Package de.stklcode.jvault.connector

Class HTTPVaultConnector

java.lang.Object

de.stklcode.jvault.connector.HTTPVaultConnector

All Implemented Interfaces:

VaultConnector, Serializable, AutoCloseable

public class HTTPVaultConnector
extends Object
implements VaultConnector

Vault Connector implementation using Vault's HTTP API.

Since:

0.1

Author:

Stefan Kalscheuer

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static String	DEFAULT_TLS_VERSION

Fields inherited from interface de.stklcode.jvault.connector.VaultConnector

PATH_SECRET

Constructor Summary

Constructors

Constructor	Description
HTTPVaultConnector(String baseURL)	Create connector using full URL.
HTTPVaultConnector(String hostname, boolean useTLS)	Create connector using hostname and schema.
HTTPVaultConnector(String hostname, boolean useTLS, Integer port)	Create connector using hostname, schema and port.
HTTPVaultConnector(String hostname, boolean useTLS, Integer port, String prefix)	Create connector using hostname, schema, port and path.
HTTPVaultConnector(String hostname, boolean useTLS, Integer port, String prefix, X509Certificate trustedCaCert)	Create connector using hostname, schema, port, path and trusted certificate.
HTTPVaultConnector(String hostname, boolean useTLS, String tlsVersion, Integer port, String prefix, X509Certificate trustedCaCert, int numberOfRetries, Integer timeout)	Create connector using hostname, schema, port, path and trusted certificate.
HTTPVaultConnector(String baseURL, X509Certificate trustedCaCert)	Create connector using full URL and trusted certificate.
HTTPVaultConnector(String baseURL, X509Certificate trustedCaCert, int numberOfRetries)	Create connector using full URL and trusted certificate.
HTTPVaultConnector(String baseURL, X509Certificate trustedCaCert, int numberOfRetries, Integer timeout)	Create connector using full URL and trusted certificate.
HTTPVaultConnector(String baseURL, X509Certificate trustedCaCert, int numberOfRetries, Integer timeout, String tlsVersion)	Create connector using full URL and trusted certificate.

