Java Vault Connector
Changelog
1.4.0 - 2024-12-07 »
Removal
- Remove deprecated
get...TimeString()
on model classes (#77) - Drop support for deprecated
App-ID
auth backend (#61) (#78)
Fix
- Add jackson-annotations requirement to module-info (#84)
Dependencies
- Updated Jackson to 2.18.2 (#85)
Test
- Tested against Vault 1.2 to 1.18
1.3.1 - 2024-10-03 »
Fix
- Remove
Automatic-Module-Name
from JAR manifest (#79)
Dependencies
- Updated Jackson to 2.18.0 (#80)
1.3.0 - 2024-06-29 »
Improvements
- Simplify JSON parsing in error handler
- Add new fields from Vault 1.16 and 1.17 to
HealthResponse
(#76)echo_duration_ms
clock_skew_ms
replication_primary_canary_age_ms
enterprise
- Add missing
num_uses
field toAuthData
- Add
mount_type
attribute to common response model - Add
auth
attribute to common response model - Add
custom_metadata
,cas_required
anddelete_version_after
fields for KVv2 metadata - Generate and attach CycloneDX SBOM
Fix
- Rename
enable_local_secret_id
tolocal_secret_ids
inAppRole
model
Dependencies
- Updated Jackson to 2.17.1
Test
- Tested against Vault 1.2 to 1.17
1.2.0 - 2023-12-11 »
Deprecations
get...TimeString()
methods on various model classes are now deprecated
Improvements
- Parse timestamps as
ZonedDateTime
instead ofString
representation - Remove redundant
java.base
requirement from module-info.java (#69) - Close Java HTTP Client when running on Java 21 or later (#70)
- Add MFA requirements to
AuthResponse
(#71) - Extend
AuthMethod
data model (#72)
Dependencies
- Updated Jackson to 2.16.0
Test
- Tested against Vault 1.2.0 to 1.15.4
1.1.5 - 2023-08-19 »
Fix
- Fixed JSON type conversion in
SecretResponse#get(String, Class)
(#67)
Test
- Tested against Vault 1.2.0 to 1.14.0
1.1.4 - 2023-06-15 »
Fix
- Use
[+-]XX:XX
notation for timezone in date/time parsing
Improvements
- Use explicit UTF-8 encoding for parsing responses
Dependencies
- Updated Jackson to 2.15.2
Test
- Tested against Vault 1.2.0 to 1.13.3
1.1.3 - 2023-01-31 »
Deprecations
- AppID components (deprecated since 0.4) are marked for removal with the next major release
Dependencies
- Updated Jackson to 2.14.2
Improvements
- Minor internal refactoring
Test
- Tested against Vault 1.2.0 to 1.12.2
1.1.2 - 2022-10-26 »
Dependencies
- Updated Jackson to 2.13.4.2
Test
- Tested against Vault 1.2.0 to 1.12.0
- Disable AppID tests for Vault 1.12 and above (auth method removed)
- Tested with Java 19
1.1.1 - 2022-08-29 »
Dependencies
- Updated Jackson to 2.13.3
Test
- Tested against Vault 1.11.2
- Tested with Java 18
1.1.0 - 2022-04-24 »
Fix
- Use
replication_performance_mode
instead ofreplication_perf_mode in health response
Improvements
- Add
migration
,recovery_seal
andstorage_type
fields toSealResponse
model - Add support for
wrap_info
in data response models - Dependency updates
- Model and response classes implement
Serializable
(#57) - Split
SercretResponse
intoPlainSecretResponse
andMetaSecretResponse
subclasses (common API unchanged) - Add missing fields to
AuthMethod
model - Add support for (dis)allowed policy glob patterns in
TokenRole
- Add request ID to data response models
Test
- Tested against Vault 1.10.1
1.0.1 - 2021-11-21 »
Fix
- Make
HTTPVaultConnectorBuilder#withPort(Integer)
null-safe (#56) - Make system-lambda dependency test-only (#58)
Test
- Tested against Vault 1.9.0
1.0.0 - 2021-10-02 »
Breaking
- Requires Java 11 or later
- Builder invocation has changed, use
HTTPVaultConnector.builder()....build()
Removal
- Remove deprecated
VaultConnectorFactory
in favor ofVaultConnectorBuilder
with identical API - Remove deprecated
AppRoleBuilder
andTokenBuilder
in favor ofAppRole.Builder
andToken.Builder
- Remove deprecated
Period
,Policy
andPolicies
methods fromAppRole
in favor ofToken
-prefixed versions - Remove deprecated
SecretResponse#getValue()
method, useget("value")
instead - Remove deprecated convenience methods for interaction with "secret" mount
Improvements
- Use pre-sized map objects for fixed-size payloads
- Remove Apache HTTP Client dependency in favor of Java 11 HTTP
- Introduce Java module descriptor
Test
- Tested against Vault 1.8.3
0.9.5 - 2021-07-28 »
Deprecations
- Deprecate
{read,write,delete}Secret()
convenience methods. Use{read,write,delete}("secret/...")
