Module vault.java.driver
Package io.github.jopenlibs.vault

Class VaultConfig

java.lang.Object
io.github.jopenlibs.vault.VaultConfig
All Implemented Interfaces:
Serializable
public class VaultConfig extends Object implements Serializable

A container for the configuration settings needed to initialize a Vault driver instance.

Construct instances of this class using a builder pattern, calling setter methods for each value and then terminating with a call to build():


 final VaultConfig config = new VaultConfig()
                              .address("http://127.0.0.1:8200")
                              .token("eace6676-4d78-c687-4e54-03cad00e3abf")
                              .sslConfig(new SslConfig().verify(false).build())
                              .timeout(30)
                              .build();
See Also:

  • Field Details

  • Constructor Details

    • VaultConfig

      public VaultConfig()

  • Method Details

    • environmentLoader

      public VaultConfig environmentLoader(EnvironmentLoader environmentLoader)

      The code used to load environment variables is encapsulated here, so that a mock version of that environment loader can be used by unit tests.

      This method is primarily intended for use by unit tests, to inject a mock environment variable when constructing a VaultConfig instance using the builder pattern approach rather than the convenience constructor. This method's access level was therefore originally set to protected, but was bumped up to public due to community request for the ability to disable environment loading altogether (see https://github.com/BetterCloud/vault-java-driver/issues/77).

      Note that if you do override this, however, then obviously all of the environment checking discussed in the documentation becomes disabled.

      Parameters:
      environmentLoader - An environment variable loader implementation (presumably a mock)
      Returns:
      This object, with environmentLoader populated, ready for additional builder-pattern method calls or else finalization with the build() method

    • nameSpace

      public VaultConfig nameSpace(String nameSpace) throws VaultException

      Optional. Sets a global namespace to the Vault server instance, if desired. Otherwise, namespace can be applied individually to any read / write / auth call.

      Namespace support requires Vault Enterprise Pro, please see https://learn.hashicorp.com/vault/operations/namespaces

      Parameters:
      nameSpace - The namespace to use globally in this VaultConfig instance.
      Returns:
      This object, with the namespace populated, ready for additional builder-pattern method calls or else finalization with the build() method
      Throws:
      VaultException - If any error occurs

    • engineVersion

      public VaultConfig engineVersion(Integer globalEngineVersion)

      Sets the KV Secrets Engine version of the Vault server instance.

      If no version is explicitly set, it will be defaulted to version 2, the current version.

      Parameters:
      globalEngineVersion - The Vault KV Secrets Engine version
      Returns:
      This object, with KV Secrets Engine version populated, ready for additional builder-pattern method calls or else finalization with the build() method

    • address

      public VaultConfig address(String address)

      Sets the address (URL) of the Vault server instance to which API calls should be sent. E.g. http://127.0.0.1:8200.

      If no address is explicitly set, the object will look to the VAULT_ADDR environment variable.

      address is required for the Vault driver to function. If you do not supply it explicitly AND no environment variable value is found, then initialization of the VaultConfig object will fail.

      Parameters:
      address - The Vault server base URL
      Returns:
      This object, with address populated, ready for additional builder-pattern method calls or else finalization with the build() method

    • token

      public VaultConfig token(String token)

      Sets the token used to access Vault.

      If no token is explicitly set, then the object will look to the VAULT_TOKEN environment variable.

      There are some cases where you might want to instantiate a VaultConfig object without a token (e.g. you plan to retrieve a token programmatically, with a call to the "userpass" auth backend, and populate it prior to making any other API calls).

      Parameters:
      token - The token to use for accessing Vault
      Returns:
      This object, with token populated, ready for additional builder-pattern method calls or else finalization with the build() method

    • secretsEnginePathMap

      public VaultConfig secretsEnginePathMap(Map<String,String> secretEngineVersions)

      Sets the secrets Engine paths used by Vault.

