Bump version to 0.6.1

Partially reverts e9663ef (commented out), because fixes should be released before 0.8 compatibility is finally required.

.travis.yml

@@ -8,6 +8,6 @@ dist: trusty
 env:
   - PATH=$PATH:.
 before_script:
-  - wget https://releases.hashicorp.com/vault/0.7.2/vault_0.7.2_linux_amd64.zip
-  - unzip vault_0.7.2_linux_amd64.zip
-  - rm vault_0.7.2_linux_amd64.zip
+  - wget https://releases.hashicorp.com/vault/0.7.3/vault_0.7.3_linux_amd64.zip
+  - unzip vault_0.7.3_linux_amd64.zip
+  - rm vault_0.7.3_linux_amd64.zip

CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.6.1 [2017-08-02]
+* [fix] `TokenModel.getPassword()` returned username instead of password
+* [fix]  `TokenModel.getUsername()` and `getPassword()` could produce NPE in multithreaded environments
+* [fix] `TokenData.getCreatinTtl()` renamed to `getCreationTtl()` (typo fix)
+* [test] Tested against Vault 0.7.3
+
 ## 0.6.0 [2017-05-12]
 * [feature] Initialization from environment variables using `fromEnv()` in factory (#8)
 * [feature] Automatic authentication with `buildAndAuth()`

README.md

@@ -30,7 +30,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
     * Raw secret content or JSON decoding
     * SQL secret handling
 * Connector Factory with builder pattern
-* Tested against Vault 0.7.2
+* Tested against Vault 0.7.3
 
 
 ## Maven Artifact

pom.xml

@@ -4,7 +4,7 @@
 
     <groupId>de.stklcode.jvault</groupId>
     <artifactId>connector</artifactId>
-    <version>0.6.0</version>
+    <version>0.6.1</version>
 
     <packaging>jar</packaging>
 
@@ -52,12 +52,12 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-core</artifactId>
-            <version>2.8.8</version>
+            <version>2.9.0</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.8.8.1</version>
+            <version>2.9.0</version>
         </dependency>
 
         <dependency>
@@ -75,7 +75,7 @@
         <dependency>
             <groupId>com.github.stefanbirkner</groupId>
             <artifactId>system-rules</artifactId>
-            <version>1.16.0</version>
+            <version>1.16.1</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java

@@ -29,7 +29,6 @@ import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.params.HttpConnectionParams;
 import org.apache.http.util.EntityUtils;
 
 import javax.net.ssl.*;
@@ -39,7 +38,6 @@ import java.nio.charset.StandardCharsets;
 import java.util.*;
 import java.util.stream.Collectors;
 
-
 /**
  * Vault Connector implementatin using Vault's HTTP API.
  *
@@ -79,7 +77,7 @@ public class HTTPVaultConnector implements VaultConnector {
      * @param hostname The hostname
      * @param useTLS   If TRUE, use HTTPS, otherwise HTTP
      */
-    public HTTPVaultConnector(String hostname, boolean useTLS) {
+    public HTTPVaultConnector(final String hostname, final boolean useTLS) {
         this(hostname, useTLS, null);
     }
 
@@ -90,7 +88,7 @@ public class HTTPVaultConnector implements VaultConnector {
      * @param useTLS   If TRUE, use HTTPS, otherwise HTTP
      * @param port     The port
      */
-    public HTTPVaultConnector(String hostname, boolean useTLS, Integer port) {
+    public HTTPVaultConnector(final String hostname, final boolean useTLS, final Integer port) {
         this(hostname, useTLS, port, PATH_PREFIX);
     }
 
@@ -102,11 +100,11 @@ public class HTTPVaultConnector implements VaultConnector {
      * @param port     The port
      * @param prefix   HTTP API prefix (default: /v1/)
      */
-    public HTTPVaultConnector(String hostname, boolean useTLS, Integer port, String prefix) {
-        this(((useTLS) ? "https" : "http") +
-                "://" + hostname +
-                ((port != null) ? ":" + port : "") +
-                prefix);
+    public HTTPVaultConnector(final String hostname, final boolean useTLS, final Integer port, final String prefix) {
+        this(((useTLS) ? "https" : "http")
+                + "://" + hostname
+                + ((port != null) ? ":" + port : "")
+                + prefix);
     }
 
     /**
@@ -118,7 +116,11 @@ public class HTTPVaultConnector implements VaultConnector {
      * @param prefix     HTTP API prefix (default: /v1/)
      * @param sslContext Custom SSL Context
      */
-    public HTTPVaultConnector(String hostname, boolean useTLS, Integer port, String prefix, SSLContext sslContext) {
+    public HTTPVaultConnector(final String hostname,
+                              final boolean useTLS,
+                              final Integer port,
+                              final String prefix,
+                              final SSLContext sslContext) {
         this(hostname, useTLS, port, prefix, sslContext, 0, null);
     }
 
@@ -130,12 +132,20 @@ public class HTTPVaultConnector implements VaultConnector {
      * @param port            The port
      * @param prefix          HTTP API prefix (default: /v1/)
      * @param sslContext      Custom SSL Context
+     * @param numberOfRetries Number of retries on 5xx errors
+     * @param timeout         Timeout for HTTP requests (milliseconds)
      */
-    public HTTPVaultConnector(String hostname, boolean useTLS, Integer port, String prefix, SSLContext sslContext, int numberOfRetries, Integer timeout) {
-        this(((useTLS) ? "https" : "http") +
-                        "://" + hostname +
-                        ((port != null) ? ":" + port : "") +
-                        prefix,
+    public HTTPVaultConnector(final String hostname,
+                              final boolean useTLS,
+                              final Integer port,
+                              final String prefix,
+                              final SSLContext sslContext,
+                              final int numberOfRetries,
+                              final Integer timeout) {
+        this(((useTLS) ? "https" : "http")
+                        + "://" + hostname
+                        + ((port != null) ? ":" + port : "")
+                        + prefix,
                 sslContext,
                 numberOfRetries,
                 timeout);
@@ -146,7 +156,7 @@ public class HTTPVaultConnector implements VaultConnector {
      *
      * @param baseURL The URL
      */
-    public HTTPVaultConnector(String baseURL) {
+    public HTTPVaultConnector(final String baseURL) {
         this(baseURL, null);
     }
 
@@ -156,7 +166,7 @@ public class HTTPVaultConnector implements VaultConnector {
      * @param baseURL    The URL
      * @param sslContext Custom SSL Context
      */
-    public HTTPVaultConnector(String baseURL, SSLContext sslContext) {
+    public HTTPVaultConnector(final String baseURL, final SSLContext sslContext) {
         this(baseURL, sslContext, 0, null);
     }
 
@@ -165,9 +175,9 @@ public class HTTPVaultConnector implements VaultConnector {
      *
      * @param baseURL         The URL
      * @param sslContext      Custom SSL Context
-     * @param numberOfRetries number of retries on 5xx errors
+     * @param numberOfRetries Number of retries on 5xx errors
      */
-    public HTTPVaultConnector(String baseURL, SSLContext sslContext, int numberOfRetries) {
+    public HTTPVaultConnector(final String baseURL, final SSLContext sslContext, final int numberOfRetries) {
         this(baseURL, sslContext, numberOfRetries, null);
     }
 
@@ -176,9 +186,13 @@ public class HTTPVaultConnector implements VaultConnector {
      *
      * @param baseURL         The URL
      * @param sslContext      Custom SSL Context
-     * @param numberOfRetries number of retries on 5xx errors
+     * @param numberOfRetries Number of retries on 5xx errors
+     * @param timeout         Timeout for HTTP requests (milliseconds)
      */
-    public HTTPVaultConnector(String baseURL, SSLContext sslContext, int numberOfRetries, Integer timeout) {
+    public HTTPVaultConnector(final String baseURL,
+                              final SSLContext sslContext,
+                              final int numberOfRetries,
+                              final Integer timeout) {
         this.baseURL = baseURL;
         this.sslContext = sslContext;
         this.retries = numberOfRetries;
@@ -187,14 +201,14 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public void resetAuth() {
+    public final void resetAuth() {
         token = null;
         tokenTTL = 0;
         authorized = false;
     }
 
     @Override
-    public SealResponse sealStatus() {
+    public final SealResponse sealStatus() {
         try {
             String response = requestGet(PATH_SEAL_STATUS, new HashMap<>());
             return jsonMapper.readValue(response, SealResponse.class);
@@ -208,7 +222,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public boolean seal() {
+    public final boolean seal() {
         try {
             requestPut(PATH_SEAL, new HashMap<>());
             return true;
@@ -219,7 +233,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public SealResponse unseal(final String key, final Boolean reset) {
+    public final SealResponse unseal(final String key, final Boolean reset) {
         Map<String, String> param = new HashMap<>();
         param.put("key", key);
         if (reset != null)
@@ -234,12 +248,12 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public boolean isAuthorized() {
+    public final boolean isAuthorized() {
         return authorized && (tokenTTL == 0 || tokenTTL >= System.currentTimeMillis());
     }
 