Method Summary

Modifier and Type	Method	Description
AuthResponse	authAppId(String appID, String userID)	Deprecated.
AuthResponse	authAppRole(String roleID, String secretID)	Authorize to Vault using AppRole method.
TokenResponse	authToken(String token)	Authorize to Vault using token.
AuthResponse	authUserPass(String username, String password)	Authorize to Vault using username and password.
void	close()
boolean	createAppRole(AppRole role)	Register a new AppRole role from given metamodel.
AppRoleSecretResponse	createAppRoleSecret(String roleName, AppRoleSecret secret)	Register new AppRole secret with custom ID.
boolean	createOrUpdateTokenRole(String name, TokenRole role)	Create a new or update an existing token role.
AuthResponse	createToken(Token token)	Create a new token.
AuthResponse	createToken(Token token, boolean orphan)	Create a new token.
AuthResponse	createToken(Token token, String role)	Create a new token for specific role.
void	delete(String key)	Delete key from Vault.
void	deleteAllSecretVersions(String mount, String key)	Delete latest version of a secret from Vault.
boolean	deleteAppRole(String roleName)	Delete AppRole role from Vault.
void	deleteLatestSecretVersion(String mount, String key)	Delete latest version of a secret from Vault.
void	deleteSecretVersions(String mount, String key, int... versions)	Delete secret versions from Vault.
boolean	deleteTokenRole(String name)	Delete a token role.
boolean	destroyAppRoleSecret(String roleName, String secretID)	Destroy an AppRole secret.
void	destroySecretVersions(String mount, String key, int... versions)	Destroy secret versions from Vault.
String	getAppRoleID(String roleName)	Retrieve ID for an AppRole role.
List<AuthBackend>	getAuthBackends()	Get all available authentication backends.
HealthResponse	getHealth()	Query server health information.
boolean	isAuthorized()	Get authorization status.
List<String>	list(String path)	List available nodes from Vault.
List<String>	listAppRoles()	List existing (accessible) AppRole roles.
List<String>	listAppRoleSecrets(String roleName)	List existing (accessible) secret IDs for AppRole role.
List<String>	listTokenRoles()	List available token roles from Vault.
AppRoleResponse	lookupAppRole(String roleName)	Lookup an AppRole role.
AppRoleSecretResponse	lookupAppRoleSecret(String roleName, String secretID)	Lookup an AppRole secret.
TokenResponse	lookupToken(String token)	Lookup token information.
SecretResponse	read(String key)	Retrieve any nodes content from Vault.
MetadataResponse	readSecretMetadata(String mount, String key)	Retrieve secret metadata from Vault.
SecretResponse	readSecretVersion(String mount, String key, Integer version)	Retrieve secret data from Vault.
TokenRoleResponse	readTokenRole(String name)	Lookup token information.
boolean	registerAppId(String appID, String policy, String displayName)	Deprecated.
boolean	registerUserId(String appID, String userID)	Deprecated.
SecretResponse	renew(String leaseID, Integer increment)	Renew lease with given ID.
void	resetAuth()	Reset authorization information.
void	revoke(String leaseID)	Revoke given lease immediately.
void	seal()	Seal vault.
SealResponse	sealStatus()	Retrieve status of vault seal.
boolean	setAppRoleID(String roleName, String roleID)	Set custom ID for an AppRole role.
void	undeleteSecretVersions(String mount, String key, int... versions)	Undelete (restore) secret versions from Vault.
SealResponse	unseal(String key, Boolean reset)	Unseal vault.
void	updateSecretMetadata(String mount, String key, Integer maxVersions, boolean casRequired)	Update secret metadata.
void	write(String key, Map<String,Object> data, Map<String,Object> options)	Write value to Vault.
SecretVersionResponse	writeSecretData(String mount, String key, Map<String,Object> data, Integer cas)	Write secret to Vault.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface de.stklcode.jvault.connector.VaultConnector

authAppRole, createAppRole, createAppRole, createAppRole, createAppRole, createAppRoleSecret, createAppRoleSecret, createOrUpdateTokenRole, deleteAllSecretVersions, deleteLatestSecretVersion, deleteSecret, deleteSecretVersions, destroySecretVersions, listSecrets, readDbCredentials, readMongoDbCredentials, readMsSqlCredentials, readMySqlCredentials, readPostgreSqlCredentials, readSecret, readSecretData, readSecretData, readSecretMetadata, readSecretVersion, registerAppUserId, renew, undeleteSecretVersions, unseal, updateSecretMetadata, write, write, writeSecret, writeSecret, writeSecretData, writeSecretData

Field Detail

DEFAULT_TLS_VERSION

public static final String DEFAULT_TLS_VERSION

See Also:

Constant Field Values

Constructor Detail

HTTPVaultConnector

public HTTPVaultConnector(String hostname,
                          boolean useTLS)

Create connector using hostname and schema.

Parameters:

hostname - The hostname

useTLS - If TRUE, use HTTPS, otherwise HTTP

HTTPVaultConnector

public HTTPVaultConnector(String hostname,
                          boolean useTLS,
                          Integer port)

Create connector using hostname, schema and port.

Parameters:

hostname - The hostname

useTLS - If TRUE, use HTTPS, otherwise HTTP

port - The port

HTTPVaultConnector

public HTTPVaultConnector(String hostname,
                          boolean useTLS,
                          Integer port,
                          String prefix)

Create connector using hostname, schema, port and path.

Parameters:

hostname - The hostname

useTLS - If TRUE, use HTTPS, otherwise HTTP

port - The port

prefix - HTTP API prefix (default: /v1/)

HTTPVaultConnector

public HTTPVaultConnector(String hostname,
                          boolean useTLS,
                          Integer port,
                          String prefix,
                          X509Certificate trustedCaCert)

Create connector using hostname, schema, port, path and trusted certificate.

