Module vault.java.driver
Package io.github.jopenlibs.vault.api.sys

Class Leases

java.lang.Object
io.github.jopenlibs.vault.api.OperationsBase
io.github.jopenlibs.vault.api.sys.Leases
public class Leases extends OperationsBase

The implementing class for operations on REST endpoints, under the "Leases" section of the Vault HTTP API docs ( https://www.vaultproject.io/docs/http/index.html).

This class is not intended to be constructed directly. Rather, it is meant to used by way of Vault in a DSL-style builder pattern. See the Javadoc comments of each public method for usage examples.

  • Constructor Details

  • Method Details

    • withNameSpace

      public Leases withNameSpace(String nameSpace)

    • revoke

      public VaultResponse revoke(String leaseId) throws VaultException

      Immediately revokes a secret associated with a given lease. E.g.:

      
 final VaultResponse response = vault.leases().revoke("7c63da27-a56b-3e3b-377d-ef74630a6d0b");
 assertEquals(204, response.getRestResponse().getStatus());
      Parameters:
      leaseId - A lease ID associated with the secret to be revoked
      Returns:
      The response information returned from Vault
      Throws:
      VaultException - If an error occurs, or unexpected reponse received from Vault

    • revokePrefix

      public VaultResponse revokePrefix(String prefix) throws VaultException

      Revokes all secrets (via a lease ID prefix) or tokens (via the tokens' path property) generated under a given prefix immediately. This requires sudo capability and access to it should be tightly controlled as it can be used to revoke very large numbers of secrets/tokens at once. E.g.:

      
 final VaultResponse response = vault.leases().revokePrefix("aws");
 assertEquals(204, response.getRestResponse().getStatus());
      Parameters:
      prefix - A Vault path prefix, for which all secrets beneath it should be revoked
      Returns:
      The response information returned from Vault
      Throws:
      VaultException - If an error occurs, or unexpected reponse received from Vault

    • revokeForce

      public VaultResponse revokeForce(String prefix) throws VaultException

      Revokes all secrets or tokens generated under a given prefix immediately. Unlike revokePrefix(String), this method ignores backend errors encountered during revocation. This is potentially very dangerous and should only be used in specific emergency situations where errors in the backend or the connected backend service prevent normal revocation. By ignoring these errors, Vault abdicates responsibility for ensuring that the issued credentials or secrets are properly revoked and/or cleaned up. Access to this endpoint should be tightly controlled. E.g.:

      
 final VaultResponse response = vault.leases().revokePrefix("aws");
 assertEquals(204, response.getRestResponse().getStatus());
      Parameters:
      prefix - A Vault path prefix, for which all secrets beneath it should be revoked
      Returns:
      The response information returned from Vault
      Throws:
      VaultException - If an error occurs, or unexpected reponse received from Vault

    • renew

      public VaultResponse renew(String leaseId, long increment) throws VaultException

      Renews a given secret lease.

      
 final VaultResponse response = vault.leases().renew("mongodb/creds/myapp/cd7f9834-b870-9ebc-3da5-27bf9cdc42ad");
 assertEquals(200, response.getRestResponse().getStatus());
      Parameters:
      leaseId - A lease ID associated with a secret
      increment - A requested amount of time in seconds to extend the lease. This is advisory.
      Returns:
      The response information returned from Vault
      Throws:
      VaultException - The response information returned from Vault