de.stklcode.jvault.connector

Interface VaultConnector

All Known Implementing Classes:

HTTPVaultConnector

public interface VaultConnector

Vault Connector interface. Provides methods to connect with Vault backend and handle secrets.

Since:

0.1

Author:

Stefan Kalscheuer

Method Summary

Modifier and Type	Method and Description
AuthResponse	authAppId(String appID, String userID) Deprecated. As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using authAppRole(java.lang.String) instead.
default AuthResponse	authAppRole(String roleID) Authorize to Vault using AppRole method without secret ID.
AuthResponse	authAppRole(String roleID, String secretID) Authorize to Vault using AppRole method.
TokenResponse	authToken(String token) Authorize to Vault using token.
AuthResponse	authUserPass(String username, String password) Authorize to Vault using username and password.
boolean	createAppRole(AppRole role) Register a new AppRole role from given metamodel.
default boolean	createAppRole(String roleName) Register new AppRole role with default policy.
default boolean	createAppRole(String roleName, List<String> policies) Register new AppRole role with policies.
default boolean	createAppRole(String roleName, List<String> policies, String roleID) Register new AppRole role with policies and custom ID.
default boolean	createAppRole(String roleName, String roleID) Register new AppRole role with default policy and custom ID.
default AppRoleSecretResponse	createAppRoleSecret(String roleName) Register new random generated AppRole secret.
AppRoleSecretResponse	createAppRoleSecret(String roleName, AppRoleSecret secret) Register new AppRole secret with custom ID.
default AppRoleSecretResponse	createAppRoleSecret(String roleName, String secretID) Register new AppRole secret with custom ID.
AuthResponse	createToken(Token token) Create a new token.
AuthResponse	createToken(Token token, boolean orphan) Create a new token.
AuthResponse	createToken(Token token, String role) Create a new token for specific role.
boolean	deleteAppRole(String roleName) Delete AppRole role from Vault.
boolean	deleteSecret(String key) Delete secret from Vault.
boolean	destroyAppRoleSecret(String roleName, String secretID) Destroy an AppRole secret.
String	getAppRoleID(String roleName) Retrieve ID for an AppRole role.
List<AuthBackend>	getAuthBackends() Get all availale authentication backends.
boolean	init() Verify that vault connection is initialized.
boolean	isAuthorized() Get authorization status
List<String>	listAppRoles() List existing (accessible) AppRole roles.
List<String>	listAppRoleSecretss(String roleName) List existing (accessible) secret IDs for AppRole role.
List<String>	listSecrets(String path) List available secrets from Vault.
AppRoleResponse	lookupAppRole(String roleName) Lookup an AppRole role.
AppRoleSecretResponse	lookupAppRoleSecret(String roleName, String secretID) Lookup an AppRole secret.
TokenResponse	lookupToken(String token) Lookup token information.
SecretResponse	readSecret(String key) Retrieve secret form Vault.
boolean	registerAppId(String appID, String policy, String displayName) Deprecated. As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using createAppRole(de.stklcode.jvault.connector.model.AppRole) instead.
default boolean	registerAppUserId(String appID, String policy, String displayName, String userID) Deprecated. As of Vault 0.6.1 App-ID is superseded by AppRole.
boolean	registerUserId(String appID, String userID) Deprecated. As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using createAppRoleSecret(java.lang.String) instead.
default SecretResponse	renew(String leaseID) Renew lease with given ID.
SecretResponse	renew(String leaseID, Integer increment) Renew lease with given ID.
void	resetAuth() Reset authorization information.
boolean	revoke(String leaseID) Revoke given lease immediately.
boolean	seal() Seal vault.
SealResponse	sealStatus() Retrieve status of vault seal.
boolean	setAppRoleID(String roleName, String roleID) Set custom ID for an AppRole role.
default SealResponse	unseal(String key) Unseal vault.
SealResponse	unseal(String key, Boolean reset) Unseal vault.
boolean	writeSecret(String key, String value) Write secret to Vault.

Method Detail

init

boolean init()

Verify that vault connection is initialized.

Returns:

TRUE if correctly initialized

resetAuth

void resetAuth()

Reset authorization information.

sealStatus

SealResponse sealStatus()

Retrieve status of vault seal.

Returns:

Seal status

seal

boolean seal()

Seal vault.

Returns:

TRUE on success

unseal

SealResponse unseal(String key,
                    Boolean reset)

Unseal vault.

Parameters:

key - A single master share key

reset - Discard previously provided keys (optional)

Returns:

TRUE on success

unseal

default SealResponse unseal(String key)

Unseal vault.