     @Override
-    public List<AuthBackend> getAuthBackends() throws VaultConnectorException {
+    public final List<AuthBackend> getAuthBackends() throws VaultConnectorException {
         try {
             String response = requestGet(PATH_AUTH, new HashMap<>());
             /* Parse response */
@@ -254,7 +268,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public TokenResponse authToken(final String token) throws VaultConnectorException {
+    public final TokenResponse authToken(final String token) throws VaultConnectorException {
         /* set token */
         this.token = token;
         this.tokenTTL = 0;
@@ -269,7 +283,8 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public AuthResponse authUserPass(final String username, final String password) throws VaultConnectorException {
+    public final AuthResponse authUserPass(final String username, final String password)
+            throws VaultConnectorException {
         final Map<String, String> payload = new HashMap<>();
         payload.put("password", password);
         return queryAuth(PATH_AUTH_USERPASS + username, payload);
@@ -277,7 +292,7 @@ public class HTTPVaultConnector implements VaultConnector {
 
     @Override
     @Deprecated
-    public AuthResponse authAppId(final String appID, final String userID) throws VaultConnectorException {
+    public final AuthResponse authAppId(final String appID, final String userID) throws VaultConnectorException {
         final Map<String, String> payload = new HashMap<>();
         payload.put("app_id", appID);
         payload.put("user_id", userID);
@@ -285,7 +300,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException {
+    public final AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException {
         final Map<String, String> payload = new HashMap<>();
         payload.put("role_id", roleID);
         if (secretID != null)
@@ -294,14 +309,15 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     /**
-     * Query authorization request to given backend
+     * Query authorization request to given backend.
      *
      * @param path    The path to request
      * @param payload Payload (credentials)
      * @return The AuthResponse
      * @throws VaultConnectorException on errors
      */
-    private AuthResponse queryAuth(final String path, final Map<String, String> payload) throws VaultConnectorException {
+    private AuthResponse queryAuth(final String path, final Map<String, String> payload)
+            throws VaultConnectorException {
         try {
             /* Get response */
             String response = requestPost(path, payload);
@@ -319,7 +335,8 @@ public class HTTPVaultConnector implements VaultConnector {
 
     @Override
     @Deprecated
-    public boolean registerAppId(final String appID, final String policy, final String displayName) throws VaultConnectorException {
+    public final boolean registerAppId(final String appID, final String policy, final String displayName)
+            throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         Map<String, String> payload = new HashMap<>();
@@ -335,7 +352,7 @@ public class HTTPVaultConnector implements VaultConnector {
 
     @Override
     @Deprecated
-    public boolean registerUserId(final String appID, final String userID) throws VaultConnectorException {
+    public final boolean registerUserId(final String appID, final String userID) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         Map<String, String> payload = new HashMap<>();
@@ -349,7 +366,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public boolean createAppRole(final AppRole role) throws VaultConnectorException {
+    public final boolean createAppRole(final AppRole role) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         /* Get response */
@@ -363,7 +380,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public AppRoleResponse lookupAppRole(final String roleName) throws VaultConnectorException {
+    public final AppRoleResponse lookupAppRole(final String roleName) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         /* Request HTTP response and parse Secret */
@@ -379,7 +396,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public boolean deleteAppRole(String roleName) throws VaultConnectorException {
+    public final boolean deleteAppRole(final String roleName) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
@@ -394,7 +411,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public String getAppRoleID(final String roleName) throws VaultConnectorException {
+    public final String getAppRoleID(final String roleName) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         /* Request HTTP response and parse Secret */
@@ -410,7 +427,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public boolean setAppRoleID(final String roleName, final String roleID) throws VaultConnectorException {
+    public final boolean setAppRoleID(final String roleName, final String roleID) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         /* Request HTTP response and parse Secret */
@@ -424,7 +441,8 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret) throws VaultConnectorException {
+    public final AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
+            throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         /* Get response */
@@ -443,12 +461,15 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID) throws VaultConnectorException {
+    public final AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
+            throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         /* Request HTTP response and parse Secret */
         try {
-            String response = requestPost(PATH_AUTH_APPROLE + "role/" + roleName + "/secret-id/lookup", new AppRoleSecret(secretID));
+            String response = requestPost(
+                    PATH_AUTH_APPROLE + "role/" + roleName + "/secret-id/lookup",
+                    new AppRoleSecret(secretID));
             return jsonMapper.readValue(response, AppRoleSecretResponse.class);
         } catch (IOException e) {
             throw new InvalidResponseException("Unable to parse response", e);
@@ -456,12 +477,15 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public boolean destroyAppRoleSecret(final String roleName, final String secretID) throws VaultConnectorException {
+    public final boolean destroyAppRoleSecret(final String roleName, final String secretID)
+            throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
         /* Request HTTP response and expect empty result */
-        String response = requestPost(PATH_AUTH_APPROLE + "role/" + roleName + "/secret-id/destroy", new AppRoleSecret(secretID));
+        String response = requestPost(
+                PATH_AUTH_APPROLE + "role/" + roleName + "/secret-id/destroy",
+                new AppRoleSecret(secretID));
 
         /* Response should be code 204 without content */
         if (!response.equals(""))
@@ -471,7 +495,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public List<String> listAppRoles() throws VaultConnectorException {
+    public final List<String> listAppRoles() throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
@@ -488,12 +512,14 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public List<String> listAppRoleSecretss(final String roleName) throws VaultConnectorException {
+    public final List<String> listAppRoleSecretss(final String roleName) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
         try {
-            String response = requestGet(PATH_AUTH_APPROLE + "role/" + roleName + "/secret-id?list=true", new HashMap<>());
+            String response = requestGet(
+                    PATH_AUTH_APPROLE + "role/" + roleName + "/secret-id?list=true",
+                    new HashMap<>());
             SecretListResponse secrets = jsonMapper.readValue(response, SecretListResponse.class);
             return secrets.getKeys();
         } catch (IOException e) {
@@ -505,7 +531,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public SecretResponse read(final String key) throws VaultConnectorException {
+    public final SecretResponse read(final String key) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         /* Request HTTP response and parse Secret */
@@ -521,7 +547,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public List<String> list(final String path) throws VaultConnectorException {
+    public final List<String> list(final String path) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
@@ -537,7 +563,8 @@ public class HTTPVaultConnector implements VaultConnector {
         }
     }
 
-    public void write(final String key, final Map<String, Object> data) throws VaultConnectorException {
+    @Override
+    public final void write(final String key, final Map<String, Object> data) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
@@ -549,7 +576,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public void delete(String key) throws VaultConnectorException {
+    public final void delete(final String key) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
@@ -562,7 +589,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public void revoke(String leaseID) throws VaultConnectorException {
+    public final void revoke(final String leaseID) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
@@ -575,7 +602,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public SecretResponse renew(String leaseID, Integer increment) throws VaultConnectorException {
+    public final SecretResponse renew(final String leaseID, final Integer increment) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
@@ -594,24 +621,24 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public AuthResponse createToken(final Token token) throws VaultConnectorException {
+    public final AuthResponse createToken(final Token token) throws VaultConnectorException {
         return createTokenInternal(token, PATH_TOKEN + PATH_CREATE);
     }
 
     @Override
-    public AuthResponse createToken(final Token token, boolean orphan) throws VaultConnectorException {
+    public final AuthResponse createToken(final Token token, final boolean orphan) throws VaultConnectorException {
         return createTokenInternal(token, PATH_TOKEN + PATH_CREATE_ORPHAN);
     }
 
     @Override
-    public AuthResponse createToken(final Token token, final String role) throws VaultConnectorException {
+    public final AuthResponse createToken(final Token token, final String role) throws VaultConnectorException {
         if (role == null || role.isEmpty())
             throw new InvalidRequestException("No role name specified.");
         return createTokenInternal(token, PATH_TOKEN + PATH_CREATE + "/" + role);
     }
 
     @Override
-    public void close() {
+    public final void close() {
         authorized = false;
         token = null;
         tokenTTL = 0;
@@ -642,7 +669,7 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public TokenResponse lookupToken(final String token) throws VaultConnectorException {
+    public final TokenResponse lookupToken(final String token) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         /* Request HTTP response and parse Secret */
@@ -738,8 +765,10 @@ public class HTTPVaultConnector implements VaultConnector {
      * @param payload Map of payload values (will be converted to JSON)
      * @return HTTP response
      * @throws VaultConnectorException on connection error
+     * @throws URISyntaxException      on invalid URI syntax
      */
-    private String requestGet(final String path, final Map<String, String> payload) throws VaultConnectorException, URISyntaxException {
+    private String requestGet(final String path, final Map<String, String> payload)
+            throws VaultConnectorException, URISyntaxException {
         /* Add parameters to URI */
         URIBuilder uriBuilder = new URIBuilder(baseURL + path);
         payload.forEach(uriBuilder::addParameter);
@@ -762,7 +791,7 @@ public class HTTPVaultConnector implements VaultConnector {
      * @return HTTP response
      * @throws VaultConnectorException on connection error
      */
-    private String request(HttpRequestBase base, int retries) throws VaultConnectorException {
+    private String request(final HttpRequestBase base, final int retries) throws VaultConnectorException {
         /* Set JSON Header */
         base.addHeader("accept", "application/json");
 
