prepare release of v1.2.0

Introduce MountConfig and UserLockoutConfig models and add some missing
fields to AuthMethod.

.drone.yml

@@ -3,7 +3,7 @@ name: default
 
 steps:
   - name: compile
-    image: maven:3-jdk-11
+    image: maven:3-eclipse-temurin-21
     commands:
       - mvn -B clean compile
     when:
@@ -14,7 +14,7 @@ steps:
         - fix/*
         - release/*
   - name: unit-tests
-    image: maven:3-jdk-11
+    image: maven:3-eclipse-temurin-21
     commands:
       - mvn -B test
     when:
@@ -22,16 +22,27 @@ steps:
         - develop
         - feature/*
         - fix/*
-  - name: unit-integration-tests
-    image: maven:3-jdk-11
+  - name: setup-vault
+    image: alpine:latest
     environment:
-      VAULT_VERSION: 1.10.1
+      VAULT_VERSION: 1.15.4
     commands:
-      - curl -s -o vault_1.10.1_linux_amd64.zip https://releases.hashicorp.com/vault/1.10.1/vault_1.10.1_linux_amd64.zip
-      - curl -s https://releases.hashicorp.com/vault/1.10.1/vault_1.10.1_SHA256SUMS | grep linux_amd64 | sha256sum -c
-      - unzip vault_1.10.1_linux_amd64.zip
-      - rm vault_1.10.1_linux_amd64.zip
-      - mv vault /bin/
+      - wget -q -O vault_$${VAULT_VERSION}_linux_amd64.zip https://releases.hashicorp.com/vault/$${VAULT_VERSION}/vault_$${VAULT_VERSION}_linux_amd64.zip
+      - wget -q -O - https://releases.hashicorp.com/vault/$${VAULT_VERSION}/vault_$${VAULT_VERSION}_SHA256SUMS | grep linux_amd64 | sha256sum -c
+      - unzip vault_$${VAULT_VERSION}_linux_amd64.zip
+      - rm vault_$${VAULT_VERSION}_linux_amd64.zip
+      - mkdir -p .bin
+      - mv vault .bin/
+    when:
+      branch:
+        - main
+        - release/*
+  - name: unit-integration-tests
+    image: maven:3-eclipse-temurin-21
+    environment:
+      VAULT_VERSION: 1.15.4
+    commands:
+      - export PATH=.bin:$${PATH}
       - mvn -B -P integration-test verify
     when:
       branch:

.editorconfig

@@ -0,0 +1,14 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+max_line_length = 120
+tab_width = 4
+trim_trailing_whitespace = true
+
+[{*.yaml,*.yml}]
+indent_size = 2

.github/workflows/ci.yml

@@ -5,19 +5,19 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        jdk: [ 11, 17 ]
-        vault: [ '1.10.1' ]
+        jdk: [ 11, 17, 21 ]
+        vault: [ '1.2.0', '1.11.12', '1.15.4' ]
         include:
-          - jdk: 11
-            vault: '1.10.1'
+          - jdk: 21
+            vault: '1.11.12'
             analysis: true
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Set up Java
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           java-version: ${{ matrix.jdk }}
           distribution: 'temurin'
@@ -40,12 +40,11 @@ jobs:
         if: github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/heads/release/')
         run: mvn -B -P coverage verify
       - name: Analysis
-        if: matrix.analysis && github.event_name == 'push'
+        if: matrix.analysis
         run: >
           mvn -B sonar:sonar
           -Dsonar.host.url=https://sonarcloud.io
           -Dsonar.organization=stklcode-github
-          -Dsonar.login=$SONAR_TOKEN
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.gitignore

@@ -1,5 +1,16 @@
-/target/
-/*.iml
-/.idea/
-/*.project
-*~
+target/
+pom.xml.tag
+pom.xml.releaseBackup
+pom.xml.versionsBackup
+pom.xml.next
+release.properties
+dependency-reduced-pom.xml
+buildNumber.properties
+.mvn/timing.properties
+
+.idea
+*.iml
+
+.bin
+
+*~

CHANGELOG.md

@@ -1,3 +1,79 @@
+## 1.2.0 (2023-12-11)
+
+### Deprecations
+* `get...TimeString()` methods on various model classes are now deprecated
+
+### Improvements
+* Parse timestamps as `ZonedDateTime` instead of `String` representation
+* Remove redundant `java.base` requirement from _module-info.java_ (#69)
+* Close Java HTTP Client when running on Java 21 or later (#70)
+* Add MFA requirements tu `AuthResponse` (#71)
+* Extend `AuthMethod` data model (#72)
+
+### Dependencies
+* Updated Jackson to 2.16.0
+
+
+## 1.1.5 (2023-08-19)
+
+### Fix
+* Fixed JSON type conversion in `SecretResponse#get(String, Class)` (#67)
+
+### Test
+* Tested against Vault 1.2 to 1.15
+
+
+## 1.1.4 (2023-06-15)
+
+### Fix
+* Use `[+-]XX:XX` notation for timezone in date/time parsing
+
+### Improvements
+* Use explicit UTF-8 encoding for parsing responses
+
+### Dependencies
+* Updated Jackson to 2.15.2
+
+### Test
+* Tested against Vault 1.2.0 to 1.13.3
+
+
+## 1.1.3 (2023-01-31)
+
+### Deprecations
+* AppID components (deprecated since 0.4) are marked for removal with the next major release
+
+### Dependencies
+* Updated Jackson to 2.14.2
+
+### Improvements
+* Minor internal refactoring
+
+### Test
+* Tested against Vault 1.2.0 to 1.12.2
+
+
+## 1.1.2 (2022-10-26)
+
+### Dependencies
+* Updated Jackson to 2.13.4.2
+
+### Test
+* Tested against Vault 1.2.0 to 1.12.0
+* Disable AppID tests for Vault 1.12 and above (auth method removed)
+* Tested with Java 19
+
+
+## 1.1.1 (2022-08-29)
+
+### Dependencies
+* Updated Jackson to 2.13.3
+
+### Test
+* Tested against Vault 1.11.2
+* Tested with Java 18
+
+
 ## 1.1.0 (2022-04-24)
 
 ### Fix
@@ -114,7 +190,7 @@ Old builders will be removed in 1.0
 * Added `entity_id`, `token_policies`, `token_type` and `orphan` flags to auth response
 * Added `entity_id`, `expire_time`, `explicit_max_ttl`, `issue_time`, `renewable` and `type` flags to token data
 * Added `explicit_max_ttl`, `period` and `entity_alias` flags to _Token_ model (#41)
-* Added `enable_local_secret_ids`, `token_bound_cidrs`, `token_explicit_max_ttl`, `token_no_default_policy`, 
+* Added `enable_local_secret_ids`, `token_bound_cidrs`, `token_explicit_max_ttl`, `token_no_default_policy`,
   `token_num_uses`, `token_period` and `token_type` flags to _AppRole_ model
 * Minor dependency updates
 
