Package de.stklcode.jvault.connector
Interface VaultConnector
-
- All Superinterfaces:
AutoCloseable,Serializable
- All Known Implementing Classes:
HTTPVaultConnector
public interface VaultConnector extends AutoCloseable, Serializable
Vault Connector interface. Provides methods to connect with Vault backend and handle secrets.- Since:
- 0.1
- Author:
- Stefan Kalscheuer
-
-
Field Summary
Fields Modifier and Type Field Description static StringPATH_SECRETDefault sub-path for Vault secrets.
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Deprecated Methods Modifier and Type Method Description AuthResponseauthAppId(String appID, String userID)Deprecated.As of Vault 0.6.1 App-ID is superseded by AppRole.default AuthResponseauthAppRole(String roleID)Authorize to Vault using AppRole method without secret ID.AuthResponseauthAppRole(String roleID, String secretID)Authorize to Vault using AppRole method.TokenResponseauthToken(String token)Authorize to Vault using token.AuthResponseauthUserPass(String username, String password)Authorize to Vault using username and password.booleancreateAppRole(AppRole role)Register a new AppRole role from given metamodel.default booleancreateAppRole(String roleName)Register new AppRole role with default policy.default booleancreateAppRole(String roleName, String roleID)Register new AppRole role with default policy and custom ID.default booleancreateAppRole(String roleName, List<String> policies)Register new AppRole role with policies.default booleancreateAppRole(String roleName, List<String> policies, String roleID)Register new AppRole role with policies and custom ID.default AppRoleSecretResponsecreateAppRoleSecret(String roleName)Register new random generated AppRole secret.AppRoleSecretResponsecreateAppRoleSecret(String roleName, AppRoleSecret secret)Register new AppRole secret with custom ID.default AppRoleSecretResponsecreateAppRoleSecret(String roleName, String secretID)Register new AppRole secret with custom ID.default booleancreateOrUpdateTokenRole(TokenRole role)Create a new or update an existing token role.booleancreateOrUpdateTokenRole(String name, TokenRole role)Create a new or update an existing token role.AuthResponsecreateToken(Token token)Create a new token.AuthResponsecreateToken(Token token, boolean orphan)Create a new token.AuthResponsecreateToken(Token token, String role)Create a new token for specific role.voiddelete(String key)Delete key from Vault.default voiddeleteAllSecretVersions(String key)Delete latest version of a secret from Vault.voiddeleteAllSecretVersions(String mount, String key)Delete latest version of a secret from Vault.booleandeleteAppRole(String roleName)Delete AppRole role from Vault.default voiddeleteLatestSecretVersion(String key)Delete latest version of a secret from Vault.voiddeleteLatestSecretVersion(String mount, String key)Delete latest version of a secret from Vault.default voiddeleteSecret(String key)Delete secret from Vault.default voiddeleteSecretVersions(String key, int... versions)Delete secret versions from Vault.voiddeleteSecretVersions(String mount, String key, int... versions)Delete secret versions from Vault.booleandeleteTokenRole(String name)Delete a token role.booleandestroyAppRoleSecret(String roleName, String secretID)Destroy an AppRole secret.default voiddestroySecretVersions(String key, int... versions)Destroy secret versions from Vault.voiddestroySecretVersions(String mount, String key, int... versions)Destroy secret versions from Vault.StringgetAppRoleID(String roleName)Retrieve ID for an AppRole role.List<AuthBackend>getAuthBackends()Get all available authentication backends.HealthResponsegetHealth()Query server health information.booleanisAuthorized()Get authorization status.List<String>list(String path)List available nodes from Vault.List<String>listAppRoles()List existing (accessible) AppRole roles.List<String>listAppRoleSecrets(String roleName)List existing (accessible) secret IDs for AppRole role.default List<String>listSecrets(String path)List available secrets from Vault.List<String>listTokenRoles()List