public interface VaultConnector extends AutoCloseable, Serializable
| Modifier and Type | Field and Description |
|---|---|
static String |
PATH_SECRET
Default sub-path for Vault secrets.
|
| Modifier and Type | Method and Description |
|---|---|
AuthResponse |
authAppId(String appID,
String userID)
Deprecated.
As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using
authAppRole(java.lang.String) instead. |
default AuthResponse |
authAppRole(String roleID)
Authorize to Vault using AppRole method without secret ID.
|
AuthResponse |
authAppRole(String roleID,
String secretID)
Authorize to Vault using AppRole method.
|
TokenResponse |
authToken(String token)
Authorize to Vault using token.
|
AuthResponse |
authUserPass(String username,
String password)
Authorize to Vault using username and password.
|
boolean |
createAppRole(AppRole role)
Register a new AppRole role from given metamodel.
|
default boolean |
createAppRole(String roleName)
Register new AppRole role with default policy.
|
default boolean |
createAppRole(String roleName,
List<String> policies)
Register new AppRole role with policies.
|
default boolean |
createAppRole(String roleName,
List<String> policies,
String roleID)
Register new AppRole role with policies and custom ID.
|
default boolean |
createAppRole(String roleName,
String roleID)
Register new AppRole role with default policy and custom ID.
|
default AppRoleSecretResponse |
createAppRoleSecret(String roleName)
Register new random generated AppRole secret.
|
AppRoleSecretResponse |
createAppRoleSecret(String roleName,
AppRoleSecret secret)
Register new AppRole secret with custom ID.
|
default AppRoleSecretResponse |
createAppRoleSecret(String roleName,
String secretID)
Register new AppRole secret with custom ID.
|
AuthResponse |
createToken(Token token)
Create a new token.
|
AuthResponse |
createToken(Token token,
boolean orphan)
Create a new token.
|
AuthResponse |
createToken(Token token,
String role)
Create a new token for specific role.
|
void |
delete(String key)
Delete key from Vault.
|
default void |
deleteAllSecretVersions(String key)
Delete latest version of a secret from Vault.
|
void |
deleteAllSecretVersions(String mount,
String key)
Delete latest version of a secret from Vault.
|
boolean |
deleteAppRole(String roleName)
Delete AppRole role from Vault.
|
default void |
deleteLatestSecretVersion(String key)
Delete latest version of a secret from Vault.
|
void |
deleteLatestSecretVersion(String mount,
String key)
Delete latest version of a secret from Vault.
|
default void |
deleteSecret(String key)
Delete secret from Vault.
|
default void |
deleteSecretVersions(String key,
int... versions)
Delete secret versions from Vault.
|
void |
deleteSecretVersions(String mount,
String key,
int... versions)
Delete secret versions from Vault.
|
boolean |
destroyAppRoleSecret(String roleName,
String secretID)
Destroy an AppRole secret.
|
default void |
destroySecretVersions(String key,
int... versions)
Destroy secret versions from Vault.
|
void |
destroySecretVersions(String mount,
String key,
int... versions)
Destroy secret versions from Vault.
|
String |
getAppRoleID(String roleName)
Retrieve ID for an AppRole role.
|
List<AuthBackend> |
getAuthBackends()
Get all availale authentication backends.
|
HealthResponse |
getHealth()
Query server health information.
|
boolean |
isAuthorized()
Get authorization status.
|
List<String> |
list(String path)
List available nodes from Vault.
|
List<String> |
listAppRoles()
List existing (accessible) AppRole roles.
|
List<String> |
listAppRoleSecrets(String roleName)
List existing (accessible) secret IDs for AppRole role.
|
default List<String> |
listSecrets(String path)
List available secrets from Vault.
|
AppRoleResponse |
lookupAppRole(String roleName)
Lookup an AppRole role.
|
AppRoleSecretResponse |
lookupAppRoleSecret(String roleName,
String secretID)
Lookup an AppRole secret.
|
TokenResponse |
lookupToken(String token)
Lookup token information.
|
SecretResponse |
read(String key)
Retrieve any nodes content from Vault.
|
default CredentialsResponse |
readDbCredentials(String role,
String mount)
Read credentials for SQL backends.
