java.lang.Object
io.github.jopenlibs.vault.VaultImpl
- All Implemented Interfaces:
Vault
The Vault driver class, the primary interface through which dependent applications will access Vault.
This driver exposes a DSL, compartmentalizing the various endpoints of the HTTP API (e.g.
"/", "sys/init", "sys/seal") into separate implementation classes (e.g. Logical,
Init, etc).
Example usage:
final VaultConfig config = new VaultConfig .address("http://127.0.0.1:8200") .token("eace6676-4d78-c687-4e54-03cad00e3abf") .build(); final Vault vault = Vault.create(config); ... final Map<String, String> secrets = new HashMap<String, String>(); secrets.put("value", "world"); secrets.put("other_value", "You can store multiple name/value pairs under a given key"); final LogicalResponse writeResponse = vault .withRetries(5, 1000) // optional .logical() .write("secret/hello", secrets); ... final String value = vault.logical() .read("secret/hello") .getData().get("value");
-
Constructor Summary
ConstructorsConstructorDescriptionVaultImpl(VaultConfig vaultConfig) Construct a Vault driver instance with the provided config settings.VaultImpl(VaultConfig vaultConfig, Boolean useSecretsEnginePathMap, Integer globalFallbackVersion) Construct a Vault driver instance with the provided config settings.VaultImpl(VaultConfig vaultConfig, Integer engineVersion) Construct a Vault driver instance with the provided config settings, and use the provided global KV Engine version for all secrets. -
Method Summary
Modifier and TypeMethodDescriptionauth()Returns the implementing class for operations on Vault's/v1/auth/*REST endpointsdatabase()debug()Returns the implementing class for Vault's debug operations (e.g. raw, health).leases()Returns the implementing class for Vault's lease operations (e.g. revoke, revoke-prefix).logical()Returns the implementing class for Vault's core/logical operations (e.g. read, write).mounts()Returns the implementing class for Vault's sys mounts operations (i.e.pki()Returns the implementing class for Vault's PKI secret backend (i.e.Returns the implementing class for Vault's PKI secret backend, using a custom path when that backend is mounted on something other than the default (i.e.seal()Returns the implementing class for Vault's seal operations (e.g. seal, unseal, sealStatus).sys()Returns the implementing class for operations on Vault's/v1/sys/*REST endpointswithRetries(int maxRetries, int retryIntervalMilliseconds) This method is chained ahead of endpoints (e.g.
-
Constructor Details
-
VaultImpl
Construct a Vault driver instance with the provided config settings.- Parameters:
vaultConfig- Configuration settings for Vault interaction (e.g. server address, token, etc) If the VaultConfig Engine version path map is not supplied in the config, default to global KV engine version 2.
-
VaultImpl
Construct a Vault driver instance with the provided config settings, and use the provided global KV Engine version for all secrets.- Parameters:
vaultConfig- Configuration settings for Vault interaction (e.g. server address, token, etc)engineVersion- Which version of the Key/Value Secret Engine to use globally (i.e. 1 or 2)
-
VaultImpl
public VaultImpl(VaultConfig vaultConfig, Boolean useSecretsEnginePathMap, Integer globalFallbackVersion) throws VaultException Construct a Vault driver instance with the provided config settings.- Parameters:
vaultConfig- Configuration settings for Vault interaction (e.g. server address, token, etc) If the Secrets engine version path map is not provided, or does not contain the requested secret, fall back to the global version supplied.useSecretsEnginePathMap- Whether to use a provided KV Engine version map from the Vault config, or generate one. If a secrets KV Engine version map is not supplied, use Vault APIs to determine the KV Engine version for each secret. This call requires admin rights.globalFallbackVersion- The Integer version of the KV Engine to use as a global fallback.- Throws:
VaultException- If any error occurs
-
-
Method Details
-
withRetries
This method is chained ahead of endpoints (e.g.logical(),auth(), etc... to specify retry rules for any API operations invoked on that endpoint.- Specified by:
withRetriesin interfaceVault- Parameters:
maxRetries- The number of times that API operations will be retried when a failure occursretryIntervalMilliseconds- The number of milliseconds that the driver will wait in between retries- Returns:
- This object, with maxRetries and retryIntervalMilliseconds populated
-
logical
Returns the implementing class for Vault's core/logical operations (e.g. read, write). -
auth
Returns the implementing class for operations on Vault's/v1/auth/*REST endpoints -
sys
Returns the implementing class for operations on Vault's/v1/sys/*REST endpoints -
pki
Returns the implementing class for Vault's PKI secret backend (i.e./v1/pki/*REST endpoints). -
pki
Returns the implementing class for Vault's PKI secret backend, using a custom path when that backend is mounted on something other than the default (i.e.
/v1/pki).For instance, if your PKI backend is instead mounted on
/v1/root-ca, then"root-ca"would be passed via themountPathparameter. Example usage:final VaultConfig config = new VaultConfig().address(...).token(...).build(); final Vault vault = Vault.create(config); final PkiResponse response = vault.pki("root-ca").createOrUpdateRole("testRole"); assertEquals(204, response.getRestResponse().getStatus()); -
database
-
database
-
leases
Returns the implementing class for Vault's lease operations (e.g. revoke, revoke-prefix). -
debug
Returns the implementing class for Vault's debug operations (e.g. raw, health). -
mounts
Returns the implementing class for Vault's sys mounts operations (i.e./v1/sys/mounts/*REST endpoints). -
seal
Returns the implementing class for Vault's seal operations (e.g. seal, unseal, sealStatus). -
getSecretEngineVersions
- Specified by:
getSecretEngineVersionsin interfaceVault
-