public class Logical
extends java.lang.Object
The implementing class for Vault's core/logical operations (e.g. read, write).
This class is not intended to be constructed directly. Rather, it is meant to used by way of Vault
in a DSL-style builder pattern. See the Javadoc comments of each public method for usage examples.
| Constructor and Description |
|---|
Logical(VaultConfig config) |
| Modifier and Type | Method and Description |
|---|---|
LogicalResponse |
delete(java.lang.String path)
Deletes the key/value pair located at the provided path.
|
java.util.List<java.lang.String> |
list(java.lang.String path)
Retrieve a list of keys corresponding to key/value pairs at a given Vault path.
|
LogicalResponse |
read(java.lang.String path)
Basic read operation to retrieve a secret.
|
LogicalResponse |
read(java.lang.String path,
boolean shouldRetry) |
LogicalResponse |
write(java.lang.String path,
java.util.Map<java.lang.String,java.lang.Object> nameValuePairs)
Basic operation to store secrets.
|
public Logical(VaultConfig config)
public LogicalResponse read(java.lang.String path) throws VaultException
Basic read operation to retrieve a secret. A single secret key can map to multiple name-value pairs, which can be retrieved from the response object. E.g.:
final LogicalResponse response = vault.logical().read("secret/hello"); final String value = response.getData().get("value"); final String otherValue = response.getData().get("other_value");
path - The Vault key value from which to read (e.g. secret/hello)VaultException - If any errors occurs with the REST request (e.g. non-200 status code, invalid JSON payload, etc), and the maximum number of retries is exceeded.public LogicalResponse read(java.lang.String path, boolean shouldRetry) throws VaultException
VaultExceptionpublic LogicalResponse write(java.lang.String path, java.util.Map<java.lang.String,java.lang.Object> nameValuePairs) throws VaultException
Basic operation to store secrets. Multiple name value pairs can be stored under the same secret key. E.g.:
final Map<String, String> nameValuePairs = new HashMap<String, Object>(); nameValuePairs.put("value", "foo"); nameValuePairs.put("other_value", "bar"); final LogicalResponse response = vault.logical().write("secret/hello", nameValuePairs);
The values in these name-value pairs may be booleans, numerics, strings, or nested JSON objects. However, be aware that this method does not recursively parse any nested structures. If you wish to write arbitrary JSON objects to Vault... then you should parse them to JSON outside of this method, and pass them here as JSON strings.
path - The Vault key value to which to write (e.g. secret/hello)nameValuePairs - Secret name and value pairs to store under this Vault key (can be null for writing to keys that do not need or expect any fields to be specified)VaultException - If any errors occurs with the REST request, and the maximum number of retries is exceeded.public java.util.List<java.lang.String> list(java.lang.String path)
throws VaultException
Retrieve a list of keys corresponding to key/value pairs at a given Vault path.
Key values ending with a trailing-slash characters are sub-paths. Running a subsequent list()
call, using the original path appended with this key, will retrieve all secret keys stored at that sub-path.
This method returns only the secret keys, not values. To retrieve the actual stored value for a key,
use read() with the key appended onto the original base path.
path - The Vault key value at which to look for secrets (e.g. secret)VaultException - If any errors occur, or unexpected response received from Vaultpublic LogicalResponse delete(java.lang.String path) throws VaultException
Deletes the key/value pair located at the provided path.
If the path represents a sub-path, then all of its contents must be deleted prior to deleting the empty sub-path itself.
path - The Vault key value to delete (e.g. secret/hello).VaultException - If any error occurs, or unexpected response received from Vault