java.lang.Object
de.stklcode.jvault.connector.HTTPVaultConnector
- All Implemented Interfaces:
VaultConnector,Serializable,AutoCloseable
Vault Connector implementation using Vault's HTTP API.
- Since:
- 0.1
- Author:
- Stefan Kalscheuer
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionfinal AuthResponseDeprecated, for removal: This API element is subject to removal in a future version.final AuthResponseauthAppRole(String roleID, String secretID) Authorize to Vault using AppRole method.final TokenResponseAuthorize to Vault using token.final AuthResponseauthUserPass(String username, String password) Authorize to Vault using username and password.static HTTPVaultConnectorBuilderbuilder()Get a new builder for a connector.static HTTPVaultConnectorBuilderGet a new builder for a connector.static HTTPVaultConnectorBuilderGet a new builder for a connector.final voidclose()final booleancreateAppRole(AppRole role) Register a new AppRole role from given metamodel.final AppRoleSecretResponsecreateAppRoleSecret(String roleName, AppRoleSecret secret) Register new AppRole secret with custom ID.booleancreateOrUpdateTokenRole(String name, TokenRole role) Create a new or update an existing token role.final AuthResponsecreateToken(Token token) Create a new token.final AuthResponsecreateToken(Token token, boolean orphan) Create a new token.final AuthResponsecreateToken(Token token, String role) Create a new token for specific role.final voidDelete key from Vault.final voiddeleteAllSecretVersions(String mount, String key) Delete latest version of a secret from Vault.final booleandeleteAppRole(String roleName) Delete AppRole role from Vault.final voiddeleteLatestSecretVersion(String mount, String key) Delete latest version of a secret from Vault.final voiddeleteSecretVersions(String mount, String key, int... versions) Delete secret versions from Vault.booleandeleteTokenRole(String name) Delete a token role.final booleandestroyAppRoleSecret(String roleName, String secretID) Destroy an AppRole secret.final voiddestroySecretVersions(String mount, String key, int... versions) Destroy secret versions from Vault.final StringgetAppRoleID(String roleName) Retrieve ID for an AppRole role.final List<AuthBackend> Get all available authentication backends.Query server health information.final booleanGet authorization status.List available nodes from Vault.List existing (accessible) AppRole roles.listAppRoleSecrets(String roleName) List existing (accessible) secret IDs for AppRole role.List available token roles from Vault.final AppRoleResponselookupAppRole(String roleName) Lookup an AppRole role.final AppRoleSecretResponselookupAppRoleSecret(String roleName, String secretID) Lookup an AppRole secret.final TokenResponselookupToken(String token) Lookup token information.final SecretResponseRetrieve any nodes content from Vault.final MetadataResponsereadSecretMetadata(String mount, String key) Retrieve secret metadata from Vault.final SecretResponsereadSecretVersion(String mount, String key, Integer version) Retrieve secret data from Vault.readTokenRole(String name) Lookup token information.final booleanregisterAppId(String appID, String policy, String displayName) Deprecated, for removal: This API element is subject to removal in a future version.final booleanregisterUserId(String appID, String userID) Deprecated, for removal: This API element is subject to removal in a future version.final SecretResponseRenew lease with given ID.final voidReset authorization information.final voidRevoke given lease immediately.final voidseal()Seal vault.final SealResponseRetrieve status of vault seal.final booleansetAppRoleID(String roleName, String roleID) Set custom ID for an AppRole role.final voidundeleteSecretVersions(String mount, String key, int... versions) Undelete (restore) secret versions from Vault.final SealResponseUnseal vault.voidupdateSecretMetadata(String mount, String key, Integer maxVersions, boolean casRequired) Update secret metadata.final voidWrite value to Vault.final SecretVersionResponseWrite secret to Vault.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface de.stklcode.jvault.connector.VaultConnector
authAppRole, createAppRole, createAppRole, createAppRole, createAppRole, createAppRoleSecret, createAppRoleSecret, createOrUpdateTokenRole, readDbCredentials, readMongoDbCredentials, readMsSqlCredentials, readMySqlCredentials, readPostgreSqlCredentials, readSecretData, registerAppUserId, renew, unseal, write, write, writeSecretData
-
Method Details
-
builder
Get a new builder for a connector.- Returns:
- Builder instance.
