public class HTTPVaultConnector extends Object implements VaultConnector
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_TLS_VERSION |
PATH_SECRET
Constructor and Description |
---|
HTTPVaultConnector(String baseURL)
Create connector using full URL.
|
HTTPVaultConnector(String hostname,
boolean useTLS)
Create connector using hostname and schema.
|
HTTPVaultConnector(String hostname,
boolean useTLS,
Integer port)
Create connector using hostname, schema and port.
|
HTTPVaultConnector(String hostname,
boolean useTLS,
Integer port,
String prefix)
Create connector using hostname, schema, port and path.
|
HTTPVaultConnector(String hostname,
boolean useTLS,
Integer port,
String prefix,
X509Certificate trustedCaCert)
Create connector using hostname, schema, port, path and trusted certificate.
|
HTTPVaultConnector(String hostname,
boolean useTLS,
String tlsVersion,
Integer port,
String prefix,
X509Certificate trustedCaCert,
int numberOfRetries,
Integer timeout)
Create connector using hostname, schema, port, path and trusted certificate.
|
HTTPVaultConnector(String baseURL,
X509Certificate trustedCaCert)
Create connector using full URL and trusted certificate.
|
HTTPVaultConnector(String baseURL,
X509Certificate trustedCaCert,
int numberOfRetries)
Create connector using full URL and trusted certificate.
|
HTTPVaultConnector(String baseURL,
X509Certificate trustedCaCert,
int numberOfRetries,
Integer timeout)
Create connector using full URL and trusted certificate.
|
HTTPVaultConnector(String baseURL,
X509Certificate trustedCaCert,
int numberOfRetries,
Integer timeout,
String tlsVersion)
Create connector using full URL and trusted certificate.
|
Modifier and Type | Method and Description |
---|---|
AuthResponse |
authAppId(String appID,
String userID)
Deprecated.
|
AuthResponse |
authAppRole(String roleID,
String secretID)
Authorize to Vault using AppRole method.
|
TokenResponse |
authToken(String token)
Authorize to Vault using token.
|
AuthResponse |
authUserPass(String username,
String password)
Authorize to Vault using username and password.
|
void |
close() |
boolean |
createAppRole(AppRole role)
Register a new AppRole role from given metamodel.
|
AppRoleSecretResponse |
createAppRoleSecret(String roleName,
AppRoleSecret secret)
Register new AppRole secret with custom ID.
|
AuthResponse |
createToken(Token token)
Create a new token.
|
AuthResponse |
createToken(Token token,
boolean orphan)
Create a new token.
|
AuthResponse |
createToken(Token token,
String role)
Create a new token for specific role.
|
void |
delete(String key)
Delete key from Vault.
|
void |
deleteAllSecretVersions(String mount,
String key)
Delete latest version of a secret from Vault.
|
boolean |
deleteAppRole(String roleName)
Delete AppRole role from Vault.
|
void |
deleteLatestSecretVersion(String mount,
String key)
Delete latest version of a secret from Vault.
|
void |
deleteSecretVersions(String mount,
String key,
int... versions)
Delete secret versions from Vault.
|
boolean |
destroyAppRoleSecret(String roleName,
String secretID)
Destroy an AppRole secret.
|
void |
destroySecretVersions(String mount,
String key,
int... versions)
Destroy secret versions from Vault.
|
String |
getAppRoleID(String roleName)
Retrieve ID for an AppRole role.
|
List<AuthBackend> |
getAuthBackends()
Get all availale authentication backends.
|
HealthResponse |
getHealth()
Query server health information.
|
boolean |
isAuthorized()
Get authorization status.
|
List<String> |
list(String path)
List available nodes from Vault.
|
List<String> |
listAppRoles()
List existing (accessible) AppRole roles.
|
List<String> |
listAppRoleSecrets(String roleName)
List existing (accessible) secret IDs for AppRole role.
|
AppRoleResponse |
lookupAppRole(String roleName)
Lookup an AppRole role.
|
AppRoleSecretResponse |
lookupAppRoleSecret(String roleName,
String secretID)
Lookup an AppRole secret.
|
TokenResponse |
lookupToken(String token)
Lookup token information.
|
SecretResponse |
read(String key)
Retrieve any nodes content from Vault.
|
MetadataResponse |
readSecretMetadata(String mount,
String key)
Retrieve secret metadata from Vault.
|
SecretResponse |
readSecretVersion(String mount,
String key,
Integer version)
Retrieve secret data from Vault.
|
boolean |
registerAppId(String appID,
String policy,
String displayName)
Deprecated.
|
boolean |
registerUserId(String appID,
String userID)
Deprecated.