|
default CredentialsResponse |
readMongoDbCredentials(String role)
Read credentials for MSSQL backend at default mount point.
|
default CredentialsResponse |
readMsSqlCredentials(String role)
Read credentials for MSSQL backend at default mount point.
|
default CredentialsResponse |
readMySqlCredentials(String role)
Read credentials for MySQL backend at default mount point.
|
default CredentialsResponse |
readPostgreSqlCredentials(String role)
Read credentials for PostgreSQL backend at default mount point.
|
default SecretResponse |
readSecret(String key)
Retrieve secret from Vault.
|
default SecretResponse |
readSecretData(String key)
Retrieve the latest secret data for specific version from Vault.
|
default SecretResponse |
readSecretData(String mount,
String key)
Retrieve the latest secret data for specific version from Vault.
|
default MetadataResponse |
readSecretMetadata(String key)
Retrieve secret metadata from Vault.
|
MetadataResponse |
readSecretMetadata(String mount,
String key)
Retrieve secret metadata from Vault.
|
default SecretResponse |
readSecretVersion(String key,
Integer version)
Retrieve secret data from Vault.
|
SecretResponse |
readSecretVersion(String mount,
String key,
Integer version)
Retrieve secret data from Vault.
|
boolean |
registerAppId(String appID,
String policy,
String displayName)
Deprecated.
As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using
createAppRole(de.stklcode.jvault.connector.model.AppRole) instead. |
default boolean |
registerAppUserId(String appID,
String policy,
String displayName,
String userID)
Deprecated.
As of Vault 0.6.1 App-ID is superseded by AppRole.
|
boolean |
registerUserId(String appID,
String userID)
Deprecated.
As of Vault 0.6.1 App-ID is superseded by AppRole.
Consider using
createAppRoleSecret(java.lang.String) instead. |
default SecretResponse |
renew(String leaseID)
Renew lease with given ID.
|
SecretResponse |
renew(String leaseID,
Integer increment)
Renew lease with given ID.
|
void |
resetAuth()
Reset authorization information.
|
void |
revoke(String leaseID)
Revoke given lease immediately.
|
void |
seal()
Seal vault.
|
SealResponse |
sealStatus()
Retrieve status of vault seal.
|
boolean |
setAppRoleID(String roleName,
String roleID)
Set custom ID for an AppRole role.
|
default void |
undeleteSecretVersions(String key,
int... versions)
Undelete (restore) secret versions from Vault.
|
void |
undeleteSecretVersions(String mount,
String key,
int... versions)
Undelete (restore) secret versions from Vault.
|
default SealResponse |
unseal(String key)
Unseal vault.
|
SealResponse |
unseal(String key,
Boolean reset)
Unseal vault.
|
default void |
updateSecretMetadata(String key,
Integer maxVersions,
boolean casRequired)
Update secret metadata.
|
void |
updateSecretMetadata(String mount,
String key,
Integer maxVersions,
boolean casRequired)
Update secret metadata.
|
default void |
write(String key,
Map<String,Object> data)
Write value to Vault.
|
void |
write(String key,
Map<String,Object> data,
Map<String,Object> options)
Write value to Vault.
|
default void |
write(String key,
String value)
Write simple value to Vault.
|
default void |
writeSecret(String key,
Map<String,Object> data)
Write secret to Vault.
|
default void |
writeSecret(String key,
String value)
Write secret to Vault.
|
default SecretVersionResponse |
writeSecretData(String key,
Map<String,Object> data)
Write secret to Vault.
|
default SecretVersionResponse |
writeSecretData(String mount,
String key,
Map<String,Object> data)
Write secret to Vault.
|
SecretVersionResponse |
writeSecretData(String mount,
String key,
Map<String,Object> data,
Integer cas)
Write secret to Vault.