@@ -134,14 +210,14 @@ Old builders will be removed in 1.0
 ## 0.8.2 (2019-10-20)
 
 ### Fixes
-* Fixed token lookup (#31) 
+* Fixed token lookup (#31)
 
 ### Improvements
 * Updated dependencies
 
 ## 0.8.1 (2019-08-16)
 ### Fixes
-* Removed compile dependency to JUnit library (#30) 
+* Removed compile dependency to JUnit library (#30)
 
 ### Improvements
 * Updated dependencies
@@ -233,7 +309,7 @@ Old builders will be removed in 1.0
 ### Fixes
 * `SecretResponse` does not throw NPE on `get(key)` and `getData()`
 
-### Test 
+### Test
 * Tested against Vault 0.7.2
 
 

README.md

@@ -1,8 +1,8 @@
-# Java Vault Connector 
+# Java Vault Connector
 
 [![CI Status](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml/badge.svg)](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml)
 [![Quality Gate](https://sonarcloud.io/api/project_badges/measure?project=de.stklcode.jvault%3Ajvault-connector&metric=alert_status)](https://sonarcloud.io/dashboard?id=de.stklcode.jvault%3Ajvault-connector)
-[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/stklcode/jvaultconnector/blob/main/LICENSE.txt) 
+[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/stklcode/jvaultconnector/blob/main/LICENSE.txt)
 [![Maven Central](https://img.shields.io/maven-central/v/de.stklcode.jvault/jvault-connector.svg)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22de.stklcode.jvault%22%20AND%20a%3A%22jvault-connector%22)
 
 ![Logo](https://raw.githubusercontent.com/stklcode/jvaultconnector/main/assets/logo.png)
@@ -32,7 +32,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
     * SQL secret handling
     * KV v1 and v2 support
 * Connector Factory with builder pattern
-* Tested against Vault 1.10.1
+* Tested against Vault 1.2 to 1.15
 
