87 changed files with 468 additions and 1032 deletions
--- a/.github/workflows/ci-it.yml
+++ b/.github/workflows/ci-it.yml
@ -15,10 +15,10 @@ jobs:
    strategy:
      matrix:
        jdk: [ 11, 17, 21 ]
-        vault: [ '1.2.0', '1.19.0' ]
+        vault: [ '1.2.0', '1.18.2' ]
        include:
          - jdk: 21
-            vault: '1.19.0'
+            vault: '1.18.2'
            analysis: true
    steps:
      - name: Checkout
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,25 +1,3 @@
 ## 1.5.0 (2025-04-13)
 ### Deprecations
 * `read...Credentials()` methods for specific database mounts (#92)
 ### Features
 * Support Vault transit API (#89)
 * Support PEM certificate string from `VAULT_CACERT` environment variable (#93)
 ### Improvements
 * Replace deprecated `java.net.URL` usage with `java.net.URI` (#94)
 ### Fix
 * Fix initialization from environment without explicit port
 ### Dependencies
 * Updated Jackson to 2.18.3 (#90)
 ### Test
 * Tested against Vault 1.2 to 1.19
 ## 1.4.0 (2024-12-07)
 ### Removal
--- a/README.md
+++ b/README.md
@ -28,11 +28,10 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
    * Delete secrets
    * Renew/revoke leases
    * Raw secret content or JSON decoding
    * SQL secret handling
    * KV v1 and v2 support
    * Database secret handling
 * Transit API support
 * Connector Factory with builder pattern
-* Tested against Vault 1.2 to 1.19
+* Tested against Vault 1.2 to 1.18
 ## Maven Artifact
@ -40,7 +39,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
 <dependency>
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>jvault-connector</artifactId>
-    <version>1.5.0</version>
+    <version>1.4.0</version>
 </dependency>
 ```
--- a/pom.xml
+++ b/pom.xml
@ -4,7 +4,7 @@
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>jvault-connector</artifactId>
-    <version>1.5.1-SNAPSHOT</version>
+    <version>1.4.0</version>
    <packaging>jar</packaging>
@ -33,7 +33,6 @@
        <connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
        <developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
        <url>https://github.com/stklcode/jvaultconnector</url>
        <tag>HEAD</tag>
    </scm>
    <issueManagement>
@ -50,24 +49,24 @@
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
-             <version>2.18.3</version>
+             <version>2.18.2</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.datatype</groupId>
            <artifactId>jackson-datatype-jsr310</artifactId>
-            <version>2.18.3</version>
+            <version>2.18.2</version>
        </dependency>
        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter</artifactId>
-            <version>5.12.1</version>
+            <version>5.11.3</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.mockito</groupId>
            <artifactId>mockito-core</artifactId>
-            <version>5.17.0</version>
+            <version>5.14.2</version>
            <scope>test</scope>
        </dependency>
        <dependency>
@ -79,25 +78,25 @@
        <dependency>
            <groupId>org.wiremock</groupId>
            <artifactId>wiremock</artifactId>
-            <version>3.13.0</version>
+            <version>3.10.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>commons-io</groupId>
            <artifactId>commons-io</artifactId>
-            <version>2.19.0</version>
+            <version>2.18.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>nl.jqno.equalsverifier</groupId>
            <artifactId>equalsverifier</artifactId>
-            <version>3.19.3</version>
+            <version>3.17.5</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.awaitility</groupId>
            <artifactId>awaitility</artifactId>
-            <version>4.3.0</version>
+            <version>4.2.2</version>
            <scope>test</scope>
        </dependency>
    </dependencies>
@ -108,7 +107,7 @@
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-compiler-plugin</artifactId>
-                    <version>3.14.0</version>
+                    <version>3.13.0</version>
                    <configuration>
                        <release>11</release>
                    </configuration>
@ -116,17 +115,17 @@
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-clean-plugin</artifactId>
-                    <version>3.4.1</version>
+                    <version>3.4.0</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-deploy-plugin</artifactId>
-                    <version>3.1.4</version>
+                    <version>3.1.3</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-failsafe-plugin</artifactId>
-                    <version>3.5.3</version>
+                    <version>3.5.2</version>
                    <configuration>
                        <argLine>
                            @{argLine}
@ -137,7 +136,7 @@
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-install-plugin</artifactId>
-                    <version>3.1.4</version>
+                    <version>3.1.3</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
@ -157,7 +156,7 @@
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.5.3</version>
+                    <version>3.5.2</version>
                    <configuration>
                        <argLine>
                            @{argLine}
@ -180,41 +179,15 @@
                <plugin>
                    <groupId>org.jacoco</groupId>
                    <artifactId>jacoco-maven-plugin</artifactId>
-                    <version>0.8.13</version>
+                    <version>0.8.12</version>
                </plugin>
                <plugin>
                    <groupId>org.sonarsource.scanner.maven</groupId>
                    <artifactId>sonar-maven-plugin</artifactId>
-                    <version>5.1.0.4751</version>
+                    <version>5.0.0.4389</version>
                </plugin>
            </plugins>
        </pluginManagement>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-enforcer-plugin</artifactId>
                <version>3.5.0</version>
                <executions>
                    <execution>
                        <id>enforce-versions</id>
                        <goals>
                            <goal>enforce</goal>
                        </goals>
                        <configuration>
                            <rules>
                                <requireMavenVersion>
                                    <version>[3.6.3,)</version>
                                </requireMavenVersion>
                                <requireJavaVersion>
                                    <version>[11,)</version>
                                </requireJavaVersion>
                            </rules>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
    <profiles>
@ -251,7 +224,7 @@
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.11.2</version>
+                        <version>3.11.1</version>
                        <configuration>
                            <source>11</source>
                        </configuration>
@ -369,7 +342,7 @@
                    <plugin>
                        <groupId>org.owasp</groupId>
                        <artifactId>dependency-check-maven</artifactId>
-                        <version>12.1.1</version>
+                        <version>11.1.1</version>
                        <configuration>
                            <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
                            <nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
@ -393,7 +366,7 @@
                    <plugin>
                        <groupId>org.sonatype.central</groupId>
                        <artifactId>central-publishing-maven-plugin</artifactId>
-                        <version>0.7.0</version>
+                        <version>0.6.0</version>
                        <extensions>true</extensions>
                        <configuration>
                            <publishingServerId>central</publishingServerId>
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -68,11 +68,6 @@ public class HTTPVaultConnector implements VaultConnector {
    private static final String PATH_UNDELETE = "/undelete/";
    private static final String PATH_DESTROY = "/destroy/";
    private static final String PATH_TRANSIT = "transit";
    private static final String PATH_TRANSIT_ENCRYPT = PATH_TRANSIT + "/encrypt/";
    private static final String PATH_TRANSIT_DECRYPT = PATH_TRANSIT + "/decrypt/";
    private static final String PATH_TRANSIT_HASH = PATH_TRANSIT + "/hash/";
    private final RequestHelper request;
    private boolean authorized = false;     // Authorization status.
@ -86,14 +81,14 @@ public class HTTPVaultConnector implements VaultConnector {
     */
    HTTPVaultConnector(final HTTPVaultConnectorBuilder builder) {
        this.request = new RequestHelper(
-            ((builder.isWithTLS()) ? "https" : "http") + "://" +
+                ((builder.isWithTLS()) ? "https" : "http") + "://" +
-                builder.getHost() +
+                        builder.getHost() +
-                ((builder.getPort() != null) ? ":" + builder.getPort() : "") +
+                        ((builder.getPort() != null) ? ":" + builder.getPort() : "") +
-                builder.getPrefix(),
+                        builder.getPrefix(),
-            builder.getNumberOfRetries(),
+                builder.getNumberOfRetries(),
-            builder.getTimeout(),
+                builder.getTimeout(),
-            builder.getTlsVersion(),
+                builder.getTlsVersion(),
-            builder.getTrustedCA()
+                builder.getTrustedCA()
        );
    }
@ -150,8 +145,8 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException {
        Map<String, String> param = mapOfStrings(
-            "key", key,
+                "key", key,
-            "reset", reset
+                "reset", reset
        );
        return request.put(PATH_UNSEAL, param, token, SealResponse.class);
@ -161,15 +156,15 @@ public class HTTPVaultConnector implements VaultConnector {
    public HealthResponse getHealth() throws VaultConnectorException {
        return request.get(
-            PATH_HEALTH,
+                PATH_HEALTH,
-            // Force status code to be 200, so we don't need to modify the request sequence.
+                // Force status code to be 200, so we don't need to modify the request sequence.
-            Map.of(
+                Map.of(
-                "standbycode", "200",   // Default: 429.
+                        "standbycode", "200",   // Default: 429.
-                "sealedcode", "200",    // Default: 503.
+                        "sealedcode", "200",    // Default: 503.
-                "uninitcode", "200"     // Default: 501.
+                        "uninitcode", "200"     // Default: 501.
-            ),
+                ),
-            token,
+                token,
-            HealthResponse.class
+                HealthResponse.class
        );
    }
@ -199,7 +194,7 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final AuthResponse authUserPass(final String username, final String password)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        final Map<String, String> payload = singletonMap("password", password);
        return queryAuth(PATH_AUTH_USERPASS + username, payload);
    }
@ -207,8 +202,8 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException {
        final Map<String, String> payload = mapOfStrings(
-            "role_id", roleID,
+                "role_id", roleID,
-            "secret_id", secretID
+                "secret_id", secretID
        );
        return queryAuth(PATH_AUTH_APPROLE + PATH_LOGIN, payload);
    }
@ -222,7 +217,7 @@ public class HTTPVaultConnector implements VaultConnector {
     * @throws VaultConnectorException on errors
     */
    private AuthResponse queryAuth(final String path, final Map<String, String> payload)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        /* Issue request and parse response */
        AuthResponse auth = request.post(path, payload, token, AuthResponse.class);
        /* verify response */
@ -249,10 +244,10 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        /* Request HTTP response and parse Secret */
        return request.get(
-            String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""),
+                String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""),
-            emptyMap(),
+                emptyMap(),
-            token,
+                token,
-            AppRoleResponse.class
+                AppRoleResponse.class
        );
    }
@ -271,10 +266,10 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        /* Issue request, parse response and extract Role ID */
        return request.get(
-            String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
+                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
-            emptyMap(),
+                emptyMap(),
-            token,
+                token,
-            RawDataResponse.class
+                RawDataResponse.class
        ).getData().get("role_id").toString();
    }
@ -284,9 +279,9 @@ public class HTTPVaultConnector implements VaultConnector {
        /* Issue request and expect code 204 with empty response */
        request.postWithoutResponse(
-            String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
+                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
-            singletonMap("role_id", roleID),
+                singletonMap("role_id", roleID),
-            token
+                token
        );
        return true;
@ -294,49 +289,49 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        requireAuth();
        if (secret.getId() != null && !secret.getId().isEmpty()) {
            return request.post(
-                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"),
+                    String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"),
-                secret,
+                    secret,
-                token,
+                    token,
-                AppRoleSecretResponse.class
+                    AppRoleSecretResponse.class
            );
        } else {
            return request.post(
-                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"),
+                    String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"),
-                secret, token,
+                    secret, token,
-                AppRoleSecretResponse.class
+                    AppRoleSecretResponse.class
            );
        }
    }
    @Override
    public final AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        requireAuth();
        /* Issue request and parse secret response */
        return request.post(
-            String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"),
+                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"),
-            new AppRoleSecret(secretID),
+                new AppRoleSecret(secretID),
-            token,
+                token,
-            AppRoleSecretResponse.class
+                AppRoleSecretResponse.class
        );
    }
    @Override
    public final boolean destroyAppRoleSecret(final String roleName, final String secretID)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        requireAuth();
        /* Issue request and expect code 204 with empty response */
        request.postWithoutResponse(
-            String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"),
+                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"),
-            new AppRoleSecret(secretID),
+                new AppRoleSecret(secretID),
-            token);
+                token);
        return true;
    }
@ -346,10 +341,10 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        SecretListResponse secrets = request.get(
-            PATH_AUTH_APPROLE + "/role?list=true",
+                PATH_AUTH_APPROLE + "/role?list=true",
-            emptyMap(),
+                emptyMap(),
-            token,
+                token,
-            SecretListResponse.class
+                SecretListResponse.class
        );
        return secrets.getKeys();
@ -360,10 +355,10 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        SecretListResponse secrets = request.get(
-            String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"),
+                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"),
-            emptyMap(),
+                emptyMap(),
-            token,
+                token,
-            SecretListResponse.class
+                SecretListResponse.class
        );
        return secrets.getKeys();
@ -378,7 +373,7 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        requireAuth();
        /* Request HTTP response and parse secret metadata */
        Map<String, String> args = mapOfStrings("version", version);
@ -388,7 +383,7 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final MetadataResponse readSecretMetadata(final String mount, final String key)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        requireAuth();
        /* Request HTTP response and parse secret metadata */
@ -403,8 +398,8 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        Map<String, Object> payload = mapOf(
-            "max_versions", maxVersions,
+                "max_versions", maxVersions,
-            "cas_required", casRequired
+                "cas_required", casRequired
        );
        write(mount + PATH_METADATA + key, payload);
@ -426,13 +421,13 @@ public class HTTPVaultConnector implements VaultConnector {
        /* Issue request and parse metadata response */
        return request.post(
-            mount + PATH_DATA + key,
+                mount + PATH_DATA + key,
-            Map.of(
+                Map.of(
-                "data", data,
+                        "data", data,
-                "options", options
+                        "options", options
-            ),
+                ),
-            token,
+                token,
-            SecretVersionResponse.class
+                SecretVersionResponse.class
        );
    }
@ -447,7 +442,7 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        requireAuth();
        if (key == null || key.isEmpty()) {
@ -460,8 +455,8 @@ public class HTTPVaultConnector implements VaultConnector {
        // If options are given, split payload in two parts.
        if (options != null) {
            payload = Map.of(
-                "data", data,
+                    "data", data,
-                "options", options
+                    "options", options
            );
        }
@ -489,19 +484,19 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final void deleteSecretVersions(final String mount, final String key, final int... versions)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        handleSecretVersions(mount, PATH_DELETE, key, versions);
    }
    @Override
    public final void undeleteSecretVersions(final String mount, final String key, final int... versions)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        handleSecretVersions(mount, PATH_UNDELETE, key, versions);
    }
    @Override
    public final void destroySecretVersions(final String mount, final String key, final int... versions)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        handleSecretVersions(mount, PATH_DESTROY, key, versions);
    }
@ -541,8 +536,8 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        Map<String, String> payload = mapOfStrings(
-            "lease_id", leaseID,
+                "lease_id", leaseID,
-            "increment", increment
+                "increment", increment
        );
        /* Issue request and parse secret response */
@ -599,10 +594,10 @@ public class HTTPVaultConnector implements VaultConnector {
        /* Request HTTP response and parse Secret */
        return request.get(
-            PATH_AUTH_TOKEN + PATH_LOOKUP,
+                PATH_AUTH_TOKEN + PATH_LOOKUP,
-            singletonMap("token", token),
+                singletonMap("token", token),
-            token,
+                token,
-            TokenResponse.class
+                TokenResponse.class
        );
    }
@ -651,47 +646,6 @@ public class HTTPVaultConnector implements VaultConnector {
        return true;
    }
    @Override
    public final TransitResponse transitEncrypt(final String keyName, final String plaintext)
        throws VaultConnectorException {
        requireAuth();
        Map<String, Object> payload = mapOf(
            "plaintext", plaintext
        );
        return request.post(PATH_TRANSIT_ENCRYPT + keyName, payload, token, TransitResponse.class);
    }
    @Override
    public final TransitResponse transitDecrypt(final String keyName, final String ciphertext)
        throws VaultConnectorException {
        requireAuth();
        Map<String, Object> payload = mapOf(
            "ciphertext", ciphertext
        );
        return request.post(PATH_TRANSIT_DECRYPT + keyName, payload, token, TransitResponse.class);
    }
    @Override
    public final TransitResponse transitHash(final String algorithm, final String input, final String format)
        throws VaultConnectorException {
        if (format != null && !"hex".equals(format) && !"base64".equals(format)) {
            throw new IllegalArgumentException("Unsupported format " + format);
        }
        requireAuth();
        Map<String, Object> payload = mapOf(
            "input", input,
            "format", format
        );
        return request.post(PATH_TRANSIT_HASH + algorithm, payload, token, TransitResponse.class);
    }
    /**
     * Check for required authorization.
     *
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -20,17 +20,18 @@ import de.stklcode.jvault.connector.exception.ConnectionException;
 import de.stklcode.jvault.connector.exception.TlsException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.nio.charset.StandardCharsets;
+import java.net.URL;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Objects;
 /**
 * Vault Connector Builder implementation for HTTP Vault connectors.
@ -95,14 +96,10 @@ public final class HTTPVaultConnectorBuilder {
     * @since 1.0
     */
    public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) {
-        String path = baseURL.getPath();
+        return withTLS(!("http".equalsIgnoreCase(Objects.requireNonNullElse(baseURL.getScheme(), ""))))
-        if (path == null || path.isBlank()) {
+                .withHost(baseURL.getHost())
-            path = DEFAULT_PREFIX;
+                .withPort(baseURL.getPort())
-        }
+                .withPrefix(baseURL.getPath());
        return withTLS(!("http".equalsIgnoreCase(baseURL.getScheme())))
            .withHost(baseURL.getHost())
            .withPort(baseURL.getPort())
            .withPrefix(path);
    }
    /**
@ -304,10 +301,13 @@ public final class HTTPVaultConnectorBuilder {
     */
    public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
        /* Parse URL from environment variable */
-        if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).isBlank()) {
+        if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) {
            try {
-                withBaseURL(System.getenv(ENV_VAULT_ADDR));
+                var url = new URL(System.getenv(ENV_VAULT_ADDR));
-            } catch (URISyntaxException e) {
+                this.host = url.getHost();
                this.port = url.getPort();
                this.tls = url.getProtocol().equals("https");
            } catch (MalformedURLException e) {
                throw new ConnectionException("URL provided in environment variable malformed", e);
            }
        }
@ -315,7 +315,7 @@ public final class HTTPVaultConnectorBuilder {
        /* Read number of retries */
        if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
            try {
-                withNumberOfRetries(Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES)));
+                numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES));
            } catch (NumberFormatException ignored) {
                /* Ignore malformed values. */
            }
@ -325,12 +325,8 @@ public final class HTTPVaultConnectorBuilder {
        token = System.getenv(ENV_VAULT_TOKEN);
        /* Parse certificate, if set */
-        if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).isBlank()) {
+        if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) {
-            X509Certificate cert = certificateFromString(System.getenv(ENV_VAULT_CACERT));
+            return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT)));
            if (cert == null) {
                cert = certificateFromFile(Paths.get(System.getenv(ENV_VAULT_CACERT)));
            }
            return withTrustedCA(cert);
        }
        return this;
    }
@ -402,28 +398,6 @@ public final class HTTPVaultConnectorBuilder {
        return con;
    }
    /**
     * Read given certificate file to X.509 certificate.
