Module vault.java.driver
Package io.github.jopenlibs.vault

Class VaultConfig

  • All Implemented Interfaces:
    java.io.Serializable
    public class VaultConfig
extends java.lang.Object
implements java.io.Serializable

    A container for the configuration settings needed to initialize a Vault driver instance.

    Construct instances of this class using a builder pattern, calling setter methods for each value and then terminating with a call to build():

    
 final VaultConfig config = new VaultConfig()
                              .address("http://127.0.0.1:8200")
                              .token("eace6676-4d78-c687-4e54-03cad00e3abf")
                              .sslConfig(new SslConfig().verify(false).build())
                              .timeout(30)
                              .build();
    See Also:
    SslConfig, Serialized Form

    • Constructor Detail

      • VaultConfig

        public VaultConfig()

    • Method Detail

      • environmentLoader

        public VaultConfig environmentLoader​(EnvironmentLoader environmentLoader)

        The code used to load environment variables is encapsulated here, so that a mock version of that environment loader can be used by unit tests.

        This method is primarily intended for use by unit tests, to inject a mock environment variable when constructing a VaultConfig instance using the builder pattern approach rather than the convenience constructor. This method's access level was therefore originally set to protected, but was bumped up to public due to community request for the ability to disable environment loading altogether (see https://github.com/BetterCloud/vault-java-driver/issues/77).

        Note that if you do override this, however, then obviously all of the environment checking discussed in the documentation becomes disabled.

        Parameters:
        environmentLoader - An environment variable loader implementation (presumably a mock)
        Returns:
        This object, with environmentLoader populated, ready for additional builder-pattern method calls or else finalization with the build() method

      • nameSpace

        public VaultConfig nameSpace​(java.lang.String nameSpace)
                      throws VaultException

        Optional. Sets a global namespace to the Vault server instance, if desired. Otherwise, namespace can be applied individually to any read / write / auth call.

        Namespace support requires Vault Enterprise Pro, please see https://learn.hashicorp.com/vault/operations/namespaces

        Parameters:
        nameSpace - The namespace to use globally in this VaultConfig instance.
        Returns:
        This object, with the namespace populated, ready for additional builder-pattern method calls or else finalization with the build() method
        Throws:
        VaultException - If any error occurs

      • engineVersion

        public VaultConfig engineVersion​(java.lang.Integer globalEngineVersion)

        Sets the KV Secrets Engine version of the Vault server instance.

        If no version is explicitly set, it will be defaulted to version 2, the current version.

        Parameters:
        globalEngineVersion - The Vault KV Secrets Engine version
        Returns:
        This object, with KV Secrets Engine version populated, ready for additional builder-pattern method calls or else finalization with the build() method

      • address

        public VaultConfig address​(java.lang.String address)

        Sets the address (URL) of the Vault server instance to which API calls should be sent. E.g. http://127.0.0.1:8200.

        If no address is explicitly set, the object will look to the VAULT_ADDR environment variable.

        address is required for the Vault driver to function. If you do not supply it explicitly AND no environment variable value is found, then initialization of the VaultConfig object will fail.

        Parameters:
        address - The Vault server base URL
        Returns:
        This object, with address populated, ready for additional builder-pattern method calls or else finalization with the build() method

      • token

        public VaultConfig token​(java.lang.String token)

        Sets the token used to access Vault.

        If no token is explicitly set, then the object will look to the VAULT_TOKEN environment variable.

        There are some cases where you might want to instantiate a VaultConfig object without a token (e.g. you plan to retrieve a token programmatically, with a call to the "userpass" auth backend, and populate it prior to making any other API calls).

        Parameters:
        token - The token to use for accessing Vault
        Returns:
        This object, with token populated, ready for additional builder-pattern method calls or else finalization with the build() method

      • secretsEnginePathMap

        public VaultConfig secretsEnginePathMap​(java.util.Map<java.lang.String,​java.lang.String> secretEngineVersions)

        Sets the secrets Engine paths used by Vault.