Parameters:

key - A single master share key

Returns:

TRUE on success

getAuthBackends

List<AuthBackend> getAuthBackends()
                           throws VaultConnectorException

Get all availale authentication backends.

Returns:

List of backends

Throws:

VaultConnectorException - on error

authToken

TokenResponse authToken(String token)
                 throws VaultConnectorException

Authorize to Vault using token.

Parameters:

token - The token

Returns:

Token response

Throws:

VaultConnectorException - on error

authUserPass

AuthResponse authUserPass(String username,
                          String password)
                   throws VaultConnectorException

Authorize to Vault using username and password.

Parameters:

username - The username

password - The password

Returns:

Authorization result

Throws:

VaultConnectorException - on error

authAppId

@Deprecated
AuthResponse authAppId(String appID,
                                   String userID)
                            throws VaultConnectorException

Deprecated. As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using authAppRole(java.lang.String) instead.

Authorize to Vault using AppID method.

Parameters:

appID - The App ID

userID - The User ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

authAppRole

default AuthResponse authAppRole(String roleID)
                          throws VaultConnectorException

Authorize to Vault using AppRole method without secret ID.

Parameters:

roleID - The role ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

Since:

0.4.0

authAppRole

AuthResponse authAppRole(String roleID,
                         String secretID)
                  throws VaultConnectorException

Authorize to Vault using AppRole method.

Parameters:

roleID - The role ID

secretID - The secret ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

Since:

0.4.0

registerAppId

@Deprecated
boolean registerAppId(String appID,
                                  String policy,
                                  String displayName)
                           throws VaultConnectorException

Deprecated. As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using createAppRole(de.stklcode.jvault.connector.model.AppRole) instead.

Register new App-ID with policy.

Parameters:

appID - The unique App-ID

policy - The policy to associate with

displayName - Arbitrary name to display

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

createAppRole

boolean createAppRole(AppRole role)
               throws VaultConnectorException

Register a new AppRole role from given metamodel.

Parameters:

role - The role

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

Since:

0.4.0

createAppRole

default boolean createAppRole(String roleName)
                       throws VaultConnectorException

Register new AppRole role with default policy.

Parameters:

roleName - The role name

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

Since:

0.4.0

createAppRole

default boolean createAppRole(String roleName,
                              List<String> policies)
                       throws VaultConnectorException

Register new AppRole role with policies.

Parameters:

roleName - The role name

policies - The policies to associate with

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

Since:

0.4.0

createAppRole

default boolean createAppRole(String roleName,
                              String roleID)
                       throws VaultConnectorException

Register new AppRole role with default policy and custom ID.

Parameters:

roleName - The role name

roleID - A custom role ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

Since:

0.4.0

createAppRole

default boolean createAppRole(String roleName,
                              List<String> policies,
                              String roleID)
                       throws VaultConnectorException

Register new AppRole role with policies and custom ID.

Parameters:

roleName - The role name

policies - The policies to associate with

roleID - A custom role ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

Since:

0.4.0

deleteAppRole

boolean deleteAppRole(String roleName)
               throws VaultConnectorException

Delete AppRole role from Vault.

Parameters:

roleName - The role anme

Returns:

TRUE on succevss

Throws:

VaultConnectorException - on error

lookupAppRole

AppRoleResponse lookupAppRole(String roleName)
                       throws VaultConnectorException

Lookup an AppRole role.

Parameters:

roleName - The role name

Returns:

Result of the lookup

Throws:

VaultConnectorException - on error

Since:

0.4.0

getAppRoleID

String getAppRoleID(String roleName)
             throws VaultConnectorException

Retrieve ID for an AppRole role.

Parameters:

roleName - The role name

Returns:

The role ID

Throws:

VaultConnectorException - on error

Since:

0.4.0

setAppRoleID

boolean setAppRoleID(String roleName,
                     String roleID)
              throws VaultConnectorException

Set custom ID for an AppRole role.

Parameters:

roleName - The role name

roleID - The role ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

Since:

0.4.0

createAppRoleSecret

default AppRoleSecretResponse createAppRoleSecret(String roleName)
                                           throws VaultConnectorException

Register new random generated AppRole secret.

Parameters:

roleName - The role name

Returns:

The secret ID

Throws:

VaultConnectorException - on error

Since:

0.4.0

createAppRoleSecret

default AppRoleSecretResponse createAppRoleSecret(String roleName,
                                                  String secretID)
                                           throws VaultConnectorException

Register new AppRole secret with custom ID.

Parameters:

roleName - The role name

secretID - A custom secret ID

Returns:

The secret ID

Throws:

VaultConnectorException - on error

Since:

0.4.0

createAppRoleSecret

AppRoleSecretResponse createAppRoleSecret(String roleName,
                                          AppRoleSecret secret)
                                   throws VaultConnectorException

Register new AppRole secret with custom ID.