     *
     * @param cert Certificate string (optionally PEM)
     * @return X.509 Certificate object if parseable, else {@code null}
     * @throws TlsException on error
     * @since 1.5.0
     */
    private X509Certificate certificateFromString(final String cert) throws TlsException {
        // Check if PEM header is present in given string
        if (cert.contains("-BEGIN ") && cert.contains("-END")) {
            try (var is = new ByteArrayInputStream(cert.getBytes(StandardCharsets.UTF_8))) {
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
            } catch (IOException | CertificateException e) {
                throw new TlsException("Unable to read certificate.", e);
            }
        }
        // Not am PEM string, skip
        return null;
    }
    /**
     * Read given certificate file to X.509 certificate.
     *
--- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -21,7 +21,10 @@ import de.stklcode.jvault.connector.model.*;
 import de.stklcode.jvault.connector.model.response.*;
 import java.io.Serializable;
-import java.util.*;
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 /**
 * Vault Connector interface.
@ -191,7 +194,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @since 0.4.0
     */
    default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
    }
@ -257,7 +260,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @since 0.4.0
     */
    default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
    }
@ -271,7 +274,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @since 0.4.0
     */
    AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
-        throws VaultConnectorException;
+            throws VaultConnectorException;
    /**
     * Lookup an AppRole secret.
@ -283,7 +286,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @since 0.4.0
     */
    AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
-        throws VaultConnectorException;
+            throws VaultConnectorException;
    /**
     * Destroy an AppRole secret.
@ -398,7 +401,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @since 0.8
     */
    SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
-        throws VaultConnectorException;
+            throws VaultConnectorException;
    /**
     * Retrieve secret metadata from Vault.
@ -476,7 +479,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @since 0.8 {@code options} parameter added
     */
    void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
-        throws VaultConnectorException;
+            throws VaultConnectorException;
    /**
     * Delete key from Vault.
@ -524,7 +527,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @since 0.8
     */
    void deleteSecretVersions(final String mount, final String key, final int... versions)
-        throws VaultConnectorException;
+            throws VaultConnectorException;
    /**
     * Undelete (restore) secret versions from Vault.
@ -537,7 +540,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @since 0.8
     */
    void undeleteSecretVersions(final String mount, final String key, final int... versions)
-        throws VaultConnectorException;
+            throws VaultConnectorException;
    /**
     * Destroy secret versions from Vault.
@ -550,7 +553,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @since 0.8
     */
    void destroySecretVersions(final String mount, final String key, final int... versions)
-        throws VaultConnectorException;
+            throws VaultConnectorException;
    /**
     * Revoke given lease immediately.
@ -671,82 +674,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    boolean deleteTokenRole(final String name) throws VaultConnectorException;
    /**
     * Encrypt plaintext via transit engine from Vault.
     *
     * @param keyName   Transit key name
     * @param plaintext Text to encrypt (Base64 encoded)
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    TransitResponse transitEncrypt(final String keyName, final String plaintext) throws VaultConnectorException;
    /**
     * Encrypt plaintext via transit engine from Vault.
     *
     * @param keyName   Transit key name
     * @param plaintext Binary data to encrypt
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    default TransitResponse transitEncrypt(final String keyName, final byte[] plaintext)
        throws VaultConnectorException {
        return transitEncrypt(keyName, Base64.getEncoder().encodeToString(plaintext));
    }
    /**
     * Decrypt ciphertext via transit engine from Vault.
     *
     * @param keyName    Transit key name
     * @param ciphertext Text to decrypt
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    TransitResponse transitDecrypt(final String keyName, final String ciphertext) throws VaultConnectorException;
    /**
     * Hash data in hex format via transit engine from Vault.
     *
     * @param algorithm Specifies the hash algorithm to use
     * @param input     Data to hash
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    default TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException {
        return transitHash(algorithm, input, "hex");
    }
    /**
     * Hash data via transit engine from Vault.
     *
     * @param algorithm Specifies the hash algorithm to use
     * @param input     Data to hash (Base64 encoded)
     * @param format    Specifies the output encoding (hex/base64)
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    TransitResponse transitHash(final String algorithm, final String input, final String format)
        throws VaultConnectorException;
    /**
     * Hash data via transit engine from Vault.
     *
     * @param algorithm Specifies the hash algorithm to use
     * @param input     Data to hash
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    default TransitResponse transitHash(final String algorithm, final byte[] input, final String format)
        throws VaultConnectorException {
        return transitHash(algorithm, Base64.getEncoder().encodeToString(input), format);
    }
    /**
     * Read credentials for MySQL backend at default mount point.
     *
@ -754,9 +681,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your MySQL mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mysql");
    }
@ -768,9 +693,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your PostgreSQL mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "postgresql");
    }
@ -782,38 +705,34 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your MSSQL mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mssql");
    }
    /**
-     * Read credentials for MongoDB backend at default mount point.
+     * Read credentials for MSSQL backend at default mount point.
     *
     * @param role the role name
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your MongoDB mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mongodb");
    }
    /**
-     * Read credentials for database backends.
+     * Read credentials for SQL backends.
     *
     * @param role  the role name
-     * @param mount mount point of the database backend
+     * @param mount mount point of the SQL backend
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    default CredentialsResponse readDbCredentials(final String role, final String mount)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        return (CredentialsResponse) read(mount + "/creds/" + role);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/TlsException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/TlsException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/package-info.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/internal/Error.java
+++ b/src/main/java/de/stklcode/jvault/connector/internal/Error.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java
+++ b/src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java
@ -2,8 +2,8 @@ package de.stklcode.jvault.connector.internal;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.*;
 import de.stklcode.jvault.connector.model.response.ErrorResponse;
@ -44,7 +44,7 @@ public final class RequestHelper implements Serializable {
    private final int retries;                      // Number of retries on 5xx errors.
    private final String tlsVersion;                // TLS version (#22).
    private final X509Certificate trustedCaCert;    // Trusted CA certificate.
-    private final JsonMapper jsonMapper;
+    private final ObjectMapper jsonMapper;
    /**
     * Constructor of the request helper.
@ -65,11 +65,10 @@ public final class RequestHelper implements Serializable {
        this.timeout = timeout;
        this.tlsVersion = tlsVersion;
        this.trustedCaCert = trustedCaCert;
-        this.jsonMapper = JsonMapper.builder()
+        this.jsonMapper = new ObjectMapper()
-            .addModule(new JavaTimeModule())
+                .registerModule(new JavaTimeModule())
-            .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
+                .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-            .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
+                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
            .build();
    }
    /**
@ -116,7 +115,7 @@ public final class RequestHelper implements Serializable {
     * @since 0.8
     */
    public <T> T post(final String path, final Object payload, final String token, final Class<T> target)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        try {
            String response = post(path, payload, token);
            return jsonMapper.readValue(response, target);
@ -135,7 +134,7 @@ public final class RequestHelper implements Serializable {
     * @since 0.8
     */
    public void postWithoutResponse(final String path, final Object payload, final String token)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        if (!post(path, payload, token).isEmpty()) {
            throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
        }
@ -152,7 +151,7 @@ public final class RequestHelper implements Serializable {
     * @since 0.8 Added {@code token} parameter.
     */
    public String put(final String path, final Map<String, String> payload, final String token)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        // Initialize PUT.
        var req = HttpRequest.newBuilder(URI.create(baseURL + path));
@ -186,7 +185,7 @@ public final class RequestHelper implements Serializable {
     * @since 0.8
     */
    public <T> T put(final String path, final Map<String, String> payload, final String token, final Class<T> target)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        try {
            String response = put(path, payload, token);
            return jsonMapper.readValue(response, target);
@ -205,7 +204,7 @@ public final class RequestHelper implements Serializable {
     * @since 0.8
     */
    public void putWithoutResponse(final String path, final Map<String, String> payload, final String token)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        if (!put(path, payload, token).isEmpty()) {
            throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
        }
@ -257,15 +256,15 @@ public final class RequestHelper implements Serializable {
     * @since 0.8 Added {@code token} parameter.
     */
    public String get(final String path, final Map<String, String> payload, final String token)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        // Add parameters to URI.
        var uriBuilder = new StringBuilder(baseURL + path);
        if (!payload.isEmpty()) {
            uriBuilder.append("?").append(
-                payload.entrySet().stream().map(par ->
+                    payload.entrySet().stream().map(par ->
-                    URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
+                            URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
-                ).collect(Collectors.joining("&"))
+                    ).collect(Collectors.joining("&"))
            );
        }
@ -298,7 +297,7 @@ public final class RequestHelper implements Serializable {
     * @since 0.8
     */
    public <T> T get(final String path, final Map<String, String> payload, final String token, final Class<T> target)
-        throws VaultConnectorException {
+            throws VaultConnectorException {
        try {
            String response = get(path, payload, token);
            return jsonMapper.readValue(response, target);
@ -334,8 +333,8 @@ public final class RequestHelper implements Serializable {
        // Execute request.
