com.bettercloud.vault.Vault Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of vault-java-driver Show documentation
Show all versions of vault-java-driver Show documentation
Zero-dependency Java client for HashiCorp's Vault
package com.bettercloud.vault;
import com.bettercloud.vault.api.Auth;
import com.bettercloud.vault.api.Debug;
import com.bettercloud.vault.api.Leases;
import com.bettercloud.vault.api.Logical;
import com.bettercloud.vault.api.Seal;
import com.bettercloud.vault.api.pki.Pki;
/**
* The Vault driver class, the primary interface through which dependent applications will access Vault.
*
* This driver exposes a DSL, compartmentalizing the various endpoints of the HTTP API (e.g. "/", "sys/init",
* "sys/seal") into separate implementation classes (e.g. Logical
, Init
, etc).
*
* Example usage:
*
*
* {@code
* final VaultConfig config = new VaultConfig
* .address("http://127.0.0.1:8200")
* .token("eace6676-4d78-c687-4e54-03cad00e3abf")
* .build();
* final Vault vault = new Vault(config);
*
* ...
*
* final Map secrets = new HashMap();
* secrets.put("value", "world");
* secrets.put("other_value", "You can store multiple name/value pairs under a given key");
*
* final LogicalResponse writeResponse = vault
* .withRetries(5, 1000) // optional
* .logical()
* .write("secret/hello", secrets);
*
* ...
*
* final String value = vault.logical()
* .read("secret/hello")
* .getData().get("value");
* }
*
*/
public class Vault {
private final VaultConfig vaultConfig;
/**
* Construct a Vault driver instance with the provided config settings.
*
* @param vaultConfig Configuration settings for Vault interaction (e.g. server address, token, etc)
*/
public Vault(final VaultConfig vaultConfig) {
this.vaultConfig = vaultConfig;
}
/**
* This method is chained ahead of endpoints (e.g. logical()
, auth()
,
* etc... to specify retry rules for any API operations invoked on that endpoint.
*
* @param maxRetries The number of times that API operations will be retried when a failure occurs
* @param retryIntervalMilliseconds The number of milliseconds that the driver will wait in between retries
* @return This object, with maxRetries and retryIntervalMilliseconds populated
*/
public Vault withRetries(final int maxRetries, final int retryIntervalMilliseconds) {
this.vaultConfig.setMaxRetries(maxRetries);
this.vaultConfig.setRetryIntervalMilliseconds(retryIntervalMilliseconds);
return this;
}
/**
* Returns the implementing class for Vault's core/logical operations (e.g. read, write).
*
* @return The implementing class for Vault's core/logical operations (e.g. read, write)
*/
public Logical logical() {
return new Logical(vaultConfig);
}
/**
* Returns the implementing class for operations on Vault's /v1/auth/*
REST endpoints
*
* @return The implementing class for Vault's auth operations.
*/
public Auth auth() {
return new Auth(vaultConfig);
}
/**
* Returns the implementing class for Vault's PKI secret backend (i.e. /v1/pki/*
REST endpoints).
*
* @return The implementing class for Vault's PKI secret backend.
*/
public Pki pki() {
return new Pki(vaultConfig);
}
/**
* Returns the implementing class for Vault's PKI secret backend, using a custom path when that backend is
* mounted on something other than the default (i.e. /v1/pki
).
*
* For instance, if your PKI backend is instead mounted on /v1/root-ca
, then "root-ca"
* would be passed via the mountPath
parameter. Example usage:
*
*
* {@code
* final VaultConfig config = new VaultConfig().address(...).token(...).build();
* final Vault vault = new Vault(config);
* final PkiResponse response = vault.pki("root-ca").createOrUpdateRole("testRole");
*
* assertEquals(204, response.getRestResponse().getStatus());
* }
*
*
* @param mountPath The path on which your Vault PKI backend is mounted, without the /v1/
prefix
* @return The implementing class for Vault's PKI secret backend.
*/
public Pki pki(final String mountPath) {
return new Pki(vaultConfig, mountPath);
}
/**
* Returns the implementing class for Vault's lease operations (e.g. revoke, revoke-prefix).
*
* @return The implementing class for Vault's lease operations (e.g. revoke, revoke-prefix).
*/
public Leases leases() {
return new Leases(vaultConfig);
}
/**
* Returns the implementing class for Vault's debug operations (e.g. raw, health).
*
* @return The implementing class for Vault's debug operations (e.g. raw, health)
*/
public Debug debug() {
return new Debug(vaultConfig);
}
/**
* Returns the implementing class for Vault's seal operations (e.g. seal, unseal, sealStatus).
*
* @return The implementing class for Vault's seal operations (e.g. seal, unseal, sealStatus).
*/
public Seal seal() {
return new Seal(vaultConfig);
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy