextStream
Returns:
for decrypting in secure reader
Type
string

getClientVersion() → {string}

Get the current version of this SDK.
Returns:
the SDK version, in semver form (e.g., "1.2.1").
Type
string
Parameters:
Name Type Description
rcaLink string RCA link for decryption

(async) getPolicyId(source) → {string}

See:
Get the unique policyId associated with TDF ciphertext. Useful for managing authorization policies of encrypted data.

The policyId is embedded in the ciphertext so this is a local operation.
Parameters:
Name Type Description
source object Required. TDF data stream, generated using DecryptParamsBuilder's build().
Returns:
- the unique policyId, which can be used for tracking purposes or policy management operations.
Type
string

(async) revokePolicy(policyId)

"Revoke" an authorization Policy in the Virtru backend. This will disable access to the Policy (and thus prevent decrypt) for all authorized users except the owner. Only the policy owner (creator) may call revokePolicy.

This operation is not irrevocable - revoked policies may be re-enabled in the dashboard by the policy owner.

Idempotent, succeeds if the policy does not already exist.
Parameters:
Name Type Description
policyId string the unique identifier of the policy.
Returns:
nothing.

(async) updatePolicy(policy)

Push an authorization Policy update to the Virtru backend.

The Policy must first be fetched through fetchPolicy. Only the policy owner (creator) may call updatePolicy.
// Some time after encryption we decide to give a new user access to the data.
const decryptParams = new Virtru.DecryptParamsBuilder()
   .withFileSource('darmok.html')
   .build();
const policyId = await client.getPolicyId(decryptParams);
const policy = await client.fetchPolicy(policyId);
const newPolicy = policy.builder()
  .addUsersWithAccess('picard@enterprise.fed')
  .build();
await client.updatePolicy(newPolicy);
// Now the new user can decrypt the file!
     
Parameters:
Name Type Description
policy Policy the updated policy to push.
Returns:
nothing.