        try {
            HttpResponse<InputStream> response = client.sendAsync(
-                requestBuilder.build(),
+                    requestBuilder.build(),
-                HttpResponse.BodyHandlers.ofInputStream()
+                    HttpResponse.BodyHandlers.ofInputStream()
            ).join();
            /* Check if response is valid */
--- a/src/main/java/de/stklcode/jvault/connector/model/AppRole.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AppRole.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -331,28 +331,28 @@ public final class AppRole implements Serializable {
        }
        AppRole appRole = (AppRole) o;
        return Objects.equals(name, appRole.name) &&
-            Objects.equals(id, appRole.id) &&
+                Objects.equals(id, appRole.id) &&
-            Objects.equals(bindSecretId, appRole.bindSecretId) &&
+                Objects.equals(bindSecretId, appRole.bindSecretId) &&
-            Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) &&
+                Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) &&
-            Objects.equals(secretIdNumUses, appRole.secretIdNumUses) &&
+                Objects.equals(secretIdNumUses, appRole.secretIdNumUses) &&
-            Objects.equals(secretIdTtl, appRole.secretIdTtl) &&
+                Objects.equals(secretIdTtl, appRole.secretIdTtl) &&
-            Objects.equals(localSecretIds, appRole.localSecretIds) &&
+                Objects.equals(localSecretIds, appRole.localSecretIds) &&
-            Objects.equals(tokenTtl, appRole.tokenTtl) &&
+                Objects.equals(tokenTtl, appRole.tokenTtl) &&
-            Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) &&
+                Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) &&
-            Objects.equals(tokenPolicies, appRole.tokenPolicies) &&
+                Objects.equals(tokenPolicies, appRole.tokenPolicies) &&
-            Objects.equals(tokenBoundCidrs, appRole.tokenBoundCidrs) &&
+                Objects.equals(tokenBoundCidrs, appRole.tokenBoundCidrs) &&
-            Objects.equals(tokenExplicitMaxTtl, appRole.tokenExplicitMaxTtl) &&
+                Objects.equals(tokenExplicitMaxTtl, appRole.tokenExplicitMaxTtl) &&
-            Objects.equals(tokenNoDefaultPolicy, appRole.tokenNoDefaultPolicy) &&
+                Objects.equals(tokenNoDefaultPolicy, appRole.tokenNoDefaultPolicy) &&
-            Objects.equals(tokenNumUses, appRole.tokenNumUses) &&
+                Objects.equals(tokenNumUses, appRole.tokenNumUses) &&
-            Objects.equals(tokenPeriod, appRole.tokenPeriod) &&
+                Objects.equals(tokenPeriod, appRole.tokenPeriod) &&
-            Objects.equals(tokenType, appRole.tokenType);
+                Objects.equals(tokenType, appRole.tokenType);
    }
    @Override
    public int hashCode() {
        return Objects.hash(name, id, bindSecretId, secretIdBoundCidrs, secretIdNumUses, secretIdTtl,
-            localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
+                localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
-            tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
+                tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -181,19 +181,19 @@ public final class AppRoleSecret implements Serializable {
        }
        AppRoleSecret that = (AppRoleSecret) o;
        return Objects.equals(id, that.id) &&
-            Objects.equals(accessor, that.accessor) &&
+                Objects.equals(accessor, that.accessor) &&
-            Objects.equals(metadata, that.metadata) &&
+                Objects.equals(metadata, that.metadata) &&
-            Objects.equals(cidrList, that.cidrList) &&
+                Objects.equals(cidrList, that.cidrList) &&
-            Objects.equals(creationTime, that.creationTime) &&
+                Objects.equals(creationTime, that.creationTime) &&
-            Objects.equals(expirationTime, that.expirationTime) &&
+                Objects.equals(expirationTime, that.expirationTime) &&
-            Objects.equals(lastUpdatedTime, that.lastUpdatedTime) &&
+                Objects.equals(lastUpdatedTime, that.lastUpdatedTime) &&
-            Objects.equals(numUses, that.numUses) &&
+                Objects.equals(numUses, that.numUses) &&
-            Objects.equals(ttl, that.ttl);
+                Objects.equals(ttl, that.ttl);
    }
    @Override
    public int hashCode() {
        return Objects.hash(id, accessor, metadata, cidrList, creationTime, expirationTime, lastUpdatedTime, numUses,
-            ttl);
+                ttl);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/Token.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/Token.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -227,24 +227,24 @@ public final class Token implements Serializable {
        }
        Token token = (Token) o;
        return Objects.equals(id, token.id) &&
-            Objects.equals(type, token.type) &&
+                Objects.equals(type, token.type) &&
-            Objects.equals(displayName, token.displayName) &&
+                Objects.equals(displayName, token.displayName) &&
-            Objects.equals(noParent, token.noParent) &&
+                Objects.equals(noParent, token.noParent) &&
-            Objects.equals(noDefaultPolicy, token.noDefaultPolicy) &&
+                Objects.equals(noDefaultPolicy, token.noDefaultPolicy) &&
-            Objects.equals(ttl, token.ttl) &&
+                Objects.equals(ttl, token.ttl) &&
-            Objects.equals(explicitMaxTtl, token.explicitMaxTtl) &&
+                Objects.equals(explicitMaxTtl, token.explicitMaxTtl) &&
-            Objects.equals(numUses, token.numUses) &&
+                Objects.equals(numUses, token.numUses) &&
-            Objects.equals(policies, token.policies) &&
+                Objects.equals(policies, token.policies) &&
-            Objects.equals(meta, token.meta) &&
+                Objects.equals(meta, token.meta) &&
-            Objects.equals(renewable, token.renewable) &&
+                Objects.equals(renewable, token.renewable) &&
-            Objects.equals(period, token.period) &&
+                Objects.equals(period, token.period) &&
-            Objects.equals(entityAlias, token.entityAlias);
+                Objects.equals(entityAlias, token.entityAlias);
    }
    @Override
    public int hashCode() {
        return Objects.hash(id, type, displayName, noParent, noDefaultPolicy, ttl, explicitMaxTtl, numUses, policies,
-            meta, renewable, period, entityAlias);
+                meta, renewable, period, entityAlias);
    }
    /**
--- a/src/main/java/de/stklcode/jvault/connector/model/TokenRole.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/TokenRole.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -245,27 +245,27 @@ public final class TokenRole implements Serializable {
        }
        TokenRole tokenRole = (TokenRole) o;
        return Objects.equals(name, tokenRole.name) &&
-            Objects.equals(allowedPolicies, tokenRole.allowedPolicies) &&
+                Objects.equals(allowedPolicies, tokenRole.allowedPolicies) &&
-            Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) &&
+                Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) &&
-            Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) &&
+                Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) &&
-            Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) &&
+                Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) &&
-            Objects.equals(orphan, tokenRole.orphan) &&
+                Objects.equals(orphan, tokenRole.orphan) &&
-            Objects.equals(renewable, tokenRole.renewable) &&
+                Objects.equals(renewable, tokenRole.renewable) &&
-            Objects.equals(pathSuffix, tokenRole.pathSuffix) &&
+                Objects.equals(pathSuffix, tokenRole.pathSuffix) &&
-            Objects.equals(allowedEntityAliases, tokenRole.allowedEntityAliases) &&
+                Objects.equals(allowedEntityAliases, tokenRole.allowedEntityAliases) &&
-            Objects.equals(tokenBoundCidrs, tokenRole.tokenBoundCidrs) &&
+                Objects.equals(tokenBoundCidrs, tokenRole.tokenBoundCidrs) &&
-            Objects.equals(tokenExplicitMaxTtl, tokenRole.tokenExplicitMaxTtl) &&
+                Objects.equals(tokenExplicitMaxTtl, tokenRole.tokenExplicitMaxTtl) &&
-            Objects.equals(tokenNoDefaultPolicy, tokenRole.tokenNoDefaultPolicy) &&
+                Objects.equals(tokenNoDefaultPolicy, tokenRole.tokenNoDefaultPolicy) &&
-            Objects.equals(tokenNumUses, tokenRole.tokenNumUses) &&
+                Objects.equals(tokenNumUses, tokenRole.tokenNumUses) &&
-            Objects.equals(tokenPeriod, tokenRole.tokenPeriod) &&
+                Objects.equals(tokenPeriod, tokenRole.tokenPeriod) &&
-            Objects.equals(tokenType, tokenRole.tokenType);
+                Objects.equals(tokenType, tokenRole.tokenType);
    }
    @Override
    public int hashCode() {
        return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob,
-            orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
+                orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
-            tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
+                tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
    }
    /**
--- a/src/main/java/de/stklcode/jvault/connector/model/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/package-info.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -187,19 +187,19 @@ public final class HealthResponse implements VaultResponse {
        }
        HealthResponse that = (HealthResponse) o;
        return Objects.equals(clusterID, that.clusterID) &&
-            Objects.equals(clusterName, that.clusterName) &&
+                Objects.equals(clusterName, that.clusterName) &&
-            Objects.equals(version, that.version) &&
+                Objects.equals(version, that.version) &&
-            Objects.equals(serverTimeUTC, that.serverTimeUTC) &&
+                Objects.equals(serverTimeUTC, that.serverTimeUTC) &&
-            Objects.equals(standby, that.standby) &&
+                Objects.equals(standby, that.standby) &&
-            Objects.equals(sealed, that.sealed) &&
+                Objects.equals(sealed, that.sealed) &&
-            Objects.equals(initialized, that.initialized) &&
+                Objects.equals(initialized, that.initialized) &&
-            Objects.equals(replicationPerfMode, that.replicationPerfMode) &&
+                Objects.equals(replicationPerfMode, that.replicationPerfMode) &&
-            Objects.equals(replicationDrMode, that.replicationDrMode) &&
+                Objects.equals(replicationDrMode, that.replicationDrMode) &&
-            Objects.equals(performanceStandby, that.performanceStandby) &&
+                Objects.equals(performanceStandby, that.performanceStandby) &&
-            Objects.equals(echoDurationMs, that.echoDurationMs) &&
+                Objects.equals(echoDurationMs, that.echoDurationMs) &&
-            Objects.equals(clockSkewMs, that.clockSkewMs) &&
+                Objects.equals(clockSkewMs, that.clockSkewMs) &&
-            Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) &&
+                Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) &&
-            Objects.equals(enterprise, that.enterprise);
+                Objects.equals(enterprise, that.enterprise);
    }
    @Override
--- a/src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/MetaSecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/MetaSecretResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2021 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/PlainSecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/PlainSecretResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2021 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -191,24 +191,24 @@ public final class SealResponse implements VaultResponse {
        }
        SealResponse that = (SealResponse) o;
        return sealed == that.sealed &&
-            initialized == that.initialized &&
+                initialized == that.initialized &&
-            Objects.equals(type, that.type) &&
+                Objects.equals(type, that.type) &&
-            Objects.equals(threshold, that.threshold) &&
+                Objects.equals(threshold, that.threshold) &&
-            Objects.equals(numberOfShares, that.numberOfShares) &&
+                Objects.equals(numberOfShares, that.numberOfShares) &&
-            Objects.equals(progress, that.progress) &&
+                Objects.equals(progress, that.progress) &&
-            Objects.equals(version, that.version) &&
+                Objects.equals(version, that.version) &&
-            Objects.equals(buildDate, that.buildDate) &&
+                Objects.equals(buildDate, that.buildDate) &&
-            Objects.equals(nonce, that.nonce) &&
+                Objects.equals(nonce, that.nonce) &&
-            Objects.equals(clusterName, that.clusterName) &&
+                Objects.equals(clusterName, that.clusterName) &&
-            Objects.equals(clusterId, that.clusterId) &&
+                Objects.equals(clusterId, that.clusterId) &&
-            Objects.equals(migration, that.migration) &&
+                Objects.equals(migration, that.migration) &&
-            Objects.equals(recoverySeal, that.recoverySeal) &&
+                Objects.equals(recoverySeal, that.recoverySeal) &&
-            Objects.equals(storageType, that.storageType);
+                Objects.equals(storageType, that.storageType);
    }
    @Override
    public int hashCode() {
        return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, buildDate, nonce,
-            clusterName, clusterId, migration, recoverySeal, storageType);
+                clusterName, clusterId, migration, recoverySeal, storageType);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -18,8 +18,8 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
@ -85,11 +85,10 @@ public abstract class SecretResponse extends VaultDataResponse {
            } else if (type.isInstance(rawValue)) {
                return type.cast(rawValue);
            } else {
-                var om = JsonMapper.builder()
+                var om = new ObjectMapper()
-                    .addModule(new JavaTimeModule())
+                        .registerModule(new JavaTimeModule())
-                    .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
+                        .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-                    .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
+                        .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
                    .build();
                if (rawValue instanceof String) {
                    return om.readValue((String) rawValue, type);
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java
@ -1,92 +0,0 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonSetter;
 import java.util.Map;
 import java.util.Objects;
 /**
 * Response entity for transit operations.
