vhsm transform
The vhsm transform command provides a set of subcommands for interacting with vHSM's Transform Secrets Engine. This engine is used for performing cryptographic transformations such as Format-Preserving Encryption (FPE) and related data protection tasks.
Use this command to import keys or manage key versions for secure transformation workflows.
Usage
vhsm transform <subcommand> [options] [args]<subcommand>: A specific action under the transform engine (e.g.,import,import-version).[options]and[args]: Additional flags or arguments passed to the specific subcommand.
Subcommands
import
Import a key into a new transformation under the Transform secrets engine.
import-version
Import new key material into an existing transformation key as a new version.
Each subcommand has its own set of options and arguments. Use vhsm transform <subcommand> -h to see more details.
Examples
Example 1: Import a key into a new FPE transformation
vhsm transform import transform/transformations/fpe/new-transformation @path/to/key \
template=identifier \
allowed_roles=physical-accesstransform/transformations/fpe/new-transformation: Path to the new transformation.@path/to/key: Path to the key material to be imported.template=identifier: The template to be used (e.g., for data masking or FPE).allowed_roles=physical-access: Restricts transformation usage to a specific role.
Example 2: Import key material into a new key version
vhsm transform import-version transform/transformations/fpe/existing-transformation @new-key-materialThis command updates an existing transformation with new key material as a new version, enabling key rotation or cryptographic agility.
Last updated
Was this helpful?