src/crypto/key/dto/key-chain-create.dto.ts
DTO for creating a new key chain.
A key chain is a unified object that represents a complete signing key setup:
Properties |
|
| Optional description |
Type : string
|
Decorators :
@ApiPropertyOptional({description: 'Human-readable description for the key chain.', example: 'Production credential signing key'})
|
| Optional kmsProvider |
Type : string
|
Decorators :
@ApiPropertyOptional({description: 'KMS provider to use (defaults to the configured default provider).', example: 'vault'})
|
| Optional rotationPolicy |
Type : RotationPolicyCreateDto
|
Decorators :
@ApiPropertyOptional({description: 'Rotation policy configuration. Only applicable for the signing key (root CA never rotates).', type: RotationPolicyCreateDto})
|
| type |
Type : KeyChainType
|
Decorators :
@ApiProperty({description: 'Type of key chain to create.', enum: KeyChainType, example: 'internalChain'})
|
| usageType |
Type : KeyUsageType
|
Decorators :
@ApiProperty({description: 'Usage type determines the purpose of this key chain (access, attestation, etc.).', enum: KeyUsageType, example: 'attestation'})
|
import { ApiProperty, ApiPropertyOptional } from "@nestjs/swagger";
import { Type } from "class-transformer";
import {
IsBoolean,
IsEnum,
IsNumber,
IsOptional,
IsString,
Max,
Min,
ValidateNested,
} from "class-validator";
import { KeyUsageType } from "../entities/key-chain.entity";
/**
* DTO for rotation policy configuration.
*/
export class RotationPolicyCreateDto {
@ApiProperty({
description: "Whether automatic key rotation is enabled.",
default: false,
})
@IsBoolean()
enabled!: boolean;
@ApiPropertyOptional({
description:
"Rotation interval in days. Required when enabled is true.",
example: 90,
minimum: 1,
maximum: 3650,
})
@IsNumber()
@Min(1)
@Max(3650)
@IsOptional()
intervalDays?: number;
@ApiPropertyOptional({
description:
"Certificate validity in days. Defaults to rotation interval + 30 days grace period.",
example: 365,
minimum: 1,
maximum: 3650,
})
@IsNumber()
@Min(1)
@Max(3650)
@IsOptional()
certValidityDays?: number;
}
/**
* Key chain type determines the structure of the key chain.
*/
export enum KeyChainType {
/** Single key with self-signed certificate */
Standalone = "standalone",
/** Internal CA + signing key with CA-signed certificate */
InternalChain = "internalChain",
}
/**
* DTO for creating a new key chain.
*
* A key chain is a unified object that represents a complete signing key setup:
* - For standalone type: A single key with a self-signed certificate
* - For internalChain type: An internal root CA + signing key with CA-signed certificate
*/
export class KeyChainCreateDto {
@ApiProperty({
description:
"Usage type determines the purpose of this key chain (access, attestation, etc.).",
enum: KeyUsageType,
example: "attestation",
})
@IsEnum(KeyUsageType)
usageType!: KeyUsageType;
@ApiProperty({
description: "Type of key chain to create.",
enum: KeyChainType,
example: "internalChain",
})
@IsEnum(KeyChainType)
type!: KeyChainType;
@ApiPropertyOptional({
description: "Human-readable description for the key chain.",
example: "Production credential signing key",
})
@IsString()
@IsOptional()
description?: string;
@ApiPropertyOptional({
description:
"KMS provider to use (defaults to the configured default provider).",
example: "vault",
})
@IsString()
@IsOptional()
kmsProvider?: string;
@ApiPropertyOptional({
description:
"Rotation policy configuration. Only applicable for the signing key (root CA never rotates).",
type: RotationPolicyCreateDto,
})
@ValidateNested()
@Type(() => RotationPolicyCreateDto)
@IsOptional()
rotationPolicy?: RotationPolicyCreateDto;
}