Parameters:

hostname - The hostname

useTLS - If TRUE, use HTTPS, otherwise HTTP

port - The port

prefix - HTTP API prefix (default: /v1/)

trustedCaCert - Trusted CA certificate

HTTPVaultConnector

public HTTPVaultConnector(String hostname,
                          boolean useTLS,
                          String tlsVersion,
                          Integer port,
                          String prefix,
                          X509Certificate trustedCaCert,
                          int numberOfRetries,
                          Integer timeout)

Create connector using hostname, schema, port, path and trusted certificate.

Parameters:

hostname - The hostname

useTLS - If TRUE, use HTTPS, otherwise HTTP

tlsVersion - TLS version

port - The port

prefix - HTTP API prefix (default: /v1/)

trustedCaCert - Trusted CA certificate

numberOfRetries - Number of retries on 5xx errors

timeout - Timeout for HTTP requests (milliseconds)

HTTPVaultConnector

public HTTPVaultConnector(String baseURL)

Create connector using full URL.

Parameters:

baseURL - The URL

HTTPVaultConnector

public HTTPVaultConnector(String baseURL,
                          X509Certificate trustedCaCert)

Create connector using full URL and trusted certificate.

Parameters:

baseURL - The URL

trustedCaCert - Trusted CA certificate

HTTPVaultConnector

public HTTPVaultConnector(String baseURL,
                          X509Certificate trustedCaCert,
                          int numberOfRetries)

Create connector using full URL and trusted certificate.

Parameters:

baseURL - The URL

trustedCaCert - Trusted CA certificate

numberOfRetries - Number of retries on 5xx errors

HTTPVaultConnector

public HTTPVaultConnector(String baseURL,
                          X509Certificate trustedCaCert,
                          int numberOfRetries,
                          Integer timeout)

Create connector using full URL and trusted certificate.

Parameters:

baseURL - The URL

trustedCaCert - Trusted CA certificate

numberOfRetries - Number of retries on 5xx errors

timeout - Timeout for HTTP requests (milliseconds)

HTTPVaultConnector

public HTTPVaultConnector(String baseURL,
                          X509Certificate trustedCaCert,
                          int numberOfRetries,
                          Integer timeout,
                          String tlsVersion)

Create connector using full URL and trusted certificate.

Parameters:

baseURL - The URL

trustedCaCert - Trusted CA certificate

numberOfRetries - Number of retries on 5xx errors

timeout - Timeout for HTTP requests (milliseconds)

tlsVersion - TLS Version.

Method Detail

resetAuth

public final void resetAuth()

Description copied from interface: VaultConnector

Reset authorization information.

Specified by:

resetAuth in interface VaultConnector

sealStatus

public final SealResponse sealStatus()
                              throws VaultConnectorException

Description copied from interface: VaultConnector

Retrieve status of vault seal.

Specified by:

sealStatus in interface VaultConnector

Returns:

Seal status

Throws:

VaultConnectorException - on error

seal

public final void seal()
                throws VaultConnectorException

Description copied from interface: VaultConnector

Seal vault.

Specified by:

seal in interface VaultConnector

Throws:

VaultConnectorException - on error

unseal

public final SealResponse unseal(String key,
                                 Boolean reset)
                          throws VaultConnectorException

Description copied from interface: VaultConnector

Unseal vault.

Specified by:

unseal in interface VaultConnector

Parameters:

key - A single master share key

reset - Discard previously provided keys (optional)

Returns:

Response with seal status

Throws:

VaultConnectorException - on error

getHealth

public HealthResponse getHealth()
                         throws VaultConnectorException

Description copied from interface: VaultConnector

Query server health information.

Specified by:

getHealth in interface VaultConnector

Returns:

Health information.

Throws:

VaultConnectorException - on error

isAuthorized

public final boolean isAuthorized()

Description copied from interface: VaultConnector

Get authorization status.