@@ -779,7 +808,8 @@ public class HTTPVaultConnector implements VaultConnector {
 
             switch (response.getStatusLine().getStatusCode()) {
                 case 200:
-                    try (BufferedReader br = new BufferedReader(new InputStreamReader(response.getEntity().getContent()))) {
+                    try (BufferedReader br = new BufferedReader(
+                            new InputStreamReader(response.getEntity().getContent()))) {
                         return br.lines().collect(Collectors.joining("\n"));
                     } catch (IOException ignored) {
                     }
@@ -788,7 +818,8 @@ public class HTTPVaultConnector implements VaultConnector {
                 case 403:
                     throw new PermissionDeniedException();
                 default:
-                    if (response.getStatusLine().getStatusCode() >= 500 && response.getStatusLine().getStatusCode() < 600 && retries > 0) {
+                    if (response.getStatusLine().getStatusCode() >= 500
+                            && response.getStatusLine().getStatusCode() < 600 && retries > 0) {
                         /* Retry on 5xx errors */
                         return request(base, retries - 1);
                     } else {
@@ -796,7 +827,8 @@ public class HTTPVaultConnector implements VaultConnector {
                         InvalidResponseException ex = new InvalidResponseException("Invalid response code")
                                 .withStatusCode(response.getStatusLine().getStatusCode());
                         if (response.getEntity() != null) {
-                            try (BufferedReader br = new BufferedReader(new InputStreamReader(response.getEntity().getContent()))) {
+                            try (BufferedReader br = new BufferedReader(
+                                    new InputStreamReader(response.getEntity().getContent()))) {
                                 String responseString = br.lines().collect(Collectors.joining("\n"));
                                 ErrorResponse er = jsonMapper.readValue(responseString, ErrorResponse.class);
                                 /* Check for "permission denied" response */

src/main/java/de/stklcode/jvault/connector/VaultConnector.java

@@ -144,7 +144,8 @@ public interface VaultConnector extends AutoCloseable {
      * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using {@link #createAppRole} instead.
      */
     @Deprecated
-    boolean registerAppId(final String appID, final String policy, final String displayName) throws VaultConnectorException;
+    boolean registerAppId(final String appID, final String policy, final String displayName)
+            throws VaultConnectorException;
 
     /**
      * Register a new AppRole role from given metamodel.
@@ -204,7 +205,8 @@ public interface VaultConnector extends AutoCloseable {
      * @throws VaultConnectorException on error
      * @since 0.4.0
      */
-    default boolean createAppRole(final String roleName, final List<String> policies, final String roleID) throws VaultConnectorException {
+    default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
+            throws VaultConnectorException {
         return createAppRole(new AppRoleBuilder(roleName).withPolicies(policies).withId(roleID).build());
     }
 
@@ -269,7 +271,8 @@ public interface VaultConnector extends AutoCloseable {
      * @throws VaultConnectorException on error
      * @since 0.4.0
      */
-    default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID) throws VaultConnectorException {
+    default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
+            throws VaultConnectorException {
         return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
     }
 
@@ -282,7 +285,8 @@ public interface VaultConnector extends AutoCloseable {
      * @throws VaultConnectorException on error
      * @since 0.4.0
      */
-    AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret) throws VaultConnectorException;
+    AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
+            throws VaultConnectorException;
 
     /**
      * Lookup an AppRole secret.
@@ -293,7 +297,8 @@ public interface VaultConnector extends AutoCloseable {
      * @throws VaultConnectorException on error
      * @since 0.4.0
      */
-    AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID) throws VaultConnectorException;
+    AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
+            throws VaultConnectorException;
 
     /**
      * Destroy an AppRole secret.
@@ -324,13 +329,14 @@ public interface VaultConnector extends AutoCloseable {
     List<String> listAppRoleSecretss(final String roleName) throws VaultConnectorException;
 
     /**
-     * Register User-ID with App-ID
+     * Register User-ID with App-ID.
      *
      * @param appID  The App-ID
      * @param userID The User-ID
      * @return TRUE on success
      * @throws VaultConnectorException on error
-     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using {@link #createAppRoleSecret} instead.
+     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole.
+     *             Consider using {@link #createAppRoleSecret} instead.
      */
     @Deprecated
     boolean registerUserId(final String appID, final String userID) throws VaultConnectorException;
@@ -347,12 +353,15 @@ public interface VaultConnector extends AutoCloseable {
      * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole.
      */
     @Deprecated
-    default boolean registerAppUserId(final String appID, final String policy, final String displayName, final String userID) throws VaultConnectorException {
+    default boolean registerAppUserId(final String appID,
+                                      final String policy,
+                                      final String displayName,
+                                      final String userID) throws VaultConnectorException {
         return registerAppId(appID, policy, userID) && registerUserId(appID, userID);
     }
 
     /**
-     * Get authorization status
+     * Get authorization status.
      *
      * @return TRUE, if successfully authorized
      */
@@ -543,7 +552,7 @@ public interface VaultConnector extends AutoCloseable {
     TokenResponse lookupToken(final String token) throws VaultConnectorException;
 
     /**
-     * Read credentials for MySQL backend at default mount point
+     * Read credentials for MySQL backend at default mount point.
      *
      * @param role  the role name
      * @return the credentials response
@@ -555,7 +564,7 @@ public interface VaultConnector extends AutoCloseable {
     }
 
     /**
-     * Read credentials for PostgreSQL backend at default mount point
+     * Read credentials for PostgreSQL backend at default mount point.
      *
      * @param role  the role name
      * @return the credentials response
@@ -567,7 +576,7 @@ public interface VaultConnector extends AutoCloseable {
     }
 
     /**
-     * Read credentials for MSSQL backend at default mount point
+     * Read credentials for MSSQL backend at default mount point.
      *
      * @param role  the role name
      * @return the credentials response
@@ -579,7 +588,7 @@ public interface VaultConnector extends AutoCloseable {
     }
 
     /**
-     * Read credentials for MSSQL backend at default mount point
+     * Read credentials for MSSQL backend at default mount point.
      *
      * @param role  the role name
      * @return the credentials response
@@ -599,7 +608,8 @@ public interface VaultConnector extends AutoCloseable {
      * @throws VaultConnectorException on error
      * @since 0.5.0
      */
-    default CredentialsResponse readDbCredentials(final String role, final String mount) throws VaultConnectorException {
+    default CredentialsResponse readDbCredentials(final String role, final String mount)
+            throws VaultConnectorException {
         return (CredentialsResponse) read(mount + "/creds/" + role);
     }
 }

src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java

@@ -23,18 +23,37 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public class ConnectionException extends VaultConnectorException {
+    /**
+     * Constructs a new empty exception.
+     */
     public ConnectionException() {
     }
 
-    public ConnectionException(String message) {
+    /**
+     * Constructs a new exception with the specified detail message.
+     *
+     * @param message the detail message
+     */
+    public ConnectionException(final String message) {
         super(message);
     }
 
-    public ConnectionException(Throwable cause) {
+    /**
+     * Constructs a new exception with the specified cause.
+     *
+     * @param cause the cause
+     */
+    public ConnectionException(final Throwable cause) {
         super(cause);
     }
 
-    public ConnectionException(String message, Throwable cause) {
+    /**
+     * Constructs a new exception with the specified detail message and cause.
+     *
+     * @param message the detail message
+     * @param cause   the cause
+     */
+    public ConnectionException(final String message, final Throwable cause) {
         super(message, cause);
     }
 }

src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java

@@ -23,18 +23,37 @@ package de.stklcode.jvault.connector.exception;
  * @since   0.1
  */
 public class InvalidRequestException extends VaultConnectorException {
+    /**
+     * Constructs a new empty exception.
+     */
     public InvalidRequestException() {
     }
 
-    public InvalidRequestException(String message) {
+    /**
+     * Constructs a new exception with the specified detail message.
+     *
+     * @param message the detail message
+     */
+    public InvalidRequestException(final String message) {
         super(message);
     }
 
-    public InvalidRequestException(Throwable cause) {
+    /**
+     * Constructs a new exception with the specified cause.
+     *
+     * @param cause the cause
+     */
+    public InvalidRequestException(final Throwable cause) {
         super(cause);
     }
 
-    public InvalidRequestException(String message, Throwable cause) {
+    /**
+     * Constructs a new exception with the specified detail message and cause.
+     *
+     * @param message the detail message
+     * @param cause   the cause
+     */
+    public InvalidRequestException(final String message, final Throwable cause) {
         super(message, cause);
     }
 }

src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java

@@ -23,39 +23,80 @@ package de.stklcode.jvault.connector.exception;
  * @author Stefan Kalscheuer
  * @since 0.1
  */
-public class InvalidResponseException extends VaultConnectorException {
+public final class InvalidResponseException extends VaultConnectorException {
     private Integer statusCode;
     private String response;
 