|
closestatic final String PATH_SECRET
void resetAuth()
SealResponse sealStatus() throws VaultConnectorException
VaultConnectorException - on errorvoid seal() throws VaultConnectorException
VaultConnectorException - on errorSealResponse unseal(String key, Boolean reset) throws VaultConnectorException
key - A single master share keyreset - Discard previously provided keys (optional)VaultConnectorException - on errordefault SealResponse unseal(String key) throws VaultConnectorException
key - A single master share keyVaultConnectorException - on errorHealthResponse getHealth() throws VaultConnectorException
VaultConnectorException - on errorList<AuthBackend> getAuthBackends() throws VaultConnectorException
VaultConnectorException - on errorTokenResponse authToken(String token) throws VaultConnectorException
token - The tokenVaultConnectorException - on errorAuthResponse authUserPass(String username, String password) throws VaultConnectorException
username - The usernamepassword - The passwordVaultConnectorException - on error@Deprecated AuthResponse authAppId(String appID, String userID) throws VaultConnectorException
authAppRole(java.lang.String) instead.appID - The App IDuserID - The User IDAuthResponseVaultConnectorException - on errordefault AuthResponse authAppRole(String roleID) throws VaultConnectorException
roleID - The role IDAuthResponseVaultConnectorException - on errorAuthResponse authAppRole(String roleID, String secretID) throws VaultConnectorException
roleID - The role IDsecretID - The secret IDAuthResponseVaultConnectorException - on error@Deprecated boolean registerAppId(String appID, String policy, String displayName) throws VaultConnectorException
createAppRole(de.stklcode.jvault.connector.model.AppRole) instead.appID - The unique App-IDpolicy - The policy to associate withdisplayName - Arbitrary name to displaytrue on successVaultConnectorException - on errorboolean createAppRole(AppRole role) throws VaultConnectorException
role - The roletrue on successVaultConnectorException - on errordefault boolean createAppRole(String roleName) throws VaultConnectorException
roleName - The role nametrue on successVaultConnectorException - on errordefault boolean createAppRole(String roleName, List<String> policies) throws VaultConnectorException
roleName - The role namepolicies - The policies to associate withtrue on successVaultConnectorException - on errordefault boolean createAppRole(String roleName, String roleID) throws VaultConnectorException
roleName - The role nameroleID - A custom role IDtrue on successVaultConnectorException - on errordefault boolean createAppRole(String roleName, List<String> policies, String roleID) throws VaultConnectorException
roleName - The role namepolicies - The policies to associate withroleID - A custom role IDtrue on successVaultConnectorException - on errorboolean deleteAppRole(String roleName) throws VaultConnectorException
roleName - The role anmetrue on succevssVaultConnectorException - on errorAppRoleResponse lookupAppRole(String roleName) throws VaultConnectorException
roleName - The role nameVaultConnectorException - on errorString getAppRoleID(String roleName) throws VaultConnectorException
roleName - The role nameVaultConnectorException - on errorboolean setAppRoleID(String roleName, String roleID) throws VaultConnectorException
roleName - The role nameroleID - The role IDtrue on successVaultConnectorException - on errordefault AppRoleSecretResponse createAppRoleSecret(String roleName) throws VaultConnectorException
roleName - The role nameVaultConnectorException - on errordefault AppRoleSecretResponse createAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
roleName - The role namesecretID - A custom secret IDVaultConnectorException - on errorAppRoleSecretResponse createAppRoleSecret(String roleName, AppRoleSecret secret) throws VaultConnectorException
roleName - The role namesecret - The secret meta objectVaultConnectorException - on errorAppRoleSecretResponse lookupAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
roleName - The role namesecretID - The secret IDVaultConnectorException - on errorboolean destroyAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
roleName - The role namesecretID - The secret meta objectVaultConnectorException - on errorList<String> listAppRoles() throws VaultConnectorException
VaultConnectorException - on errorList<String> listAppRoleSecrets(String roleName) throws VaultConnectorException
roleName - The role nameVaultConnectorException - on error@Deprecated boolean registerUserId(String appID, String userID) throws VaultConnectorException
createAppRoleSecret(java.lang.String) instead.appID - The App-IDuserID - The User-IDtrue on successVaultConnectorException - on error@Deprecated default boolean registerAppUserId(String appID, String policy, String displayName, String userID) throws VaultConnectorException
appID - The App-IDpolicy - The policy to associate withdisplayName - Arbitrary name to displayuserID - The User-IDtrue on successVaultConnectorException - on errorboolean isAuthorized()
SecretResponse read(String key) throws VaultConnectorException
key - Secret identifierVaultConnectorException - on errordefault SecretResponse readSecret(String key) throws VaultConnectorException
secret/ is automatically added to key.key - Secret identifierVaultConnectorException - on errordefault SecretResponse readSecretData(String key) throws VaultConnectorException
key - Secret identifierVaultConnectorException - on errordefault SecretResponse readSecretData(String mount, String key) throws VaultConnectorException
<mount>/data/<key> is read here.