Specified by:

isAuthorized in interface VaultConnector

Returns:

TRUE, if successfully authorized

getAuthBackends

public final List<AuthBackend> getAuthBackends()
                                        throws VaultConnectorException

Description copied from interface: VaultConnector

Get all available authentication backends.

Specified by:

getAuthBackends in interface VaultConnector

Returns:

List of backends

Throws:

VaultConnectorException - on error

authToken

public final TokenResponse authToken(String token)
                              throws VaultConnectorException

Description copied from interface: VaultConnector

Authorize to Vault using token.

Specified by:

authToken in interface VaultConnector

Parameters:

token - The token

Returns:

Token response

Throws:

VaultConnectorException - on error

authUserPass

public final AuthResponse authUserPass(String username,
                                       String password)
                                throws VaultConnectorException

Description copied from interface: VaultConnector

Authorize to Vault using username and password.

Specified by:

authUserPass in interface VaultConnector

Parameters:

username - The username

password - The password

Returns:

Authorization result

Throws:

VaultConnectorException - on error

authAppId

@Deprecated
public final AuthResponse authAppId(String appID,
                                    String userID)
                             throws VaultConnectorException

Deprecated.

Description copied from interface: VaultConnector

Authorize to Vault using AppID method.

Specified by:

authAppId in interface VaultConnector

Parameters:

appID - The App ID

userID - The User ID

Returns:

The AuthResponse

Throws:

VaultConnectorException - on error

authAppRole

public final AuthResponse authAppRole(String roleID,
                                      String secretID)
                               throws VaultConnectorException

Description copied from interface: VaultConnector

Authorize to Vault using AppRole method.

Specified by:

authAppRole in interface VaultConnector

Parameters:

roleID - The role ID

secretID - The secret ID

Returns:

The AuthResponse

Throws:

VaultConnectorException - on error

registerAppId

@Deprecated
public final boolean registerAppId(String appID,
                                   String policy,
                                   String displayName)
                            throws VaultConnectorException

Deprecated.

Description copied from interface: VaultConnector

Register new App-ID with policy.

Specified by:

registerAppId in interface VaultConnector

Parameters:

appID - The unique App-ID

policy - The policy to associate with

displayName - Arbitrary name to display

Returns:

true on success

Throws:

VaultConnectorException - on error

registerUserId

@Deprecated
public final boolean registerUserId(String appID,
                                    String userID)
                             throws VaultConnectorException

Deprecated.

Description copied from interface: VaultConnector

Register User-ID with App-ID.

Specified by:

registerUserId in interface VaultConnector

Parameters:

appID - The App-ID

userID - The User-ID

Returns:

true on success

Throws:

VaultConnectorException - on error

createAppRole

public final boolean createAppRole(AppRole role)
                            throws VaultConnectorException

Description copied from interface: VaultConnector

Register a new AppRole role from given metamodel.

Specified by:

createAppRole in interface VaultConnector

Parameters:

role - The role

Returns:

true on success

Throws:

VaultConnectorException - on error

lookupAppRole

public final AppRoleResponse lookupAppRole(String roleName)
                                    throws VaultConnectorException

Description copied from interface: VaultConnector

Lookup an AppRole role.

Specified by:

lookupAppRole in interface VaultConnector

Parameters:

roleName - The role name

Returns:

Result of the lookup

Throws:

VaultConnectorException - on error

deleteAppRole

public final boolean deleteAppRole(String roleName)
                            throws VaultConnectorException

Description copied from interface: VaultConnector

Delete AppRole role from Vault.

Specified by:

deleteAppRole in interface VaultConnector

Parameters:

roleName - The role name

Returns:

true on success

Throws:

VaultConnectorException - on error

getAppRoleID

public final String getAppRoleID(String roleName)
                          throws VaultConnectorException

Description copied from interface: VaultConnector

Retrieve ID for an AppRole role.