+    /**
+     * Constructs a new empty exception.
+     */
     public InvalidResponseException() {
     }
 
-    public InvalidResponseException(String message) {
+    /**
+     * Constructs a new exception with the specified detail message.
+     *
+     * @param message the detail message
+     */
+    public InvalidResponseException(final String message) {
         super(message);
     }
 
-    public InvalidResponseException(Throwable cause) {
+    /**
+     * Constructs a new exception with the specified cause.
+     *
+     * @param cause the cause
+     */
+    public InvalidResponseException(final Throwable cause) {
         super(cause);
     }
 
-    public InvalidResponseException(String message, Throwable cause) {
+    /**
+     * Constructs a new exception with the specified detail message and cause.
+     *
+     * @param message the detail message
+     * @param cause   the cause
+     */
+    public InvalidResponseException(final String message, final Throwable cause) {
         super(message, cause);
     }
 
-    public InvalidResponseException withStatusCode(Integer statusCode) {
+    /**
+     * Specify the HTTP status code. Can be retrieved by {@link #getStatusCode()} later.
+     *
+     * @param statusCode the status code
+     * @return self
+     */
+    public InvalidResponseException withStatusCode(final Integer statusCode) {
         this.statusCode = statusCode;
         return this;
     }
 
-    public InvalidResponseException withResponse(String response) {
+    /**
+     * Specify the response string. Can be retrieved by {@link #getResponse()} later.
+     *
+     * @param response response text
+     * @return self
+     */
+    public InvalidResponseException withResponse(final String response) {
         this.response = response;
         return this;
     }
 
+    /**
+     * Retrieve the HTTP status code.
+     *
+     * @return the status code or {@code null} if none specified.
+     */
     public Integer getStatusCode() {
         return statusCode;
     }
 
+    /**
+     * Retrieve the response text.
+     *
+     * @return the response text or {@code null} if none specified.
+     */
     public String getResponse() {
         return response;
     }

src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java

@@ -23,19 +23,38 @@ package de.stklcode.jvault.connector.exception;
  * @since   0.1
  */
 public class PermissionDeniedException extends VaultConnectorException {
+    /**
+     * Constructs a new empty exception.
+     */
     public PermissionDeniedException() {
         super("Permission denied");
     }
 
-    public PermissionDeniedException(String message) {
+    /**
+     * Constructs a new exception with the specified detail message.
+     *
+     * @param message the detail message
+     */
+    public PermissionDeniedException(final String message) {
         super(message);
     }
 
-    public PermissionDeniedException(Throwable cause) {
+    /**
+     * Constructs a new exception with the specified cause.
+     *
+     * @param cause the cause
+     */
+    public PermissionDeniedException(final Throwable cause) {
         super(cause);
     }
 
-    public PermissionDeniedException(String message, Throwable cause) {
+    /**
+     * Constructs a new exception with the specified detail message and cause.
+     *
+     * @param message the detail message
+     * @param cause   the cause
+     */
+    public PermissionDeniedException(final String message, final Throwable cause) {
         super(message, cause);
     }
 }

src/main/java/de/stklcode/jvault/connector/exception/TlsException.java

@@ -23,18 +23,37 @@ package de.stklcode.jvault.connector.exception;
  * @since   0.4.0
  */
 public class TlsException extends VaultConnectorException {
+    /**
+     * Constructs a new empty exception.
+     */
     public TlsException() {
     }
 
-    public TlsException(String message) {
+    /**
+     * Constructs a new exception with the specified detail message.
+     *
+     * @param message the detail message
+     */
+    public TlsException(final String message) {
         super(message);
     }
 
-    public TlsException(Throwable cause) {
+    /**
+     * Constructs a new exception with the specified cause.
+     *
+     * @param cause the cause
+     */
+    public TlsException(final Throwable cause) {
         super(cause);
     }
 
-    public TlsException(String message, Throwable cause) {
+    /**
+     * Constructs a new exception with the specified detail message and cause.
+     *
+     * @param message the detail message
+     * @param cause   the cause
+     */
+    public TlsException(final String message, final Throwable cause) {
         super(message, cause);
     }
 }

src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java

@@ -23,18 +23,37 @@ package de.stklcode.jvault.connector.exception;
  * @since   0.1
  */
 public abstract class VaultConnectorException extends Exception {
+    /**
+     * Constructs a new empty exception.
+     */
     public VaultConnectorException() {
     }
 
-    public VaultConnectorException(String message) {
+    /**
+     * Constructs a new exception with the specified detail message.
+     *
+     * @param message the detail message
+     */
+    public VaultConnectorException(final String message) {
         super(message);
     }
 
-    public VaultConnectorException(Throwable cause) {
+    /**
+     * Constructs a new exception with the specified cause.
+     *
+     * @param cause the cause
+     */
+    public VaultConnectorException(final Throwable cause) {
         super(cause);
     }
 
-    public VaultConnectorException(String message, Throwable cause) {
+    /**
+     * Constructs a new exception with the specified detail message and cause.
+     *
+     * @param message the detail message
+     * @param cause   the cause
+     */
+    public VaultConnectorException(final String message, final Throwable cause) {
         super(message, cause);
     }
 }

src/main/java/de/stklcode/jvault/connector/factory/HTTPVaultConnectorFactory.java

@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.factory;
 
 import de.stklcode.jvault.connector.HTTPVaultConnector;
-import de.stklcode.jvault.connector.VaultConnector;
 import de.stklcode.jvault.connector.exception.ConnectionException;
 import de.stklcode.jvault.connector.exception.TlsException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
@@ -43,7 +42,7 @@ import java.security.cert.X509Certificate;
  * @author Stefan Kalscheuer
  * @since 0.1
  */
-public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
+public final class HTTPVaultConnectorFactory extends VaultConnectorFactory {
     private static final String ENV_VAULT_ADDR = "VAULT_ADDR";
     private static final String ENV_VAULT_CACERT = "VAULT_CACERT";
     private static final String ENV_VAULT_TOKEN = "VAULT_TOKEN";
@@ -77,40 +76,40 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
     }
 
     /**
-     * Set hostname (default: 127.0.0.1)
+     * Set hostname (default: 127.0.0.1).
      *
      * @param host Hostname or IP address
      * @return self
      */
-    public HTTPVaultConnectorFactory withHost(String host) {
+    public HTTPVaultConnectorFactory withHost(final String host) {
         this.host = host;
         return this;
     }
 
     /**
-     * Set port (default: 8200)
+     * Set port (default: 8200).
      *
      * @param port Vault TCP port
      * @return self
      */
-    public HTTPVaultConnectorFactory withPort(Integer port) {
+    public HTTPVaultConnectorFactory withPort(final Integer port) {
         this.port = port;
         return this;
     }
 
     /**
-     * Set TLS usage (default: TRUE)
+     * Set TLS usage (default: TRUE).
      *
      * @param useTLS use TLS or not
      * @return self
      */
-    public HTTPVaultConnectorFactory withTLS(boolean useTLS) {
+    public HTTPVaultConnectorFactory withTLS(final boolean useTLS) {
         this.tls = useTLS;
         return this;
     }
 
     /**
-     * Convenience Method for TLS usage (enabled by default)
+     * Convenience Method for TLS usage (enabled by default).
      *
      * @return self
      */
@@ -119,7 +118,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
     }
 
     /**
-     * Convenience Method for NOT using TLS
+     * Convenience Method for NOT using TLS.
      *
      * @return self
      */
@@ -133,7 +132,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
      * @param prefix Vault API prefix (default: "/v1/"
      * @return self
      */
-    public HTTPVaultConnectorFactory withPrefix(String prefix) {
+    public HTTPVaultConnectorFactory withPrefix(final String prefix) {
         this.prefix = prefix;
         return this;
     }
@@ -146,7 +145,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
      * @throws VaultConnectorException on error
      * @since 0.4.0
      */
-    public HTTPVaultConnectorFactory withTrustedCA(Path cert) throws VaultConnectorException {
+    public HTTPVaultConnectorFactory withTrustedCA(final Path cert) throws VaultConnectorException {
         if (cert != null)
             return withSslContext(createSslContext(cert));
         return this;
@@ -160,7 +159,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
      * @return self
      * @since 0.4.0
      */
-    public HTTPVaultConnectorFactory withSslContext(SSLContext sslContext) {
+    public HTTPVaultConnectorFactory withSslContext(final SSLContext sslContext) {
         this.sslContext = sslContext;
         return this;
     }
@@ -172,7 +171,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
      * @return self
      * @since 0.6.0
      */
-    public HTTPVaultConnectorFactory withToken(String token) throws VaultConnectorException {
+    public HTTPVaultConnectorFactory withToken(final String token) {
         this.token = token;
         return this;
     }
@@ -181,6 +180,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
      * Build connector based on the {@code }VAULT_ADDR} and {@code VAULT_CACERT} (optional) environment variables.
      *
      * @return self
+     * @throws VaultConnectorException if Vault address from environment variables is malformed
      * @since 0.6.0
      */
     public HTTPVaultConnectorFactory fromEnv() throws VaultConnectorException {
@@ -221,7 +221,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
      * @return self
      * @since 0.6.0
      */
-    public HTTPVaultConnectorFactory withNumberOfRetries(int numberOfRetries) {
+    public HTTPVaultConnectorFactory withNumberOfRetries(final int numberOfRetries) {
         this.numberOfRetries = numberOfRetries;
         return this;
     }
@@ -233,7 +233,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
      * @return self
      * @since 0.6.0
      */
-    public HTTPVaultConnectorFactory withTimeout(int milliseconds) {
+    public HTTPVaultConnectorFactory withTimeout(final int milliseconds) {
         this.timeout = milliseconds;
         return this;
     }
@@ -260,7 +260,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
      * @throws TlsException on errors
      * @since 0.4.0
      */
-    private SSLContext createSslContext(Path trustedCert) throws TlsException {
+    private SSLContext createSslContext(final Path trustedCert) throws TlsException {
         try {
             SSLContext context = SSLContext.getInstance("TLS");
             context.init(null, createTrustManager(trustedCert), new SecureRandom());
@@ -278,7 +278,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
      * @throws TlsException on error
      * @since 0.4.0
      */
-    private TrustManager[] createTrustManager(Path trustedCert) throws TlsException {
+    private TrustManager[] createTrustManager(final Path trustedCert) throws TlsException {
         try {
             /* Create Keystore with trusted certificate */
             KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -301,7 +301,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
      * @throws TlsException on error
      * @since 0.4.0
      */
-    private X509Certificate certificateFromFile(Path certFile) throws TlsException {
+    private X509Certificate certificateFromFile(final Path certFile) throws TlsException {
         try (InputStream is = Files.newInputStream(certFile)) {
             return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
         } catch (IOException | CertificateException e) {