Only available for KV v2 secrets.mount - Secret store mountpoint (without leading or trailing slash).key - Secret identifierVaultConnectorException - on errordefault SecretVersionResponse writeSecretData(String key, Map<String,Object> data) throws VaultConnectorException
secret/ is automatically added to path.
Only available for KV v2 secrets.key - Secret identifier.data - Secret content. Value must be be JSON serializable.VaultConnectorException - on errordefault SecretVersionResponse writeSecretData(String mount, String key, Map<String,Object> data) throws VaultConnectorException
<mount>/data/<key> is written here.
Only available for KV v2 secrets.mount - Secret store mountpoint (without leading or trailing slash).key - Secret identifierdata - Secret content. Value must be be JSON serializable.VaultConnectorException - on errorSecretVersionResponse writeSecretData(String mount, String key, Map<String,Object> data, Integer cas) throws VaultConnectorException
<mount>/data/<key> is written here.
Only available for KV v2 secrets.mount - Secret store mountpoint (without leading or trailing slash).key - Secret identifierdata - Secret content. Value must be be JSON serializable.cas - Use Check-And-Set operation, i.e. only allow writing if current version matches this value.VaultConnectorException - on errordefault SecretResponse readSecretVersion(String key, Integer version) throws VaultConnectorException
<mount>/data/<key> is read here.
Only available for KV v2 secrets.key - Secret identifierversion - Version to read. If null or zero, the latest version will be returned.VaultConnectorException - on errorSecretResponse readSecretVersion(String mount, String key, Integer version) throws VaultConnectorException
<mount>/data/<key> is read here.
Only available for KV v2 secrets.mount - Secret store mountpoint (without leading or trailing slash).key - Secret identifierversion - Version to read. If null or zero, the latest version will be returned.VaultConnectorException - on errordefault MetadataResponse readSecretMetadata(String key) throws VaultConnectorException
secret/metadata/<key> is read here.
Only available for KV v2 secrets.key - Secret identifierVaultConnectorException - on errordefault void updateSecretMetadata(String key, Integer maxVersions, boolean casRequired) throws VaultConnectorException
secret/metadata/<key> is read here.
Only available for KV v2 secrets.key - Secret identifiermaxVersions - Maximum number of versions (fallback to backend default if null)casRequired - Specify if Check-And-Set is required for this secret.VaultConnectorException - on errorMetadataResponse readSecretMetadata(String mount, String key) throws VaultConnectorException
<mount>/metadata/<key> is read here.
Only available for KV v2 secrets.mount - Secret store mountpoint (without leading or trailing slash).key - Secret identifierVaultConnectorException - on errorvoid updateSecretMetadata(String mount, String key, Integer maxVersions, boolean casRequired) throws VaultConnectorException
<mount>/metadata/<key> is written here.
Only available for KV v2 secrets.mount - Secret store mountpoint (without leading or trailing slash).key - Secret identifiermaxVersions - Maximum number of versions (fallback to backend default if null)casRequired - Specify if Check-And-Set is required for this secret.VaultConnectorException - on errorList<String> list(String path) throws VaultConnectorException
path - Root path to searchVaultConnectorException - on errordefault List<String> listSecrets(String path) throws VaultConnectorException
secret/ is automatically added to path.path - Root path to searchVaultConnectorException - on errordefault void write(String key, String value) throws VaultConnectorException
key - Secret pathvalue - Secret valueVaultConnectorException - on errordefault void write(String key, Map<String,Object> data) throws VaultConnectorException
key - Secret pathdata - Secret content. Value must be be JSON serializable.VaultConnectorException - on errorvoid write(String key, Map<String,Object> data, Map<String,Object> options) throws VaultConnectorException
key - Secret pathdata - Secret content. Value must be be JSON serializable.options - Secret options (optional).VaultConnectorException - on erroroptions parameter addeddefault void writeSecret(String key, String value) throws VaultConnectorException
secret/ is automatically added to path.key - Secret pathvalue - Secret valueVaultConnectorException - on errordefault void writeSecret(String key, Map<String,Object> data) throws VaultConnectorException
secret/ is automatically added to path.key - Secret pathdata - Secret content. Value must be be JSON serializable.VaultConnectorException - on errorvoid delete(String key) throws VaultConnectorException
key - Secret pathVaultConnectorException - on errordefault void deleteSecret(String key) throws VaultConnectorException
secret/ is automatically added to path.key - Secret pathVaultConnectorException - on errordefault void deleteLatestSecretVersion(String key) throws VaultConnectorException
secret/ is automatically added to path. Only available for KV v2 stores.key - Secret path.VaultConnectorException - on errorvoid deleteLatestSecretVersion(String mount, String key) throws VaultConnectorException
mount - Secret store mountpoint (without leading or trailing slash).key - Secret path.VaultConnectorException - on errordefault void deleteAllSecretVersions(String key) throws VaultConnectorException
secret/ is automatically added to path.