available token roles from Vault.AppRoleResponselookupAppRole(String roleName)Lookup an AppRole role.AppRoleSecretResponselookupAppRoleSecret(String roleName, String secretID)Lookup an AppRole secret.TokenResponselookupToken(String token)Lookup token information.SecretResponseread(String key)Retrieve any nodes content from Vault.default CredentialsResponsereadDbCredentials(String role, String mount)Read credentials for SQL backends.default CredentialsResponsereadMongoDbCredentials(String role)Read credentials for MSSQL backend at default mount point.default CredentialsResponsereadMsSqlCredentials(String role)Read credentials for MSSQL backend at default mount point.default CredentialsResponsereadMySqlCredentials(String role)Read credentials for MySQL backend at default mount point.default CredentialsResponsereadPostgreSqlCredentials(String role)Read credentials for PostgreSQL backend at default mount point.default SecretResponsereadSecret(String key)Retrieve secret from Vault.default SecretResponsereadSecretData(String key)Retrieve the latest secret data for specific version from Vault.default SecretResponsereadSecretData(String mount, String key)Retrieve the latest secret data for specific version from Vault.default MetadataResponsereadSecretMetadata(String key)Retrieve secret metadata from Vault.MetadataResponsereadSecretMetadata(String mount, String key)Retrieve secret metadata from Vault.default SecretResponsereadSecretVersion(String key, Integer version)Retrieve secret data from Vault.SecretResponsereadSecretVersion(String mount, String key, Integer version)Retrieve secret data from Vault.TokenRoleResponsereadTokenRole(String name)Lookup token information.booleanregisterAppId(String appID, String policy, String displayName)Deprecated.As of Vault 0.6.1 App-ID is superseded by AppRole.default booleanregisterAppUserId(String appID, String policy, String displayName, String userID)Deprecated.As of Vault 0.6.1 App-ID is superseded by AppRole.booleanregisterUserId(String appID, String userID)Deprecated.As of Vault 0.6.1 App-ID is superseded by AppRole.default SecretResponserenew(String leaseID)Renew lease with given ID.SecretResponserenew(String leaseID, Integer increment)Renew lease with given ID.voidresetAuth()Reset authorization information.voidrevoke(String leaseID)Revoke given lease immediately.voidseal()Seal vault.SealResponsesealStatus()Retrieve status of vault seal.booleansetAppRoleID(String roleName, String roleID)Set custom ID for an AppRole role.default voidundeleteSecretVersions(String key, int... versions)Undelete (restore) secret versions from Vault.voidundeleteSecretVersions(String mount, String key, int... versions)Undelete (restore) secret versions from Vault.default SealResponseunseal(String key)Unseal vault.SealResponseunseal(String key, Boolean reset)Unseal vault.default voidupdateSecretMetadata(String key, Integer maxVersions, boolean casRequired)Update secret metadata.voidupdateSecretMetadata(String mount, String key, Integer maxVersions, boolean casRequired)Update secret metadata.default voidwrite(String key, String value)Write simple value to Vault.default voidwrite(String key, Map<String,Object> data)Write value to Vault.voidwrite(String key, Map<String,Object> data, Map<String,Object> options)Write value to Vault.default voidwriteSecret(String key, String value)Write secret to Vault.default voidwriteSecret(String key, Map<String,Object> data)Write secret to Vault.default SecretVersionResponsewriteSecretData(String mount, String key, Map<String,Object> data)Write secret to Vault.SecretVersionResponsewriteSecretData(String mount, String key, Map<String,Object> data, Integer cas)Write secret to Vault.default SecretVersionResponsewriteSecretData(String key, Map<String,Object> data)Write secret to Vault.-
Methods inherited from interface java.lang.AutoCloseable
close
-
-
-
-
Field Detail
-
PATH_SECRET
static final String PATH_SECRET
Default sub-path for Vault secrets.- See Also:
- Constant Field Values
-
-
Method Detail
-
resetAuth
void resetAuth()
Reset authorization information.
