public interface VaultConnector extends AutoCloseable, Serializable
Modifier and Type | Field and Description |
---|---|
static String |
PATH_SECRET
Default sub-path for Vault secrets.
|
Modifier and Type | Method and Description |
---|---|
AuthResponse |
authAppId(String appID,
String userID)
Deprecated.
As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using
authAppRole(java.lang.String) instead. |
default AuthResponse |
authAppRole(String roleID)
Authorize to Vault using AppRole method without secret ID.
|
AuthResponse |
authAppRole(String roleID,
String secretID)
Authorize to Vault using AppRole method.
|
TokenResponse |
authToken(String token)
Authorize to Vault using token.
|
AuthResponse |
authUserPass(String username,
String password)
Authorize to Vault using username and password.
|
boolean |
createAppRole(AppRole role)
Register a new AppRole role from given metamodel.
|
default boolean |
createAppRole(String roleName)
Register new AppRole role with default policy.
|
default boolean |
createAppRole(String roleName,
List<String> policies)
Register new AppRole role with policies.
|
default boolean |
createAppRole(String roleName,
List<String> policies,
String roleID)
Register new AppRole role with policies and custom ID.
|
default boolean |
createAppRole(String roleName,
String roleID)
Register new AppRole role with default policy and custom ID.
|
default AppRoleSecretResponse |
createAppRoleSecret(String roleName)
Register new random generated AppRole secret.
|
AppRoleSecretResponse |
createAppRoleSecret(String roleName,
AppRoleSecret secret)
Register new AppRole secret with custom ID.
|
default AppRoleSecretResponse |
createAppRoleSecret(String roleName,
String secretID)
Register new AppRole secret with custom ID.
|
AuthResponse |
createToken(Token token)
Create a new token.
|
AuthResponse |
createToken(Token token,
boolean orphan)
Create a new token.
|
AuthResponse |
createToken(Token token,
String role)
Create a new token for specific role.
|
void |
delete(String key)
Delete key from Vault.
|
default void |
deleteAllSecretVersions(String key)
Delete latest version of a secret from Vault.
|
void |
deleteAllSecretVersions(String mount,
String key)
Delete latest version of a secret from Vault.
|
boolean |
deleteAppRole(String roleName)
Delete AppRole role from Vault.
|
default void |
deleteLatestSecretVersion(String key)
Delete latest version of a secret from Vault.
|
void |
deleteLatestSecretVersion(String mount,
String key)
Delete latest version of a secret from Vault.
|
default void |
deleteSecret(String key)
Delete secret from Vault.
|
default void |
deleteSecretVersions(String key,
int... versions)
Delete secret versions from Vault.
|
void |
deleteSecretVersions(String mount,
String key,
int... versions)
Delete secret versions from Vault.
|
boolean |
destroyAppRoleSecret(String roleName,
String secretID)
Destroy an AppRole secret.
|
default void |
destroySecretVersions(String key,
int... versions)
Destroy secret versions from Vault.
|
void |
destroySecretVersions(String mount,
String key,
int... versions)
Destroy secret versions from Vault.
|
String |
getAppRoleID(String roleName)
Retrieve ID for an AppRole role.
|
List<AuthBackend> |
getAuthBackends()
Get all availale authentication backends.
|
HealthResponse |
getHealth()
Query server health information.
|
boolean |
isAuthorized()
Get authorization status.
|
List<String> |
list(String path)
List available nodes from Vault.
|
List<String> |
listAppRoles()
List existing (accessible) AppRole roles.
|
List<String> |
listAppRoleSecrets(String roleName)
List existing (accessible) secret IDs for AppRole role.
|
default List<String> |
listSecrets(String path)
List available secrets from Vault.
|
AppRoleResponse |
lookupAppRole(String roleName)
Lookup an AppRole role.
|
AppRoleSecretResponse |
lookupAppRoleSecret(String roleName,
String secretID)
Lookup an AppRole secret.
|
TokenResponse |
lookupToken(String token)
Lookup token information.
|
SecretResponse |
read(String key)
Retrieve any nodes content from Vault.
|
default CredentialsResponse |
readDbCredentials(String role,
String mount)
Read credentials for SQL backends.
