/*
 * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
 */

import * as z from "zod/v3";

export type V2KeysGetKeyRequestBody = {
  /**
   * Specifies which key to retrieve using the database identifier returned from `keys.createKey`.
   *
   * @remarks
   * Do not confuse this with the actual API key string that users include in requests.
   * Key data includes metadata, permissions, usage statistics, and configuration but never the plaintext key value unless `decrypt=true`.
   * Find this ID in creation responses, key listings, dashboard, or verification responses.
   */
  keyId: string;
  /**
   * Controls whether to include the plaintext key value in the response for recovery purposes.
   *
   * @remarks
   * Only works for keys created with `recoverable=true` and requires the `decrypt_key` permission.
   * Returned keys must be handled securely, never logged, cached, or stored insecurely.
   *
   * Use only for legitimate recovery scenarios like user password resets or emergency access.
   * Most applications should keep this false to maintain security best practices and avoid accidental key exposure.
   * Decryption requests are audited and may trigger security alerts in enterprise environments.
   */
  decrypt?: boolean | undefined;
};

/** @internal */
export type V2KeysGetKeyRequestBody$Outbound = {
  keyId: string;
  decrypt: boolean;
};

/** @internal */
export const V2KeysGetKeyRequestBody$outboundSchema: z.ZodType<
  V2KeysGetKeyRequestBody$Outbound,
  z.ZodTypeDef,
  V2KeysGetKeyRequestBody
> = z.object({
  keyId: z.string(),
  decrypt: z.boolean().default(false),
});

export function v2KeysGetKeyRequestBodyToJSON(
  v2KeysGetKeyRequestBody: V2KeysGetKeyRequestBody,
): string {
  return JSON.stringify(
    V2KeysGetKeyRequestBody$outboundSchema.parse(v2KeysGetKeyRequestBody),
  );
}