Only available for KV v2 stores.key - Secret path.VaultConnectorException - on errorvoid deleteAllSecretVersions(String mount, String key) throws VaultConnectorException
secret/ is automatically added to path.
Only available for KV v2 stores.mount - Secret store mountpoint (without leading or trailing slash).key - Secret path.VaultConnectorException - on errordefault void deleteSecretVersions(String key, int... versions) throws VaultConnectorException
key - Secret path.versions - Versions of the secret to delete.VaultConnectorException - on errorvoid deleteSecretVersions(String mount, String key, int... versions) throws VaultConnectorException
mount - Secret store mountpoint (without leading or trailing slash).key - Secret path.versions - Versions of the secret to delete.VaultConnectorException - on errordefault void undeleteSecretVersions(String key, int... versions) throws VaultConnectorException
key - Secret path.versions - Versions of the secret to undelete.VaultConnectorException - on errorvoid undeleteSecretVersions(String mount, String key, int... versions) throws VaultConnectorException
mount - Secret store mountpoint (without leading or trailing slash).key - Secret path.versions - Versions of the secret to undelete.VaultConnectorException - on errordefault void destroySecretVersions(String key, int... versions) throws VaultConnectorException
key - Secret path.versions - Versions of the secret to destroy.VaultConnectorException - on errorvoid destroySecretVersions(String mount, String key, int... versions) throws VaultConnectorException
mount - Secret store mountpoint (without leading or trailing slash).key - Secret path.versions - Versions of the secret to destroy.VaultConnectorException - on errorvoid revoke(String leaseID) throws VaultConnectorException
leaseID - the lease IDVaultConnectorException - on errordefault SecretResponse renew(String leaseID) throws VaultConnectorException
leaseID - the lase IDVaultConnectorException - on errorSecretResponse renew(String leaseID, Integer increment) throws VaultConnectorException
leaseID - the lase IDincrement - number of seconds to extend lease timeVaultConnectorException - on errorAuthResponse createToken(Token token) throws VaultConnectorException
token - the tokenVaultConnectorException - on errorAuthResponse createToken(Token token, boolean orphan) throws VaultConnectorException
token - the tokenorphan - create orphan tokenVaultConnectorException - on errorAuthResponse createToken(Token token, String role) throws VaultConnectorException
token - the tokenrole - the role nameVaultConnectorException - on errorTokenResponse lookupToken(String token) throws VaultConnectorException
token - the tokenVaultConnectorException - on errordefault CredentialsResponse readMySqlCredentials(String role) throws VaultConnectorException
role - the role nameVaultConnectorException - on errordefault CredentialsResponse readPostgreSqlCredentials(String role) throws VaultConnectorException
role - the role nameVaultConnectorException - on errordefault CredentialsResponse readMsSqlCredentials(String role) throws VaultConnectorException
role - the role nameVaultConnectorException - on errordefault CredentialsResponse readMongoDbCredentials(String role) throws VaultConnectorException
role - the role nameVaultConnectorException - on errordefault CredentialsResponse readDbCredentials(String role, String mount) throws VaultConnectorException
role - the role namemount - mount point of the SQL backendVaultConnectorException - on errorCopyright © 2016–2019. All rights reserved.