 *
 * @author Stefan Kalscheuer
 * @since 1.5.0
 */
 public class TransitResponse extends VaultDataResponse {
    private static final long serialVersionUID = 6873804240772242771L;
    private String ciphertext;
    private String plaintext;
    private String sum;
    @JsonSetter("data")
    private void setData(Map<String, String> data) {
        ciphertext = data.get("ciphertext");
        plaintext = data.get("plaintext");
        sum = data.get("sum");
    }
    /**
     * Get ciphertext.
     * Populated after encryption.
     *
     * @return Ciphertext
     */
    public String getCiphertext() {
        return ciphertext;
    }
    /**
     * Get plaintext.
     * Base64 encoded, populated after decryption.
     *
     * @return Plaintext
     */
    public String getPlaintext() {
        return plaintext;
    }
    /**
     * Get hash sum.
     * Hex or Base64 string. Populated after hashing.
     *
     * @return Hash sum
     */
    public String getSum() {
        return sum;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o) {
            return true;
        } else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
            return false;
        }
        TransitResponse that = (TransitResponse) o;
        return Objects.equals(ciphertext, that.ciphertext) &&
            Objects.equals(plaintext, that.plaintext) &&
            Objects.equals(sum, that.sum);
    }
    @Override
    public int hashCode() {
        return Objects.hash(super.hashCode(), ciphertext, plaintext, sum);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -115,7 +115,6 @@ public abstract class VaultDataResponse implements VaultResponse {
    public final String getMountType() {
        return mountType;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o) {
@ -125,13 +124,13 @@ public abstract class VaultDataResponse implements VaultResponse {
        }
        VaultDataResponse that = (VaultDataResponse) o;
        return renewable == that.renewable &&
-            Objects.equals(requestId, that.requestId) &&
+                Objects.equals(requestId, that.requestId) &&
-            Objects.equals(leaseId, that.leaseId) &&
+                Objects.equals(leaseId, that.leaseId) &&
-            Objects.equals(leaseDuration, that.leaseDuration) &&
+                Objects.equals(leaseDuration, that.leaseDuration) &&
-            Objects.equals(warnings, that.warnings) &&
+                Objects.equals(warnings, that.warnings) &&
-            Objects.equals(wrapInfo, that.wrapInfo) &&
+                Objects.equals(wrapInfo, that.wrapInfo) &&
-            Objects.equals(auth, that.auth) &&
+                Objects.equals(auth, that.auth) &&
-            Objects.equals(mountType, that.mountType);
+                Objects.equals(mountType, that.mountType);
    }
    @Override
--- a/src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -171,22 +171,22 @@ public final class AuthData implements Serializable {
        }
        AuthData authData = (AuthData) o;
        return renewable == authData.renewable &&
-            orphan == authData.orphan &&
+                orphan == authData.orphan &&
-            Objects.equals(clientToken, authData.clientToken) &&
+                Objects.equals(clientToken, authData.clientToken) &&
-            Objects.equals(accessor, authData.accessor) &&
+                Objects.equals(accessor, authData.accessor) &&
-            Objects.equals(policies, authData.policies) &&
+                Objects.equals(policies, authData.policies) &&
-            Objects.equals(tokenPolicies, authData.tokenPolicies) &&
+                Objects.equals(tokenPolicies, authData.tokenPolicies) &&
-            Objects.equals(metadata, authData.metadata) &&
+                Objects.equals(metadata, authData.metadata) &&
-            Objects.equals(leaseDuration, authData.leaseDuration) &&
+                Objects.equals(leaseDuration, authData.leaseDuration) &&
-            Objects.equals(entityId, authData.entityId) &&
+                Objects.equals(entityId, authData.entityId) &&
-            Objects.equals(tokenType, authData.tokenType) &&
+                Objects.equals(tokenType, authData.tokenType) &&
-            Objects.equals(numUses, authData.numUses) &&
+                Objects.equals(numUses, authData.numUses) &&
-            Objects.equals(mfaRequirement, authData.mfaRequirement);
+                Objects.equals(mfaRequirement, authData.mfaRequirement);
    }
    @Override
    public int hashCode() {
        return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable,
-            entityId, tokenType, orphan, numUses, mfaRequirement);
+                entityId, tokenType, orphan, numUses, mfaRequirement);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -202,19 +202,19 @@ public final class AuthMethod implements Serializable {
        }
        AuthMethod that = (AuthMethod) o;
        return local == that.local &&
-            type == that.type &&
+                type == that.type &&
-            externalEntropyAccess == that.externalEntropyAccess &&
+                externalEntropyAccess == that.externalEntropyAccess &&
-            sealWrap == that.sealWrap &&
+                sealWrap == that.sealWrap &&
-            Objects.equals(rawType, that.rawType) &&
+                Objects.equals(rawType, that.rawType) &&
-            Objects.equals(accessor, that.accessor) &&
+                Objects.equals(accessor, that.accessor) &&
-            Objects.equals(deprecationStatus, that.deprecationStatus) &&
+                Objects.equals(deprecationStatus, that.deprecationStatus) &&
-            Objects.equals(description, that.description) &&
+                Objects.equals(description, that.description) &&
-            Objects.equals(config, that.config) &&
+                Objects.equals(config, that.config) &&
-            Objects.equals(options, that.options) &&
+                Objects.equals(options, that.options) &&
-            Objects.equals(pluginVersion, that.pluginVersion) &&
+                Objects.equals(pluginVersion, that.pluginVersion) &&
-            Objects.equals(runningPluginVersion, that.runningPluginVersion) &&
+                Objects.equals(runningPluginVersion, that.runningPluginVersion) &&
-            Objects.equals(runningSha256, that.runningSha256) &&
+                Objects.equals(runningSha256, that.runningSha256) &&
-            Objects.equals(uuid, that.uuid);
+                Objects.equals(uuid, that.uuid);
    }
    @Override
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaConstraintAny.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaConstraintAny.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaMethodId.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaMethodId.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaRequirement.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaRequirement.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -138,14 +138,14 @@ public final class SecretMetadata implements Serializable {
        }
        SecretMetadata that = (SecretMetadata) o;
        return Objects.equals(createdTime, that.createdTime) &&
-            Objects.equals(currentVersion, that.currentVersion) &&
+                Objects.equals(currentVersion, that.currentVersion) &&
-            Objects.equals(maxVersions, that.maxVersions) &&
+                Objects.equals(maxVersions, that.maxVersions) &&
-            Objects.equals(oldestVersion, that.oldestVersion) &&
+                Objects.equals(oldestVersion, that.oldestVersion) &&
-            Objects.equals(updatedTime, that.updatedTime) &&
+                Objects.equals(updatedTime, that.updatedTime) &&
-            Objects.equals(versions, that.versions) &&
+                Objects.equals(versions, that.versions) &&
-            Objects.equals(casRequired, that.casRequired) &&
+                Objects.equals(casRequired, that.casRequired) &&
-            Objects.equals(customMetadata, that.customMetadata) &&
+                Objects.equals(customMetadata, that.customMetadata) &&
-            Objects.equals(deleteVersionAfter, that.deleteVersionAfter);
+                Objects.equals(deleteVersionAfter, that.deleteVersionAfter);
    }
    @Override
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -222,27 +222,27 @@ public final class TokenData implements Serializable {
        }
        TokenData tokenData = (TokenData) o;
        return orphan == tokenData.orphan &&
-            renewable == tokenData.renewable &&
+                renewable == tokenData.renewable &&
-            Objects.equals(accessor, tokenData.accessor) &&
+                Objects.equals(accessor, tokenData.accessor) &&
-            Objects.equals(creationTime, tokenData.creationTime) &&
+                Objects.equals(creationTime, tokenData.creationTime) &&
-            Objects.equals(creationTtl, tokenData.creationTtl) &&
+                Objects.equals(creationTtl, tokenData.creationTtl) &&
-            Objects.equals(name, tokenData.name) &&
+                Objects.equals(name, tokenData.name) &&
-            Objects.equals(entityId, tokenData.entityId) &&
+                Objects.equals(entityId, tokenData.entityId) &&
-            Objects.equals(expireTime, tokenData.expireTime) &&
+                Objects.equals(expireTime, tokenData.expireTime) &&
-            Objects.equals(explicitMaxTtl, tokenData.explicitMaxTtl) &&
+                Objects.equals(explicitMaxTtl, tokenData.explicitMaxTtl) &&
-            Objects.equals(id, tokenData.id) &&
+                Objects.equals(id, tokenData.id) &&
-            Objects.equals(issueTime, tokenData.issueTime) &&
+                Objects.equals(issueTime, tokenData.issueTime) &&
-            Objects.equals(meta, tokenData.meta) &&
+                Objects.equals(meta, tokenData.meta) &&
-            Objects.equals(numUses, tokenData.numUses) &&
+                Objects.equals(numUses, tokenData.numUses) &&
-            Objects.equals(path, tokenData.path) &&
+                Objects.equals(path, tokenData.path) &&
-            Objects.equals(policies, tokenData.policies) &&
+                Objects.equals(policies, tokenData.policies) &&
-            Objects.equals(ttl, tokenData.ttl) &&
+                Objects.equals(ttl, tokenData.ttl) &&
-            Objects.equals(type, tokenData.type);
+                Objects.equals(type, tokenData.type);
    }
    @Override
    public int hashCode() {
        return Objects.hash(accessor, creationTime, creationTtl, name, entityId, expireTime, explicitMaxTtl, id,
-            issueTime, meta, numUses, orphan, path, policies, renewable, ttl, type);
+                issueTime, meta, numUses, orphan, path, policies, renewable, ttl, type);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -96,10 +96,10 @@ public final class VersionMetadata implements Serializable {
        }
        VersionMetadata that = (VersionMetadata) o;
        return destroyed == that.destroyed &&
-            Objects.equals(createdTime, that.createdTime) &&
+                Objects.equals(createdTime, that.createdTime) &&
-            Objects.equals(deletionTime, that.deletionTime) &&