src/main/java/de/stklcode/jvault/connector/factory/VaultConnectorFactory.java

@@ -28,7 +28,7 @@ import de.stklcode.jvault.connector.exception.VaultConnectorException;
  */
 public abstract class VaultConnectorFactory {
     /**
-     * Get Factory implementation for HTTP Vault Connector
+     * Get Factory implementation for HTTP Vault Connector.
      *
      * @return HTTP Connector Factory
      */
@@ -47,6 +47,7 @@ public abstract class VaultConnectorFactory {
      * Build connector and authenticate with token set in factory or from environment.
      *
      * @return Authenticated Vault connector instance.
+     * @throws VaultConnectorException if authentication failed
      * @since 0.6.0
      */
     public abstract VaultConnector buildAndAuth() throws VaultConnectorException;

src/main/java/de/stklcode/jvault/connector/model/AppRole.java

@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model;
 
 import com.fasterxml.jackson.annotation.*;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
 import java.util.List;
 
@@ -28,7 +27,7 @@ import java.util.List;
  * @since 0.4.0
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class AppRole {
+public final class AppRole {
     @JsonProperty("role_name")
     private String name;
 
@@ -64,11 +63,30 @@ public class AppRole {
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private Integer period;
 
+    /**
+     * Construct empty {@link AppRole} object.
+     */
     public AppRole() {
 
     }
 
-    public AppRole(String name, String id, Boolean bindSecretId, List<String> boundCidrList, List<String> policies, Integer secretIdNumUses, Integer secretIdTtl, Integer tokenTtl, Integer tokenMaxTtl, Integer period) {
+    /**
+     * Construct complete {@link AppRole} object.
+     *
+     * @param name            Role name (required)
+     * @param id              Role ID (optional)
+     * @param bindSecretId    Bind secret ID (optional)
+     * @param boundCidrList   Whitelist of subnets in CIDR notation (optional)
+     * @param policies        List of policies (optional)
+     * @param secretIdNumUses Maximum number of uses per secret (optional)
+     * @param secretIdTtl     Maximum TTL in seconds for secrets (optional)
+     * @param tokenTtl        Token TTL in seconds (optional)
+     * @param tokenMaxTtl     Maximum token TTL in seconds, including renewals (optional)
+     * @param period          Duration in seconds, if set the token is a periodic token (optional)
+     */
+    public AppRole(final String name, final String id, final Boolean bindSecretId, final List<String> boundCidrList,
+                   final List<String> policies, final Integer secretIdNumUses, final Integer secretIdTtl,
+                   final Integer tokenTtl, final Integer tokenMaxTtl, final Integer period) {
         this.name = name;
         this.id = id;
         this.bindSecretId = bindSecretId;
@@ -81,27 +99,45 @@ public class AppRole {
         this.period = period;
     }
 
+    /**
+     * @return the role name
+     */
     public String getName() {
         return name;
     }
 
+    /**
+     * @return the role ID
+     */
     public String getId() {
         return id;
     }
 
+    /**
+     * @return bind secret ID
+     */
     public Boolean getBindSecretId() {
         return bindSecretId;
     }
 
+    /**
+     * @return list of bound CIDR subnets
+     */
     public List<String> getBoundCidrList() {
         return boundCidrList;
     }
 
+    /**
+     * @param boundCidrList list of subnets in CIDR notation to bind role to
+     */
     @JsonSetter("bound_cidr_list")
-    public void setBoundCidrList(List<String> boundCidrList) {
+    public void setBoundCidrList(final List<String> boundCidrList) {
         this.boundCidrList = boundCidrList;
     }
 
+    /**
+     * @return list of subnets in CIDR notation as comma-separated {@link String}
+     */
     @JsonGetter("bound_cidr_list")
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     public String getBoundCidrListString() {
@@ -110,15 +146,24 @@ public class AppRole {
         return String.join(",", boundCidrList);
     }
 
+    /**
+     * @return list of policies
+     */
     public List<String> getPolicies() {
         return policies;
     }
 
+    /**
+     * @param policies list of policies
+     */
     @JsonSetter("policies")
-    public void setPolicies(List<String> policies) {
+    public void setPolicies(final List<String> policies) {
         this.policies = policies;
     }
 
+    /**
+     * @return list of policies as comma-separated {@link String}
+     */
     @JsonGetter("policies")
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     public String getPoliciesString() {
@@ -127,22 +172,37 @@ public class AppRole {
         return String.join(",", policies);
     }
 
+    /**
+     * @return maximum number of uses per secret
+     */
     public Integer getSecretIdNumUses() {
         return secretIdNumUses;
     }
 
+    /**
+     * @return maximum TTL in seconds for secrets
+     */
     public Integer getSecretIdTtl() {
         return secretIdTtl;
     }
 
+    /**
+     * @return token TTL in seconds
+     */
     public Integer getTokenTtl() {
         return tokenTtl;
     }
 
+    /**
+     * @return maximum token TTL in seconds, including renewals
+     */
     public Integer getTokenMaxTtl() {
         return tokenMaxTtl;
     }
 
+    /**
+     * @return duration in seconds, if specified
+     */
     public Integer getPeriod() {
         return period;
     }

src/main/java/de/stklcode/jvault/connector/model/AppRoleBuilder.java

@@ -25,7 +25,7 @@ import java.util.List;
  * @author Stefan Kalscheuer
  * @since 0.4.0
  */
-public class AppRoleBuilder {
+public final class AppRoleBuilder {
     private String name;
     private String id;
     private Boolean bindSecretId;
@@ -37,12 +37,17 @@ public class AppRoleBuilder {
     private Integer tokenMaxTtl;
     private Integer period;
 
-    public AppRoleBuilder(String name) {
+    /**
+     * Construct {@link AppRoleBuilder} with only the role name set.
+     *
+     * @param name Role name
+     */
+    public AppRoleBuilder(final String name) {
         this.name = name;
     }
 
     /**
-     * Add custom role ID (optional)
+     * Add custom role ID. (optional)
      *
      * @param id the ID
      * @return self
@@ -53,7 +58,7 @@ public class AppRoleBuilder {
     }
 
     /**
-     * Set if role is bound to secret ID
+     * Set if role is bound to secret ID.
      *
      * @param bindSecretId the display name
      * @return self
@@ -108,7 +113,7 @@ public class AppRoleBuilder {
     }
 
     /**
-     * Add given policies
+     * Add given policies.
      *
      * @param policies the policies
      * @return self

src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java

@@ -18,7 +18,6 @@ package de.stklcode.jvault.connector.model;
 
 import com.fasterxml.jackson.annotation.*;
 
-import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 
@@ -29,7 +28,7 @@ import java.util.Map;
  * @since 0.4.0
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class AppRoleSecret {
+public final class AppRoleSecret {
     @JsonProperty("secret_id")
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private String id;
@@ -58,41 +57,73 @@ public class AppRoleSecret {
     @JsonProperty(value = "secret_id_ttl", access = JsonProperty.Access.WRITE_ONLY)
     private Integer ttl;
 
+    /**
+     * Construct empty {@link AppRoleSecret} object.
+     */
     public AppRoleSecret() {
-
     }
 
-    public AppRoleSecret(String id) {
+    /**
+     * Construct {@link AppRoleSecret} with secret ID.
+     *
+     * @param id Secret ID
+     */
+    public AppRoleSecret(final String id) {
         this.id = id;
     }
 
