Module vault.java.driver
Package io.github.jopenlibs.vault.api

Class Leases

  • public class Leases
extends OperationsBase

    The implementing class for operations on REST endpoints, under the "Leases" section of the Vault HTTP API docs (https://www.vaultproject.io/docs/http/index.html).

    This class is not intended to be constructed directly. Rather, it is meant to used by way of Vault in a DSL-style builder pattern. See the Javadoc comments of each public method for usage examples.

    • Constructor Detail

    • Method Detail

      • withNameSpace

        public Leases withNameSpace​(java.lang.String nameSpace)

      • revoke

        public VaultResponse revoke​(java.lang.String leaseId)
                     throws VaultException

        Immediately revokes a secret associated with a given lease. E.g.:

        
 final VaultResponse response = vault.leases().revoke("7c63da27-a56b-3e3b-377d-ef74630a6d0b");
 assertEquals(204, response.getRestResponse().getStatus());
        Parameters:
        leaseId - A lease ID associated with the secret to be revoked
        Returns:
        The response information returned from Vault
        Throws:
        VaultException - If an error occurs, or unexpected reponse received from Vault

      • revokePrefix

        public VaultResponse revokePrefix​(java.lang.String prefix)
                           throws VaultException

        Revokes all secrets (via a lease ID prefix) or tokens (via the tokens' path property) generated under a given prefix immediately. This requires sudo capability and access to it should be tightly controlled as it can be used to revoke very large numbers of secrets/tokens at once. E.g.:

        
 final VaultResponse response = vault.leases().revokePrefix("aws");
 assertEquals(204, response.getRestResponse().getStatus());
        Parameters:
        prefix - A Vault path prefix, for which all secrets beneath it should be revoked
        Returns:
        The response information returned from Vault
        Throws:
        VaultException - If an error occurs, or unexpected reponse received from Vault

      • revokeForce

        public VaultResponse revokeForce​(java.lang.String prefix)
                          throws VaultException

        Revokes all secrets or tokens generated under a given prefix immediately. Unlike revokePrefix(String), this method ignores backend errors encountered during revocation. This is potentially very dangerous and should only be used in specific emergency situations where errors in the backend or the connected backend service prevent normal revocation. By ignoring these errors, Vault abdicates responsibility for ensuring that the issued credentials or secrets are properly revoked and/or cleaned up. Access to this endpoint should be tightly controlled. E.g.:

        
 final VaultResponse response = vault.leases().revokePrefix("aws");
 assertEquals(204, response.getRestResponse().getStatus());
        Parameters:
        prefix - A Vault path prefix, for which all secrets beneath it should be revoked
        Returns:
        The response information returned from Vault
        Throws:
        VaultException - If an error occurs, or unexpected reponse received from Vault

      • renew

        public VaultResponse renew​(java.lang.String leaseId,
                           long increment)
                    throws VaultException

        Renews a given secret lease.

        
 final VaultResponse response = vault.leases().renew("mongodb/creds/myapp/cd7f9834-b870-9ebc-3da5-27bf9cdc42ad");
 assertEquals(200, response.getRestResponse().getStatus());
        Parameters:
        leaseId - A lease ID associated with a secret
        increment - A requested amount of time in seconds to extend the lease. This is advisory.
        Returns:
        The response information returned from Vault
        Throws:
        VaultException - The response information returned from Vault