      Parameters:
      secretEngineVersions - paths to use for accessing Vault secrets. Key: secret path, value: Engine version to use. Example map: "/secret/foo" , "1", "/secret/bar", "2"
      Returns:
      This object, with secrets paths populated, ready for additional builder-pattern method calls or else finalization with the build() method

    • putSecretsEngineVersionForPath

      public VaultConfig putSecretsEngineVersionForPath(String path, String version)

      Sets the secrets Engine version be used by Vault for the provided path.

      Parameters:
      path - the path to use for accessing Vault secrets. Example "/secret/foo"
      version - The key-value engine version used for this path.
      Returns:
      This object, with a new entry in the secrets paths map, ready for additional builder-pattern method calls or else finalization with the build() method

    • sslConfig

      public VaultConfig sslConfig(SslConfig sslConfig)

      A container for SSL-related configuration options (e.g. certificates).

      Although typically necessary in most production environments, this is not strictly required (e.g. if your Vault server address begins with "http://" instead of "https://", then any SSL config will be ignored). However, if your Vault server uses HTTPS, and you wish to skip SSL certificate verification (NOT RECOMMENDED FOR PRODUCTION!), then you must supply an SslConfig object with SslConfig.verify(Boolean) explicitly set to false.

      Parameters:
      sslConfig - SSL-related configuration options
      Returns:
      This object, with SSL configuration options populated, ready for additional builder-pattern method calls or else finalization with the build() method

    • openTimeout

      public VaultConfig openTimeout(Integer openTimeout)

      The number of seconds to wait before giving up on establishing an HTTP(S) connection to the Vault server.

      If no openTimeout is explicitly set, then the object will look to the VAULT_OPEN_TIMEOUT environment variable.

      Parameters:
      openTimeout - Number of seconds to wait for an HTTP(S) connection to successfully establish
      Returns:
      This object, with openTimeout populated, ready for additional builder-pattern method calls or else finalization with the build() method

    • readTimeout

      public VaultConfig readTimeout(Integer readTimeout)

      After an HTTP(S) connection has already been established, this is the number of seconds to wait for all data to finish downloading.

      If no readTimeout is explicitly set, then the object will look to the VAULT_READ_TIMEOUT environment variable.

      Parameters:
      readTimeout - Number of seconds to wait for all data to be retrieved from an established HTTP(S) connection
      Returns:
      This object, with readTimeout populated, ready for additional builder-pattern method calls or else finalization with the build() method

    • prefixPathDepth

      public VaultConfig prefixPathDepth(int prefixPathDepth)

      Set the "path depth" of the prefix path. Normally this is just 1, to correspond to one path element in the prefix path. To use a longer prefix path, set this value.

      Parameters:
      prefixPathDepth - integer number of path elements in the prefix path
      Returns:
      VaultConfig

    • prefixPath

      public VaultConfig prefixPath(String prefixPath)

      Set the "path depth" of the prefix path, by explicitly specifying the prefix path, e.g., "foo/bar/blah" would set the prefix path depth to 3.

      Parameters:
      prefixPath - string prefix path, with or without initial or final forward slashes
      Returns:
      VaultConfig

    • build

      public VaultConfig build() throws VaultException

      This is the terminating method in the builder pattern. The method that validates all of the fields that has been set already, uses environment variables when available to populate any unset fields, and returns a VaultConfig object that is ready for use.

      Returns:
      This object, with all available config options parsed and loaded
      Throws:
      VaultException - If the address field was left unset, and there is no VAULT_ADDR environment variable value with which to populate it.

    • getSecretsEnginePathMap

      public Map<String,String> getSecretsEnginePathMap()

    • getAddress

      public String getAddress()

    • getToken

      public String getToken()

    • getSslConfig

      public SslConfig getSslConfig()

    • getOpenTimeout

      public Integer getOpenTimeout()

    • getReadTimeout

      public Integer getReadTimeout()

    • getMaxRetries

      public int getMaxRetries()

    • getRetryIntervalMilliseconds

      public int getRetryIntervalMilliseconds()

    • getGlobalEngineVersion

      public Integer getGlobalEngineVersion()

    • getNameSpace

      public String getNameSpace()

    • getPrefixPathDepth

      public int getPrefixPathDepth()