-
sealStatus
SealResponse sealStatus() throws VaultConnectorException
Retrieve status of vault seal.- Returns:
- Seal status
- Throws:
VaultConnectorException- on error
-
seal
void seal() throws VaultConnectorException
Seal vault.- Throws:
VaultConnectorException- on error
-
unseal
SealResponse unseal(String key, Boolean reset) throws VaultConnectorException
Unseal vault.- Parameters:
key- A single master share keyreset- Discard previously provided keys (optional)- Returns:
- Response with seal status
- Throws:
VaultConnectorException- on error
-
unseal
default SealResponse unseal(String key) throws VaultConnectorException
Unseal vault.- Parameters:
key- A single master share key- Returns:
- Response with seal status
- Throws:
VaultConnectorException- on error
-
getHealth
HealthResponse getHealth() throws VaultConnectorException
Query server health information.- Returns:
- Health information.
- Throws:
VaultConnectorException- on error- Since:
- 0.7.0
-
getAuthBackends
List<AuthBackend> getAuthBackends() throws VaultConnectorException
Get all available authentication backends.- Returns:
- List of backends
- Throws:
VaultConnectorException- on error
-
authToken
TokenResponse authToken(String token) throws VaultConnectorException
Authorize to Vault using token.- Parameters:
token- The token- Returns:
- Token response
- Throws:
VaultConnectorException- on error
-
authUserPass
AuthResponse authUserPass(String username, String password) throws VaultConnectorException
Authorize to Vault using username and password.- Parameters:
username- The usernamepassword- The password- Returns:
- Authorization result
- Throws:
VaultConnectorException- on error
-
authAppId
@Deprecated AuthResponse authAppId(String appID, String userID) throws VaultConnectorException
Deprecated.As of Vault 0.6.1 App-ID is superseded by AppRole. Consider usingauthAppRole(java.lang.String)instead.Authorize to Vault using AppID method.- Parameters:
appID- The App IDuserID- The User ID- Returns:
- The
AuthResponse - Throws:
VaultConnectorException- on error
-
authAppRole
default AuthResponse authAppRole(String roleID) throws VaultConnectorException
Authorize to Vault using AppRole method without secret ID.- Parameters:
roleID- The role ID- Returns:
- The
AuthResponse - Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
authAppRole
AuthResponse authAppRole(String roleID, String secretID) throws VaultConnectorException
Authorize to Vault using AppRole method.- Parameters:
roleID- The role IDsecretID- The secret ID- Returns:
- The
AuthResponse - Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
registerAppId
@Deprecated boolean registerAppId(String appID, String policy, String displayName) throws VaultConnectorException
Deprecated.As of Vault 0.6.1 App-ID is superseded by AppRole. Consider usingcreateAppRole(de.stklcode.jvault.connector.model.AppRole)instead.Register new App-ID with policy.- Parameters:
appID- The unique App-IDpolicy- The policy to associate withdisplayName- Arbitrary name to display- Returns:
trueon success- Throws:
VaultConnectorException- on error
-
createAppRole
boolean createAppRole(AppRole role) throws VaultConnectorException
Register a new AppRole role from given metamodel.- Parameters:
role- The role- Returns:
trueon success- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
createAppRole
default boolean createAppRole(String roleName) throws VaultConnectorException
Register new AppRole role with default policy.- Parameters:
roleName- The role name- Returns:
trueon success- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
createAppRole
default boolean createAppRole(String roleName, List<String> policies) throws VaultConnectorException
Register new AppRole role with policies.- Parameters:
roleName- The role namepolicies- The policies to associate with- Returns:
trueon success- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
createAppRole
default boolean createAppRole(String roleName, String roleID) throws VaultConnectorException
Register new AppRole role with default policy and custom ID.- Parameters:
roleName- The role nameroleID- A custom role ID- Returns:
trueon success- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
createAppRole
default boolean createAppRole(String roleName, List<String> policies, String roleID) throws VaultConnectorException
Register new AppRole role with policies and custom ID.- Parameters:
roleName- The role namepolicies- The policies to associate withroleID- A custom role ID- Returns:
trueon success- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