- Since:
- 0.9.5
-
builder
Get a new builder for a connector.- Parameters:
baseURL- Base URL.- Returns:
- Builder instance.
- Throws:
URISyntaxException- Invalid URI syntax.- Since:
- 1.0
-
builder
Get a new builder for a connector.- Parameters:
baseURL- Base URL.- Returns:
- Builder instance.
- Since:
- 1.0
-
resetAuth
public final void resetAuth()Description copied from interface:VaultConnectorReset authorization information.- Specified by:
resetAuthin interfaceVaultConnector
-
sealStatus
Description copied from interface:VaultConnectorRetrieve status of vault seal.- Specified by:
sealStatusin interfaceVaultConnector- Returns:
- Seal status
- Throws:
VaultConnectorException- on error
-
seal
Description copied from interface:VaultConnectorSeal vault.- Specified by:
sealin interfaceVaultConnector- Throws:
VaultConnectorException- on error
-
unseal
Description copied from interface:VaultConnectorUnseal vault.- Specified by:
unsealin interfaceVaultConnector- Parameters:
key- A single master share keyreset- Discard previously provided keys (optional)- Returns:
- Response with seal status
- Throws:
VaultConnectorException- on error
-
getHealth
Description copied from interface:VaultConnectorQuery server health information.- Specified by:
getHealthin interfaceVaultConnector- Returns:
- Health information.
- Throws:
VaultConnectorException- on error
-
isAuthorized
public final boolean isAuthorized()Description copied from interface:VaultConnectorGet authorization status.- Specified by:
isAuthorizedin interfaceVaultConnector- Returns:
- TRUE, if successfully authorized
-
getAuthBackends
Description copied from interface:VaultConnectorGet all available authentication backends.- Specified by:
getAuthBackendsin interfaceVaultConnector- Returns:
- List of backends
- Throws:
VaultConnectorException- on error
-
authToken
Description copied from interface:VaultConnectorAuthorize to Vault using token.- Specified by:
authTokenin interfaceVaultConnector- Parameters:
token- The token- Returns:
- Token response
- Throws:
VaultConnectorException- on error
-
authUserPass
public final AuthResponse authUserPass(String username, String password) throws VaultConnectorException Description copied from interface:VaultConnectorAuthorize to Vault using username and password.- Specified by:
authUserPassin interfaceVaultConnector- Parameters:
username- The usernamepassword- The password- Returns:
- Authorization result
- Throws:
VaultConnectorException- on error
-
authAppId
@Deprecated(since="0.4", forRemoval=true) public final AuthResponse authAppId(String appID, String userID) throws VaultConnectorException Deprecated, for removal: This API element is subject to removal in a future version.Description copied from interface:VaultConnectorAuthorize to Vault using AppID method.- Specified by:
authAppIdin interfaceVaultConnector- Parameters:
appID- The App IDuserID- The User ID- Returns:
- The
AuthResponse - Throws:
VaultConnectorException- on error
-
authAppRole
public final AuthResponse authAppRole(String roleID, String secretID) throws VaultConnectorException Description copied from interface:VaultConnectorAuthorize to Vault using AppRole method.- Specified by:
authAppRolein interfaceVaultConnector- Parameters:
roleID- The role IDsecretID- The secret ID- Returns:
- The
AuthResponse - Throws:
VaultConnectorException- on error
-
registerAppId
@Deprecated(since="0.4", forRemoval=true) public final boolean registerAppId(String appID, String policy, String displayName) throws VaultConnectorException Deprecated, for removal: This API element is subject to removal in a future version.Description copied from interface:VaultConnectorRegister new App-ID with policy.- Specified by:
registerAppIdin interfaceVaultConnector- Parameters:
appID- The unique App-IDpolicy- The policy to associate withdisplayName- Arbitrary name to display- Returns:
trueon success- Throws:
VaultConnectorException- on error
-
registerUserId