|
SecretResponse |
renew(String leaseID,
Integer increment)
Renew lease with given ID.
|
void |
resetAuth()
Reset authorization information.
|
void |
revoke(String leaseID)
Revoke given lease immediately.
|
void |
seal()
Seal vault.
|
SealResponse |
sealStatus()
Retrieve status of vault seal.
|
boolean |
setAppRoleID(String roleName,
String roleID)
Set custom ID for an AppRole role.
|
void |
undeleteSecretVersions(String mount,
String key,
int... versions)
Undelete (restore) secret versions from Vault.
|
SealResponse |
unseal(String key,
Boolean reset)
Unseal vault.
|
void |
updateSecretMetadata(String mount,
String key,
Integer maxVersions,
boolean casRequired)
Update secret metadata.
|
void |
write(String key,
Map<String,Object> data,
Map<String,Object> options)
Write value to Vault.
|
SecretVersionResponse |
writeSecretData(String mount,
String key,
Map<String,Object> data,
Integer cas)
Write secret to Vault.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
authAppRole, createAppRole, createAppRole, createAppRole, createAppRole, createAppRoleSecret, createAppRoleSecret, deleteAllSecretVersions, deleteLatestSecretVersion, deleteSecret, deleteSecretVersions, destroySecretVersions, listSecrets, readDbCredentials, readMongoDbCredentials, readMsSqlCredentials, readMySqlCredentials, readPostgreSqlCredentials, readSecret, readSecretData, readSecretData, readSecretMetadata, readSecretVersion, registerAppUserId, renew, undeleteSecretVersions, unseal, updateSecretMetadata, write, write, writeSecret, writeSecret, writeSecretData, writeSecretData
public static final String DEFAULT_TLS_VERSION
public HTTPVaultConnector(String hostname, boolean useTLS)
hostname
- The hostnameuseTLS
- If TRUE, use HTTPS, otherwise HTTPpublic HTTPVaultConnector(String hostname, boolean useTLS, Integer port)
hostname
- The hostnameuseTLS
- If TRUE, use HTTPS, otherwise HTTPport
- The portpublic HTTPVaultConnector(String hostname, boolean useTLS, Integer port, String prefix)
hostname
- The hostnameuseTLS
- If TRUE, use HTTPS, otherwise HTTPport
- The portprefix
- HTTP API prefix (default: /v1/)public HTTPVaultConnector(String hostname, boolean useTLS, Integer port, String prefix, X509Certificate trustedCaCert)
hostname
- The hostnameuseTLS
- If TRUE, use HTTPS, otherwise HTTPport
- The portprefix
- HTTP API prefix (default: /v1/)trustedCaCert
- Trusted CA certificatepublic HTTPVaultConnector(String hostname, boolean useTLS, String tlsVersion, Integer port, String prefix, X509Certificate trustedCaCert, int numberOfRetries, Integer timeout)
hostname
- The hostnameuseTLS
- If TRUE, use HTTPS, otherwise HTTPtlsVersion
- TLS versionport
- The portprefix
- HTTP API prefix (default: /v1/)trustedCaCert
- Trusted CA certificatenumberOfRetries
- Number of retries on 5xx errorstimeout
- Timeout for HTTP requests (milliseconds)public HTTPVaultConnector(String baseURL)
baseURL
- The URLpublic HTTPVaultConnector(String baseURL, X509Certificate trustedCaCert)
baseURL
- The URLtrustedCaCert
- Trusted CA certificatepublic HTTPVaultConnector(String baseURL, X509Certificate trustedCaCert, int numberOfRetries)
baseURL
- The URLtrustedCaCert
- Trusted CA certificatenumberOfRetries
- Number of retries on 5xx errorspublic HTTPVaultConnector(String baseURL, X509Certificate trustedCaCert, int numberOfRetries, Integer timeout)
baseURL
- The URLtrustedCaCert
- Trusted CA certificatenumberOfRetries
- Number of retries on 5xx errorstimeout
- Timeout for HTTP requests (milliseconds)public HTTPVaultConnector(String baseURL, X509Certificate trustedCaCert, int numberOfRetries, Integer timeout, String tlsVersion)
baseURL
- The URLtrustedCaCert
- Trusted CA certificatenumberOfRetries
- Number of retries on 5xx errorstimeout
- Timeout for HTTP requests (milliseconds)tlsVersion
- TLS Version.public final void resetAuth()
VaultConnector
resetAuth
in interface VaultConnector
public final SealResponse sealStatus() throws VaultConnectorException
VaultConnector
sealStatus
in interface VaultConnector
VaultConnectorException
- on errorpublic final void seal() throws VaultConnectorException
VaultConnector
seal
in interface VaultConnector
VaultConnectorException
- on errorpublic final SealResponse unseal(String key, Boolean reset) throws VaultConnectorException
VaultConnector
unseal
in interface VaultConnector
key
- A single master share keyreset
- Discard previously provided keys (optional)VaultConnectorException