deleteAppRole
boolean deleteAppRole(String roleName) throws VaultConnectorException
Delete AppRole role from Vault.- Parameters:
roleName- The role name- Returns:
trueon success- Throws:
VaultConnectorException- on error
-
lookupAppRole
AppRoleResponse lookupAppRole(String roleName) throws VaultConnectorException
Lookup an AppRole role.- Parameters:
roleName- The role name- Returns:
- Result of the lookup
- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
getAppRoleID
String getAppRoleID(String roleName) throws VaultConnectorException
Retrieve ID for an AppRole role.- Parameters:
roleName- The role name- Returns:
- The role ID
- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
setAppRoleID
boolean setAppRoleID(String roleName, String roleID) throws VaultConnectorException
Set custom ID for an AppRole role.- Parameters:
roleName- The role nameroleID- The role ID- Returns:
trueon success- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
createAppRoleSecret
default AppRoleSecretResponse createAppRoleSecret(String roleName) throws VaultConnectorException
Register new random generated AppRole secret.- Parameters:
roleName- The role name- Returns:
- The secret ID
- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
createAppRoleSecret
default AppRoleSecretResponse createAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
Register new AppRole secret with custom ID.- Parameters:
roleName- The role namesecretID- A custom secret ID- Returns:
- The secret ID
- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
createAppRoleSecret
AppRoleSecretResponse createAppRoleSecret(String roleName, AppRoleSecret secret) throws VaultConnectorException
Register new AppRole secret with custom ID.- Parameters:
roleName- The role namesecret- The secret meta object- Returns:
- The secret ID
- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
lookupAppRoleSecret
AppRoleSecretResponse lookupAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
Lookup an AppRole secret.- Parameters:
roleName- The role namesecretID- The secret ID- Returns:
- Result of the lookup
- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
destroyAppRoleSecret
boolean destroyAppRoleSecret(String roleName, String secretID) throws VaultConnectorException
Destroy an AppRole secret.- Parameters:
roleName- The role namesecretID- The secret meta object- Returns:
- The secret ID
- Throws:
VaultConnectorException- on error- Since:
- 0.4.0
-
listAppRoles
List<String> listAppRoles() throws VaultConnectorException
List existing (accessible) AppRole roles.- Returns:
- List of roles
- Throws:
VaultConnectorException- on error
-
listAppRoleSecrets
List<String> listAppRoleSecrets(String roleName) throws VaultConnectorException
List existing (accessible) secret IDs for AppRole role.- Parameters:
roleName- The role name- Returns:
- List of roles
- Throws:
VaultConnectorException- on error
-
registerUserId
@Deprecated boolean registerUserId(String appID, String userID) throws VaultConnectorException
Deprecated.As of Vault 0.6.1 App-ID is superseded by AppRole. Consider usingcreateAppRoleSecret(java.lang.String)instead.Register User-ID with App-ID.- Parameters:
appID- The App-IDuserID- The User-ID- Returns:
trueon success- Throws:
VaultConnectorException- on error
-
registerAppUserId
@Deprecated default boolean registerAppUserId(String appID, String policy, String displayName, String userID) throws VaultConnectorException
Deprecated.As of Vault 0.6.1 App-ID is superseded by AppRole.Register new App-ID and User-ID at once.- Parameters:
appID- The App-IDpolicy- The policy to associate withdisplayName- Arbitrary name to displayuserID- The User-ID- Returns:
trueon success- Throws:
VaultConnectorException- on error
-
isAuthorized
boolean isAuthorized()
Get authorization status.- Returns:
- TRUE, if successfully authorized
-
read
SecretResponse read(String key) throws VaultConnectorException
Retrieve any nodes content from Vault.- Parameters:
key- Secret identifier- Returns:
- Secret response
- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
readSecret
default SecretResponse readSecret(String key) throws VaultConnectorException
Retrieve secret from Vault.
Prefixsecret/is automatically added to key.- Parameters:
key- Secret identifier- Returns:
- Secret response
- Throws:
VaultConnectorException- on error
-
readSecretData
default SecretResponse readSecretData(String key) throws VaultConnectorException
Retrieve the latest secret data for specific version from Vault.