@Deprecated(since="0.4", forRemoval=true) public final boolean registerUserId(String appID, String userID) throws VaultConnectorException Deprecated, for removal: This API element is subject to removal in a future version.Description copied from interface:VaultConnectorRegister User-ID with App-ID.- Specified by:
registerUserIdin interfaceVaultConnector- Parameters:
appID- The App-IDuserID- The User-ID- Returns:
trueon success- Throws:
VaultConnectorException- on error
-
createAppRole
Description copied from interface:VaultConnectorRegister a new AppRole role from given metamodel.- Specified by:
createAppRolein interfaceVaultConnector- Parameters:
role- The role- Returns:
trueon success- Throws:
VaultConnectorException- on error
-
lookupAppRole
Description copied from interface:VaultConnectorLookup an AppRole role.- Specified by:
lookupAppRolein interfaceVaultConnector- Parameters:
roleName- The role name- Returns:
- Result of the lookup
- Throws:
VaultConnectorException- on error
-
deleteAppRole
Description copied from interface:VaultConnectorDelete AppRole role from Vault.- Specified by:
deleteAppRolein interfaceVaultConnector- Parameters:
roleName- The role name- Returns:
trueon success- Throws:
VaultConnectorException- on error
-
getAppRoleID
Description copied from interface:VaultConnectorRetrieve ID for an AppRole role.- Specified by:
getAppRoleIDin interfaceVaultConnector- Parameters:
roleName- The role name- Returns:
- The role ID
- Throws:
VaultConnectorException- on error
-
setAppRoleID
Description copied from interface:VaultConnectorSet custom ID for an AppRole role.- Specified by:
setAppRoleIDin interfaceVaultConnector- Parameters:
roleName- The role nameroleID- The role ID- Returns:
trueon success- Throws:
VaultConnectorException- on error
-
createAppRoleSecret
public final AppRoleSecretResponse createAppRoleSecret(String roleName, AppRoleSecret secret) throws VaultConnectorException Description copied from interface:VaultConnectorRegister new AppRole secret with custom ID.- Specified by:
createAppRoleSecretin interfaceVaultConnector- Parameters:
roleName- The role namesecret- The secret meta object- Returns:
- The secret ID
- Throws:
VaultConnectorException- on error
-
lookupAppRoleSecret
public final AppRoleSecretResponse lookupAppRoleSecret(String roleName, String secretID) throws VaultConnectorException Description copied from interface:VaultConnectorLookup an AppRole secret.- Specified by:
lookupAppRoleSecretin interfaceVaultConnector- Parameters:
roleName- The role namesecretID- The secret ID- Returns:
- Result of the lookup
- Throws:
VaultConnectorException- on error
-
destroyAppRoleSecret
public final boolean destroyAppRoleSecret(String roleName, String secretID) throws VaultConnectorException Description copied from interface:VaultConnectorDestroy an AppRole secret.- Specified by:
destroyAppRoleSecretin interfaceVaultConnector- Parameters:
roleName- The role namesecretID- The secret meta object- Returns:
- The secret ID
- Throws:
VaultConnectorException- on error
-
listAppRoles
Description copied from interface:VaultConnectorList existing (accessible) AppRole roles.- Specified by:
listAppRolesin interfaceVaultConnector- Returns:
- List of roles
- Throws:
VaultConnectorException- on error
-
listAppRoleSecrets
Description copied from interface:VaultConnectorList existing (accessible) secret IDs for AppRole role.- Specified by:
listAppRoleSecretsin interfaceVaultConnector- Parameters:
roleName- The role name- Returns:
- List of roles
- Throws:
VaultConnectorException- on error
-
read
Description copied from interface:VaultConnectorRetrieve any nodes content from Vault.- Specified by:
readin interfaceVaultConnector- Parameters:
key- Secret identifier- Returns:
- Secret response
- Throws:
VaultConnectorException- on error
-
readSecretVersion
public final SecretResponse readSecretVersion(String mount, String key, Integer version) throws VaultConnectorException Description copied from interface:VaultConnectorRetrieve secret data from Vault.