        Parameters:
        secretEngineVersions - paths to use for accessing Vault secrets. Key: secret path, value: Engine version to use. Example map: "/secret/foo" , "1", "/secret/bar", "2"
        Returns:
        This object, with secrets paths populated, ready for additional builder-pattern method calls or else finalization with the build() method

      • putSecretsEngineVersionForPath

        public VaultConfig putSecretsEngineVersionForPath​(java.lang.String path,
                                                  java.lang.String version)

        Sets the secrets Engine version be used by Vault for the provided path.

        Parameters:
        path - the path to use for accessing Vault secrets. Example "/secret/foo"
        version - The key-value engine version used for this path.
        Returns:
        This object, with a new entry in the secrets paths map, ready for additional builder-pattern method calls or else finalization with the build() method

      • sslConfig

        public VaultConfig sslConfig​(SslConfig sslConfig)

        A container for SSL-related configuration options (e.g. certificates).

        Although typically necessary in most production environments, this is not strictly required (e.g. if your Vault server address begins with "http://" instead of "https://", then any SSL config will be ignored). However, if your Vault server uses HTTPS, and you wish to skip SSL certificate verification (NOT RECOMMENDED FOR PRODUCTION!), then you must supply an SslConfig object with SslConfig.verify(Boolean) explicitly set to false.

        Parameters:
        sslConfig - SSL-related configuration options
        Returns:
        This object, with SSL configuration options populated, ready for additional builder-pattern method calls or else finalization with the build() method

      • openTimeout

        public VaultConfig openTimeout​(java.lang.Integer openTimeout)

        The number of seconds to wait before giving up on establishing an HTTP(S) connection to the Vault server.

        If no openTimeout is explicitly set, then the object will look to the VAULT_OPEN_TIMEOUT environment variable.

        Parameters:
        openTimeout - Number of seconds to wait for an HTTP(S) connection to successfully establish
        Returns:
        This object, with openTimeout populated, ready for additional builder-pattern method calls or else finalization with the build() method

      • readTimeout

        public VaultConfig readTimeout​(java.lang.Integer readTimeout)

        After an HTTP(S) connection has already been established, this is the number of seconds to wait for all data to finish downloading.

        If no readTimeout is explicitly set, then the object will look to the VAULT_READ_TIMEOUT environment variable.

        Parameters:
        readTimeout - Number of seconds to wait for all data to be retrieved from an established HTTP(S) connection
        Returns:
        This object, with readTimeout populated, ready for additional builder-pattern method calls or else finalization with the build() method

      • prefixPathDepth

        public VaultConfig prefixPathDepth​(int prefixPathDepth)

        Set the "path depth" of the prefix path. Normally this is just 1, to correspond to one path element in the prefix path. To use a longer prefix path, set this value.

        Parameters:
        prefixPathDepth - integer number of path elements in the prefix path
        Returns:
        VaultConfig

      • prefixPath

        public VaultConfig prefixPath​(java.lang.String prefixPath)

        Set the "path depth" of the prefix path, by explicitly specifying the prefix path, e.g., "foo/bar/blah" would set the prefix path depth to 3.

        Parameters:
        prefixPath - string prefix path, with or without initial or final forward slashes
        Returns:
        VaultConfig

      • build

        public VaultConfig build()
                  throws VaultException

        This is the terminating method in the builder pattern. The method that validates all of the fields that has been set already, uses environment variables when available to populate any unset fields, and returns a VaultConfig object that is ready for use.

        Returns:
        This object, with all available config options parsed and loaded
        Throws:
        VaultException - If the address field was left unset, and there is no VAULT_ADDR environment variable value with which to populate it.

      • getSecretsEnginePathMap

        public java.util.Map<java.lang.String,​java.lang.String> getSecretsEnginePathMap()

      • getAddress

        public java.lang.String getAddress()

      • getToken

        public java.lang.String getToken()

      • getSslConfig

        public SslConfig getSslConfig()

      • getOpenTimeout

        public java.lang.Integer getOpenTimeout()

      • getReadTimeout

        public java.lang.Integer getReadTimeout()

      • getMaxRetries

        public int getMaxRetries()

      • getRetryIntervalMilliseconds

        public int getRetryIntervalMilliseconds()

      • getGlobalEngineVersion

        public java.lang.Integer getGlobalEngineVersion()

      • getNameSpace

        public java.lang.String getNameSpace()

      • getPrefixPathDepth

        public int getPrefixPathDepth()