-    public AppRoleSecret(String id, Map<String, Object> metadata, List<String> cidrList) {
+    /**
+     * Construct {@link AppRoleSecret} with ID and metadata.
+     *
+     * @param id       Secret ID
+     * @param metadata Secret metadata
+     * @param cidrList List of subnets in CIDR notation, the role is bound to
+     */
+    public AppRoleSecret(final String id, final Map<String, Object> metadata, final List<String> cidrList) {
         this.id = id;
         this.metadata = metadata;
         this.cidrList = cidrList;
     }
 
+    /**
+     * @return Secret ID
+     */
     public String getId() {
         return id;
     }
 
+    /**
+     * @return Secret accessor
+     */
     public String getAccessor() {
         return accessor;
     }
 
+    /**
+     * @return Secret metadata
+     */
     public Map<String, Object> getMetadata() {
         return metadata;
     }
 
+    /**
+     * @return List of bound subnets in CIDR notation
+     */
     public List<String> getCidrList() {
         return cidrList;
     }
 
+    /**
+     * @param cidrList List of subnets in CIDR notation
+     */
     @JsonSetter("cidr_list")
-    public void setCidrList(List<String> cidrList) {
+    public void setCidrList(final List<String> cidrList) {
         this.cidrList = cidrList;
     }
 
+    /**
+     * @return List of bound subnets in CIDR notation as comma-separated {@link String}
+     */
     @JsonGetter("cidr_list")
     public String getCidrListString() {
         if (cidrList == null || cidrList.isEmpty())
@@ -100,22 +131,37 @@ public class AppRoleSecret {
         return String.join(",", cidrList);
     }
 
+    /**
+     * @return Creation time
+     */
     public String getCreationTime() {
         return creationTime;
     }
 
+    /**
+     * @return Expiration time
+     */
     public String getExpirationTime() {
         return expirationTime;
     }
 
+    /**
+     * @return Time of last update
+     */
     public String getLastUpdatedTime() {
         return lastUpdatedTime;
     }
 
+    /**
+     * @return Number of uses
+     */
     public Integer getNumUses() {
         return numUses;
     }
 
+    /**
+     * @return Time-to-live
+     */
     public Integer getTtl() {
         return ttl;
     }

src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java

@@ -31,11 +31,22 @@ public enum AuthBackend {
 
     private final String type;
 
-    AuthBackend(String type) {
+    /**
+     * Construct {@link AuthBackend} of given type.
+     *
+     * @param type Backend type
+     */
+    AuthBackend(final String type) {
         this.type = type;
     }
 
-    public static AuthBackend forType(String type) {
+    /**
+     * Retrieve {@link AuthBackend} value for given type string.
+     *
+     * @param type Type string
+     * @return Auth backend value
+     */
+    public static AuthBackend forType(final String type) {
         for (AuthBackend v : values())
             if (v.type.equalsIgnoreCase(type))
                 return v;

src/main/java/de/stklcode/jvault/connector/model/Token.java

@@ -30,7 +30,7 @@ import java.util.Map;
  * @since 0.4.0
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class Token {
+public final class Token {
     @JsonProperty("id")
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private String id;
@@ -67,7 +67,28 @@ public class Token {
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private Boolean renewable;
 
-    public Token(String id, String displayName, Boolean noParent, Boolean noDefaultPolicy, Integer ttl, Integer numUses, List<String> policies, Map<String, String> meta, Boolean renewable) {
+    /**
+     * Construct complete {@link Token} object.
+     *
+     * @param id              Token ID (optional)
+     * @param displayName     Token display name (optional)
+     * @param noParent        Token has no parent (optional)
+     * @param noDefaultPolicy Do not add default policy (optional)
+     * @param ttl             Token TTL in seconds (optional)
+     * @param numUses         Number of uses (optional)
+     * @param policies        List of policies (optional)
+     * @param meta            Metadata (optional)
+     * @param renewable       Is the token renewable (optional)
+     */
+    public Token(final String id,
+                 final String displayName,
+                 final Boolean noParent,
+                 final Boolean noDefaultPolicy,
+                 final Integer ttl,
+                 final Integer numUses,
+                 final List<String> policies,
+                 final Map<String, String> meta,
+                 final Boolean renewable) {
         this.id = id;
         this.displayName = displayName;
         this.ttl = ttl;
@@ -79,38 +100,65 @@ public class Token {
         this.renewable = renewable;
     }
 
+    /**
+     * @return Token ID
+     */
     public String getId() {
         return id;
     }
 
+    /**
+     * @return Token display name
+     */
     public String getDisplayName() {
         return displayName;
     }
 
+    /**
+     * @return Token has no parent
+     */
     public Boolean getNoParent() {
         return noParent;
     }
 
+    /**
+     * @return Token has no default policy
+     */
     public Boolean getNoDefaultPolicy() {
         return noDefaultPolicy;
     }
 
+    /**
+     * @return Time-to-live in seconds
+     */
     public Integer getTtl() {
         return ttl;
     }
 
+    /**
+     * @return Number of uses
+     */
     public Integer getNumUses() {
         return numUses;
     }
 
+    /**
+     * @return List of policies
+     */
     public List<String> getPolicies() {
         return policies;
     }
 
+    /**
+     * @return Metadata
+     */
     public Map<String, String> getMeta() {
         return meta;
     }
 
+    /**
+     * @return Token is renewable
+     */
     public Boolean isRenewable() {
         return renewable;
     }

src/main/java/de/stklcode/jvault/connector/model/TokenBuilder.java

@@ -16,8 +16,6 @@
 
 package de.stklcode.jvault.connector.model;
 
-import com.fasterxml.jackson.annotation.JsonProperty;
-
 import java.util.*;
 
 /**
@@ -26,7 +24,7 @@ import java.util.*;
  * @author Stefan Kalscheuer
  * @since 0.4.0
  */
-public class TokenBuilder {
+public final class TokenBuilder {
     private String id;
     private String displayName;
     private Boolean noParent;
@@ -38,7 +36,7 @@ public class TokenBuilder {
     private Boolean renewable;
 
     /**
-     * Add token ID (optional)
+     * Add token ID. (optional)
      *
      * @param id the ID
      * @return self
@@ -49,7 +47,7 @@ public class TokenBuilder {
     }
 
     /**
-     * Add display name
+     * Add display name.
      *
      * @param displayName the display name
      * @return self
@@ -61,6 +59,7 @@ public class TokenBuilder {
 
     /**
      * Set desired time to live.
+     *
      * @param ttl the ttl
      * @return self
      */
@@ -71,6 +70,7 @@ public class TokenBuilder {
 
     /**
      * Set desired number of uses.
+     *
      * @param numUses the number of uses
      * @return self
      */
@@ -80,7 +80,7 @@ public class TokenBuilder {
     }
 
     /**
-     * Set TRUE if the token should be created without parent
+     * Set TRUE if the token should be created without parent.
      *
      * @param noParent if TRUE, token is created as orphan
      * @return self
@@ -142,7 +142,7 @@ public class TokenBuilder {
     }
 
     /**
-     * Add given policies
+     * Add given policies.
      *
      * @param policies the policies
      * @return self
@@ -153,7 +153,7 @@ public class TokenBuilder {
     }
 
     /**
-     * Add given policies
+     * Add given policies.
      *
      * @param policies the policies
      * @return self

src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java

@@ -24,7 +24,6 @@ import de.stklcode.jvault.connector.model.AppRole;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.stream.Collectors;
 
 /**
  * Vault response for AppRole lookup.
@@ -33,16 +32,18 @@ import java.util.stream.Collectors;
  * @since 0.4.0
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class AppRoleResponse extends VaultDataResponse {
+public final class AppRoleResponse extends VaultDataResponse {
     private AppRole role;
 
     @Override
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public void setData(final Map<String, Object> data) throws InvalidResponseException {
         ObjectMapper mapper = new ObjectMapper();
         try {
             /* null empty strings on list objects */
             Map<String, Object> filteredData = new HashMap<>();
-            data.forEach((k,v) -> { if (!(v instanceof String && ((String) v).isEmpty())) filteredData.put(k,v); });
+            data.forEach((k, v) -> {
+                if (!(v instanceof String && ((String) v).isEmpty())) filteredData.put(k, v);
+            });
             this.role = mapper.readValue(mapper.writeValueAsString(filteredData), AppRole.class);
         } catch (IOException e) {
             e.printStackTrace();
@@ -50,6 +51,9 @@ public class AppRoleResponse extends VaultDataResponse {
         }
     }
 
+    /**
+     * @return The role
+     */
     public AppRole getRole() {
         return role;
     }

src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java

@@ -19,7 +19,6 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
-import de.stklcode.jvault.connector.model.AppRole;
 import de.stklcode.jvault.connector.model.AppRoleSecret;
 
 import java.io.IOException;
@@ -33,16 +32,18 @@ import java.util.Map;
  * @since 0.4.0
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class AppRoleSecretResponse extends VaultDataResponse {
+public final class AppRoleSecretResponse extends VaultDataResponse {
     private AppRoleSecret secret;
 
