Stefan Kalscheuer
f79ed98986
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 50s
CI / build-with-it (11, 1.20.0) (push) Successful in 1m4s
CI / build-with-it (17, 1.2.0) (push) Successful in 46s
CI / build-with-it (17, 1.20.0) (push) Successful in 1m2s
CI / build-with-it (21, 1.2.0) (push) Successful in 46s
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 54s
In various methods we use user-provided values like role names or lease ids as parts of the API request path. Apply URL encoding to these paths that are not expected to contain any path separators or query args.
Java Vault Connector
Java Vault Connector is a connector library for Vault by Hashicorp written in Java. The connector allows simple usage of Vault's secret store in own applications.
Features:
- HTTP(S) backend connector
- Ability to provide or enforce custom CA certificate
- Optional initialization from environment variables
- Authorization methods
- Token
- Username/Password
- AppRole (register and authenticate)
- Tokens
- Creation and lookup of tokens and token roles
- TokenBuilder for speaking creation of complex configurations
- Secrets
- Read secrets
- Write secrets
- List secrets
- Delete secrets
- Renew/revoke leases
- Raw secret content or JSON decoding
- KV v1 and v2 support
- Database secret handling
- Transit API support
- Connector Factory with builder pattern
- Tested against Vault 1.2 to 1.20
Maven Artifact
<dependency>
<groupId>de.stklcode.jvault</groupId>
<artifactId>jvault-connector</artifactId>
<version>1.5.2</version>
</dependency>
Usage Examples
Initialization
// Instantiate using builder pattern style factory (TLS enabled by default)
VaultConnector vault = HTTPVaultConnector.builder()
.withHost("127.0.0.1")
.withPort(8200)
.withTLS()
.build();
// Instantiate with custom SSL context
VaultConnector vault = HTTPVaultConnector.builder("https://example.com:8200/v1/")
.withTrustedCA(Paths.get("/path/to/CA.pem"))
.build();
// Initialization from environment variables
VaultConnector vault = HTTPVaultConnector.builder()
.fromEnv()
.build();
Authentication
// Authenticate with token.
vault.authToken("01234567-89ab-cdef-0123-456789abcdef");
// Authenticate with username and password.
vault.authUserPass("username", "p4ssw0rd");
// Authenticate with AppRole (secret - 2nd argument - is optional).
vault.authAppRole("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");
Secret read & write
// Retrieve secret (prefix "secret/" assumed, use read() to read arbitrary paths)
String secret = vault.read("secret/some/key").get("value", String.class);
// Complex secret.
Map<String, Object> secretData = vault.read("secret/another/key").getData();
// Write simple secret.
vault.write("secret/new/key", "secret value");
// Write complex data.
Map<String, Object> map = ...;
vault.write("path/to/write", map);
// Delete secret.
vault.delete("path/to/delete");
Token and role creation
// Create token using TokenBuilder
Token token = Token.builder()
.withId("token id")
.withDisplayName("new test token")
.withPolicies("pol1", "pol2")
.build();
vault.createToken(token);
// Create AppRole credentials
vault.createAppRole("testrole", policyList);
AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");
Links
License
The project is licensed under Apache License 2.0.