Prefix "secret/data" is automatically added to key. Only available for KV v2 secrets.- Parameters:
key- Secret identifier- Returns:
- Secret response
- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
readSecretData
default SecretResponse readSecretData(String mount, String key) throws VaultConnectorException
Retrieve the latest secret data for specific version from Vault.
Path<mount>/data/<key>is read here. Only available for KV v2 secrets.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret identifier- Returns:
- Secret response
- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
writeSecretData
default SecretVersionResponse writeSecretData(String key, Map<String,Object> data) throws VaultConnectorException
Write secret to Vault.
Prefixsecret/is automatically added to path. Only available for KV v2 secrets.- Parameters:
key- Secret identifier.data- Secret content. Value must be be JSON serializable.- Returns:
- Metadata for the created/updated secret.
- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
writeSecretData
default SecretVersionResponse writeSecretData(String mount, String key, Map<String,Object> data) throws VaultConnectorException
Write secret to Vault.
Path<mount>/data/<key>is written here. Only available for KV v2 secrets.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret identifierdata- Secret content. Value must be be JSON serializable.- Returns:
- Metadata for the created/updated secret.
- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
writeSecretData
SecretVersionResponse writeSecretData(String mount, String key, Map<String,Object> data, Integer cas) throws VaultConnectorException
Write secret to Vault.
Path<mount>/data/<key>is written here. Only available for KV v2 secrets.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret identifierdata- Secret content. Value must be be JSON serializable.cas- Use Check-And-Set operation, i.e. only allow writing if current version matches this value.- Returns:
- Metadata for the created/updated secret.
- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
readSecretVersion
default SecretResponse readSecretVersion(String key, Integer version) throws VaultConnectorException
Retrieve secret data from Vault.
Path<mount>/data/<key>is read here. Only available for KV v2 secrets.- Parameters:
key- Secret identifierversion- Version to read. Ifnullor zero, the latest version will be returned.- Returns:
- Secret response
- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
readSecretVersion
SecretResponse readSecretVersion(String mount, String key, Integer version) throws VaultConnectorException
Retrieve secret data from Vault.
Path<mount>/data/<key>is read here. Only available for KV v2 secrets.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret identifierversion- Version to read. Ifnullor zero, the latest version will be returned.- Returns:
- Secret response.
- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
readSecretMetadata
default MetadataResponse readSecretMetadata(String key) throws VaultConnectorException
Retrieve secret metadata from Vault. Pathsecret/metadata/<key>is read here. Only available for KV v2 secrets.- Parameters:
key- Secret identifier- Returns:
- Metadata response
- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
updateSecretMetadata
default void updateSecretMetadata(String key, Integer maxVersions, boolean casRequired) throws VaultConnectorException
Update secret metadata.
Pathsecret/metadata/<key>is read here. Only available for KV v2 secrets.- Parameters:
key- Secret identifiermaxVersions- Maximum number of versions (fallback to backend default ifnull)casRequired- Specify if Check-And-Set is required for this secret.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
readSecretMetadata
MetadataResponse readSecretMetadata(String mount, String key) throws VaultConnectorException
Retrieve secret metadata from Vault.
Path<mount>/metadata/<key>is read here. Only available for KV v2 secrets.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret identifier- Returns:
- Metadata response
- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
updateSecretMetadata
void updateSecretMetadata(String mount, String key, Integer maxVersions, boolean casRequired) throws VaultConnectorException
Update secret metadata.
Path<mount>/metadata/<key>is written here. Only available for KV v2 secrets.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret identifiermaxVersions- Maximum number of versions (fallback to backend default ifnull)casRequired- Specify if Check-And-Set is required for this secret.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
list
List<String> list(String path) throws VaultConnectorException
List available nodes from Vault.- Parameters:
path- Root path to search- Returns:
- List of secret keys
- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
listSecrets
default List<String> listSecrets(String path) throws VaultConnectorException
List available secrets from Vault.