instead (#52) - Deprecated builder invocation
VaultConnectorBuilder.http()
in favor ofHTTPVaultConnector.builder()
(#51) - Deprecated
de.stklcode.jvault.connector.builder.HTTPVaultConnectorBuilder
in favor ofde.stklcode.jvault.connector.HTTPVaultConnectorBuilder
(only package changed) (#51)
Old builders will be removed in 1.0
Improvements
- Minor dependency updates
Test
- Tested against Vault 1.8.0
0.9.4 - 2021-06-06 »
Deprecations
AppRole.Builder#wit0hTokenPeriod()
is deprecated in favor of#withTokenPeriod()
(#49)
Improvements
- Minor dependency updates
Test
- Tested against Vault 1.7.2
0.9.3 - 2021-04-02 »
Improvements
- Use pre-sized map objects for fixed-size payloads
- Minor dependency updates
- Unit test adjustments for JDK 16 build environments
Test
- Tested against Vault 1.7.0
0.9.2 - 2021-01-24 »
Fixes
- Only initialize custom trust managers, if CA certificate is actually provided (#43)
Improvements
- Minor dependency updates
0.9.1 - 2021-01-03 »
Improvements
- Dependency updates
Test
- Tested against Vault 1.6.1
0.9.0 - 2020-04-29 »
Fixes
- Correctly parse Map field for token metadata (#34)
- Correctly map token policies on token lookup (#35)
Features
Improvements
- Added
entity_id
,token_policies
,token_type
andorphan flags
to auth response - Added
entity_id
,expire_time
,explicit_max_ttl
,issue_time
,renewable
andtype
flags to token data - Added
explicit_max_ttl
,period
andentity_alias flags
to Token model (#41) - Added
enable_local_secret_ids
,token_bound_cidrs
,token_explicit_max_ttl
,token_no_default_policy
,token_num_uses
,token_period
andtoken_type
flags to AppRole model - Minor dependency updates
Deprecations
AppRole#getPolicies()
and#setPolicies()
are deprecated in favor of#getTokenPolicies()
and#setTokenPolicies()
AppRole#getPeriod()
is deprecated in favor of#getTokenPeriod()
AppRoleBuilder
andTokenBuilder
in favor ofAppRole.Builder
andToken.Builder
- All-arg constructors of
AppRole
andToken
in favor of.builder()....build()
introduced in 0.8
Removals
- Deprecated methods
AppRole#getBoundCidrList()
,#setBoundCidrList()
andgetBoundCidrListString()
have been removed
Test
- Tested against Vault 1.4.0
0.8.2 - 2019-10-20 »
Fixes
- Fixed token lookup (#31)
Improvements
- Updated ependencies
Test
- Tested against Vault 1.2.3
0.8.1 - 2019-08-16 »
Fixes
- Removed compile dependency to JUnit library (#30)
Improvements
- Updated ependencies
Test
- Tested against Vault 1.2.2
0.8.0 - 2019-03-24 »
Breaking
- Moved Maven artifact to
de.stklcode.jvault:jvault-connector
(#28) - Removed support for
HTTPVaultConnectorFactory#withSslContext()
in favor of#withTrustedCA()
Features
- Support for KV version 2 secret engine (#16)
- Ability to pass custom mount point to KV v2 read/write methods (#25)
Improvements
- refactoring of the internal SSL handling (#17)
VaultConnector
implementsjava.io.Serializable
(#19)- Added missing flags to
SealResponse
(#20) - Added replication flags to
HealthResponse
(#21) - Enforce TLS 1.2 by default with option to override (#22)