Specified by:

getAppRoleID in interface VaultConnector

Parameters:

roleName - The role name

Returns:

The role ID

Throws:

VaultConnectorException - on error

setAppRoleID

public final boolean setAppRoleID(String roleName,
                                  String roleID)
                           throws VaultConnectorException

Description copied from interface: VaultConnector

Set custom ID for an AppRole role.

Specified by:

setAppRoleID in interface VaultConnector

Parameters:

roleName - The role name

roleID - The role ID

Returns:

true on success

Throws:

VaultConnectorException - on error

createAppRoleSecret

public final AppRoleSecretResponse createAppRoleSecret(String roleName,
                                                       AppRoleSecret secret)
                                                throws VaultConnectorException

Description copied from interface: VaultConnector

Register new AppRole secret with custom ID.

Specified by:

createAppRoleSecret in interface VaultConnector

Parameters:

roleName - The role name

secret - The secret meta object

Returns:

The secret ID

Throws:

VaultConnectorException - on error

lookupAppRoleSecret

public final AppRoleSecretResponse lookupAppRoleSecret(String roleName,
                                                       String secretID)
                                                throws VaultConnectorException

Description copied from interface: VaultConnector

Lookup an AppRole secret.

Specified by:

lookupAppRoleSecret in interface VaultConnector

Parameters:

roleName - The role name

secretID - The secret ID

Returns:

Result of the lookup

Throws:

VaultConnectorException - on error

destroyAppRoleSecret

public final boolean destroyAppRoleSecret(String roleName,
                                          String secretID)
                                   throws VaultConnectorException

Description copied from interface: VaultConnector

Destroy an AppRole secret.

Specified by:

destroyAppRoleSecret in interface VaultConnector

Parameters:

roleName - The role name

secretID - The secret meta object

Returns:

The secret ID

Throws:

VaultConnectorException - on error

listAppRoles

public final List<String> listAppRoles()
                                throws VaultConnectorException

Description copied from interface: VaultConnector

List existing (accessible) AppRole roles.

Specified by:

listAppRoles in interface VaultConnector

Returns:

List of roles

Throws:

VaultConnectorException - on error

listAppRoleSecrets

public final List<String> listAppRoleSecrets(String roleName)
                                      throws VaultConnectorException

Description copied from interface: VaultConnector

List existing (accessible) secret IDs for AppRole role.

Specified by:

listAppRoleSecrets in interface VaultConnector

Parameters:

roleName - The role name

Returns:

List of roles

Throws:

VaultConnectorException - on error

read

public final SecretResponse read(String key)
                          throws VaultConnectorException

Description copied from interface: VaultConnector

Retrieve any nodes content from Vault.

Specified by:

read in interface VaultConnector

Parameters:

key - Secret identifier

Returns:

Secret response

Throws:

VaultConnectorException - on error

readSecretVersion

public final SecretResponse readSecretVersion(String mount,
                                              String key,
                                              Integer version)
                                       throws VaultConnectorException

Description copied from interface: VaultConnector

Retrieve secret data from Vault.
Path <mount>/data/<key> is read here. Only available for KV v2 secrets.

Specified by:

readSecretVersion in interface VaultConnector

Parameters:

mount - Secret store mount point (without leading or trailing slash).

key - Secret identifier

version - Version to read. If null or zero, the latest version will be returned.

Returns:

Secret response.

Throws:

VaultConnectorException - on error

readSecretMetadata

public final MetadataResponse readSecretMetadata(String mount,
                                                 String key)
                                          throws VaultConnectorException

Description copied from interface: VaultConnector

Retrieve secret metadata from Vault.
Path <mount>/metadata/<key> is read here. Only available for KV v2 secrets.

Specified by:

readSecretMetadata in interface VaultConnector

Parameters:

mount - Secret store mount point (without leading or trailing slash).

key - Secret identifier

Returns:

Metadata response

Throws:

VaultConnectorException - on error

updateSecretMetadata

public void updateSecretMetadata(String mount,
                                 String key,
                                 Integer maxVersions,
                                 boolean casRequired)
                          throws VaultConnectorException

Description copied from interface: VaultConnector

Update secret metadata.
Path <mount>/metadata/<key> is written here. Only available for KV v2 secrets.