     @Override
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public void setData(final Map<String, Object> data) throws InvalidResponseException {
         ObjectMapper mapper = new ObjectMapper();
         try {
             /* null empty strings on list objects */
             Map<String, Object> filteredData = new HashMap<>();
-            data.forEach((k,v) -> { if (!(v instanceof String && ((String) v).isEmpty())) filteredData.put(k,v); });
+            data.forEach((k, v) -> {
+                if (!(v instanceof String && ((String) v).isEmpty())) filteredData.put(k, v);
+            });
             this.secret = mapper.readValue(mapper.writeValueAsString(filteredData), AppRoleSecret.class);
         } catch (IOException e) {
             e.printStackTrace();
@@ -50,6 +51,9 @@ public class AppRoleSecretResponse extends VaultDataResponse {
         }
     }
 
+    /**
+     * @return The secret
+     */
     public AppRoleSecret getSecret() {
         return secret;
     }

src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java

@@ -32,25 +32,33 @@ import java.util.Map;
  * @since   0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class AuthMethodsResponse extends VaultDataResponse {
+public final class AuthMethodsResponse extends VaultDataResponse {
     private Map<String, AuthMethod> supportedMethods;
 
+    /**
+     * Construct empty {@link AuthMethodsResponse} object.
+     */
     public AuthMethodsResponse() {
         this.supportedMethods = new HashMap<>();
     }
 
     @Override
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public void setData(final Map<String, Object> data) throws InvalidResponseException {
         ObjectMapper mapper = new ObjectMapper();
         for (String path : data.keySet()) {
             try {
-                this.supportedMethods.put(path, mapper.readValue(mapper.writeValueAsString(data.get(path)), AuthMethod.class));
+                this.supportedMethods.put(
+                        path, mapper.readValue(mapper.writeValueAsString(data.get(path)),
+                        AuthMethod.class));
             } catch (IOException e) {
                 throw new InvalidResponseException();
             }
         }
     }
 
+    /**
+     * @return Supported authentication methods
+     */
     public Map<String, AuthMethod> getSupportedMethods() {
         return supportedMethods;
     }

src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java

@@ -32,13 +32,19 @@ import java.util.Map;
  * @since 0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class AuthResponse extends VaultDataResponse {
+public final class AuthResponse extends VaultDataResponse {
     private Map<String, Object> data;
 
     private AuthData auth;
 
+    /**
+     * Set authentication data. The input will be mapped to the {@link AuthData} model.
+     *
+     * @param auth Raw authentication data
+     * @throws InvalidResponseException on mapping errors
+     */
     @JsonProperty("auth")
-    public void setAuth(Map<String, Object> auth) throws InvalidResponseException {
+    public void setAuth(final Map<String, Object> auth) throws InvalidResponseException {
         ObjectMapper mapper = new ObjectMapper();
         try {
             this.auth = mapper.readValue(mapper.writeValueAsString(auth), AuthData.class);
@@ -49,14 +55,20 @@ public class AuthResponse extends VaultDataResponse {
     }
 
     @Override
-    public void setData(Map<String, Object> data) {
+    public void setData(final Map<String, Object> data) {
         this.data = data;
     }
 
+    /**
+     * @return Raw data
+     */
     public Map<String, Object> getData() {
         return data;
     }
 
+    /**
+     * @return Authentication data
+     */
     public AuthData getAuth() {
         return auth;
     }

src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java

@@ -17,13 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import de.stklcode.jvault.connector.exception.InvalidResponseException;
-import de.stklcode.jvault.connector.model.response.embedded.TokenData;
-
-import java.io.IOException;
-import java.util.Map;
 
 /**
  * Vault response from credentials lookup. Simple wrapper for data objects containing username and password fields.
@@ -32,17 +25,25 @@ import java.util.Map;
  * @since   0.5.0
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class CredentialsResponse extends SecretResponse {
+public final class CredentialsResponse extends SecretResponse {
 
+    /**
+     * @return Username
+     */
     public String getUsername() {
-        if (get("username") != null)
-            return get("username").toString();
+        Object username = get("username");
+        if (username != null)
+            return username.toString();
         return null;
     }
 
+    /**
+     * @return Password
+     */
     public String getPassword() {
-        if (get("username") != null)
-            return get("username").toString();
+        Object password = get("password");
+        if (password != null)
+            return password.toString();
         return null;
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java

@@ -28,11 +28,14 @@ import java.util.List;
  * @since   0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class ErrorResponse implements VaultResponse {
+public final class ErrorResponse implements VaultResponse {
     @JsonProperty("errors")
     private List<String> errors;
 
-    public List<String > getErrors() {
+    /**
+     * @return List of errors
+     */
+    public List<String> getErrors() {
         return errors;
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java

@@ -26,10 +26,13 @@ import com.fasterxml.jackson.annotation.JsonProperty;
  * @since   0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class HelpResponse implements VaultResponse {
+public final class HelpResponse implements VaultResponse {
     @JsonProperty("help")
     private String help;
 
+    /**
+     * @return Help text
+     */
     public String getHelp() {
         return help;
     }

src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java

@@ -27,14 +27,17 @@ import java.util.Map;
  * @since   0.4.0
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class RawDataResponse extends VaultDataResponse {
+public final class RawDataResponse extends VaultDataResponse {
     private Map<String, Object> data;
 
     @Override
-    public void setData(Map<String, Object> data) {
+    public void setData(final Map<String, Object> data) {
         this.data = data;
     }
 
+    /**
+     * @return Raw data {@link Map}
+     */
     public Map<String, Object> getData() {
         return data;
     }

src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java

@@ -26,7 +26,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
  * @since   0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class SealResponse implements VaultResponse {
+public final class SealResponse implements VaultResponse {
     @JsonProperty("sealed")
     private boolean sealed;
 
@@ -39,18 +39,30 @@ public class SealResponse implements VaultResponse {
     @JsonProperty("progress")
     private Integer progress;
 
+    /**
+     * @return Seal status
+     */
     public boolean isSealed() {
         return sealed;
     }
 
+    /**
+     * @return Required threshold of secret shares
+     */
     public Integer getThreshold() {
         return threshold;
     }
 
+    /**
+     * @return Number of secret shares
+     */
     public Integer getNumberOfShares() {
         return numberOfShares;
     }
 
+    /**
+     * @return Current unseal progress (remaining required shares)
+     */
     public Integer getProgress() {
         return progress;
     }

src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java

@@ -30,19 +30,27 @@ import java.util.Map;
  * @since 0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class SecretListResponse extends VaultDataResponse {
+public final class SecretListResponse extends VaultDataResponse {
     private List<String> keys;
 
+    /**
+     * Set data. Extracts list of keys from raw response data.
+     *
+     * @param data Raw data
+     * @throws InvalidResponseException on parsing errors
+     */
     @JsonProperty("data")
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public void setData(final Map<String, Object> data) throws InvalidResponseException {
         try {
-            this.keys = (List<String>)data.get("keys");
-        }
-        catch (ClassCastException e) {
+            this.keys = (List<String>) data.get("keys");
+        } catch (ClassCastException e) {
             throw new InvalidResponseException("Keys could not be parsed from data.", e);
         }
     }
 
+    /**
+     * @return List of secret keys
+     */
     public List<String> getKeys() {
         return keys;
     }

src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java

@@ -35,7 +35,7 @@ public class SecretResponse extends VaultDataResponse {
     private Map<String, Object> data;
 
     @Override
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public final void setData(final Map<String, Object> data) throws InvalidResponseException {
         this.data = data;
     }
 
@@ -45,7 +45,7 @@ public class SecretResponse extends VaultDataResponse {
      * @return data map
      * @since 0.4.0
      */
-    public Map<String, Object> getData() {
+    public final Map<String, Object> getData() {
         if (data == null)
             return new HashMap<>();
         return data;
@@ -58,7 +58,7 @@ public class SecretResponse extends VaultDataResponse {
      * @return the value or NULL if absent
      * @since 0.4.0
      */
-    public Object get(String key) {
+    public final Object get(final String key) {
         if (data == null)
             return null;
         return getData().get(key);
@@ -72,14 +72,14 @@ public class SecretResponse extends VaultDataResponse {
      * @deprecated Deprecated artifact, will be removed at latest at v1.0.0
      */
     @Deprecated
-    public String getValue() {
+    public final String getValue() {
         if (get("value") == null)
             return null;
         return get("value").toString();
     }
 
     /**
-     * Get response parsed as JSON
+     * Get response parsed as JSON.
      *
      * @param type Class to parse response
      * @param <T>  Class to parse response
@@ -89,12 +89,12 @@ public class SecretResponse extends VaultDataResponse {
      * @deprecated Deprecated artifact, will be removed at latest at v1.0.0
      */
     @Deprecated
-    public <T> T getValue(Class<T> type) throws InvalidResponseException {
+    public final <T> T getValue(final Class<T> type) throws InvalidResponseException {
         return get("value", type);
     }
 
