io.quarkus.vault.runtime.VaultCredentialsProvider Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of quarkus-vault Show documentation
Show all versions of quarkus-vault Show documentation
Store your credentials securely in HashiCorp Vault
package io.quarkus.vault.runtime;
import java.util.HashMap;
import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import io.quarkus.credentials.CredentialsProvider;
import io.quarkus.vault.VaultException;
import io.quarkus.vault.VaultKVSecretEngine;
import io.quarkus.vault.runtime.config.CredentialsProviderConfig;
import io.quarkus.vault.runtime.config.VaultBootstrapConfig;
@ApplicationScoped
@Named("vault-credentials-provider")
public class VaultCredentialsProvider implements CredentialsProvider {
@Inject
private VaultKVSecretEngine vaultKVSecretEngine;
@Inject
private VaultDbManager vaultDbManager;
@Inject
private VaultConfigHolder vaultConfigHolder;
@Override
public Map getCredentials(String credentialsProviderName) {
CredentialsProviderConfig config = getConfig().credentialsProvider.get(credentialsProviderName);
if (config == null) {
throw new VaultException("unknown credentials provider with name " + credentialsProviderName);
}
if (config.databaseCredentialsRole.isPresent()) {
return vaultDbManager.getDynamicDbCredentials(config.databaseCredentialsRole.get());
}
if (config.kvPath.isPresent()) {
String password = vaultKVSecretEngine.readSecret(config.kvPath.get()).get(config.kvKey);
Map result = new HashMap<>();
result.put(PASSWORD_PROPERTY_NAME, password);
return result;
}
throw new VaultException(
"one of database-credentials-role or kv-path is required on credentials provider " + credentialsProviderName);
}
private VaultBootstrapConfig getConfig() {
return vaultConfigHolder.getVaultBootstrapConfig();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy