Module vault.java.driver
Package io.github.jopenlibs.vault

Class Vault

  • public class Vault
extends java.lang.Object

    The Vault driver class, the primary interface through which dependent applications will access Vault.

    This driver exposes a DSL, compartmentalizing the various endpoints of the HTTP API (e.g. "/", "sys/init", "sys/seal") into separate implementation classes (e.g. Logical, Init, etc).

    Example usage:

    
 final VaultConfig config = new VaultConfig
                                    .address("http://127.0.0.1:8200")
                                    .token("eace6676-4d78-c687-4e54-03cad00e3abf")
                                    .build();
 final Vault vault = new Vault(config);

 ...

 final Map<String, String> secrets = new HashMap<String, String>();
 secrets.put("value", "world");
 secrets.put("other_value", "You can store multiple name/value pairs under a given key");

 final LogicalResponse writeResponse = vault
                                         .withRetries(5, 1000)  // optional
                                         .logical()
                                         .write("secret/hello", secrets);

 ...

 final String value = vault.logical()
                        .read("secret/hello")
                        .getData().get("value");

    • Constructor Summary

      Constructors 
      Constructor Description
      Vault​(VaultConfig vaultConfig)
      Construct a Vault driver instance with the provided config settings.
      Vault​(VaultConfig vaultConfig, java.lang.Boolean useSecretsEnginePathMap, java.lang.Integer globalFallbackVersion)
      Construct a Vault driver instance with the provided config settings.
      Vault​(VaultConfig vaultConfig, java.lang.Integer engineVersion)
      Construct a Vault driver instance with the provided config settings, and use the provided global KV Engine version for all secrets.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      Auth auth()
      Returns the implementing class for operations on Vault's /v1/auth/* REST endpoints
      Database database()  
      Database database​(java.lang.String mountPath)  
      Debug debug()
      Returns the implementing class for Vault's debug operations (e.g.
      java.util.Map<java.lang.String,​java.lang.String> getSecretEngineVersions()  
      Leases leases()
      Returns the implementing class for Vault's lease operations (e.g.
      Logical logical()
      Returns the implementing class for Vault's core/logical operations (e.g.
      Mounts mounts()
      Returns the implementing class for Vault's sys mounts operations (i.e.
      Pki pki()
      Returns the implementing class for Vault's PKI secret backend (i.e.
      Pki pki​(java.lang.String mountPath)
      Returns the implementing class for Vault's PKI secret backend, using a custom path when that backend is mounted on something other than the default (i.e.
      Seal seal()
      Returns the implementing class for Vault's seal operations (e.g.
      Vault withRetries​(int maxRetries, int retryIntervalMilliseconds)
      This method is chained ahead of endpoints (e.g.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • Vault

        public Vault​(VaultConfig vaultConfig)
        Construct a Vault driver instance with the provided config settings.
        Parameters:
        vaultConfig - Configuration settings for Vault interaction (e.g. server address, token, etc) If the VaultConfig Engine version path map is not supplied in the config, default to global KV engine version 2.

      • Vault

        public Vault​(VaultConfig vaultConfig,
             java.lang.Integer engineVersion)
        Construct a Vault driver instance with the provided config settings, and use the provided global KV Engine version for all secrets.
        Parameters:
        vaultConfig - Configuration settings for Vault interaction (e.g. server address, token, etc)
        engineVersion - Which version of the Key/Value Secret Engine to use globally (i.e. 1 or 2)

      • Vault

        public Vault​(VaultConfig vaultConfig,
             java.lang.Boolean useSecretsEnginePathMap,
             java.lang.Integer globalFallbackVersion)
      throws VaultException
        Construct a Vault driver instance with the provided config settings.
        Parameters:
        vaultConfig - Configuration settings for Vault interaction (e.g. server address, token, etc) If the Secrets engine version path map is not provided, or does not contain the requested secret, fall back to the global version supplied.
        useSecretsEnginePathMap - Whether to use a provided KV Engine version map from the Vault config, or generate one. If a secrets KV Engine version map is not supplied, use Vault APIs to determine the KV Engine version for each secret. This call requires admin rights.
        globalFallbackVersion - The Integer version of the KV Engine to use as a global fallback.
        Throws:
        VaultException - If any error occurs

    • Method Detail

      • withRetries

        public Vault withRetries​(int maxRetries,
                         int retryIntervalMilliseconds)
        This method is chained ahead of endpoints (e.g. logical(), auth(), etc... to specify retry rules for any API operations invoked on that endpoint.
        Parameters:
        maxRetries - The number of times that API operations will be retried when a failure occurs
        retryIntervalMilliseconds - The number of milliseconds that the driver will wait in between retries
        Returns:
        This object, with maxRetries and retryIntervalMilliseconds populated

      • logical

        public Logical logical()
        Returns the implementing class for Vault's core/logical operations (e.g. read, write).
        Returns:
        The implementing class for Vault's core/logical operations (e.g. read, write)

      • auth

        public Auth auth()
        Returns the implementing class for operations on Vault's /v1/auth/* REST endpoints
        Returns:
        The implementing class for Vault's auth operations.

      • pki

        public Pki pki()
        Returns the implementing class for Vault's PKI secret backend (i.e. /v1/pki/* REST endpoints).
        Returns:
        The implementing class for Vault's PKI secret backend.

      • pki

        public Pki pki​(java.lang.String mountPath)

        Returns the implementing class for Vault's PKI secret backend, using a custom path when that backend is mounted on something other than the default (i.e. /v1/pki).

        For instance, if your PKI backend is instead mounted on /v1/root-ca, then "root-ca" would be passed via the mountPath parameter. Example usage:

        
 final VaultConfig config = new VaultConfig().address(...).token(...).build();
 final Vault vault = new Vault(config);
 final PkiResponse response = vault.pki("root-ca").createOrUpdateRole("testRole");

 assertEquals(204, response.getRestResponse().getStatus());
        Parameters:
        mountPath - The path on which your Vault PKI backend is mounted, without the /v1/ prefix
        Returns:
        The implementing class for Vault's PKI secret backend.

      • database

        public Database database​(java.lang.String mountPath)

      • leases

        public Leases leases()
        Returns the implementing class for Vault's lease operations (e.g. revoke, revoke-prefix).
        Returns:
        The implementing class for Vault's lease operations (e.g. revoke, revoke-prefix).

      • debug

        public Debug debug()
        Returns the implementing class for Vault's debug operations (e.g. raw, health).
        Returns:
        The implementing class for Vault's debug operations (e.g. raw, health)

      • mounts

        public Mounts mounts()
        Returns the implementing class for Vault's sys mounts operations (i.e. /v1/sys/mounts/* REST endpoints).
        Returns:
        the implementing class for Vault's sys mounts operations

      • seal

        public Seal seal()
        Returns the implementing class for Vault's seal operations (e.g. seal, unseal, sealStatus).
        Returns:
        The implementing class for Vault's seal operations (e.g. seal, unseal, sealStatus).

      • getSecretEngineVersions

        public java.util.Map<java.lang.String,​java.lang.String> getSecretEngineVersions()