feat: make vault events available in SDK (#588)

Co-authored-by: Garen J. Torikian <gjtorikian@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: 3 people

src/workos/types/events/__init__.py

@@ -13,3 +13,4 @@
 from .organization_domain_verification_failed_payload import *
 from .previous_attributes import *
 from .session_payload import *
+from .vault_payload import *

src/workos/types/events/event.py

@@ -53,6 +53,17 @@
     SessionCreatedPayload,
     SessionRevokedPayload,
 )
+from workos.types.events.vault_payload import (
+    VaultDataCreatedPayload,
+    VaultDataDeletedPayload,
+    VaultDataReadPayload,
+    VaultDataUpdatedPayload,
+    VaultDekDecryptedPayload,
+    VaultDekReadPayload,
+    VaultKekCreatedPayload,
+    VaultMetadataReadPayload,
+    VaultNamesListedPayload,
+)
 from workos.types.organizations.organization_common import OrganizationCommon
 from workos.types.organization_domains import OrganizationDomain
 from workos.types.roles.role import EventRole
@@ -372,6 +383,42 @@ class UserUpdatedEvent(EventModel[User]):
     event: Literal["user.updated"]
 
 
+class VaultDataCreatedEvent(EventModel[VaultDataCreatedPayload]):
+    event: Literal["vault.data.created"]
+
+
+class VaultDataDeletedEvent(EventModel[VaultDataDeletedPayload]):
+    event: Literal["vault.data.deleted"]
+
+
+class VaultDataReadEvent(EventModel[VaultDataReadPayload]):
+    event: Literal["vault.data.read"]
+
+
+class VaultDataUpdatedEvent(EventModel[VaultDataUpdatedPayload]):
+    event: Literal["vault.data.updated"]
+
+
+class VaultDekDecryptedEvent(EventModel[VaultDekDecryptedPayload]):
+    event: Literal["vault.dek.decrypted"]
+
+
+class VaultDekReadEvent(EventModel[VaultDekReadPayload]):
+    event: Literal["vault.dek.read"]
+
+
+class VaultKekCreatedEvent(EventModel[VaultKekCreatedPayload]):
+    event: Literal["vault.kek.created"]
+
+
+class VaultMetadataReadEvent(EventModel[VaultMetadataReadPayload]):
+    event: Literal["vault.metadata.read"]
+
+
+class VaultNamesListedEvent(EventModel[VaultNamesListedPayload]):
+    event: Literal["vault.names.listed"]
+
+
 Event = Annotated[
     Union[
         ApiKeyCreatedEvent,
@@ -443,6 +490,15 @@ class UserUpdatedEvent(EventModel[User]):
         UserCreatedEvent,
         UserDeletedEvent,
         UserUpdatedEvent,
+        VaultDataCreatedEvent,
+        VaultDataDeletedEvent,
+        VaultDataReadEvent,
+        VaultDataUpdatedEvent,
+        VaultDekDecryptedEvent,
+        VaultDekReadEvent,
+        VaultKekCreatedEvent,
+        VaultMetadataReadEvent,
+        VaultNamesListedEvent,
     ],
     Field(..., discriminator="event"),
 ]

src/workos/types/events/event_model.py

@@ -50,6 +50,17 @@
     SessionCreatedPayload,
     SessionRevokedPayload,
 )
+from workos.types.events.vault_payload import (
+    VaultDataCreatedPayload,
+    VaultDataDeletedPayload,
+    VaultDataReadPayload,
+    VaultDataUpdatedPayload,
+    VaultDekDecryptedPayload,
+    VaultDekReadPayload,
+    VaultKekCreatedPayload,
+    VaultMetadataReadPayload,
+    VaultNamesListedPayload,
+)
 from workos.types.organizations.organization_common import OrganizationCommon
 from workos.types.organization_domains import OrganizationDomain
 from workos.types.authorization.organization_role import OrganizationRoleEvent
@@ -110,6 +121,15 @@
     SessionCreatedPayload,
     SessionRevokedPayload,
     User,
+    VaultDataCreatedPayload,
+    VaultDataDeletedPayload,
+    VaultDataReadPayload,
+    VaultDataUpdatedPayload,
+    VaultDekDecryptedPayload,
+    VaultDekReadPayload,
+    VaultKekCreatedPayload,
+    VaultMetadataReadPayload,
+    VaultNamesListedPayload,
 )
 
 

src/workos/types/events/event_type.py

@@ -74,6 +74,15 @@
     "user.created",
     "user.deleted",
     "user.updated",
+    "vault.data.created",
+    "vault.data.deleted",
+    "vault.data.read",
+    "vault.data.updated",
+    "vault.dek.decrypted",
+    "vault.dek.read",
+    "vault.kek.created",
+    "vault.metadata.read",
+    "vault.names.listed",
 ]
 
 EventTypeDiscriminator = TypeVar("EventTypeDiscriminator", bound=EventType)

src/workos/types/events/vault_payload.py

@@ -0,0 +1,65 @@
+from typing import List, Optional
+
+from workos.types.vault.key import KeyContext
+from workos.types.workos_model import WorkOSModel
+
+
+class VaultNamesListedPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: str
+
+
+class VaultDataDeletedPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: str
+    kv_name: str
+
+
+class VaultDekDecryptedPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: str
+    key_id: str
+
+
+class VaultDataReadPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: str
+    kv_name: str
+    key_id: str
+
+
+class VaultDataCreatedPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: str
+    kv_name: str
+    key_id: str
+    key_context: Optional[KeyContext] = None
+
+
+class VaultDekReadPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: str
+    key_ids: List[str]
+    key_context: Optional[KeyContext] = None
+
+
+class VaultKekCreatedPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: str
+    key_name: str
+    key_id: str
+
+
+class VaultDataUpdatedPayload(VaultDataCreatedPayload):
+    pass
+
+
+class VaultMetadataReadPayload(VaultDataDeletedPayload):
+    pass

src/workos/types/organizations/organization.py

@@ -9,5 +9,4 @@ class Organization(OrganizationCommon):
     allow_profiles_outside_organization: bool
     domains: Sequence[OrganizationDomain]
     stripe_customer_id: Optional[str] = None
-    external_id: Optional[str] = None
     metadata: Metadata = field(default_factory=dict)

src/workos/types/organizations/organization_common.py

@@ -1,4 +1,4 @@
-from typing import Literal, Sequence
+from typing import Literal, Optional, Sequence
 from workos.types.workos_model import WorkOSModel
 from workos.types.organization_domains import OrganizationDomain
 
@@ -7,6 +7,7 @@ class OrganizationCommon(WorkOSModel):
     id: str
     object: Literal["organization"]
     name: str
+    external_id: Optional[str] = None
     domains: Sequence[OrganizationDomain]
     created_at: str
     updated_at: str

src/workos/types/roles/role.py

@@ -11,6 +11,8 @@ class RoleCommon(WorkOSModel):
 
 class EventRole(RoleCommon):
     permissions: Optional[Sequence[str]] = None
+    created_at: Optional[str] = None
+    updated_at: Optional[str] = None
 
 
 class Role(RoleCommon):