     /**
-     * Get response parsed as JSON
+     * Get response parsed as JSON.
      *
      * @param key the key
      * @param type Class to parse response
@@ -103,7 +103,7 @@ public class SecretResponse extends VaultDataResponse {
      * @throws InvalidResponseException on parsing error
      * @since 0.4.0
      */
-    public <T> T get(String key, Class<T> type) throws InvalidResponseException {
+    public final <T> T get(final String key, final Class<T> type) throws InvalidResponseException {
         try {
             return new ObjectMapper().readValue(get(key).toString(), type);
         } catch (IOException e) {

src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java

@@ -32,14 +32,20 @@ import java.util.Map;
  * @since 0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class TokenResponse extends VaultDataResponse {
+public final class TokenResponse extends VaultDataResponse {
     private TokenData data;
 
     @JsonProperty("auth")
     private Boolean auth;
 
+    /**
+     * Set data. Parses response data map to {@link TokenData}.
+     *
+     * @param data Raw response data
+     * @throws InvalidResponseException on parsing errors
+     */
     @Override
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public void setData(final Map<String, Object> data) throws InvalidResponseException {
         ObjectMapper mapper = new ObjectMapper();
         try {
             this.data = mapper.readValue(mapper.writeValueAsString(data), TokenData.class);
@@ -49,6 +55,9 @@ public class TokenResponse extends VaultDataResponse {
         }
     }
 
+    /**
+     * @return Token data
+     */
     public TokenData getData() {
         return data;
     }

src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java

@@ -41,22 +41,40 @@ public abstract class VaultDataResponse implements VaultResponse {
     @JsonProperty("warnings")
     private List<String> warnings;
 
+    /**
+     * Set data. To be implemented in the specific subclasses, as data can be of arbitrary structure.
+     *
+     * @param data Raw response data
+     * @throws InvalidResponseException on parsing errors
+     */
     @JsonProperty("data")
-    public abstract void setData(Map<String, Object> data) throws InvalidResponseException;
+    public abstract void setData(final Map<String, Object> data) throws InvalidResponseException;
 
-    public String getLeaseId() {
+    /**
+     * @return Lease ID
+     */
+    public final String getLeaseId() {
         return leaseId;
     }
 
-    public boolean isRenewable() {
+    /**
+     * @return Lease is renewable
+     */
+    public final boolean isRenewable() {
         return renewable;
     }
 
-    public Integer getLeaseDuration() {
+    /**
+     * @return Lease duration
+     */
+    public final Integer getLeaseDuration() {
         return leaseDuration;
     }
 
-    public List<String> getWarnings() {
+    /**
+     * @return List of warnings
+     */
+    public final List<String> getWarnings() {
         return warnings;
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java

@@ -29,7 +29,7 @@ import java.util.Map;
  * @since   0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class AuthData {
+public final class AuthData {
     @JsonProperty("client_token")
     private String clientToken;
 
@@ -48,26 +48,44 @@ public class AuthData {
     @JsonProperty("renewable")
     private boolean renewable;
 
+    /**
+     * @return Client token
+     */
     public String getClientToken() {
         return clientToken;
     }
 
+    /**
+     * @return Token accessor
+     */
     public String getAccessor() {
         return accessor;
     }
 
+    /**
+     * @return List of policies
+     */
     public List<String> getPolicies() {
         return policies;
     }
 
+    /**
+     * @return Metadata
+     */
     public Map<String, Object> getMetadata() {
         return metadata;
     }
 
+    /**
+     * @return Lease duration
+     */
     public Integer getLeaseDuration() {
         return leaseDuration;
     }
 
+    /**
+     * @return Lease is renewable
+     */
     public boolean isRenewable() {
         return renewable;
     }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java

@@ -30,7 +30,7 @@ import java.util.Map;
  * @since   0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class AuthMethod {
+public final class AuthMethod {
     private AuthBackend type;
     private String rawType;
 
@@ -43,28 +43,46 @@ public class AuthMethod {
     @JsonProperty("local")
     private boolean local;
 
+    /**
+     * @param type Backend type, passed to {@link AuthBackend#forType(String)}
+     */
     @JsonSetter("type")
-    public void setType(String type) {
+    public void setType(final String type) {
         this.rawType = type;
         this.type = AuthBackend.forType(type);
     }
 
+    /**
+     * @return Backend type
+     */
     public AuthBackend getType() {
         return type;
     }
 
+    /**
+     * @return Raw backend type string
+     */
     public String getRawType() {
         return rawType;
     }
 
+    /**
+     * @return Description
+     */
     public String getDescription() {
         return description;
     }
 
+    /**
+     * @return Configuration data
+     */
     public Map<String, String> getConfig() {
         return config;
     }
 
+    /**
+     * @return Is local backend
+     */
     public boolean isLocal() {
         return local;
     }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java

@@ -26,7 +26,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
  * @since   0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class TokenData {
+public final class TokenData {
     @JsonProperty("accessor")
     private String accessor;
 
@@ -34,7 +34,7 @@ public class TokenData {
     private Integer creationTime;
 
     @JsonProperty("creation_ttl")
-    private Integer creatinTtl;
+    private Integer creationTtl;
 
     @JsonProperty("display_name")
     private String name;
@@ -60,46 +60,79 @@ public class TokenData {
     @JsonProperty("ttl")
     private Integer ttl;
 
+    /**
+     * @return Token accessor
+     */
     public String getAccessor() {
         return accessor;
     }
 
+    /**
+     * @return Creation time
+     */
     public Integer getCreationTime() {
         return creationTime;
     }
 
-    public Integer getCreatinTtl() {
-        return creatinTtl;
+    /**
+     * @return Creation TTL (in seconds)
+     */
+    public Integer getCreationTtl() {
+        return creationTtl;
     }
 
+    /**
+     * @return Token name
+     */
     public String getName() {
         return name;
     }
 
+    /**
+     * @return Token ID
+     */
     public String getId() {
         return id;
     }
 
+    /**
+     * @return Number of uses
+     */
     public Integer getNumUses() {
         return numUses;
     }
 
+    /**
+     * @return Token is orphan
+     */
     public boolean isOrphan() {
         return orphan;
     }
 
+    /**
+     * @return Token path
+     */
     public String getPath() {
         return path;
     }
 
+    /**
+     * @return Token role
+     */
     public String getRole() {
         return role;
     }
 
+    /**
+     * @return Token TTL (in seconds)
+     */
     public Integer getTtl() {
         return ttl;
     }
 
+    /**
+     * @return Metadata
+     */
     public String getMeta() {
         return meta;
     }

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java

@@ -696,31 +696,25 @@ public class HTTPVaultConnectorTest {
             fail("Secret written to inaccessible path.");
         }
 
-        /* Overwrite token */
-        token = new TokenBuilder()
-                .withId("test-id2")
-                .withDisplayName("test name 3")
-                .withPolicies(Arrays.asList("pol1", "pol2"))
-                .withDefaultPolicy()
-                .withMeta("test", "success")
-                .withMeta("key", "value")
-                .withTtl(1234)
-                .build();
-        try {
-            AuthResponse res = connector.createToken(token);
-            assertThat("Invalid token ID returned.", res.getAuth().getClientToken(), is("test-id2"));
-            assertThat("Invalid number of policies returned.", res.getAuth().getPolicies(), hasSize(3));
-            assertThat("Policies not returned as expected.", res.getAuth().getPolicies(), contains("default", "pol1", "pol2"));
-            assertThat("Old policy not overwritten.", res.getAuth().getPolicies(), not(contains("testpolicy")));
-            assertThat("Metadata not given.", res.getAuth().getMetadata(), is(notNullValue()));
-            assertThat("Metadata not correct.", res.getAuth().getMetadata().get("test"), is("success"));
-            assertThat("Metadata not correct.", res.getAuth().getMetadata().get("key"), is("value"));
-            assertThat("Old metadata not overwritten.", res.getAuth().getMetadata().get("foo"), is(nullValue()));
-            assertThat("TTL not set correctly", res.getAuth().getLeaseDuration(), is(1234));
-            assertThat("Token should be renewable", res.getAuth().isRenewable(), is(true));
-        } catch (VaultConnectorException e) {
-            fail("Secret written to inaccessible path.");
-        }
+        /* Overwrite token should fail as of Vault 0.8.0 */
+//        token = new TokenBuilder()
+//                .withId("test-id2")
+//                .withDisplayName("test name 3")
+//                .withPolicies(Arrays.asList("pol1", "pol2"))
+//                .withDefaultPolicy()
+//                .withMeta("test", "success")
+//                .withMeta("key", "value")
+//                .withTtl(1234)
+//                .build();
+//        try {
+//            connector.createToken(token);
+//            fail("Overwriting token should fail as of Vault 0.8.0");
+//        } catch (VaultConnectorException e) {
+//            assertThat(e, is(instanceOf(InvalidResponseException.class)));
+//            assertThat(((InvalidResponseException)e).getStatusCode(), is(400));
+//            /* Assert that the exception does not reveal token ID */
+//            assertThat(stackTrace(e), not(stringContainsInOrder(token.getId())));
+//        }
     }
 
     /**