+                Objects.equals(deletionTime, that.deletionTime) &&
-            Objects.equals(version, that.version) &&
+                Objects.equals(version, that.version) &&
-            Objects.equals(customMetadata, that.customMetadata);
+                Objects.equals(customMetadata, that.customMetadata);
    }
    @Override
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/WrapInfo.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/WrapInfo.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -80,9 +80,9 @@ public class WrapInfo implements Serializable {
        }
        WrapInfo that = (WrapInfo) o;
        return Objects.equals(token, that.token) &&
-            Objects.equals(ttl, that.ttl) &&
+                Objects.equals(ttl, that.ttl) &&
-            Objects.equals(creationTime, that.creationTime) &&
+                Objects.equals(creationTime, that.creationTime) &&
-            Objects.equals(creationPath, that.creationPath);
+                Objects.equals(creationPath, that.creationPath);
    }
    @Override
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/package-info.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/package-info.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/module-info.java
+++ b/src/main/java/module-info.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -25,10 +25,7 @@ import org.junit.jupiter.api.io.TempDir;
 import java.io.File;
 import java.lang.reflect.Field;
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Paths;
 import java.util.concurrent.atomic.AtomicReference;
 import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable;
 import static org.junit.jupiter.api.Assertions.*;
@ -41,8 +38,6 @@ import static org.junit.jupiter.api.Assertions.*;
 */
 class HTTPVaultConnectorBuilderTest {
    private static final String VAULT_ADDR = "https://localhost:8201";
    private static final String VAULT_ADDR_2 = "http://localhost";
    private static final String VAULT_ADDR_3 = "https://localhost/vault/";
    private static final Integer VAULT_MAX_RETRIES = 13;
    private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
@ -117,22 +112,6 @@ class HTTPVaultConnectorBuilderTest {
            return null;
        });
        withVaultEnv(VAULT_ADDR_2, null, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                    () -> HTTPVaultConnector.builder().fromEnv(),
                    "Factory creation from minimal environment failed"
            );
            assertEquals(VAULT_ADDR_2 + "/v1/", getRequestHelperPrivate(builder.build(), "baseURL"), "URL without port not set correctly");
            return null;
        });
        withVaultEnv(VAULT_ADDR_3, null, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                    () -> HTTPVaultConnector.builder().fromEnv(),
                    "Factory creation from minimal environment failed"
            );
            assertEquals(VAULT_ADDR_3, getRequestHelperPrivate(builder.build(), "baseURL"), "URL with custom path not set correctly");
            return null;
        });
        // Provide address and number of retries.
        withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
@ -149,6 +128,19 @@ class HTTPVaultConnectorBuilderTest {
            return null;
        });
        // Provide CA certificate.
        String vaultCacert = tempDir.toString() + "/doesnotexist";
        withVaultEnv(VAULT_ADDR, vaultCacert, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
            TlsException e = assertThrows(
                    TlsException.class,
                    () -> HTTPVaultConnector.builder().fromEnv(),
                    "Creation with unknown cert path failed"
            );
            assertEquals(vaultCacert, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
            return null;
        });
        // Automatic authentication.
        withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
@ -172,59 +164,6 @@ class HTTPVaultConnectorBuilderTest {
        });
    }
    /**
     * Test CA certificate handling from environment variables
     */
    @Test
    void testCertificateFromEnv() throws Exception {
        // From direct PEM content
        String pem = Files.readString(Paths.get(getClass().getResource("/tls/ca.pem").toURI()));
        AtomicReference<Object> certFromPem = new AtomicReference<>();
        withVaultEnv(VAULT_ADDR, pem, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                    () -> HTTPVaultConnector.builder().fromEnv(),
                    "Builder with PEM certificate from environment failed"
            );
            HTTPVaultConnector connector = builder.build();
            certFromPem.set(getRequestHelperPrivate(connector, "trustedCaCert"));
            assertNotNull(certFromPem.get(), "Trusted CA cert from PEM not set");
            return null;
        });
        // From file path
        String file = Paths.get(getClass().getResource("/tls/ca.pem").toURI()).toString();
        AtomicReference<Object> certFromFile = new AtomicReference<>();
        withVaultEnv(VAULT_ADDR, file, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                    () -> HTTPVaultConnector.builder().fromEnv(),
                    "Builder with certificate path from environment failed"
            );
            HTTPVaultConnector connector = builder.build();
            certFromFile.set(getRequestHelperPrivate(connector, "trustedCaCert"));
            assertNotNull(certFromFile.get(), "Trusted CA cert from file not set");
            return null;
        });
        assertEquals(certFromPem.get(), certFromFile.get(), "Certificates from PEM and file should be equal");
        // Non-existing path CA certificate path
        String doesNotExist = tempDir.toString() + "/doesnotexist";
        withVaultEnv(VAULT_ADDR, doesNotExist, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
            TlsException e = assertThrows(
                    TlsException.class,
                    () -> HTTPVaultConnector.builder().fromEnv(),
                    "Creation with unknown cert path failed"
            );
            assertEquals(doesNotExist, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
            return null;
        });
    }
    private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) {
        return withEnvironmentVariable("VAULT_ADDR", vaultAddr)
                .and("VAULT_CACERT", vaultCacert)
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -52,7 +52,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
 * @since 0.1
 */
 class HTTPVaultConnectorIT {
-    private static String VAULT_VERSION = "1.19.0";  // The vault version this test is supposed to run against.
+    private static String VAULT_VERSION = "1.18.2";  // The vault version this test is supposed to run against.
    private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
    private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
    private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
@ -989,75 +989,6 @@ class HTTPVaultConnectorIT {
        }
    }
    @Nested
    @DisplayName("Transit Tests")
    class TransitTests {
        @Test
        @DisplayName("Transit encryption")
        void transitEncryptTest() {
            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
            assumeTrue(connector.isAuthorized());
            TransitResponse transitResponse = assertDoesNotThrow(
                () -> connector.transitEncrypt("my-key", "dGVzdCBtZQ=="),
                "Failed to encrypt via transit"
            );
            assertNotNull(transitResponse.getCiphertext());
            assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
            transitResponse = assertDoesNotThrow(
                () -> connector.transitEncrypt("my-key", "test me".getBytes(UTF_8)),
                "Failed to encrypt binary data via transit"
            );
            assertNotNull(transitResponse.getCiphertext());
            assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
        }
        @Test
        @DisplayName("Transit decryption")
        void transitDecryptTest() {
            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
            assumeTrue(connector.isAuthorized());
            TransitResponse transitResponse = assertDoesNotThrow(
                () -> connector.transitDecrypt("my-key", "vault:v1:1mhLVkBAR2nrFtIkJF/qg57DWfRj0FWgR6tvkGO8XOnL6sw="),
                "Failed to decrypt via transit"
            );
            assertEquals("dGVzdCBtZQ==", transitResponse.getPlaintext());
        }
        @Test
        @DisplayName("Transit hash")
        void transitHashText() {
            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
            assumeTrue(connector.isAuthorized());
            TransitResponse transitResponse = assertDoesNotThrow(
                () -> connector.transitHash("sha2-512", "dGVzdCBtZQ=="),
                "Failed to hash via transit"
            );
            assertEquals("7677af0ee4effaa9f35e9b1e82d182f79516ab8321786baa23002de7c06851059492dd37d5fc3791f17d81d4b58198d24a6fd8bbd62c42c1c30b371da500f193", transitResponse.getSum());
            TransitResponse transitResponseBase64 = assertDoesNotThrow(
                () -> connector.transitHash("sha2-256", "dGVzdCBtZQ==", "base64"),
                "Failed to hash via transit with base64 output"
            );
            assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
            transitResponseBase64 = assertDoesNotThrow(
                () -> connector.transitHash("sha2-256", "test me".getBytes(UTF_8), "base64"),
                "Failed to hash binary data via transit"
            );
            assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
        }
    }
    @Nested
    @DisplayName("Misc Tests")
    class MiscTests {
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -17,13 +17,13 @@
 package de.stklcode.jvault.connector;
 import com.github.tomakehurst.wiremock.client.WireMock;
-import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
+import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
 import com.github.tomakehurst.wiremock.junit5.WireMockTest;
 import de.stklcode.jvault.connector.exception.ConnectionException;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.exception.PermissionDeniedException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 import org.junit.jupiter.api.function.Executable;
 import java.io.IOException;
@ -36,7 +36,9 @@ import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
-import static com.github.tomakehurst.wiremock.client.WireMock.*;
+import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
 import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
 import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
 import static org.junit.jupiter.api.Assertions.*;
 /**
@ -46,23 +48,26 @@ import static org.junit.jupiter.api.Assertions.*;
 * @author Stefan Kalscheuer
 * @since 0.7.0
 */
@WireMockTest
 class HTTPVaultConnectorTest {
    @RegisterExtension
    static WireMockExtension wireMock = WireMockExtension.newInstance()
            .options(wireMockConfig().dynamicPort())
            .build();
    /**
     * Test exceptions thrown during request.