 
 ## Maven Artifact
@@ -40,7 +40,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
 <dependency>
     <groupId>de.stklcode.jvault</groupId>
     <artifactId>jvault-connector</artifactId>
-    <version>1.1.0</version>
+    <version>1.2.0</version>
 </dependency>
 ```
 
@@ -61,7 +61,7 @@ VaultConnector vault = HTTPVaultConnector.builder("https://example.com:8200/v1/"
  .withTrustedCA(Paths.get("/path/to/CA.pem"))
  .build();
 
-// Initialization from environment variables 
+// Initialization from environment variables
 VaultConnector vault = HTTPVaultConnector.builder()
  .fromEnv()
  .build();

pom.xml

@@ -4,7 +4,7 @@
 
     <groupId>de.stklcode.jvault</groupId>
     <artifactId>jvault-connector</artifactId>
-    <version>1.1.0</version>
+    <version>1.2.0</version>
 
     <packaging>jar</packaging>
 
@@ -21,16 +21,11 @@
         </license>
     </licenses>
 
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <argLine></argLine>
-    </properties>
-
     <developers>
         <developer>
             <name>Stefan Kalscheuer</name>
             <email>stefan@stklcode.de</email>
-            <timezone>+1</timezone>
+            <timezone>Europe/Berlin</timezone>
         </developer>
     </developers>
 
@@ -45,34 +40,109 @@
         <url>https://github.com/stklcode/jvaultconnector/issues</url>
     </issueManagement>
 
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <argLine></argLine>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.16.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+            <version>2.16.0</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <version>5.10.1</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>5.8.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.github.stefanbirkner</groupId>
+            <artifactId>system-lambda</artifactId>
+            <version>1.2.1</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wiremock</groupId>
+            <artifactId>wiremock</artifactId>
+            <version>3.3.1</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.15.1</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>nl.jqno.equalsverifier</groupId>
+            <artifactId>equalsverifier</artifactId>
+            <version>3.15.4</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.awaitility</groupId>
+            <artifactId>awaitility</artifactId>
+            <version>4.2.0</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
     <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.10.1</version>
-                <configuration>
-                    <source>11</source>
-                    <target>11</target>
-                </configuration>
-            </plugin>
-        </plugins>
         <pluginManagement>
             <plugins>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
-                    <artifactId>maven-clean-plugin</artifactId>
-                    <version>3.2.0</version>
+                    <artifactId>maven-compiler-plugin</artifactId>
+                    <version>3.11.0</version>
+                    <configuration>
+                        <source>11</source>
+                        <target>11</target>
+                    </configuration>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
-                    <artifactId>maven-resources-plugin</artifactId>
-                    <version>3.2.0</version>
+                    <artifactId>maven-clean-plugin</artifactId>
+                    <version>3.3.2</version>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-deploy-plugin</artifactId>
+                    <version>3.1.1</version>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-failsafe-plugin</artifactId>
+                    <version>3.2.2</version>
+                    <configuration>
+                        <argLine>
+                            @{argLine}
+                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
+                        </argLine>
+                    </configuration>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-install-plugin</artifactId>
+                    <version>3.1.1</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-jar-plugin</artifactId>
-                    <version>3.2.2</version>
+                    <version>3.3.0</version>
                     <configuration>
                         <archive>
                             <manifestEntries>
@@ -83,18 +153,18 @@
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
-                    <artifactId>maven-install-plugin</artifactId>
-                    <version>2.5.2</version>
+                    <artifactId>maven-resources-plugin</artifactId>
+                    <version>3.3.1</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
-                    <artifactId>maven-deploy-plugin</artifactId>
-                    <version>2.8.2</version>
+                    <artifactId>maven-source-plugin</artifactId>
+                    <version>3.3.0</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>2.22.2</version>
+                    <version>3.2.2</version>
                     <configuration>
                         <argLine>
                             @{argLine}
@@ -105,69 +175,24 @@
                             --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response=ALL-UNNAMED
                             --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response.embedded=ALL-UNNAMED
                             --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
+                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.datatype.jsr310
                         </argLine>
                     </configuration>
                 </plugin>
+                <plugin>
+                    <groupId>org.jacoco</groupId>
+                    <artifactId>jacoco-maven-plugin</artifactId>
+                    <version>0.8.11</version>
+                </plugin>
+                <plugin>
+                    <groupId>org.sonarsource.scanner.maven</groupId>
+                    <artifactId>sonar-maven-plugin</artifactId>
+                    <version>3.10.0.2594</version>
+                </plugin>
             </plugins>
         </pluginManagement>
     </build>
 
-    <dependencies>
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-databind</artifactId>
-            <version>2.13.2.2</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter</artifactId>
-            <version>5.8.2</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.mockito</groupId>
-            <artifactId>mockito-core</artifactId>
-            <version>4.5.1</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>com.github.stefanbirkner</groupId>
-            <artifactId>system-lambda</artifactId>
-            <version>1.2.1</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>com.github.tomakehurst</groupId>
-            <artifactId>wiremock-jre8</artifactId>
-            <version>2.33.1</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>2.11.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>nl.jqno.equalsverifier</groupId>
-            <artifactId>equalsverifier</artifactId>
-            <version>3.10</version>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>org.sonarsource.scanner.maven</groupId>
-                <artifactId>sonar-maven-plugin</artifactId>
-                <version>3.9.1.2184</version>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
-
     <profiles>
         <profile>
             <id>sources</id>
@@ -179,7 +204,6 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-source-plugin</artifactId>
-                        <version>3.2.1</version>
                         <executions>
                             <execution>
                                 <id>attach-sources</id>
@@ -203,7 +227,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.4.0</version>
+                        <version>3.6.2</version>
                         <configuration>
                             <source>11</source>
                         </configuration>
@@ -227,7 +251,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.0.1</version>
+                        <version>3.1.0</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>
@@ -252,7 +276,6 @@
                     <plugin>
                         <groupId>org.jacoco</groupId>
                         <artifactId>jacoco-maven-plugin</artifactId>
-                        <version>0.8.8</version>
                         <executions>
                             <execution>
                                 <id>default-prepare-agent</id>
@@ -279,7 +302,6 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-failsafe-plugin</artifactId>
-                        <version>2.22.2</version>
                         <executions>
                             <execution>
                                 <goals>
@@ -300,7 +322,11 @@
                     <plugin>
                         <groupId>org.owasp</groupId>
                         <artifactId>dependency-check-maven</artifactId>
-                        <version>7.1.0</version>
+                        <version>9.0.4</version>
+                        <configuration>
+                            <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
+                            <nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
+                        </configuration>
                         <executions>
                             <execution>
                                 <goals>

src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,24 +41,30 @@ import static java.util.Collections.singletonMap;
  * @since 0.1
  */
 public class HTTPVaultConnector implements VaultConnector {
-    private static final String PATH_SEAL_STATUS = "sys/seal-status";
-    private static final String PATH_SEAL = "sys/seal";
-    private static final String PATH_UNSEAL = "sys/unseal";
-    private static final String PATH_RENEW = "sys/leases/renew";
-    private static final String PATH_AUTH = "sys/auth";
-    private static final String PATH_TOKEN = "auth/token";
+    private static final String PATH_SYS = "sys";
+    private static final String PATH_SYS_AUTH = PATH_SYS + "/auth";
+    private static final String PATH_RENEW = PATH_SYS + "/leases/renew";
+    private static final String PATH_REVOKE = PATH_SYS + "/leases/revoke/";
+    private static final String PATH_HEALTH = PATH_SYS + "/health";
+    private static final String PATH_SEAL = PATH_SYS + "/seal";
+    private static final String PATH_SEAL_STATUS = PATH_SYS + "/seal-status";
+    private static final String PATH_UNSEAL = PATH_SYS + "/unseal";
+
+
+    private static final String PATH_AUTH = "auth";
+    private static final String PATH_AUTH_TOKEN = PATH_AUTH + "/token";
     private static final String PATH_LOOKUP = "/lookup";
     private static final String PATH_CREATE = "/create";
     private static final String PATH_ROLES = "/roles";
     private static final String PATH_CREATE_ORPHAN = "/create-orphan";
-    private static final String PATH_AUTH_USERPASS = "auth/userpass/login/";
-    private static final String PATH_AUTH_APPID = "auth/app-id/";
-    private static final String PATH_AUTH_APPROLE = "auth/approle/";
-    private static final String PATH_AUTH_APPROLE_ROLE = "auth/approle/role/%s%s";
-    private static final String PATH_REVOKE = "sys/leases/revoke/";
-    private static final String PATH_HEALTH = "sys/health";
+    private static final String PATH_AUTH_USERPASS = PATH_AUTH + "/userpass/login/";
+    private static final String PATH_AUTH_APPID = PATH_AUTH + "/app-id";
+    private static final String PATH_AUTH_APPROLE = PATH_AUTH + "/approle";
+    private static final String PATH_AUTH_APPROLE_ROLE = PATH_AUTH_APPROLE + "/role/%s%s";
+
     private static final String PATH_DATA = "/data/";
     private static final String PATH_METADATA = "/metadata/";
+    private static final String PATH_LOGIN = "/login";
     private static final String PATH_DELETE = "/delete/";
     private static final String PATH_UNDELETE = "/undelete/";
     private static final String PATH_DESTROY = "/destroy/";
@@ -69,6 +75,24 @@ public class HTTPVaultConnector implements VaultConnector {
     private String token;                   // Current token.
     private long tokenTTL = 0;              // Expiration time for current token.
 
+    /**
+     * Create connector using a {@link HTTPVaultConnectorBuilder}.
+     *
+     * @param builder The builder.
+     */
+    HTTPVaultConnector(final HTTPVaultConnectorBuilder builder) {
+        this.request = new RequestHelper(
+                ((builder.isWithTLS()) ? "https" : "http") + "://" +
+                        builder.getHost() +
+                        ((builder.getPort() != null) ? ":" + builder.getPort() : "") +
+                        builder.getPrefix(),
+                builder.getNumberOfRetries(),
+                builder.getTimeout(),
+                builder.getTlsVersion(),
+                builder.getTrustedCA()
+        );
+    }
+
     /**
      * Get a new builder for a connector.
      *
@@ -102,24 +126,6 @@ public class HTTPVaultConnector implements VaultConnector {
         return new HTTPVaultConnectorBuilder().withBaseURL(baseURL);
     }
 
-    /**
-     * Create connector using a {@link HTTPVaultConnectorBuilder}.
-     *
-     * @param builder The builder.
-     */
-    HTTPVaultConnector(final HTTPVaultConnectorBuilder builder) {
-        this.request = new RequestHelper(
-                ((builder.isWithTLS()) ? "https" : "http") + "://" +
-                        builder.getHost() +
-                        ((builder.getPort() != null) ? ":" + builder.getPort() : "") +
-                        builder.getPrefix(),
-                builder.getNumberOfRetries(),
-                builder.getTimeout(),
-                builder.getTlsVersion(),
-                builder.getTrustedCA()
-        );
-    }
-
     @Override
     public final void resetAuth() {
         token = null;
@@ -139,11 +145,10 @@ public class HTTPVaultConnector implements VaultConnector {
 
     @Override
     public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException {
-        Map<String, String> param = new HashMap<>(2, 1);
-        param.put("key", key);
-        if (reset != null) {
-            param.put("reset", reset.toString());
-        }
+        Map<String, String> param = mapOfStrings(
+                "key", key,
+                "reset", reset
+        );
 
         return request.put(PATH_UNSEAL, param, token, SealResponse.class);
     }
@@ -172,7 +177,7 @@ public class HTTPVaultConnector implements VaultConnector {
     @Override
     public final List<AuthBackend> getAuthBackends() throws VaultConnectorException {
         /* Issue request and parse response */
-        AuthMethodsResponse amr = request.get(PATH_AUTH, emptyMap(), token, AuthMethodsResponse.class);
+        AuthMethodsResponse amr = request.get(PATH_SYS_AUTH, emptyMap(), token, AuthMethodsResponse.class);
 
         return amr.getSupportedMethods().values().stream().map(AuthMethod::getType).collect(Collectors.toList());
     }
@@ -182,7 +187,7 @@ public class HTTPVaultConnector implements VaultConnector {
         /* set token */
         this.token = token;
         this.tokenTTL = 0;
-        TokenResponse res = request.post(PATH_TOKEN + PATH_LOOKUP, emptyMap(), token, TokenResponse.class);
+        TokenResponse res = request.post(PATH_AUTH_TOKEN + PATH_LOOKUP, emptyMap(), token, TokenResponse.class);
         authorized = true;
 
         return res;
@@ -196,10 +201,10 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    @Deprecated(since = "0.4", forRemoval = false)
+    @Deprecated(since = "0.4", forRemoval = true)
     public final AuthResponse authAppId(final String appID, final String userID) throws VaultConnectorException {
         return queryAuth(
-                PATH_AUTH_APPID + "login",
+                PATH_AUTH_APPID + PATH_LOGIN,
                 Map.of(
                         "app_id", appID,
                         "user_id", userID
@@ -209,12 +214,11 @@ public class HTTPVaultConnector implements VaultConnector {
 
     @Override
     public final AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException {
-        final Map<String, String> payload = new HashMap<>(2, 1);
-        payload.put("role_id", roleID);
-        if (secretID != null) {
-            payload.put("secret_id", secretID);
-        }
-        return queryAuth(PATH_AUTH_APPROLE + "login", payload);
+        final Map<String, String> payload = mapOfStrings(
+                "role_id", roleID,
+                "secret_id", secretID
+        );
+        return queryAuth(PATH_AUTH_APPROLE + PATH_LOGIN, payload);
     }
 
     /**
@@ -238,14 +242,14 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    @Deprecated(since = "0.4", forRemoval = false)
+    @Deprecated(since = "0.4", forRemoval = true)
     public final boolean registerAppId(final String appID, final String policy, final String displayName)
             throws VaultConnectorException {
         requireAuth();
 
         /* Issue request and expect code 204 with empty response */
         request.postWithoutResponse(
-                PATH_AUTH_APPID + "map/app-id/" + appID,
+                PATH_AUTH_APPID + "/map/app-id/" + appID,
                 Map.of(
                         "value", policy,
                         "display_name", displayName
@@ -257,13 +261,13 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    @Deprecated(since = "0.4", forRemoval = false)
+    @Deprecated(since = "0.4", forRemoval = true)
     public final boolean registerUserId(final String appID, final String userID) throws VaultConnectorException {
         requireAuth();
 
         /* Issue request and expect code 204 with empty response */
         request.postWithoutResponse(
-                PATH_AUTH_APPID + "map/user-id/" + userID,
+                PATH_AUTH_APPID + "/map/user-id/" + userID,
                 singletonMap("value", appID),
                 token
         );
@@ -384,7 +388,7 @@ public class HTTPVaultConnector implements VaultConnector {
         requireAuth();
 
         SecretListResponse secrets = request.get(
-                PATH_AUTH_APPROLE + "role?list=true",
+                PATH_AUTH_APPROLE + "/role?list=true",
                 emptyMap(),
                 token,
                 SecretListResponse.class
@@ -415,19 +419,18 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public final SecretResponse readSecretVersion(final String mount, final String key, final Integer version) throws VaultConnectorException {
+    public final SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
+            throws VaultConnectorException {
         requireAuth();
         /* Request HTTP response and parse secret metadata */
-        Map<String, String> args = new HashMap<>(1, 1);
-        if (version != null) {
-            args.put("version", version.toString());
-        }
+        Map<String, String> args = mapOfStrings("version", version);
 
         return request.get(mount + PATH_DATA + key, args, token, MetaSecretResponse.class);
     }
 
     @Override
-    public final MetadataResponse readSecretMetadata(final String mount, final String key) throws VaultConnectorException {
+    public final MetadataResponse readSecretMetadata(final String mount, final String key)
+            throws VaultConnectorException {
         requireAuth();
 
         /* Request HTTP response and parse secret metadata */
@@ -435,20 +438,25 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public void updateSecretMetadata(final String mount, final String key, final Integer maxVersions, final boolean casRequired) throws VaultConnectorException {
+    public void updateSecretMetadata(final String mount,
+                                     final String key,
+                                     final Integer maxVersions,
+                                     final boolean casRequired) throws VaultConnectorException {
         requireAuth();
 
-        Map<String, Object> payload = new HashMap<>(2, 1);
-        if (maxVersions != null) {
-            payload.put("max_versions", maxVersions);
-        }
-        payload.put("cas_required", casRequired);
+        Map<String, Object> payload = mapOf(
+                "max_versions", maxVersions,
+                "cas_required", casRequired
+        );
 
         write(mount + PATH_METADATA + key, payload);
     }
 
     @Override
-    public final SecretVersionResponse writeSecretData(final String mount, final String key, final Map<String, Object> data, final Integer cas) throws VaultConnectorException {
+    public final SecretVersionResponse writeSecretData(final String mount,
+                                                       final String key,
+                                                       final Map<String, Object> data,
+                                                       final Integer cas) throws VaultConnectorException {
         requireAuth();
 
         if (key == null || key.isEmpty()) {
@@ -456,12 +464,7 @@ public class HTTPVaultConnector implements VaultConnector {
         }
 
         // Add CAS value to options map if present.
-        Map<String, Object> options;
-        if (cas != null) {
-            options = singletonMap("cas", cas);
-        } else {
-            options = emptyMap();
-        }
+        Map<String, Object> options = mapOf("cas", cas);
 
         /* Issue request and parse metadata response */
         return request.post(
@@ -485,7 +488,8 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options) throws VaultConnectorException {
+    public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
+            throws VaultConnectorException {
         requireAuth();
 
         if (key == null || key.isEmpty()) {
@@ -526,17 +530,20 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public final void deleteSecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException {
+    public final void deleteSecretVersions(final String mount, final String key, final int... versions)
+            throws VaultConnectorException {
         handleSecretVersions(mount, PATH_DELETE, key, versions);
     }
 
     @Override
-    public final void undeleteSecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException {
+    public final void undeleteSecretVersions(final String mount, final String key, final int... versions)
+            throws VaultConnectorException {
         handleSecretVersions(mount, PATH_UNDELETE, key, versions);
     }
 
     @Override
-    public final void destroySecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException {
+    public final void destroySecretVersions(final String mount, final String key, final int... versions)
+            throws VaultConnectorException {
         handleSecretVersions(mount, PATH_DESTROY, key, versions);
     }
 
@@ -550,7 +557,10 @@ public class HTTPVaultConnector implements VaultConnector {
      * @throws VaultConnectorException on error
      * @since 0.8
      */
-    private void handleSecretVersions(final String mount, final String pathPart, final String key, final int... versions) throws VaultConnectorException {
+    private void handleSecretVersions(final String mount,
+                                      final String pathPart,
+                                      final String key,
+                                      final int... versions) throws VaultConnectorException {
         requireAuth();
 
         /* Request HTTP response and expect empty result */
@@ -572,11 +582,10 @@ public class HTTPVaultConnector implements VaultConnector {
     public final SecretResponse renew(final String leaseID, final Integer increment) throws VaultConnectorException {
         requireAuth();
 
-        Map<String, String> payload = new HashMap<>(2, 1);
-        payload.put("lease_id", leaseID);
-        if (increment != null) {
-            payload.put("increment", increment.toString());
-        }
+        Map<String, String> payload = mapOfStrings(
+                "lease_id", leaseID,
+                "increment", increment
+        );
 
         /* Issue request and parse secret response */
         return request.put(PATH_RENEW, payload, token, SecretResponse.class);
@@ -584,12 +593,12 @@ public class HTTPVaultConnector implements VaultConnector {
 
     @Override
     public final AuthResponse createToken(final Token token) throws VaultConnectorException {
-        return createTokenInternal(token, PATH_TOKEN + PATH_CREATE);
+        return createTokenInternal(token, PATH_AUTH_TOKEN + PATH_CREATE);
     }
 
     @Override
     public final AuthResponse createToken(final Token token, final boolean orphan) throws VaultConnectorException {
-        return createTokenInternal(token, PATH_TOKEN + PATH_CREATE_ORPHAN);
+        return createTokenInternal(token, PATH_AUTH_TOKEN + PATH_CREATE_ORPHAN);
     }
 
     @Override
@@ -597,7 +606,7 @@ public class HTTPVaultConnector implements VaultConnector {
         if (role == null || role.isEmpty()) {
             throw new InvalidRequestException("No role name specified.");
         }
-        return createTokenInternal(token, PATH_TOKEN + PATH_CREATE + "/" + role);
+        return createTokenInternal(token, PATH_AUTH_TOKEN + PATH_CREATE + "/" + role);
     }
 
     @Override
@@ -632,7 +641,7 @@ public class HTTPVaultConnector implements VaultConnector {
 
         /* Request HTTP response and parse Secret */
         return request.get(
-                PATH_TOKEN + PATH_LOOKUP,
+                PATH_AUTH_TOKEN + PATH_LOOKUP,
                 singletonMap("token", token),
                 token,
                 TokenResponse.class
@@ -650,7 +659,7 @@ public class HTTPVaultConnector implements VaultConnector {
         }
 
         // Issue request and expect code 204 with empty response.
-        request.postWithoutResponse(PATH_TOKEN + PATH_ROLES + "/" + name, role, token);
+        request.postWithoutResponse(PATH_AUTH_TOKEN + PATH_ROLES + "/" + name, role, token);
 
         return true;
     }
@@ -660,14 +669,14 @@ public class HTTPVaultConnector implements VaultConnector {
         requireAuth();
 
         // Request HTTP response and parse response.
-        return request.get(PATH_TOKEN + PATH_ROLES + "/" + name, emptyMap(), token, TokenRoleResponse.class);
+        return request.get(PATH_AUTH_TOKEN + PATH_ROLES + "/" + name, emptyMap(), token, TokenRoleResponse.class);
     }
 
     @Override
     public List<String> listTokenRoles() throws VaultConnectorException {
         requireAuth();
 
-        return list(PATH_TOKEN + PATH_ROLES);
+        return list(PATH_AUTH_TOKEN + PATH_ROLES);
     }
 
     @Override
@@ -679,7 +688,7 @@ public class HTTPVaultConnector implements VaultConnector {
         }
 
         // Issue request and expect code 204 with empty response.
-        request.deleteWithoutResponse(PATH_TOKEN + PATH_ROLES + "/" + name, token);
+        request.deleteWithoutResponse(PATH_AUTH_TOKEN + PATH_ROLES + "/" + name, token);
 
         return true;
     }
@@ -695,4 +704,42 @@ public class HTTPVaultConnector implements VaultConnector {
             throw new AuthorizationRequiredException();
         }
     }
+
+    /**
+     * Generate a map of non-null {@link String} keys and values
+     *
+     * @param keyValues Key-value tuples as vararg.
+     * @return The map of non-null keys and values.
+     */
+    private static Map<String, String> mapOfStrings(Object... keyValues) {