|
default CredentialsResponse |
readMongoDbCredentials(String role)
Read credentials for MSSQL backend at default mount point.
|
default CredentialsResponse |
readMsSqlCredentials(String role)
Read credentials for MSSQL backend at default mount point.
|
default CredentialsResponse |
readMySqlCredentials(String role)
Read credentials for MySQL backend at default mount point.
|
default CredentialsResponse |
readPostgreSqlCredentials(String role)
Read credentials for PostgreSQL backend at default mount point.
|
default SecretResponse |
readSecret(String key)
Retrieve secret from Vault.
|
default SecretResponse |
readSecretData(String key)
Retrieve the latest secret data for specific version from Vault.
|
default SecretResponse |
readSecretData(String mount,
String key)
Retrieve the latest secret data for specific version from Vault.
|
default MetadataResponse |
readSecretMetadata(String key)
Retrieve secret metadata from Vault.
|
MetadataResponse |
readSecretMetadata(String mount,
String key)
Retrieve secret metadata from Vault.
|
default SecretResponse |
readSecretVersion(String key,
Integer version)
Retrieve secret data from Vault.
|
SecretResponse |
readSecretVersion(String mount,
String key,
Integer version)
Retrieve secret data from Vault.
|
boolean |
registerAppId(String appID,
String policy,
String displayName)
Deprecated.
As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using
createAppRole(de.stklcode.jvault.connector.model.AppRole) instead. |
default boolean |
registerAppUserId(String appID,
String policy,
String displayName,
String userID)
Deprecated.
As of Vault 0.6.1 App-ID is superseded by AppRole.
|
boolean |
registerUserId(String appID,
String userID)
Deprecated.
As of Vault 0.6.1 App-ID is superseded by AppRole.
Consider using
createAppRoleSecret(java.lang.String) instead. |
default SecretResponse |
renew(String leaseID)
Renew lease with given ID.
|
SecretResponse |
renew(String leaseID,
Integer increment)
Renew lease with given ID.
|
void |
resetAuth()
Reset authorization information.
|
void |
revoke(String leaseID)
Revoke given lease immediately.
|
void |
seal()
Seal vault.
|
SealResponse |
sealStatus()
Retrieve status of vault seal.
|
boolean |
setAppRoleID(String roleName,
String roleID)
Set custom ID for an AppRole role.
|
default void |
undeleteSecretVersions(String key,
int... versions)
Undelete (restore) secret versions from Vault.
|
void |
undeleteSecretVersions(String mount,
String key,
int... versions)
Undelete (restore) secret versions from Vault.
|
default SealResponse |
unseal(String key)
Unseal vault.
|
SealResponse |
unseal(String key,
Boolean reset)
Unseal vault.
|
default void |
updateSecretMetadata(String key,
Integer maxVersions,
boolean casRequired)
Update secret metadata.
|
void |
updateSecretMetadata(String mount,
String key,
Integer maxVersions,
boolean casRequired)
Update secret metadata.
|
default void |
write(String key,
Map<String,Object> data)
Write value to Vault.
|
void |
write(String key,
Map<String,Object> data,
Map<String,Object> options)
Write value to Vault.
|
default void |
write(String key,
String value)
Write simple value to Vault.
|
default void |
writeSecret(String key,
Map<String,Object> data)
Write secret to Vault.
|
default void |
writeSecret(String key,
String value)
Write secret to Vault.
|
default SecretVersionResponse |
writeSecretData(String key,
Map<String,Object> data)
Write secret to Vault.
|
default SecretVersionResponse |
writeSecretData(String mount,
String key,
Map<String,Object> data)
Write secret to Vault.
|
SecretVersionResponse |
writeSecretData(String mount,
String key,
Map<String,Object> data,
Integer cas)
Write secret to Vault.
