Ir al contenido

OrgSecurityKeysService

Esta página aún no está disponible en tu idioma.

Exposes per-organization secret key material to internal services that need it for HMAC computation, signature verification, or envelope-key derivation.

Method Description
GetPeppers Return all non-retired pepper versions for one (org, purpose)

Return all non-retired pepper versions for one (org_id, purpose) pair, in ascending version order. During a rotation overlap window multiple versions are returned — callers compute lookup hashes under every returned version so lookups keep matching across the rotation. Typically the response contains exactly one entry; two during a rotation overlap window; zero only when no pepper has ever been generated for the pair (success with an empty list — the caller decides whether absence is a hard error).

An empty or non-UUID org_id, or an empty purpose, is rejected with INVALID_ARGUMENT.

Authorization: Internal service only

Field Type Description
org_id string Organization whose peppers are requested.
purpose string Purpose identifier scoping which key family to return (e.g. reachability_lookup for the reachability registry lookup hash).
Field Type Description
peppers Pepper[] All non-retired pepper versions for the (org, purpose) pair, in ascending version order.
Field Type Description
version int32 Monotonically-increasing version number. Lower versions retire first.
key_material bytes Raw HMAC key material. Sensitive — callers must not log or persist this value to disk. In-memory caching keyed on (org, version) with a short TTL is permitted and expected.