public class Vault
extends java.lang.Object
The Vault driver class, the primary interface through which dependent applications will access Vault.
This driver exposes a DSL, compartmentalizing the various endpoints of the HTTP API (e.g. "/", "sys/init",
"sys/seal") into separate implementation classes (e.g. Logical, Init, etc).
Example usage:
final VaultConfig config = new VaultConfig .address("http://127.0.0.1:8200") .token("eace6676-4d78-c687-4e54-03cad00e3abf") .build(); final Vault vault = new Vault(config); ... final Map<String, String> secrets = new HashMap<String, String>(); secrets.put("value", "world"); secrets.put("other_value", "You can store multiple name/value pairs under a given key"); final LogicalResponse writeResponse = vault .withRetries(5, 1000) // optional .logical() .write("secret/hello", secrets); ... final String value = vault.logical() .read("secret/hello") .getData().get("value");
| Constructor and Description |
|---|
Vault(VaultConfig vaultConfig)
Construct a Vault driver instance with the provided config settings.
|
Vault(VaultConfig vaultConfig,
java.lang.Boolean useSecretsEnginePathMap,
java.lang.Integer globalFallbackVersion)
Construct a Vault driver instance with the provided config settings.
|
Vault(VaultConfig vaultConfig,
java.lang.Integer engineVersion)
Construct a Vault driver instance with the provided config settings, and use the provided global KV Engine version for all secrets.
|
| Modifier and Type | Method and Description |
|---|---|
Auth |
auth()
Returns the implementing class for operations on Vault's
/v1/auth/* REST endpoints |
Debug |
debug()
Returns the implementing class for Vault's debug operations (e.g.
|
java.util.Map<java.lang.String,java.lang.String> |
getSecretEngineVersions() |
Leases |
leases()
Returns the implementing class for Vault's lease operations (e.g.
|
Logical |
logical()
Returns the implementing class for Vault's core/logical operations (e.g.
|
Pki |
pki()
Returns the implementing class for Vault's PKI secret backend (i.e.
|
Pki |
pki(java.lang.String mountPath)
Returns the implementing class for Vault's PKI secret backend, using a custom path when that backend is
mounted on something other than the default (i.e.
|
Seal |
seal()
Returns the implementing class for Vault's seal operations (e.g.
|
Vault |
withRetries(int maxRetries,
int retryIntervalMilliseconds)
This method is chained ahead of endpoints (e.g.
|
public Vault(VaultConfig vaultConfig)
vaultConfig - Configuration settings for Vault interaction (e.g. server address, token, etc)
If the VaultConfig Engine version path map is not supplied in the config, default to global KV
engine version 2.public Vault(VaultConfig vaultConfig, java.lang.Integer engineVersion)
vaultConfig - Configuration settings for Vault interaction (e.g. server address, token, etc)engineVersion - Which version of the Key/Value Secret Engine to use globally (i.e. 1 or 2)public Vault(VaultConfig vaultConfig, java.lang.Boolean useSecretsEnginePathMap, java.lang.Integer globalFallbackVersion) throws VaultException
vaultConfig - Configuration settings for Vault interaction (e.g. server address, token, etc)
If the Secrets engine version path map is not provided, or does not contain the
requested secret, fall back to the global version supplied.useSecretsEnginePathMap - Whether to use a provided KV Engine version map from the Vault config, or generate one.
If a secrets KV Engine version map is not supplied, use Vault APIs to determine the
KV Engine version for each secret. This call requires admin rights.globalFallbackVersion - The Integer version of the KV Engine to use as a global fallback.VaultException - If any error occurspublic Vault withRetries(int maxRetries, int retryIntervalMilliseconds)
logical(), auth(),
etc... to specify retry rules for any API operations invoked on that endpoint.maxRetries - The number of times that API operations will be retried when a failure occursretryIntervalMilliseconds - The number of milliseconds that the driver will wait in between retriespublic Logical logical()
public Auth auth()
/v1/auth/* REST endpointspublic Pki pki()
/v1/pki/* REST endpoints).public Pki pki(java.lang.String mountPath)
Returns the implementing class for Vault's PKI secret backend, using a custom path when that backend is
mounted on something other than the default (i.e. /v1/pki).
For instance, if your PKI backend is instead mounted on /v1/root-ca, then "root-ca"
would be passed via the mountPath parameter. Example usage:
final VaultConfig config = new VaultConfig().address(...).token(...).build(); final Vault vault = new Vault(config); final PkiResponse response = vault.pki("root-ca").createOrUpdateRole("testRole"); assertEquals(204, response.getRestResponse().getStatus());
mountPath - The path on which your Vault PKI backend is mounted, without the /v1/ prefixpublic Leases leases()
public Debug debug()
public Seal seal()
public java.util.Map<java.lang.String,java.lang.String> getSecretEngineVersions()