|
close
static final String PATH_SECRET
void resetAuth()
SealResponse sealStatus() throws VaultConnectorException
VaultConnectorException
- on errorvoid seal() throws VaultConnectorException
VaultConnectorException
- on errorSealResponse unseal(String key, Boolean reset) throws VaultConnectorException
key
- A single master share keyreset
- Discard previously provided keys (optional)VaultConnectorException
- on errordefault SealResponse unseal(String key) throws VaultConnectorException
key
- A single master share keyVaultConnectorException
- on errorHealthResponse getHealth() throws VaultConnectorException
VaultConnectorException
- on errorList<AuthBackend> getAuthBackends() throws VaultConnectorException
VaultConnectorException
- on errorTokenResponse authToken(String token) throws VaultConnectorException
token
- The tokenVaultConnectorException
- on errorAuthResponse authUserPass(String username, String password) throws VaultConnectorException
username
- The usernamepassword
- The passwordVaultConnectorException
- on error@Deprecated AuthResponse authAppId(String appID, String userID) throws VaultConnectorException
authAppRole(java.lang.String)
instead.appID
- The App IDuserID
- The User IDAuthResponse
VaultConnectorException
- on errordefault AuthResponse authAppRole(String roleID) throws VaultConnectorException
roleID
- The role IDAuthResponse
VaultConnectorException
- on errorAuthResponse authAppRole(String roleID, String secretID) throws VaultConnectorException
roleID
- The role IDsecretID
- The secret IDAuthResponse
VaultConnectorException
- on error@Deprecated boolean registerAppId(String appID, String policy, String displayName) throws VaultConnectorException
createAppRole(de.stklcode.jvault.connector.model.AppRole)
instead.appID
- The unique App-IDpolicy
- The policy to associate withdisplayName
- Arbitrary name to displaytrue
on successVaultConnectorException
- on errorboolean createAppRole(AppRole role) throws VaultConnectorException
role
- The roletrue
on successVaultConnectorException
- on errordefault boolean createAppRole(String roleName) throws VaultConnectorException
roleName
- The role nametrue
on successVaultConnectorException
- on errordefault boolean createAppRole(String roleName, List<String> policies) throws VaultConnectorException
roleName
- The role namepolicies
- The policies to associate withtrue
on successVaultConnectorException
- on errordefault boolean createAppRole(String roleName, String roleID) throws VaultConnectorException
roleName
- The role nameroleID
- A custom role IDtrue
on successVaultConnectorException
- on errordefault boolean createAppRole(String roleName, List<String> policies, String roleID) throws VaultConnectorException
roleName
- The role namepolicies
- The policies to associate withroleID
- A custom role IDtrue
on successVaultConnectorException
- on errorboolean deleteAppRole(String roleName) throws VaultConnectorException
roleName
- The role anmetrue
on succevssVaultConnectorException
- on errorAppRoleResponse lookupAppRole(String roleName) throws VaultConnectorException
roleName
- The role nameVaultConnectorException
- on errorString getAppRoleID(String roleName) throws VaultConnectorException
roleName
- The role nameVaultConnectorException
- on errorboolean setAppRoleID(String roleName, String roleID) throws VaultConnectorException
roleName
- The role nameroleID
- The role IDtrue
on successVaultConnectorException
- on errordefault AppRoleSecretResponse createAppRoleSecret(String roleName) throws VaultConnectorException
roleName
- The role nameVaultConnectorException
- on errordefault AppRoleSecretResponse createAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
roleName
- The role namesecretID
- A custom secret IDVaultConnectorException
- on errorAppRoleSecretResponse createAppRoleSecret(String roleName, AppRoleSecret secret) throws VaultConnectorException
roleName
- The role namesecret
- The secret meta objectVaultConnectorException
- on errorAppRoleSecretResponse lookupAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
roleName
- The role namesecretID
- The secret IDVaultConnectorException
- on errorboolean destroyAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
roleName
- The role namesecretID
- The secret meta objectVaultConnectorException
- on errorList<String> listAppRoles() throws VaultConnectorException
VaultConnectorException
- on errorList<String> listAppRoleSecrets(String roleName) throws VaultConnectorException
roleName
- The role nameVaultConnectorException
- on error@Deprecated boolean registerUserId(String appID, String userID) throws VaultConnectorException
createAppRoleSecret(java.lang.String)
instead.appID
- The App-IDuserID
- The User-IDtrue
on successVaultConnectorException
- on error@Deprecated default boolean registerAppUserId(String appID, String policy, String displayName, String userID) throws VaultConnectorException
appID
- The App-IDpolicy
- The policy to associate withdisplayName
- Arbitrary name to displayuserID
- The User-IDtrue
on successVaultConnectorException
- on errorboolean isAuthorized()
SecretResponse read(String key) throws VaultConnectorException
key
- Secret identifierVaultConnectorException
- on errordefault SecretResponse readSecret(String key) throws VaultConnectorException
secret/
is automatically added to key.key
- Secret identifierVaultConnectorException
- on errordefault SecretResponse readSecretData(String key) throws VaultConnectorException
key
- Secret identifierVaultConnectorException
- on errordefault SecretResponse readSecretData(String mount, String key) throws VaultConnectorException
<mount>/data/<key>
is read here.
