Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request for incorporating "reference" in Transform FPE encode() and decode() operations #894

Open
rchandran80 opened this issue Feb 5, 2025 · 2 comments
Open

Feature request for incorporating "reference" in Transform FPE encode() and decode() operations #894

rchandran80 opened this issue Feb 5, 2025 · 2 comments
Labels
status: ideal-for-contribution An issue that a contributor can help us with type: enhancement A general enhancement

Comments

@rchandran80
Copy link

Hello! I would like to request adding support for the reference parameter in Spring Cloud Vault’s Transform FPE encode and decode operations. Currently, the Spring Cloud Vault client supports only the transformation and tweak parameters, leaving no way to specify a reference that preserves the exact mapping of inputs to outputs when dealing with large batch requests. This becomes problematic when working with thousands of inputs, as there is no reliable way to correlate each input with its corresponding output.

Context
VaultTransformTemplate#encode(String, List<TransformPlaintext>) and VaultTransformTemplate#decode(String, List<TransformCiphertext>) only supply value (from TransformPlaintext) and transformation/tweak (from VaultTransformContext) for each batch item.
• The HashiCorp Vault Transform API supports a reference field per item in batch_input. This is essential to correlate results in large batches, where maintaining the input→output mapping is critical.

Desired Enhancement
1. Extend VaultTransformContext (or similar) to hold an optional reference field.
2. Modify the batch request construction so each item can include its own reference.
3. Optionally parse returned reference from Vault’s batch_results, allowing direct correlation of request and response.

Implementing this feature would enable clients to handle large batches reliably without having to customize or override base Spring Cloud Vault classes. If there is a roadmap or timeline for including reference support, it would be great to learn more—particularly as we have a customer eager to see this functionality. Thank you!
@mp911de
Copy link
Member

mp911de commented Feb 6, 2025

Thanks for reaching out. Looking at the Transform API, there have been several details added since we've built support for Transform. There's TTL, expiration and much more. It would make sense to extend VaultTransformContext. Feel free to come up with a pull request.

@mp911de mp911de added type: enhancement A general enhancement status: ideal-for-contribution An issue that a contributor can help us with labels Feb 6, 2025
@rchandran80
Copy link
Author

Sure, I can submit a pull request for supporting the reference attribute, will update this thread once its ready.

This was referenced Feb 14, 2025
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: ideal-for-contribution An issue that a contributor can help us with type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mp911de @rchandran80