Parameters:

roleName - The role name

secret - The secret meta object

Returns:

The secret ID

Throws:

VaultConnectorException - on error

Since:

0.4.0

lookupAppRoleSecret

AppRoleSecretResponse lookupAppRoleSecret(String roleName,
                                          String secretID)
                                   throws VaultConnectorException

Lookup an AppRole secret.

Parameters:

roleName - The role name

secretID - The secret ID

Returns:

Result of the lookup

Throws:

VaultConnectorException - on error

Since:

0.4.0

destroyAppRoleSecret

boolean destroyAppRoleSecret(String roleName,
                             String secretID)
                      throws VaultConnectorException

Destroy an AppRole secret.

Parameters:

roleName - The role name

secretID - The secret meta object

Returns:

The secret ID

Throws:

VaultConnectorException - on error

Since:

0.4.0

listAppRoles

List<String> listAppRoles()
                   throws VaultConnectorException

List existing (accessible) AppRole roles.

Returns:

List of roles

Throws:

VaultConnectorException - on error

listAppRoleSecretss

List<String> listAppRoleSecretss(String roleName)
                          throws VaultConnectorException

List existing (accessible) secret IDs for AppRole role.

Parameters:

roleName - The role name

Returns:

List of roles

Throws:

VaultConnectorException - on error

registerUserId

@Deprecated
boolean registerUserId(String appID,
                                   String userID)
                            throws VaultConnectorException

Deprecated. As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using createAppRoleSecret(java.lang.String) instead.

Register User-ID with App-ID

Parameters:

appID - The App-ID

userID - The User-ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

registerAppUserId

@Deprecated
default boolean registerAppUserId(String appID,
                                              String policy,
                                              String displayName,
                                              String userID)
                                       throws VaultConnectorException

Deprecated. As of Vault 0.6.1 App-ID is superseded by AppRole.

Register new App-ID and User-ID at once.

Parameters:

appID - The App-ID

policy - The policy to associate with

displayName - Arbitrary name to display

userID - The User-ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

isAuthorized

boolean isAuthorized()

Get authorization status

Returns:

TRUE, if successfully authorized

readSecret

SecretResponse readSecret(String key)
                   throws VaultConnectorException

Retrieve secret form Vault.

Parameters:

key - Secret identifier

Returns:

Secret response

Throws:

VaultConnectorException - on error

listSecrets

List<String> listSecrets(String path)
                  throws VaultConnectorException

List available secrets from Vault.

Parameters:

path - Root path to search

Returns:

List of secret keys

Throws:

VaultConnectorException - on error

writeSecret

boolean writeSecret(String key,
                    String value)
             throws VaultConnectorException

Write secret to Vault.

Parameters:

key - Secret path

value - Secret value

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

deleteSecret

boolean deleteSecret(String key)
              throws VaultConnectorException

Delete secret from Vault.

Parameters:

key - Secret path

Returns:

TRUE on succevss

Throws:

VaultConnectorException - on error

revoke

boolean revoke(String leaseID)
        throws VaultConnectorException

Revoke given lease immediately.

Parameters:

leaseID - the lease ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

renew

default SecretResponse renew(String leaseID)
                      throws VaultConnectorException

Renew lease with given ID.

Parameters:

leaseID - the lase ID

Returns:

Renewed lease

Throws:

VaultConnectorException

renew

SecretResponse renew(String leaseID,
                     Integer increment)
              throws VaultConnectorException

Renew lease with given ID.

Parameters:

leaseID - the lase ID

increment - number of seconds to extend lease time

Returns:

Renewed lease

Throws:

VaultConnectorException

createToken

AuthResponse createToken(Token token)
                  throws VaultConnectorException

Create a new token.

Parameters:

token - the token

Returns:

the result response

Throws:

VaultConnectorException - on error

createToken

AuthResponse createToken(Token token,
                         boolean orphan)
                  throws VaultConnectorException

Create a new token.

Parameters:

token - the token

orphan - create orphan token

Returns:

the result response

Throws:

VaultConnectorException - on error

createToken

AuthResponse createToken(Token token,
                         String role)
                  throws VaultConnectorException

Create a new token for specific role.

Parameters:

token - the token

role - the role name

Returns:

the result response

Throws:

VaultConnectorException - on error

lookupToken

TokenResponse lookupToken(String token)
                   throws VaultConnectorException

Lookup token information.

Parameters:

token - the token

Returns:

the result response

Throws:

VaultConnectorException - on error