- on errorpublic HealthResponse getHealth() throws VaultConnectorException
VaultConnector
getHealth
in interface VaultConnector
VaultConnectorException
- on errorpublic final boolean isAuthorized()
VaultConnector
isAuthorized
in interface VaultConnector
public final List<AuthBackend> getAuthBackends() throws VaultConnectorException
VaultConnector
getAuthBackends
in interface VaultConnector
VaultConnectorException
- on errorpublic final TokenResponse authToken(String token) throws VaultConnectorException
VaultConnector
authToken
in interface VaultConnector
token
- The tokenVaultConnectorException
- on errorpublic final AuthResponse authUserPass(String username, String password) throws VaultConnectorException
VaultConnector
authUserPass
in interface VaultConnector
username
- The usernamepassword
- The passwordVaultConnectorException
- on error@Deprecated public final AuthResponse authAppId(String appID, String userID) throws VaultConnectorException
VaultConnector
authAppId
in interface VaultConnector
appID
- The App IDuserID
- The User IDAuthResponse
VaultConnectorException
- on errorpublic final AuthResponse authAppRole(String roleID, String secretID) throws VaultConnectorException
VaultConnector
authAppRole
in interface VaultConnector
roleID
- The role IDsecretID
- The secret IDAuthResponse
VaultConnectorException
- on error@Deprecated public final boolean registerAppId(String appID, String policy, String displayName) throws VaultConnectorException
VaultConnector
registerAppId
in interface VaultConnector
appID
- The unique App-IDpolicy
- The policy to associate withdisplayName
- Arbitrary name to displaytrue
on successVaultConnectorException
- on error@Deprecated public final boolean registerUserId(String appID, String userID) throws VaultConnectorException
VaultConnector
registerUserId
in interface VaultConnector
appID
- The App-IDuserID
- The User-IDtrue
on successVaultConnectorException
- on errorpublic final boolean createAppRole(AppRole role) throws VaultConnectorException
VaultConnector
createAppRole
in interface VaultConnector
role
- The roletrue
on successVaultConnectorException
- on errorpublic final AppRoleResponse lookupAppRole(String roleName) throws VaultConnectorException
VaultConnector
lookupAppRole
in interface VaultConnector
roleName
- The role nameVaultConnectorException
- on errorpublic final boolean deleteAppRole(String roleName) throws VaultConnectorException
VaultConnector
deleteAppRole
in interface VaultConnector
roleName
- The role anmetrue
on succevssVaultConnectorException
- on errorpublic final String getAppRoleID(String roleName) throws VaultConnectorException
VaultConnector
getAppRoleID
in interface VaultConnector
roleName
- The role nameVaultConnectorException
- on errorpublic final boolean setAppRoleID(String roleName, String roleID) throws VaultConnectorException
VaultConnector
setAppRoleID
in interface VaultConnector
roleName
- The role nameroleID
- The role IDtrue
on successVaultConnectorException
- on errorpublic final AppRoleSecretResponse createAppRoleSecret(String roleName, AppRoleSecret secret) throws VaultConnectorException
VaultConnector
createAppRoleSecret
in interface VaultConnector
roleName
- The role namesecret
- The secret meta objectVaultConnectorException
- on errorpublic final AppRoleSecretResponse lookupAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
VaultConnector
lookupAppRoleSecret
in interface VaultConnector
roleName
- The role namesecretID
- The secret IDVaultConnectorException
- on errorpublic final boolean destroyAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
VaultConnector
destroyAppRoleSecret
in interface VaultConnector
roleName
- The role namesecretID
- The secret meta objectVaultConnectorException
- on errorpublic final List<String> listAppRoles() throws VaultConnectorException
VaultConnector
listAppRoles
in interface VaultConnector
VaultConnectorException
- on errorpublic final List<String> listAppRoleSecrets(String roleName) throws VaultConnectorException
VaultConnector
listAppRoleSecrets
in interface VaultConnector
roleName
- The role nameVaultConnectorException
- on errorpublic final SecretResponse read(String key) throws VaultConnectorException
VaultConnector
read
in interface VaultConnector
key
- Secret identifierVaultConnectorException
- on errorpublic final SecretResponse readSecretVersion(String mount, String key, Integer version) throws VaultConnectorException
VaultConnector
<mount>/data/<key>
is read here.