+        Map<String, String> map = new HashMap<>(keyValues.length / 2, 1);
+        for (int i = 0; i < keyValues.length - 1; i = i + 2) {
+            Object key = keyValues[i];
+            Object val = keyValues[i + 1];
+            if (key instanceof String && val != null) {
+                map.put((String) key, val.toString());
+            }
+        }
+
+        return map;
+    }
+
+    /**
+     * Generate a map of non-null {@link String} keys and {@link Object} values
+     *
+     * @param keyValues Key-value tuples as vararg.
+     * @return The map of non-null keys and values.
+     */
+    private static Map<String, Object> mapOf(Object... keyValues) {
+        Map<String, Object> map = new HashMap<>(keyValues.length / 2, 1);
+        for (int i = 0; i < keyValues.length; i = i + 2) {
+            Object key = keyValues[i];
+            Object val = keyValues[i + 1];
+            if (key instanceof String && val != null) {
+                map.put((String) key, val);
+            }
+        }
+
+        return map;
+    }
 }

src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/VaultConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -119,9 +119,10 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @param userID The User ID
      * @return The {@link AuthResponse}
      * @throws VaultConnectorException on error
-     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using {@link #authAppRole} instead.
+     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
+     * Consider using {@link #authAppRole} instead.
      */
-    @Deprecated(since = "0.4", forRemoval = false)
+    @Deprecated(since = "0.4", forRemoval = true)
     AuthResponse authAppId(final String appID, final String userID) throws VaultConnectorException;
 
     /**
@@ -155,9 +156,10 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @param displayName Arbitrary name to display
      * @return {@code true} on success
      * @throws VaultConnectorException on error
-     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using {@link #createAppRole} instead.
+     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
+     * Consider using {@link #createAppRole} instead.
      */
-    @Deprecated(since = "0.4", forRemoval = false)
+    @Deprecated(since = "0.4", forRemoval = true)
     boolean registerAppId(final String appID, final String policy, final String displayName)
             throws VaultConnectorException;
 
@@ -349,10 +351,10 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @param userID The User-ID
      * @return {@code true} on success
      * @throws VaultConnectorException on error
-     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole.
+     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
      * Consider using {@link #createAppRoleSecret} instead.
      */
-    @Deprecated(since = "0.4", forRemoval = false)
+    @Deprecated(since = "0.4", forRemoval = true)
     boolean registerUserId(final String appID, final String userID) throws VaultConnectorException;
 
     /**
@@ -364,9 +366,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @param userID      The User-ID
      * @return {@code true} on success
      * @throws VaultConnectorException on error
-     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole.
+     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
      */
-    @Deprecated(since = "0.4", forRemoval = false)
+    @Deprecated(since = "0.4", forRemoval = true)
     default boolean registerAppUserId(final String appID,
                                       final String policy,
                                       final String displayName,
@@ -420,7 +422,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @throws VaultConnectorException on error
      * @since 0.8
      */
-    default SecretVersionResponse writeSecretData(final String mount, final String key, final Map<String, Object> data) throws VaultConnectorException {
+    default SecretVersionResponse writeSecretData(final String mount,
+                                                  final String key,
+                                                  final Map<String, Object> data) throws VaultConnectorException {
         return writeSecretData(mount, key, data, null);
     }
 
@@ -438,7 +442,10 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @throws VaultConnectorException on error
      * @since 0.8
      */
-    SecretVersionResponse writeSecretData(final String mount, final String key, final Map<String, Object> data, final Integer cas) throws VaultConnectorException;
+    SecretVersionResponse writeSecretData(final String mount,
+                                          final String key,
+                                          final Map<String, Object> data,
+                                          final Integer cas) throws VaultConnectorException;
 
     /**
      * Retrieve secret data from Vault.
@@ -453,7 +460,8 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @throws VaultConnectorException on error
      * @since 0.8
      */
-    SecretResponse readSecretVersion(final String mount, final String key, final Integer version) throws VaultConnectorException;
+    SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
+            throws VaultConnectorException;
 
     /**
      * Retrieve secret metadata from Vault.
@@ -482,7 +490,10 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @throws VaultConnectorException on error
      * @since 0.8
      */
-    void updateSecretMetadata(final String mount, final String key, final Integer maxVersions, final boolean casRequired) throws VaultConnectorException;
+    void updateSecretMetadata(final String mount,
+                              final String key,
+                              final Integer maxVersions,
+                              final boolean casRequired) throws VaultConnectorException;
 
     /**
      * List available nodes from Vault.
@@ -527,7 +538,8 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @throws VaultConnectorException on error
      * @since 0.8 {@code options} parameter added
      */
-    void write(final String key, final Map<String, Object> data, final Map<String, Object> options) throws VaultConnectorException;
+    void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
+            throws VaultConnectorException;
 
     /**
      * Delete key from Vault.
@@ -574,7 +586,8 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @throws VaultConnectorException on error
      * @since 0.8
      */
-    void deleteSecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException;
+    void deleteSecretVersions(final String mount, final String key, final int... versions)
+            throws VaultConnectorException;
 
     /**
      * Undelete (restore) secret versions from Vault.
@@ -586,7 +599,8 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @throws VaultConnectorException on error
      * @since 0.8
      */
-    void undeleteSecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException;
+    void undeleteSecretVersions(final String mount, final String key, final int... versions)
+            throws VaultConnectorException;
 
     /**
      * Destroy secret versions from Vault.
@@ -598,7 +612,8 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @throws VaultConnectorException on error
      * @since 0.8
      */
-    void destroySecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException;
+    void destroySecretVersions(final String mount, final String key, final int... versions)
+            throws VaultConnectorException;
 
     /**
      * Revoke given lease immediately.

src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/TlsException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/internal/Error.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java

@@ -1,7 +1,10 @@
 package de.stklcode.jvault.connector.internal;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.*;
 import de.stklcode.jvault.connector.model.response.ErrorResponse;
 
@@ -62,7 +65,10 @@ public final class RequestHelper implements Serializable {
         this.timeout = timeout;
         this.tlsVersion = tlsVersion;
         this.trustedCaCert = trustedCaCert;
-        this.jsonMapper = new ObjectMapper();
+        this.jsonMapper = new ObjectMapper()
+                .registerModule(new JavaTimeModule())
+                .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
+                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
     }
 
     /**
@@ -127,7 +133,8 @@ public final class RequestHelper implements Serializable {
      * @throws VaultConnectorException on connection error
      * @since 0.8
      */
-    public void postWithoutResponse(final String path, final Object payload, final String token) throws VaultConnectorException {
+    public void postWithoutResponse(final String path, final Object payload, final String token)
+            throws VaultConnectorException {
         if (!post(path, payload, token).isEmpty()) {
             throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
         }
@@ -143,7 +150,8 @@ public final class RequestHelper implements Serializable {