Prefixsecret/is automatically added to path.- Parameters:
path- Root path to search- Returns:
- List of secret keys
- Throws:
VaultConnectorException- on error
-
write
default void write(String key, String value) throws VaultConnectorException
Write simple value to Vault.- Parameters:
key- Secret pathvalue- Secret value- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
write
default void write(String key, Map<String,Object> data) throws VaultConnectorException
Write value to Vault.- Parameters:
key- Secret pathdata- Secret content. Value must be be JSON serializable.- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
write
void write(String key, Map<String,Object> data, Map<String,Object> options) throws VaultConnectorException
Write value to Vault.- Parameters:
key- Secret pathdata- Secret content. Value must be be JSON serializable.options- Secret options (optional).- Throws:
VaultConnectorException- on error- Since:
- 0.8
optionsparameter added
-
writeSecret
default void writeSecret(String key, String value) throws VaultConnectorException
Write secret to Vault.
Prefixsecret/is automatically added to path.- Parameters:
key- Secret pathvalue- Secret value- Throws:
VaultConnectorException- on error
-
writeSecret
default void writeSecret(String key, Map<String,Object> data) throws VaultConnectorException
Write secret to Vault.
Prefixsecret/is automatically added to path.- Parameters:
key- Secret pathdata- Secret content. Value must be be JSON serializable.- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
delete
void delete(String key) throws VaultConnectorException
Delete key from Vault.- Parameters:
key- Secret path- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
deleteSecret
default void deleteSecret(String key) throws VaultConnectorException
Delete secret from Vault.
Prefixsecret/is automatically added to path.- Parameters:
key- Secret path- Throws:
VaultConnectorException- on error
-
deleteLatestSecretVersion
default void deleteLatestSecretVersion(String key) throws VaultConnectorException
Delete latest version of a secret from Vault.
Prefixsecret/is automatically added to path. Only available for KV v2 stores.- Parameters:
key- Secret path.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
deleteLatestSecretVersion
void deleteLatestSecretVersion(String mount, String key) throws VaultConnectorException
Delete latest version of a secret from Vault.
Only available for KV v2 stores.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret path.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
deleteAllSecretVersions
default void deleteAllSecretVersions(String key) throws VaultConnectorException
Delete latest version of a secret from Vault.
Prefixsecret/is automatically added to path. Only available for KV v2 stores.- Parameters:
key- Secret path.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
deleteAllSecretVersions
void deleteAllSecretVersions(String mount, String key) throws VaultConnectorException
Delete latest version of a secret from Vault.
Prefixsecret/is automatically added to path. Only available for KV v2 stores.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret path.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
deleteSecretVersions
default void deleteSecretVersions(String key, int... versions) throws VaultConnectorException
Delete secret versions from Vault.
Only available for KV v2 stores.- Parameters:
key- Secret path.versions- Versions of the secret to delete.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
deleteSecretVersions
void deleteSecretVersions(String mount, String key, int... versions) throws VaultConnectorException
Delete secret versions from Vault.
Only available for KV v2 stores.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret path.versions- Versions of the secret to delete.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
undeleteSecretVersions
default void undeleteSecretVersions(String key, int... versions) throws VaultConnectorException
Undelete (restore) secret versions from Vault. Only available for KV v2 stores.- Parameters:
key- Secret path.versions- Versions of the secret to undelete.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
undeleteSecretVersions
void undeleteSecretVersions(String mount, String key, int... versions) throws VaultConnectorException
Undelete (restore) secret versions from Vault. Only available for KV v2 stores.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret path.versions- Versions of the secret to undelete.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
destroySecretVersions
default void destroySecretVersions(String key, int... versions) throws VaultConnectorException
Destroy secret versions from Vault. Only available for KV v2 stores.- Parameters:
key- Secret path.versions- Versions of the secret to destroy.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