Only available for KV v2 secrets.readSecretVersion
in interface VaultConnector
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret identifierversion
- Version to read. If null
or zero, the latest version will be returned.VaultConnectorException
- on errorpublic final MetadataResponse readSecretMetadata(String mount, String key) throws VaultConnectorException
VaultConnector
<mount>/metadata/<key>
is read here.
Only available for KV v2 secrets.readSecretMetadata
in interface VaultConnector
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret identifierVaultConnectorException
- on errorpublic void updateSecretMetadata(String mount, String key, Integer maxVersions, boolean casRequired) throws VaultConnectorException
VaultConnector
<mount>/metadata/<key>
is written here.
Only available for KV v2 secrets.updateSecretMetadata
in interface VaultConnector
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret identifiermaxVersions
- Maximum number of versions (fallback to backend default if null
)casRequired
- Specify if Check-And-Set is required for this secret.VaultConnectorException
- on errorpublic final SecretVersionResponse writeSecretData(String mount, String key, Map<String,Object> data, Integer cas) throws VaultConnectorException
VaultConnector
<mount>/data/<key>
is written here.
Only available for KV v2 secrets.writeSecretData
in interface VaultConnector
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret identifierdata
- Secret content. Value must be be JSON serializable.cas
- Use Check-And-Set operation, i.e. only allow writing if current version matches this value.VaultConnectorException
- on errorpublic final List<String> list(String path) throws VaultConnectorException
VaultConnector
list
in interface VaultConnector
path
- Root path to searchVaultConnectorException
- on errorpublic final void write(String key, Map<String,Object> data, Map<String,Object> options) throws VaultConnectorException
VaultConnector
write
in interface VaultConnector
key
- Secret pathdata
- Secret content. Value must be be JSON serializable.options
- Secret options (optional).VaultConnectorException
- on errorpublic final void delete(String key) throws VaultConnectorException
VaultConnector
delete
in interface VaultConnector
key
- Secret pathVaultConnectorException
- on errorpublic final void deleteLatestSecretVersion(String mount, String key) throws VaultConnectorException
VaultConnector
deleteLatestSecretVersion
in interface VaultConnector
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret path.VaultConnectorException
- on errorpublic final void deleteAllSecretVersions(String mount, String key) throws VaultConnectorException
VaultConnector
secret/
is automatically added to path.
Only available for KV v2 stores.deleteAllSecretVersions
in interface VaultConnector
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret path.VaultConnectorException
- on errorpublic final void deleteSecretVersions(String mount, String key, int... versions) throws VaultConnectorException
VaultConnector
deleteSecretVersions
in interface VaultConnector
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret path.versions
- Versions of the secret to delete.VaultConnectorException
- on errorpublic final void undeleteSecretVersions(String mount, String key, int... versions) throws VaultConnectorException
VaultConnector
undeleteSecretVersions
in interface VaultConnector
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret path.versions
- Versions of the secret to undelete.VaultConnectorException
- on errorpublic final void destroySecretVersions(String mount, String key, int... versions) throws VaultConnectorException
VaultConnector
destroySecretVersions
in interface VaultConnector
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret path.versions
- Versions of the secret to destroy.VaultConnectorException
- on errorpublic final void revoke(String leaseID) throws VaultConnectorException
VaultConnector
revoke
in interface VaultConnector
leaseID
- the lease IDVaultConnectorException
- on errorpublic final SecretResponse renew(String leaseID, Integer increment) throws VaultConnectorException
VaultConnector
renew
in interface VaultConnector
leaseID
- the lase IDincrement
- number of seconds to extend lease timeVaultConnectorException
- on errorpublic final AuthResponse createToken(Token token) throws VaultConnectorException
VaultConnector
createToken
in interface VaultConnector
token
- the tokenVaultConnectorException
- on errorpublic final AuthResponse createToken(Token token, boolean orphan) throws VaultConnectorException
VaultConnector
createToken
in interface VaultConnector
token
- the tokenorphan
- create orphan tokenVaultConnectorException
- on errorpublic final AuthResponse createToken(Token token, String role) throws VaultConnectorException
VaultConnector
createToken
in interface VaultConnector
token
- the tokenrole
- the role nameVaultConnectorException
- on errorpublic final void close()
close
in interface AutoCloseable
public final TokenResponse lookupToken(String token) throws VaultConnectorException
VaultConnector
lookupToken
in interface VaultConnector
token
- the tokenVaultConnectorException
- on errorCopyright © 2016–2019. All rights reserved.