      * @throws VaultConnectorException on connection error
      * @since 0.8 Added {@code token} parameter.
      */
-    public String put(final String path, final Map<String, String> payload, final String token) throws VaultConnectorException {
+    public String put(final String path, final Map<String, String> payload, final String token)
+            throws VaultConnectorException {
         // Initialize PUT.
         var req = HttpRequest.newBuilder(URI.create(baseURL + path));
 
@@ -254,8 +262,8 @@ public final class RequestHelper implements Serializable {
 
         if (!payload.isEmpty()) {
             uriBuilder.append("?").append(
-                    payload.entrySet().stream().map(
-                            par -> URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
+                    payload.entrySet().stream().map(par ->
+                            URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
                     ).collect(Collectors.joining("&"))
             );
         }
@@ -355,6 +363,15 @@ public final class RequestHelper implements Serializable {
             }
         } catch (CompletionException e) {
             throw new ConnectionException(Error.CONNECTION, e.getCause());
+        } finally {
+            if (client instanceof AutoCloseable) {
+                // Close the client, which is supported since JDK21.
+                try {
+                    ((AutoCloseable) client).close();
+                } catch (Exception ignored) {
+                    // Ignore
+                }
+            }
         }
     }
 
@@ -386,7 +403,8 @@ public final class RequestHelper implements Serializable {
             }
 
             return sslContext;
-        } catch (CertificateException | NoSuchAlgorithmException | KeyStoreException | IOException | KeyManagementException e) {
+        } catch (CertificateException | NoSuchAlgorithmException | KeyStoreException | IOException |
+                 KeyManagementException e) {
             throw new TlsException(Error.INIT_SSL_CONTEXT, e);
         }
     }
@@ -399,7 +417,7 @@ public final class RequestHelper implements Serializable {
      * @throws InvalidResponseException on reading errors
      */
     private String handleResult(final HttpResponse<InputStream> response) throws InvalidResponseException {
-        try (var reader = new BufferedReader(new InputStreamReader(response.body()))) {
+        try (var reader = new BufferedReader(new InputStreamReader(response.body(), UTF_8))) {
             return reader.lines().collect(Collectors.joining("\n"));
         } catch (IOException ignored) {
             throw new InvalidResponseException(Error.READ_RESPONSE, 200);
@@ -414,7 +432,7 @@ public final class RequestHelper implements Serializable {
      */
     private void handleError(final HttpResponse<InputStream> response) throws VaultConnectorException {
         if (response.body() != null) {
-            try (var reader = new BufferedReader(new InputStreamReader(response.body()))) {
+            try (var reader = new BufferedReader(new InputStreamReader(response.body(), UTF_8))) {
                 var responseString = reader.lines().collect(Collectors.joining("\n"));
                 ErrorResponse er = jsonMapper.readValue(responseString, ErrorResponse.class);
                 /* Check for "permission denied" response */

src/main/java/de/stklcode/jvault/connector/model/AppRole.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,17 +34,6 @@ import java.util.Objects;
 public final class AppRole implements Serializable {
     private static final long serialVersionUID = -6248529625864573990L;
 
-    /**
-     * Get {@link Builder} instance.
-     *
-     * @param name Role name.
-     * @return AppRole Builder.
-     * @since 0.8
-     */
-    public static Builder builder(final String name) {
-        return new Builder(name);
-    }
-
     @JsonProperty("role_name")
     private String name;
 
@@ -134,6 +123,17 @@ public final class AppRole implements Serializable {
         this.tokenType = builder.tokenType != null ? builder.tokenType.value() : null;
     }
 
+    /**
+     * Get {@link Builder} instance.
+     *
+     * @param name Role name.
+     * @return AppRole Builder.
+     * @since 0.8
+     */
+    public static Builder builder(final String name) {
+        return new Builder(name);
+    }
+
     /**
      * @return the role name
      */

src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ package de.stklcode.jvault.connector.model;
  */
 public enum AuthBackend {
     TOKEN("token"),
+    @Deprecated(since = "1.1.3", forRemoval = true)
     APPID("app-id"),
     APPROLE("approle"),
     USERPASS("userpass"),

src/main/java/de/stklcode/jvault/connector/model/Token.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,16 +34,6 @@ import java.util.*;
 public final class Token implements Serializable {
     private static final long serialVersionUID = 5208508683665365287L;
 
-    /**
-     * Get {@link Builder} instance.
-     *
-     * @return Token Builder.
-     * @since 0.8
-     */
-    public static Builder builder() {
-        return new Builder();
-    }
-
     @JsonProperty("id")
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private String id;
@@ -123,6 +113,16 @@ public final class Token implements Serializable {
         this.entityAlias = builder.entityAlias;
     }
 
+    /**
+     * Get {@link Builder} instance.
+     *
+     * @return Token Builder.
+     * @since 0.8
+     */
+    public static Builder builder() {
+        return new Builder();
+    }
+
     /**
      * @return Token ID
      */

src/main/java/de/stklcode/jvault/connector/model/TokenRole.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,15 +36,6 @@ import java.util.Objects;
 public final class TokenRole implements Serializable {
     private static final long serialVersionUID = -3505215215838576321L;
 
-    /**
-     * Get {@link Builder} instance.
-     *
-     * @return Token Role Builder.
-     */
-    public static Builder builder() {
-        return new Builder();
-    }
-
     @JsonProperty("name")
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private String name;
@@ -129,6 +120,15 @@ public final class TokenRole implements Serializable {
         this.tokenType = builder.tokenType != null ? builder.tokenType.value() : null;
     }
 
+    /**
+     * Get {@link Builder} instance.
+     *
+     * @return Token Role Builder.
+     */
+    public static Builder builder() {
+        return new Builder();
+    }
+
     /**
      * @return Token Role name
      */
@@ -264,7 +264,7 @@ public final class TokenRole implements Serializable {
     @Override
     public int hashCode() {
         return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob,
-                orphan, renewable,  pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
+                orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
                 tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
     }
 

src/main/java/de/stklcode/jvault/connector/model/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/MetaSecretResponse.java

@@ -41,7 +41,7 @@ public class MetaSecretResponse extends SecretResponse {
 
     @Override
     public final Map<String, Serializable> getData() {
-        if (secret !=  null) {
+        if (secret != null) {
             return secret.getData();
         } else {
             return Collections.emptyMap();
@@ -50,7 +50,7 @@ public class MetaSecretResponse extends SecretResponse {
 
     @Override
     public final VersionMetadata getMetadata() {
-        if (secret !=  null) {
+        if (secret != null) {
             return secret.getMetadata();
         } else {
             return null;

src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.time.ZonedDateTime;
 import java.util.Objects;
 
 /**
@@ -29,7 +30,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class SealResponse implements VaultResponse {
-    private static final long serialVersionUID = -3661916639367542617L;
+    private static final long serialVersionUID = -6000309255473305787L;
 
     @JsonProperty("type")
     private String type;
@@ -52,6 +53,9 @@ public final class SealResponse implements VaultResponse {
     @JsonProperty("version")
     private String version;
 
+    @JsonProperty("build_date")
+    private ZonedDateTime buildDate;
+
     @JsonProperty("nonce")
     private String nonce;
 
@@ -122,6 +126,14 @@ public final class SealResponse implements VaultResponse {
         return version;
     }
 
+    /**
+     * @return Vault build date.
+     * @since 1.2
+     */
+    public ZonedDateTime getBuildDate() {
+        return buildDate;
+    }
+
     /**
      * @return A random nonce.
      * @since 0.8
@@ -185,6 +197,7 @@ public final class SealResponse implements VaultResponse {
                 Objects.equals(numberOfShares, that.numberOfShares) &&
                 Objects.equals(progress, that.progress) &&
                 Objects.equals(version, that.version) &&
+                Objects.equals(buildDate, that.buildDate) &&
                 Objects.equals(nonce, that.nonce) &&