destroySecretVersions
void destroySecretVersions(String mount, String key, int... versions) throws VaultConnectorException
Destroy secret versions from Vault. Only available for KV v2 stores.- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret path.versions- Versions of the secret to destroy.- Throws:
VaultConnectorException- on error- Since:
- 0.8
-
revoke
void revoke(String leaseID) throws VaultConnectorException
Revoke given lease immediately.- Parameters:
leaseID- the lease ID- Throws:
VaultConnectorException- on error
-
renew
default SecretResponse renew(String leaseID) throws VaultConnectorException
Renew lease with given ID.- Parameters:
leaseID- the lase ID- Returns:
- Renewed lease
- Throws:
VaultConnectorException- on error
-
renew
SecretResponse renew(String leaseID, Integer increment) throws VaultConnectorException
Renew lease with given ID.- Parameters:
leaseID- the lase IDincrement- number of seconds to extend lease time- Returns:
- Renewed lease
- Throws:
VaultConnectorException- on error
-
createToken
AuthResponse createToken(Token token) throws VaultConnectorException
Create a new token.- Parameters:
token- the token- Returns:
- the result response
- Throws:
VaultConnectorException- on error
-
createToken
AuthResponse createToken(Token token, boolean orphan) throws VaultConnectorException
Create a new token.- Parameters:
token- the tokenorphan- create orphan token- Returns:
- the result response
- Throws:
VaultConnectorException- on error
-
createToken
AuthResponse createToken(Token token, String role) throws VaultConnectorException
Create a new token for specific role.- Parameters:
token- the tokenrole- the role name- Returns:
- the result response
- Throws:
VaultConnectorException- on error
-
lookupToken
TokenResponse lookupToken(String token) throws VaultConnectorException
Lookup token information.- Parameters:
token- the token- Returns:
- the result response
- Throws:
VaultConnectorException- on error
-
createOrUpdateTokenRole
default boolean createOrUpdateTokenRole(TokenRole role) throws VaultConnectorException
Create a new or update an existing token role.- Parameters:
role- the role entity (name must be set)- Returns:
trueon success- Throws:
VaultConnectorException- on error- Since:
- 0.9
-
createOrUpdateTokenRole
boolean createOrUpdateTokenRole(String name, TokenRole role) throws VaultConnectorException
Create a new or update an existing token role.- Parameters:
name- the role name (overrides name possibly set in role entity)role- the role entity- Returns:
trueon success- Throws:
VaultConnectorException- on error- Since:
- 0.9
-
readTokenRole
TokenRoleResponse readTokenRole(String name) throws VaultConnectorException
Lookup token information.- Parameters:
name- the role name- Returns:
- the result response
- Throws:
VaultConnectorException- on error- Since:
- 0.9
-
listTokenRoles
List<String> listTokenRoles() throws VaultConnectorException
List available token roles from Vault.- Returns:
- List of token roles
- Throws:
VaultConnectorException- on error- Since:
- 0.9
-
deleteTokenRole
boolean deleteTokenRole(String name) throws VaultConnectorException
Delete a token role.- Parameters:
name- the role name to delete- Returns:
trueon success- Throws:
VaultConnectorException- on error- Since:
- 0.9
-
readMySqlCredentials
default CredentialsResponse readMySqlCredentials(String role) throws VaultConnectorException
Read credentials for MySQL backend at default mount point.- Parameters:
role- the role name- Returns:
- the credentials response
- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
readPostgreSqlCredentials
default CredentialsResponse readPostgreSqlCredentials(String role) throws VaultConnectorException
Read credentials for PostgreSQL backend at default mount point.- Parameters:
role- the role name- Returns:
- the credentials response
- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
readMsSqlCredentials
default CredentialsResponse readMsSqlCredentials(String role) throws VaultConnectorException
Read credentials for MSSQL backend at default mount point.- Parameters:
role- the role name- Returns:
- the credentials response
- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
readMongoDbCredentials
default CredentialsResponse readMongoDbCredentials(String role) throws VaultConnectorException
Read credentials for MSSQL backend at default mount point.- Parameters:
role- the role name- Returns:
- the credentials response
- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
readDbCredentials
default CredentialsResponse readDbCredentials(String role, String mount) throws VaultConnectorException
Read credentials for SQL backends.- Parameters:
role- the role namemount- mount point of the SQL backend- Returns:
- the credentials response
- Throws:
VaultConnectorException- on error- Since:
- 0.5.0
-
-