Path<mount>/data/<key>is read here. Only available for KV v2 secrets.- Specified by:
readSecretVersionin interfaceVaultConnector- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret identifierversion- Version to read. Ifnullor zero, the latest version will be returned.- Returns:
- Secret response.
- Throws:
VaultConnectorException- on error
-
readSecretMetadata
public final MetadataResponse readSecretMetadata(String mount, String key) throws VaultConnectorException Description copied from interface:VaultConnectorRetrieve secret metadata from Vault.
Path<mount>/metadata/<key>is read here. Only available for KV v2 secrets.- Specified by:
readSecretMetadatain interfaceVaultConnector- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret identifier- Returns:
- Metadata response
- Throws:
VaultConnectorException- on error
-
updateSecretMetadata
public void updateSecretMetadata(String mount, String key, Integer maxVersions, boolean casRequired) throws VaultConnectorException Description copied from interface:VaultConnectorUpdate secret metadata.
Path<mount>/metadata/<key>is written here. Only available for KV v2 secrets.- Specified by:
updateSecretMetadatain interfaceVaultConnector- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret identifiermaxVersions- Maximum number of versions (fallback to backend default ifnull)casRequired- Specify if Check-And-Set is required for this secret.- Throws:
VaultConnectorException- on error
-
writeSecretData
public final SecretVersionResponse writeSecretData(String mount, String key, Map<String, Object> data, Integer cas) throws VaultConnectorExceptionDescription copied from interface:VaultConnectorWrite secret to Vault.
Path<mount>/data/<key>is written here. Only available for KV v2 secrets.- Specified by:
writeSecretDatain interfaceVaultConnector- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret identifierdata- Secret content. Value must be be JSON serializable.cas- Use Check-And-Set operation, i.e. only allow writing if current version matches this value.- Returns:
- Metadata for the created/updated secret.
- Throws:
VaultConnectorException- on error
-
list
Description copied from interface:VaultConnectorList available nodes from Vault.- Specified by:
listin interfaceVaultConnector- Parameters:
path- Root path to search- Returns:
- List of secret keys
- Throws:
VaultConnectorException- on error
-
write
public final void write(String key, Map<String, Object> data, Map<String, throws VaultConnectorExceptionObject> options) Description copied from interface:VaultConnectorWrite value to Vault.- Specified by:
writein interfaceVaultConnector- Parameters:
key- Secret pathdata- Secret content. Value must be be JSON serializable.options- Secret options (optional).- Throws:
VaultConnectorException- on error
-
delete
Description copied from interface:VaultConnectorDelete key from Vault.- Specified by:
deletein interfaceVaultConnector- Parameters:
key- Secret path- Throws:
VaultConnectorException- on error
-
deleteLatestSecretVersion
public final void deleteLatestSecretVersion(String mount, String key) throws VaultConnectorException Description copied from interface:VaultConnectorDelete latest version of a secret from Vault.
Only available for KV v2 stores.- Specified by:
deleteLatestSecretVersionin interfaceVaultConnector- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret path.- Throws:
VaultConnectorException- on error
-
deleteAllSecretVersions
Description copied from interface:VaultConnectorDelete latest version of a secret from Vault.
