Description
Hello! I would like to request adding support for the reference parameter in Spring Cloud Vault’s Transform FPE encode and decode operations. Currently, the Spring Cloud Vault client supports only the transformation and tweak parameters, leaving no way to specify a reference that preserves the exact mapping of inputs to outputs when dealing with large batch requests. This becomes problematic when working with thousands of inputs, as there is no reliable way to correlate each input with its corresponding output.
Context
• VaultTransformTemplate#encode(String, List<TransformPlaintext>) and VaultTransformTemplate#decode(String, List<TransformCiphertext>) only supply value (from TransformPlaintext) and transformation/tweak (from VaultTransformContext) for each batch item.
• The HashiCorp Vault Transform API supports a reference field per item in batch_input. This is essential to correlate results in large batches, where maintaining the input→output mapping is critical.
Desired Enhancement
1. Extend VaultTransformContext (or similar) to hold an optional reference field.
2. Modify the batch request construction so each item can include its own reference.
3. Optionally parse returned reference from Vault’s batch_results, allowing direct correlation of request and response.
Implementing this feature would enable clients to handle large batches reliably without having to customize or override base Spring Cloud Vault classes. If there is a roadmap or timeline for including reference support, it would be great to learn more—particularly as we have a customer eager to see this functionality. Thank you!