Format code with black and update vault API endpoints

- Format crypto_provider.py and test_vault.py with black
- Update vault API endpoints from data_keys to keys/data-key and keys/decrypt
- Remove duplicate test case in test_vault.py

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: debussyman

tests/test_vault.py

@@ -269,13 +269,6 @@ def test_update_object_missing_object_id(self):
         ):
             self.vault.update_object(object_id="", value="test-value")
 
-    def test_update_object_empty_value(self):
-        with pytest.raises(
-            ValueError,
-            match="Incomplete arguments: 'object_id' is a required argument",
-        ):
-            self.vault.update_object(object_id="", value="updated-value")
-
     def test_update_object_none_object_id(self):
         with pytest.raises(
             ValueError,
@@ -316,7 +309,7 @@ def test_create_data_key_success(
         )
 
         assert request_kwargs["method"] == "post"
-        assert request_kwargs["url"].endswith("/vault/v1/data_keys")
+        assert request_kwargs["url"].endswith("/vault/v1/keys/data-key")
         assert request_kwargs["json"]["key_context"] == {"key": "test-key"}
         assert data_key_pair.data_key.id == "key_01234567890abcdef"
         assert data_key_pair.encrypted_keys == "ZW5jcnlwdGVkX2tleXNfZGF0YQ=="
@@ -331,7 +324,7 @@ def test_decrypt_data_key_success(
         data_key = self.vault.decrypt_data_key(keys="ZW5jcnlwdGVkX2tleXNfZGF0YQ==")
 
         assert request_kwargs["method"] == "post"
-        assert request_kwargs["url"].endswith("/vault/v1/data_keys/decrypt")
+        assert request_kwargs["url"].endswith("/vault/v1/keys/decrypt")
         assert request_kwargs["json"]["keys"] == "ZW5jcnlwdGVkX2tleXNfZGF0YQ=="
         assert data_key.id == "key_01234567890abcdef"
         assert data_key.key == "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="
@@ -351,7 +344,7 @@ def test_encrypt_success(
 
         # Verify create_data_key was called
         assert request_kwargs["method"] == "post"
-        assert request_kwargs["url"].endswith("/vault/v1/data_keys")
+        assert request_kwargs["url"].endswith("/vault/v1/keys/data-key")
         assert request_kwargs["json"]["key_context"] == {"key": "test-key"}
 
         # Verify we got encrypted data back

workos/utils/crypto_provider.py

@@ -5,35 +5,29 @@
 
 
 class CryptoProvider:
-    def encrypt(self, plaintext: bytes, key: bytes, iv: bytes, aad: Optional[bytes]) -> dict[str, bytes]:
+    def encrypt(
+        self, plaintext: bytes, key: bytes, iv: bytes, aad: Optional[bytes]
+    ) -> dict[str, bytes]:
         encryptor = Cipher(
-            algorithms.AES(key),
-            modes.GCM(iv),
-            backend=default_backend()
+            algorithms.AES(key), modes.GCM(iv), backend=default_backend()
         ).encryptor()
 
         if aad:
             encryptor.authenticate_additional_data(aad)
 
         ciphertext = encryptor.update(plaintext) + encryptor.finalize()
-        return {
-            "ciphertext": ciphertext,
-            "iv": iv,
-            "tag": encryptor.tag
-        }
+        return {"ciphertext": ciphertext, "iv": iv, "tag": encryptor.tag}
 
     def decrypt(
         self,
         ciphertext: bytes,
         key: bytes,
         iv: bytes,
         tag: bytes,
-        aad: Optional[bytes] = None
+        aad: Optional[bytes] = None,
     ) -> bytes:
         decryptor = Cipher(
-            algorithms.AES(key),
-            modes.GCM(iv, tag),
-            backend=default_backend()
+            algorithms.AES(key), modes.GCM(iv, tag), backend=default_backend()
         ).decryptor()
 
         if aad:

workos/vault.py

@@ -346,7 +346,7 @@ def create_data_key(self, *, key_context: KeyContext) -> DataKeyPair:
         }
 
         response = self._http_client.request(
-            "vault/v1/data_keys",
+            "vault/v1/keys/data-key",
             method=REQUEST_METHOD_POST,
             json=request_data,
         )
@@ -363,7 +363,7 @@ def decrypt_data_key(
         }
 
         response = self._http_client.request(
-            "vault/v1/data_keys/decrypt",
+            "vault/v1/keys/decrypt",
             method=REQUEST_METHOD_POST,
             json=request_data,
         )