Prefixsecret/is automatically added to path. Only available for KV v2 stores.- Specified by:
deleteAllSecretVersionsin interfaceVaultConnector- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret path.- Throws:
VaultConnectorException- on error
-
deleteSecretVersions
public final void deleteSecretVersions(String mount, String key, int... versions) throws VaultConnectorException Description copied from interface:VaultConnectorDelete secret versions from Vault.
Only available for KV v2 stores.- Specified by:
deleteSecretVersionsin interfaceVaultConnector- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret path.versions- Versions of the secret to delete.- Throws:
VaultConnectorException- on error
-
undeleteSecretVersions
public final void undeleteSecretVersions(String mount, String key, int... versions) throws VaultConnectorException Description copied from interface:VaultConnectorUndelete (restore) secret versions from Vault. Only available for KV v2 stores.- Specified by:
undeleteSecretVersionsin interfaceVaultConnector- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret path.versions- Versions of the secret to undelete.- Throws:
VaultConnectorException- on error
-
destroySecretVersions
public final void destroySecretVersions(String mount, String key, int... versions) throws VaultConnectorException Description copied from interface:VaultConnectorDestroy secret versions from Vault. Only available for KV v2 stores.- Specified by:
destroySecretVersionsin interfaceVaultConnector- Parameters:
mount- Secret store mount point (without leading or trailing slash).key- Secret path.versions- Versions of the secret to destroy.- Throws:
VaultConnectorException- on error
-
revoke
Description copied from interface:VaultConnectorRevoke given lease immediately.- Specified by:
revokein interfaceVaultConnector- Parameters:
leaseID- the lease ID- Throws:
VaultConnectorException- on error
-
renew
Description copied from interface:VaultConnectorRenew lease with given ID.- Specified by:
renewin interfaceVaultConnector- Parameters:
leaseID- the lase IDincrement- number of seconds to extend lease time- Returns:
- Renewed lease
- Throws:
VaultConnectorException- on error
-
createToken
Description copied from interface:VaultConnectorCreate a new token.- Specified by:
createTokenin interfaceVaultConnector- Parameters:
token- the token- Returns:
- the result response
- Throws:
VaultConnectorException- on error
-
createToken
Description copied from interface:VaultConnectorCreate a new token.- Specified by:
createTokenin interfaceVaultConnector- Parameters:
token- the tokenorphan- create orphan token- Returns:
- the result response
- Throws:
VaultConnectorException- on error
-
createToken
Description copied from interface:VaultConnectorCreate a new token for specific role.- Specified by:
createTokenin interfaceVaultConnector- Parameters:
token- the tokenrole- the role name- Returns:
- the result response
- Throws:
VaultConnectorException- on error
-
close
public final void close()- Specified by:
closein interfaceAutoCloseable
-
lookupToken
Description copied from interface:VaultConnectorLookup token information.- Specified by:
lookupTokenin interfaceVaultConnector- Parameters:
token- the token- Returns:
- the result response
- Throws:
VaultConnectorException- on error
-
createOrUpdateTokenRole
Description copied from interface:VaultConnectorCreate a new or update an existing token role.- Specified by:
createOrUpdateTokenRolein interfaceVaultConnector- Parameters:
name- the role name (overrides name possibly set in role entity)role- the role entity- Returns:
trueon success- Throws:
VaultConnectorException- on error
-
readTokenRole
Description copied from interface:VaultConnectorLookup token information.- Specified by:
readTokenRolein interfaceVaultConnector- Parameters:
name- the role name- Returns:
- the result response
- Throws:
VaultConnectorException- on error
-
listTokenRoles
Description copied from interface:VaultConnectorList available token roles from Vault.- Specified by:
listTokenRolesin interfaceVaultConnector- Returns:
- List of token roles
- Throws:
VaultConnectorException- on error
-
deleteTokenRole
Description copied from interface:VaultConnectorDelete a token role.- Specified by:
deleteTokenRolein interfaceVaultConnector- Parameters:
name- the role name to delete- Returns:
trueon success- Throws:
VaultConnectorException- on error
-