     */
    @Test
-    void requestExceptionTest(WireMockRuntimeInfo wireMock) throws IOException, URISyntaxException {
+    void requestExceptionTest() throws IOException, URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
        // Test invalid response code.
        final int responseCode = 400;
        mockHttpResponse(responseCode, "", "application/json");
        VaultConnectorException e = assertThrows(
-            InvalidResponseException.class,
+                InvalidResponseException.class,
-            connector::getHealth,
+                connector::getHealth,
-            "Querying health status succeeded on invalid instance"
+                "Querying health status succeeded on invalid instance"
        );
        assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message");
        assertEquals(responseCode, ((InvalidResponseException) e).getStatusCode(), "Unexpected status code in exception");
@ -71,9 +76,9 @@ class HTTPVaultConnectorTest {
        // Simulate permission denied response.
        mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json");
        assertThrows(
-            PermissionDeniedException.class,
+                PermissionDeniedException.class,
-            connector::getHealth,
+                connector::getHealth,
-            "Querying health status succeeded on invalid instance"
+                "Querying health status succeeded on invalid instance"
        );
        // Test exception thrown during request.
@ -81,22 +86,22 @@ class HTTPVaultConnectorTest {
            connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build();
        }
        e = assertThrows(
-            ConnectionException.class,
+                ConnectionException.class,
-            connector::getHealth,
+                connector::getHealth,
-            "Querying health status succeeded on invalid instance"
+                "Querying health status succeeded on invalid instance"
        );
        assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
        assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
        // Now simulate a failing request that succeeds on second try.
-        connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withNumberOfRetries(1).withTimeout(250).build();
+        connector = HTTPVaultConnector.builder(wireMock.url("/")).withNumberOfRetries(1).withTimeout(250).build();
-        stubFor(
+        wireMock.stubFor(
-            WireMock.any(anyUrl())
+                WireMock.any(anyUrl())
-                .willReturn(aResponse().withStatus(500))
+                        .willReturn(aResponse().withStatus(500))
-                .willReturn(aResponse().withStatus(500))
+                        .willReturn(aResponse().withStatus(500))
-                .willReturn(aResponse().withStatus(500))
+                        .willReturn(aResponse().withStatus(500))
-                .willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json"))
+                        .willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json"))
        );
        assertDoesNotThrow(connector::getHealth, "Request failed unexpectedly");
    }
@ -159,9 +164,9 @@ class HTTPVaultConnectorTest {
            connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort()).withTimeout(250).build();
        }
        ConnectionException e = assertThrows(
-            ConnectionException.class,
+                ConnectionException.class,
-            connector::sealStatus,
+                connector::sealStatus,
-            "Querying seal status succeeded on invalid instance"
+                "Querying seal status succeeded on invalid instance"
        );
        assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
    }
@ -177,9 +182,9 @@ class HTTPVaultConnectorTest {
            connector = HTTPVaultConnector.builder("http://localhost:" + s.getLocalPort() + "/").withTimeout(250).build();
        }
        ConnectionException e = assertThrows(
-            ConnectionException.class,
+                ConnectionException.class,
-            connector::getHealth,
+                connector::getHealth,
-            "Querying health status succeeded on invalid instance"
+                "Querying health status succeeded on invalid instance"
        );
        assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
    }
@ -188,8 +193,8 @@ class HTTPVaultConnectorTest {
     * Test behavior on unparsable responses.
     */
    @Test
-    void parseExceptionTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
+    void parseExceptionTest() throws URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
        // Mock authorization.
        setPrivate(connector, "authorized", true);
        // Mock response.
@ -222,8 +227,8 @@ class HTTPVaultConnectorTest {
     * Test requests that expect an empty response with code 204, but receive a 200 body.
     */
    @Test
-    void nonEmpty204ResponseTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
+    void nonEmpty204ResponseTest() throws URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
        // Mock authorization.
        setPrivate(connector, "authorized", true);
        // Mock response.
@ -231,45 +236,45 @@ class HTTPVaultConnectorTest {
        // Now test the methods expecting a 204.
        assertThrows(
-            InvalidResponseException.class,
+                InvalidResponseException.class,
-            () -> connector.createAppRole("appID", Collections.singletonList("policy")),
+                () -> connector.createAppRole("appID", Collections.singletonList("policy")),
-            "createAppRole() with 200 response succeeded"
+                "createAppRole() with 200 response succeeded"
        );
        assertThrows(
-            InvalidResponseException.class,
+                InvalidResponseException.class,
-            () -> connector.deleteAppRole("roleName"),
+                () -> connector.deleteAppRole("roleName"),
-            "deleteAppRole() with 200 response succeeded"
+                "deleteAppRole() with 200 response succeeded"
        );
        assertThrows(
-            InvalidResponseException.class,
+                InvalidResponseException.class,
-            () -> connector.setAppRoleID("roleName", "roleID"),
+                () -> connector.setAppRoleID("roleName", "roleID"),
-            "setAppRoleID() with 200 response succeeded"
+                "setAppRoleID() with 200 response succeeded"
        );
        assertThrows(
-            InvalidResponseException.class,
+                InvalidResponseException.class,
-            () -> connector.destroyAppRoleSecret("roleName", "secretID"),
+                () -> connector.destroyAppRoleSecret("roleName", "secretID"),
-            "destroyAppRoleSecret() with 200 response succeeded"
+                "destroyAppRoleSecret() with 200 response succeeded"
        );
        assertThrows(
-            InvalidResponseException.class,
+                InvalidResponseException.class,
-            () -> connector.destroyAppRoleSecret("roleName", "secretUD"),
+                () -> connector.destroyAppRoleSecret("roleName", "secretUD"),
-            "destroyAppRoleSecret() with 200 response succeeded"
+                "destroyAppRoleSecret() with 200 response succeeded"
        );
        assertThrows(
-            InvalidResponseException.class,
+                InvalidResponseException.class,
-            () -> connector.delete("key"),
+                () -> connector.delete("key"),
-            "delete() with 200 response succeeded"
+                "delete() with 200 response succeeded"
        );
        assertThrows(
-            InvalidResponseException.class,
+                InvalidResponseException.class,
-            () -> connector.revoke("leaseID"),
+                () -> connector.revoke("leaseID"),
-            "destroyAppRoleSecret() with 200 response succeeded"
+                "destroyAppRoleSecret() with 200 response succeeded"
        );
    }
@ -305,10 +310,10 @@ class HTTPVaultConnectorTest {
    }
    private void mockHttpResponse(int status, String body, String contentType) {
-        stubFor(
+        wireMock.stubFor(
-            WireMock.any(anyUrl()).willReturn(
+                WireMock.any(anyUrl()).willReturn(
-                aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
+                        aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
-            )
+                )
        );
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/AbstractModelTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AbstractModelTest.java
@ -3,7 +3,6 @@ package de.stklcode.jvault.connector.model;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import nl.jqno.equalsverifier.EqualsVerifier;
 import org.junit.jupiter.api.Test;
@ -30,11 +29,10 @@ public abstract class AbstractModelTest<T> {
     */
    protected AbstractModelTest(Class<T> modelClass) {
        this.modelClass = modelClass;
-        this.objectMapper = JsonMapper.builder()
+        this.objectMapper = new ObjectMapper()
-            .addModule(new JavaTimeModule())
+                .registerModule(new JavaTimeModule())
-            .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
+                .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-            .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
+                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
            .build();
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -173,7 +173,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
        assertNull(role.getTokenType());
        // Empty builder should be equal to no-arg construction.
-        assertEquals(new TokenRole(), role);
+        assertEquals(role, new TokenRole());
        // Optional fields should be ignored, so JSON string should be empty.
        assertEquals("{}", objectMapper.writeValueAsString(role));
--- a/src/test/java/de/stklcode/jvault/connector/model/TokenTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/TokenTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -105,7 +105,7 @@ class TokenTest extends AbstractModelTest<Token> {
        assertEquals("{}", objectMapper.writeValueAsString(token));
        // Empty builder should be equal to no-arg construction.