- Build environment and tests now compatible with Java 10 and above
- Updated dependencies to fix vulnerabilities (i.e. CVE-2018-7489)
- New static method
Token.builder()
to get token builder instance - New static method
AppRole.builder()
to get AppRole builder instance
Deprecation
VaultConnectorFactory
is deprecated in favor ofVaultConnectorBuilder
with identical API (#18)AppRoleBuilder#withBoundCidrList(List)
is deprecated in favor ofAppRoleBuilder#withSecretIdBoundCidrs(List)
(#24)
0.7.1 - 2018-03-17 »
Improvements
- Added automatic module name for JPMS compatibility
- Minor dependency updates
Test
- Tested against Vault 0.9.5
0.7.0 - 2017-10-03 »
Features
- Retrieval of health status via
getHealth()
(#15)
Improvements
seal()
,unseal()
are now void and throw Exception on error (#12)- Adaptation to Vault 0.8 endpoints for
renew
andrevoke
, breaking 0.7 compatibility (#11)
Removed
- Removed deprecated
listAppRoleSecretss()
(uselistAppRoleSecrets()
) (#14)
Test
- Tested against Vault 0.8.3
0.6.2 - 2017-08-19 »
Fixes
- Prevent potential NPE on SecretResponse getter
- Removed stack traces on PUT request and response deserialization (#13)
Improvements
- Fields of InvalidResposneException made final
Deprecation
listAppRoleSecretss()
in favor oflistAppRoleSecrets()
(#14)
Test
- Tested against Vault 0.8.1, increased coverage
0.6.1 - 2017-08-02 »
Fixes
TokenModel.getPassword()
returned username instead of passwordTokenModel.getUsername()
andgetPassword()
could produce NPE in multithreaded environmentsTokenData.getCreatinTtl()
renamed togetCreationTtl()
(typo fix)
Test
- Tested against Vault 0.7.3
0.6.0 - 2017-05-12 »
Fixes
SecretResponse
does not throw NPE onget(key)
andgetData()
Features
- Initialization from environment variables using
fromEnv()
in factory (#8) - Automatic authentication with
buildAndAuth()
- Custom timeout and number of retries (#9)
- Connector implements
AutoCloseable
Test
- Tested against Vault 0.7.0
0.5.0 - 2017-03-18 »
Fixes
- Minor bugfix in
TokenBuilder
Features
- Convenience methods for DB credentials (#7)
Deprecation
SecretResponse.getValue()
deprecated
Test
- Tested against Vault 0.7.0
0.4.1 - 2016-12-24 »
Fixes
- Factory Null-tolerant for trusted certificate (#6)
Test
- StackTraces tested for secret leaks
- Tested against Vault 0.6.4
0.4.0 - 2016-11-06 »
Features
- Option to provide a trusted CA certificate (#2)
- Deletion, revocation and renewal of secrets (#3)
- Token creation (#4)
- AppRole auth backend supported (#5)
Improvements
- Support for complex secrets
Deprecation
- App-ID backend marked as deprecated
0.3.0 - 2016-10-07 »
Features
- Retrieval of JSON objects (#1)
Test
- Tested against Vault 0.6.2
0.2.0 - 2016-09-01 »
Fixes
- Fixed auth backend detection for Vault 0.6.1
Improvements
- Dependecies updated and CommonsIO removed
Test
- Tested against Vault 0.6.1
0.1.1 - 2016-06-20 »
Fixes
- Check for "permission denied" without status code 400 instead of 403
Test
- Tested against Vault 0.6.0
0.1.0 - 2016-03-29 »
- First release