vhsm transform

The vhsm transform command provides a set of subcommands for interacting with vHSM's Transform Secrets Engine. This engine is used for performing cryptographic transformations such as Format-Preserving Encryption (FPE) and related data protection tasks.

Use this command to import keys or manage key versions for secure transformation workflows.

Usage

vhsm transform <subcommand> [options] [args]

<subcommand>: A specific action under the transform engine (e.g., import, import-version).
[options] and [args]: Additional flags or arguments passed to the specific subcommand.

Subcommands

Subcommand

Description

import

Import a key into a new transformation under the Transform secrets engine.

import-version

Import new key material into an existing transformation key as a new version.

Each subcommand has its own set of options and arguments. Use vhsm transform <subcommand> -h to see more details.

Examples

Example 1: Import a key into a new FPE transformation

vhsm transform import transform/transformations/fpe/new-transformation @path/to/key \
    template=identifier \
    allowed_roles=physical-access

transform/transformations/fpe/new-transformation: Path to the new transformation.
@path/to/key: Path to the key material to be imported.
template=identifier: The template to be used (e.g., for data masking or FPE).
allowed_roles=physical-access: Restricts transformation usage to a specific role.

Example 2: Import key material into a new key version

vhsm transform import-version transform/transformations/fpe/existing-transformation @new-key-material

This command updates an existing transformation with new key material as a new version, enabling key rotation or cryptographic agility.

Previousvhsm ssh NextAuthentication and Authorization

Last updated 22 hours ago

Was this helpful?