-        assertEquals(new Token(), token);
+        assertEquals(token, new Token());
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/ErrorResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/ErrorResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2021 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/HelpResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/HelpResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2021 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/PlainSecretResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/PlainSecretResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2021 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/response/TransitResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/TransitResponseTest.java
@ -1,137 +0,0 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 import static org.junit.jupiter.api.Assertions.*;
 /**
 * JUnit Test for {@link TransitResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 1.5.0
 */
 class TransitResponseTest extends AbstractModelTest<TransitResponse> {
    private static final String CIPHERTEXT = "vault:v1:XjsPWPjqPrBi1N2Ms2s1QM798YyFWnO4TR4lsFA=";
    private static final String PLAINTEXT = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
    private static final String SUM = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
    TransitResponseTest() {
        super(TransitResponse.class);
    }
    @Override
    protected TransitResponse createFull() {
        try {
            return objectMapper.readValue(
                json(
                    "\"ciphertext\": \"" + CIPHERTEXT + "\", " +
                        "\"plaintext\": \"" + PLAINTEXT + "\", " +
                        "\"sum\": \"" + SUM + "\""
                ),
                TransitResponse.class
            );
        } catch (JsonProcessingException e) {
            fail("Creation of full model failed", e);
            return null;
        }
    }
    @Test
    void encryptionTest() {
        TransitResponse res = assertDoesNotThrow(
            () -> objectMapper.readValue(
                json("\"ciphertext\": \"" + CIPHERTEXT + "\""),
                TransitResponse.class
            ),
            "TransitResponse deserialization failed"
        );
        assertNotNull(res, "Parsed response is NULL");
        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
        assertEquals("", res.getLeaseId(), "Unexpected lease id");
        assertFalse(res.isRenewable(), "Unexpected renewable flag");
        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
        assertEquals(CIPHERTEXT, res.getCiphertext(), "Incorrect ciphertext");
        assertNull(res.getPlaintext(), "Unexpected plaintext");
        assertNull(res.getSum(), "Unexpected sum");
        assertNull(res.getWrapInfo(), "Unexpected wrap info");
        assertNull(res.getWarnings(), "Unexpected warnings");
        assertNull(res.getAuth(), "Unexpected auth");
    }
    @Test
    void decryptionTest() {
        TransitResponse res = assertDoesNotThrow(
            () -> objectMapper.readValue(
                json("\"plaintext\": \"" + PLAINTEXT + "\""),
                TransitResponse.class
            ),
            "TransitResponse deserialization failed"
        );
        assertNotNull(res, "Parsed response is NULL");
        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
        assertEquals("", res.getLeaseId(), "Unexpected lease id");
        assertFalse(res.isRenewable(), "Unexpected renewable flag");
        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
        assertNull(res.getCiphertext(), "Unexpected ciphertext");
        assertEquals(PLAINTEXT, res.getPlaintext(), "Incorrect plaintext");
        assertNull(res.getSum(), "Unexpected sum");
        assertNull(res.getWrapInfo(), "Unexpected wrap info");
        assertNull(res.getWarnings(), "Unexpected warnings");
        assertNull(res.getAuth(), "Unexpected auth");
    }
    @Test
    void hashTest() {
        TransitResponse res = assertDoesNotThrow(
            () -> objectMapper.readValue(
                json("\"sum\": \"" + SUM + "\""),
                TransitResponse.class
            ),
            "TransitResponse deserialization failed"
        );
        assertNotNull(res, "Parsed response is NULL");
        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
        assertEquals("", res.getLeaseId(), "Unexpected lease id");
        assertFalse(res.isRenewable(), "Unexpected renewable flag");
        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
        assertNull(res.getCiphertext(), "Unexpected ciphertext");
        assertNull(res.getPlaintext(), "Unexpected plaintext");
        assertEquals(SUM, res.getSum(), "Incorrect sum");
        assertNull(res.getWrapInfo(), "Unexpected wrap info");
        assertNull(res.getWarnings(), "Unexpected warnings");
        assertNull(res.getAuth(), "Unexpected auth");
    }
    private static String json(String data) {
        return "{\n" +
            "  \"request_id\" : \"987c6daf-b0e2-4142-a970-1e61fdb249d7\",\n" +
            "  \"lease_id\" : \"\",\n" +
            "  \"renewable\" : false,\n" +
            "  \"lease_duration\" : 0,\n" +
            "  \"data\" : {\n" +
            "    " + data + "\n" +
            "  },\n" +
            "  \"wrap_info\" : null,\n" +
            "  \"warnings\" : null,\n" +
            "  \"auth\" : null\n" +
            "}";
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/test/Credentials.java
+++ b/src/test/java/de/stklcode/jvault/connector/test/Credentials.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java
+++ b/src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/resources/data_dir/core/_mounts
+++ b/src/test/resources/data_dir/core/_mounts
@ -1 +1 @@
-{"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}
+{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="}
--- a/src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/archive/_my-key
+++ b/src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/archive/_my-key
@ -1 +0,0 @@
 {"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}
--- a/src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/policy/_my-key
+++ b/src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/policy/_my-key
@ -1 +0,0 @@
 {"Value":"AAAAAQKfotDJ0SihB+f5i4PxZ6lq1kxtH4QMprGI7Hj8HimEwXsW0Gbj/1B7YM4DQt4t5JFD4gKwFVOwlJDyusaJj92ar0QLSreCWyJTKUadqZplMFyB/bAdK42QdH+ZS8Z9KHUNchbRpNhnvOFIahoDG8dZ+nbCIXblJONCaey4/ri3H+GQbk/jfre1VByh7zVIN0ISew5PzZRCTkbO1CvcQZhrRGoUGiPmLywKVbHEMsvimVuZY5py6OfL+70QmElBmN9O45bTgX9XPbfSmyQIcGrElO1foi0WwZLPsb/fZcAIgrhC768jOnzeimChoX4zc0DPxuyV1YPvsD1yAlsnsFuJW6CP7TGkszbJU+rwDpg0TgqKtvFr1Lgkxyfcxg0h++1BSiEgoJU7b2IgIWP7reJVjc1tbAsoR1tOBCSAAhvqWZVpn2oht5rfe9aN370bV3Jcu17hFWyhB+VhzbCCPRcofPXX3f2U2dcQ0X7bU4nMiq1v6NQP6u/D5GAPj4Jc0519tPW4KQrd9SNqR20ct6OvqxjMFWV4GZXVcsL4+3xup87Yib6EDb0+hhe6XEpC6isYgD3D5OTTOWphHlsglGkGFi9lUc+h8zNPM4FHwha6uVTLmaqaLGbLziwT9WXF1ATacwtNW0t3kZlFUBvMwSwWzoPqO1+jxs+id4ie/VI6ZTOeowi4ceK2eWJ1/t9MB/gjvadpgE+FYt5QG6dFav4ujQN5Ne/yY78PGF5tp0CT4koox0rMUuxyD1xOIXkm0NBpJm1y9/J06yqLpMKqS40/jGcSQaycRngXDb+6H9rj7mheiO4qxcFGqViqECCUjDG3PnLP/fy9py5kFq7mf0pq7L0Jq/lLWC+iKJF9UaZmCaz8DwlQ9zC03XOFqABPNe8gMFlb8zU09VKBbY+g5gukOonjcBeoFOTRqQxuaWwwwB2lj8XnZScOyIcVJGkH"}
`@ -1 +1 @@`
	{"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}	{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="}
		`@ -1 +0,0 @@`
			{"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}
		`@ -1 +0,0 @@`
			{"Value":"AAAAAQKfotDJ0SihB+f5i4PxZ6lq1kxtH4QMprGI7Hj8HimEwXsW0Gbj/1B7YM4DQt4t5JFD4gKwFVOwlJDyusaJj92ar0QLSreCWyJTKUadqZplMFyB/bAdK42QdH+ZS8Z9KHUNchbRpNhnvOFIahoDG8dZ+nbCIXblJONCaey4/ri3H+GQbk/jfre1VByh7zVIN0ISew5PzZRCTkbO1CvcQZhrRGoUGiPmLywKVbHEMsvimVuZY5py6OfL+70QmElBmN9O45bTgX9XPbfSmyQIcGrElO1foi0WwZLPsb/fZcAIgrhC768jOnzeimChoX4zc0DPxuyV1YPvsD1yAlsnsFuJW6CP7TGkszbJU+rwDpg0TgqKtvFr1Lgkxyfcxg0h++1BSiEgoJU7b2IgIWP7reJVjc1tbAsoR1tOBCSAAhvqWZVpn2oht5rfe9aN370bV3Jcu17hFWyhB+VhzbCCPRcofPXX3f2U2dcQ0X7bU4nMiq1v6NQP6u/D5GAPj4Jc0519tPW4KQrd9SNqR20ct6OvqxjMFWV4GZXVcsL4+3xup87Yib6EDb0+hhe6XEpC6isYgD3D5OTTOWphHlsglGkGFi9lUc+h8zNPM4FHwha6uVTLmaqaLGbLziwT9WXF1ATacwtNW0t3kZlFUBvMwSwWzoPqO1+jxs+id4ie/VI6ZTOeowi4ceK2eWJ1/t9MB/gjvadpgE+FYt5QG6dFav4ujQN5Ne/yY78PGF5tp0CT4koox0rMUuxyD1xOIXkm0NBpJm1y9/J06yqLpMKqS40/jGcSQaycRngXDb+6H9rj7mheiO4qxcFGqViqECCUjDG3PnLP/fy9py5kFq7mf0pq7L0Jq/lLWC+iKJF9UaZmCaz8DwlQ9zC03XOFqABPNe8gMFlb8zU09VKBbY+g5gukOonjcBeoFOTRqQxuaWwwwB2lj8XnZScOyIcVJGkH"}