Only available for KV v2 secrets.mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret identifierVaultConnectorException
- on errordefault SecretVersionResponse writeSecretData(String key, Map<String,Object> data) throws VaultConnectorException
secret/
is automatically added to path.
Only available for KV v2 secrets.key
- Secret identifier.data
- Secret content. Value must be be JSON serializable.VaultConnectorException
- on errordefault SecretVersionResponse writeSecretData(String mount, String key, Map<String,Object> data) throws VaultConnectorException
<mount>/data/<key>
is written here.
Only available for KV v2 secrets.mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret identifierdata
- Secret content. Value must be be JSON serializable.VaultConnectorException
- on errorSecretVersionResponse writeSecretData(String mount, String key, Map<String,Object> data, Integer cas) throws VaultConnectorException
<mount>/data/<key>
is written here.
Only available for KV v2 secrets.mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret identifierdata
- Secret content. Value must be be JSON serializable.cas
- Use Check-And-Set operation, i.e. only allow writing if current version matches this value.VaultConnectorException
- on errordefault SecretResponse readSecretVersion(String key, Integer version) throws VaultConnectorException
<mount>/data/<key>
is read here.
Only available for KV v2 secrets.key
- Secret identifierversion
- Version to read. If null
or zero, the latest version will be returned.VaultConnectorException
- on errorSecretResponse readSecretVersion(String mount, String key, Integer version) throws VaultConnectorException
<mount>/data/<key>
is read here.
Only available for KV v2 secrets.mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret identifierversion
- Version to read. If null
or zero, the latest version will be returned.VaultConnectorException
- on errordefault MetadataResponse readSecretMetadata(String key) throws VaultConnectorException
secret/metadata/<key>
is read here.
Only available for KV v2 secrets.key
- Secret identifierVaultConnectorException
- on errordefault void updateSecretMetadata(String key, Integer maxVersions, boolean casRequired) throws VaultConnectorException
secret/metadata/<key>
is read here.
Only available for KV v2 secrets.key
- Secret identifiermaxVersions
- Maximum number of versions (fallback to backend default if null
)casRequired
- Specify if Check-And-Set is required for this secret.VaultConnectorException
- on errorMetadataResponse readSecretMetadata(String mount, String key) throws VaultConnectorException
<mount>/metadata/<key>
is read here.
Only available for KV v2 secrets.mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret identifierVaultConnectorException
- on errorvoid updateSecretMetadata(String mount, String key, Integer maxVersions, boolean casRequired) throws VaultConnectorException
<mount>/metadata/<key>
is written here.