Specified by:

updateSecretMetadata in interface VaultConnector

Parameters:

mount - Secret store mount point (without leading or trailing slash).

key - Secret identifier

maxVersions - Maximum number of versions (fallback to backend default if null)

casRequired - Specify if Check-And-Set is required for this secret.

Throws:

VaultConnectorException - on error

writeSecretData

public final SecretVersionResponse writeSecretData(String mount,
                                                   String key,
                                                   Map<String,Object> data,
                                                   Integer cas)
                                            throws VaultConnectorException

Description copied from interface: VaultConnector

Write secret to Vault.
Path <mount>/data/<key> is written here. Only available for KV v2 secrets.

Specified by:

writeSecretData in interface VaultConnector

Parameters:

mount - Secret store mount point (without leading or trailing slash).

key - Secret identifier

data - Secret content. Value must be be JSON serializable.

cas - Use Check-And-Set operation, i.e. only allow writing if current version matches this value.

Returns:

Metadata for the created/updated secret.

Throws:

VaultConnectorException - on error

list

public final List<String> list(String path)
                        throws VaultConnectorException

Description copied from interface: VaultConnector

List available nodes from Vault.

Specified by:

list in interface VaultConnector

Parameters:

path - Root path to search

Returns:

List of secret keys

Throws:

VaultConnectorException - on error

write

public final void write(String key,
                        Map<String,Object> data,
                        Map<String,Object> options)
                 throws VaultConnectorException

Description copied from interface: VaultConnector

Write value to Vault.

Specified by:

write in interface VaultConnector

Parameters:

key - Secret path

data - Secret content. Value must be be JSON serializable.

options - Secret options (optional).

Throws:

VaultConnectorException - on error

delete

public final void delete(String key)
                  throws VaultConnectorException

Description copied from interface: VaultConnector

Delete key from Vault.

Specified by:

delete in interface VaultConnector

Parameters:

key - Secret path

Throws:

VaultConnectorException - on error

deleteLatestSecretVersion

public final void deleteLatestSecretVersion(String mount,
                                            String key)
                                     throws VaultConnectorException

Description copied from interface: VaultConnector

Delete latest version of a secret from Vault.
Only available for KV v2 stores.

Specified by:

deleteLatestSecretVersion in interface VaultConnector

Parameters:

mount - Secret store mount point (without leading or trailing slash).

key - Secret path.

Throws:

VaultConnectorException - on error

deleteAllSecretVersions

public final void deleteAllSecretVersions(String mount,
                                          String key)
                                   throws VaultConnectorException

Description copied from interface: VaultConnector

Delete latest version of a secret from Vault.
Prefix secret/ is automatically added to path. Only available for KV v2 stores.

Specified by:

deleteAllSecretVersions in interface VaultConnector

Parameters:

mount - Secret store mount point (without leading or trailing slash).

key - Secret path.

Throws:

VaultConnectorException - on error

deleteSecretVersions

public final void deleteSecretVersions(String mount,
                                       String key,
                                       int... versions)
                                throws VaultConnectorException

Description copied from interface: VaultConnector

Delete secret versions from Vault.
Only available for KV v2 stores.

Specified by:

deleteSecretVersions in interface VaultConnector

Parameters:

mount - Secret store mount point (without leading or trailing slash).

key - Secret path.

versions - Versions of the secret to delete.

Throws:

VaultConnectorException - on error

undeleteSecretVersions

public final void undeleteSecretVersions(String mount,
                                         String key,
                                         int... versions)
                                  throws VaultConnectorException

Description copied from interface: VaultConnector

Undelete (restore) secret versions from Vault. Only available for KV v2 stores.

Specified by:

undeleteSecretVersions in interface VaultConnector

Parameters:

mount - Secret store mount point (without leading or trailing slash).

key - Secret path.

versions - Versions of the secret to undelete.

Throws:

VaultConnectorException - on error

destroySecretVersions

public final void destroySecretVersions(String mount,
                                        String key,
                                        int... versions)
                                 throws VaultConnectorException

Description copied from interface: VaultConnector

Destroy secret versions from Vault. Only available for KV v2 stores.

Specified by:

destroySecretVersions in interface VaultConnector

Parameters:

mount - Secret store mount point (without leading or trailing slash).

key - Secret path.

versions - Versions of the secret to destroy.

Throws:

VaultConnectorException - on error

revoke

public final void revoke(String leaseID)
                  throws VaultConnectorException

Description copied from interface: VaultConnector

Revoke given lease immediately.

Specified by:

revoke in interface VaultConnector

Parameters:

leaseID - the lease ID

Throws:

VaultConnectorException - on error

renew

public final SecretResponse renew(String leaseID,
                                  Integer increment)
                           throws VaultConnectorException

Description copied from interface: VaultConnector

Renew lease with given ID.

Specified by:

renew in interface VaultConnector

Parameters:

leaseID - the lase ID

increment - number of seconds to extend lease time

Returns:

Renewed lease

Throws:

VaultConnectorException - on error

createToken

public final AuthResponse createToken(Token token)
                               throws VaultConnectorException

Description copied from interface: VaultConnector

Create a new token.

Specified by:

createToken in interface VaultConnector

Parameters:

token - the token

Returns:

the result response

Throws:

VaultConnectorException - on error

createToken

public final AuthResponse createToken(Token token,
                                      boolean orphan)
                               throws VaultConnectorException

Description copied from interface: VaultConnector

Create a new token.

Specified by:

createToken in interface VaultConnector

Parameters:

token - the token

orphan - create orphan token

Returns:

the result response

Throws:

VaultConnectorException - on error

createToken

public final AuthResponse createToken(Token token,
                                      String role)
                               throws VaultConnectorException

Description copied from interface: VaultConnector

Create a new token for specific role.

Specified by:

createToken in interface VaultConnector

Parameters:

token - the token

role - the role name

Returns:

the result response

Throws:

VaultConnectorException - on error

close

public final void close()

Specified by:

close in interface AutoCloseable

lookupToken

public final TokenResponse lookupToken(String token)
                                throws VaultConnectorException

Description copied from interface: VaultConnector

Lookup token information.

Specified by:

lookupToken in interface VaultConnector

Parameters:

token - the token

Returns:

the result response

Throws:

VaultConnectorException - on error

createOrUpdateTokenRole

public boolean createOrUpdateTokenRole(String name,
                                       TokenRole role)
                                throws VaultConnectorException

Description copied from interface: VaultConnector

Create a new or update an existing token role.

Specified by:

createOrUpdateTokenRole in interface VaultConnector

Parameters:

name - the role name (overrides name possibly set in role entity)

role - the role entity

Returns:

true on success

Throws:

VaultConnectorException - on error

readTokenRole

public TokenRoleResponse readTokenRole(String name)
                                throws VaultConnectorException

Description copied from interface: VaultConnector

Lookup token information.

Specified by:

readTokenRole in interface VaultConnector

Parameters:

name - the role name

Returns:

the result response

Throws:

VaultConnectorException - on error

listTokenRoles

public List<String> listTokenRoles()
                            throws VaultConnectorException

Description copied from interface: VaultConnector

List available token roles from Vault.

Specified by:

listTokenRoles in interface VaultConnector

Returns:

List of token roles

Throws:

VaultConnectorException - on error

deleteTokenRole

public boolean deleteTokenRole(String name)
                        throws VaultConnectorException

Description copied from interface: VaultConnector

Delete a token role.

Specified by:

deleteTokenRole in interface VaultConnector

Parameters:

name - the role name to delete

Returns:

true on success

Throws:

VaultConnectorException - on error