Only available for KV v2 secrets.mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret identifiermaxVersions
- Maximum number of versions (fallback to backend default if null
)casRequired
- Specify if Check-And-Set is required for this secret.VaultConnectorException
- on errorList<String> list(String path) throws VaultConnectorException
path
- Root path to searchVaultConnectorException
- on errordefault List<String> listSecrets(String path) throws VaultConnectorException
secret/
is automatically added to path.path
- Root path to searchVaultConnectorException
- on errordefault void write(String key, String value) throws VaultConnectorException
key
- Secret pathvalue
- Secret valueVaultConnectorException
- on errordefault void write(String key, Map<String,Object> data) throws VaultConnectorException
key
- Secret pathdata
- Secret content. Value must be be JSON serializable.VaultConnectorException
- on errorvoid write(String key, Map<String,Object> data, Map<String,Object> options) throws VaultConnectorException
key
- Secret pathdata
- Secret content. Value must be be JSON serializable.options
- Secret options (optional).VaultConnectorException
- on erroroptions
parameter addeddefault void writeSecret(String key, String value) throws VaultConnectorException
secret/
is automatically added to path.key
- Secret pathvalue
- Secret valueVaultConnectorException
- on errordefault void writeSecret(String key, Map<String,Object> data) throws VaultConnectorException
secret/
is automatically added to path.key
- Secret pathdata
- Secret content. Value must be be JSON serializable.VaultConnectorException
- on errorvoid delete(String key) throws VaultConnectorException
key
- Secret pathVaultConnectorException
- on errordefault void deleteSecret(String key) throws VaultConnectorException
secret/
is automatically added to path.key
- Secret pathVaultConnectorException
- on errordefault void deleteLatestSecretVersion(String key) throws VaultConnectorException
secret/
is automatically added to path. Only available for KV v2 stores.key
- Secret path.VaultConnectorException
- on errorvoid deleteLatestSecretVersion(String mount, String key) throws VaultConnectorException
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret path.VaultConnectorException
- on errordefault void deleteAllSecretVersions(String key) throws VaultConnectorException
secret/
is automatically added to path.
Only available for KV v2 stores.key
- Secret path.VaultConnectorException
- on errorvoid deleteAllSecretVersions(String mount, String key) throws VaultConnectorException
secret/
is automatically added to path.
Only available for KV v2 stores.mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret path.VaultConnectorException
- on errordefault void deleteSecretVersions(String key, int... versions) throws VaultConnectorException
key
- Secret path.versions
- Versions of the secret to delete.VaultConnectorException
- on errorvoid deleteSecretVersions(String mount, String key, int... versions) throws VaultConnectorException
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret path.versions
- Versions of the secret to delete.VaultConnectorException
- on errordefault void undeleteSecretVersions(String key, int... versions) throws VaultConnectorException
key
- Secret path.versions
- Versions of the secret to undelete.VaultConnectorException
- on errorvoid undeleteSecretVersions(String mount, String key, int... versions) throws VaultConnectorException
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret path.versions
- Versions of the secret to undelete.VaultConnectorException
- on errordefault void destroySecretVersions(String key, int... versions) throws VaultConnectorException
key
- Secret path.versions
- Versions of the secret to destroy.VaultConnectorException
- on errorvoid destroySecretVersions(String mount, String key, int... versions) throws VaultConnectorException
mount
- Secret store mountpoint (without leading or trailing slash).key
- Secret path.versions
- Versions of the secret to destroy.VaultConnectorException
- on errorvoid revoke(String leaseID) throws VaultConnectorException
leaseID
- the lease IDVaultConnectorException
- on errordefault SecretResponse renew(String leaseID) throws VaultConnectorException
leaseID
- the lase IDVaultConnectorException
- on errorSecretResponse renew(String leaseID, Integer increment) throws VaultConnectorException
leaseID
- the lase IDincrement
- number of seconds to extend lease timeVaultConnectorException
- on errorAuthResponse createToken(Token token) throws VaultConnectorException
token
- the tokenVaultConnectorException
- on errorAuthResponse createToken(Token token, boolean orphan) throws VaultConnectorException
token
- the tokenorphan
- create orphan tokenVaultConnectorException
- on errorAuthResponse createToken(Token token, String role) throws VaultConnectorException
token
- the tokenrole
- the role nameVaultConnectorException
- on errorTokenResponse lookupToken(String token) throws VaultConnectorException
token
- the tokenVaultConnectorException
- on errordefault CredentialsResponse readMySqlCredentials(String role) throws VaultConnectorException
role
- the role nameVaultConnectorException
- on errordefault CredentialsResponse readPostgreSqlCredentials(String role) throws VaultConnectorException
role
- the role nameVaultConnectorException
- on errordefault CredentialsResponse readMsSqlCredentials(String role) throws VaultConnectorException
role
- the role nameVaultConnectorException
- on errordefault CredentialsResponse readMongoDbCredentials(String role) throws VaultConnectorException
role
- the role nameVaultConnectorException
- on errordefault CredentialsResponse readDbCredentials(String role, String mount) throws VaultConnectorException
role
- the role namemount
- mount point of the SQL backendVaultConnectorException
- on errorCopyright © 2016–2019. All rights reserved.