                 Objects.equals(clusterName, that.clusterName) &&
                 Objects.equals(clusterId, that.clusterId) &&
@@ -195,7 +208,7 @@ public final class SealResponse implements VaultResponse {
 
     @Override
     public int hashCode() {
-        return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, nonce,
+        return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, buildDate, nonce,
                 clusterName, clusterId, migration, recoverySeal, storageType);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,10 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
 
@@ -79,8 +82,20 @@ public abstract class SecretResponse extends VaultDataResponse {
             Object rawValue = get(key);
             if (rawValue == null) {
                 return null;
+            } else if (type.isInstance(rawValue)) {
+                return type.cast(rawValue);
+            } else {
+                var om = new ObjectMapper()
+                        .registerModule(new JavaTimeModule())
+                        .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
+                        .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+
+                if (rawValue instanceof String) {
+                    return om.readValue((String) rawValue, type);
+                } else {
+                    return om.readValue(om.writeValueAsString(rawValue), type);
+                }
             }
-            return new ObjectMapper().readValue(rawValue.toString(), type);
         } catch (IOException e) {
             throw new InvalidResponseException("Unable to parse response payload: " + e.getMessage());
         }

src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -33,7 +33,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthData implements Serializable {
-    private static final long serialVersionUID = -6962244199229885869L;
+    private static final long serialVersionUID = 3067695351664603536L;
 
     @JsonProperty("client_token")
     private String clientToken;
@@ -65,6 +65,9 @@ public final class AuthData implements Serializable {
     @JsonProperty("orphan")
     private boolean orphan;
 
+    @JsonProperty("mfa_requirement")
+    private MfaRequirement mfaRequirement;
+
     /**
      * @return Client token
      */
@@ -139,6 +142,14 @@ public final class AuthData implements Serializable {
         return orphan;
     }
 
+    /**
+     * @return multi-factor requirement
+     * @since 1.2
+     */
+    public MfaRequirement getMfaRequirement() {
+        return mfaRequirement;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -157,12 +168,13 @@ public final class AuthData implements Serializable {
                 Objects.equals(metadata, authData.metadata) &&
                 Objects.equals(leaseDuration, authData.leaseDuration) &&
                 Objects.equals(entityId, authData.entityId) &&
-                Objects.equals(tokenType, authData.tokenType);
+                Objects.equals(tokenType, authData.tokenType) &&
+                Objects.equals(mfaRequirement, authData.mfaRequirement);
     }
 
     @Override
     public int hashCode() {
         return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable,
-                entityId, tokenType, orphan);
+                entityId, tokenType, orphan, mfaRequirement);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthMethod implements Serializable {
-    private static final long serialVersionUID = -2718660627880077335L;
+    private static final long serialVersionUID = -439987082190917691L;
 
     private AuthBackend type;
     private String rawType;
@@ -42,11 +42,14 @@ public final class AuthMethod implements Serializable {
     @JsonProperty("accessor")
     private String accessor;
 
+    @JsonProperty("deprecation_status")
+    private String deprecationStatus;
+
     @JsonProperty("description")
     private String description;
 
     @JsonProperty("config")
-    private Map<String, String> config;
+    private MountConfig config;
 
     @JsonProperty("external_entropy_access")
     private boolean externalEntropyAccess;
@@ -54,6 +57,18 @@ public final class AuthMethod implements Serializable {
     @JsonProperty("local")
     private boolean local;
 
+    @JsonProperty("options")
+    private Map<String, String> options;
+
+    @JsonProperty("plugin_version")
+    private String pluginVersion;
+
+    @JsonProperty("running_plugin_version")
+    private String runningPluginVersion;
+
+    @JsonProperty("running_sha256")
+    private String runningSha256;
+
     @JsonProperty("seal_wrap")
     private boolean sealWrap;
 
@@ -91,6 +106,14 @@ public final class AuthMethod implements Serializable {
         return accessor;
     }
 
+    /**
+     * @return Deprecation status
+     * @since 1.2
+     */
+    public String getDeprecationStatus() {
+        return deprecationStatus;
+    }
+
     /**
      * @return Description
      */
@@ -100,8 +123,10 @@ public final class AuthMethod implements Serializable {
 
     /**
      * @return Configuration data
+     * @since 0.2
+     * @since 1.2 Returns {@link MountConfig} instead of {@link Map}
      */
-    public Map<String, String> getConfig() {
+    public MountConfig getConfig() {
         return config;
     }
 
@@ -120,6 +145,38 @@ public final class AuthMethod implements Serializable {
         return local;
     }
 
+    /**
+     * @return Options
+     * @since 1.2
+     */
+    public Map<String, String> getOptions() {
+        return options;
+    }
+
+    /**
+     * @return Plugin version
+     * @since 1.2
+     */
+    public String getPluginVersion() {
+        return pluginVersion;
+    }
+
+    /**
+     * @return Running plugin version
+     * @since 1.2
+     */
+    public String getRunningPluginVersion() {
+        return runningPluginVersion;
+    }
+
+    /**
+     * @return Running SHA256
+     * @since 1.2
+     */
+    public String getRunningSha256() {
+        return runningSha256;
+    }
+
     /**
      * @return Seal wrapping enabled
      * @since 1.1
@@ -150,13 +207,19 @@ public final class AuthMethod implements Serializable {
                 sealWrap == that.sealWrap &&
                 Objects.equals(rawType, that.rawType) &&
                 Objects.equals(accessor, that.accessor) &&
+                Objects.equals(deprecationStatus, that.deprecationStatus) &&
                 Objects.equals(description, that.description) &&
                 Objects.equals(config, that.config) &&
+                Objects.equals(options, that.options) &&
+                Objects.equals(pluginVersion, that.pluginVersion) &&
+                Objects.equals(runningPluginVersion, that.runningPluginVersion) &&
+                Objects.equals(runningSha256, that.runningSha256) &&
                 Objects.equals(uuid, that.uuid);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(type, rawType, accessor, description, config, externalEntropyAccess, local, sealWrap, uuid);
+        return Objects.hash(type, rawType, accessor, deprecationStatus, description, config, externalEntropyAccess,
+            local, options, pluginVersion, runningPluginVersion, runningSha256, sealWrap, uuid);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaConstraintAny.java

@@ -0,0 +1,62 @@
+/*
+ * Copyright 2016-2023 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * Embedded multi-factor-authentication (MFA) constraint "any".
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.2
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public final class MfaConstraintAny implements Serializable {
+    private static final long serialVersionUID = 1226126781813149627L;
+
+    @JsonProperty("any")
+    private List<MfaMethodId> any;
+
+    /**
+     * @return List of "any" MFA methods
+     */
+    public List<MfaMethodId> getAny() {
+        return any;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        MfaConstraintAny mfaRequirement = (MfaConstraintAny) o;
+        return Objects.equals(any, mfaRequirement.any);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(any);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaMethodId.java

@@ -0,0 +1,94 @@
+/*
+ * Copyright 2016-2023 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+import java.util.Objects;
+
+/**
+ * Embedded multi-factor-authentication (MFA) requirement.
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.2
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public final class MfaMethodId implements Serializable {
+    private static final long serialVersionUID = 691298070242998814L;
+
+    @JsonProperty("type")
+    private String type;
+
+    @JsonProperty("id")
+    private String id;
+
+    @JsonProperty("uses_passcode")
+    private Boolean usesPasscode;
+
+    @JsonProperty("name")
+    private String name;
+
+    /**
+     * @return MFA method type
+     */
+    public String getType() {
+        return type;
+    }
+
+    /**
+     * @return MFA method id
+     */
+    public String getId() {
+        return id;
+    }
+
+    /**
+     * @return MFA uses passcode id
+     */
+    public Boolean getUsesPasscode() {
+        return usesPasscode;
+    }
+
+    /**
+     * @return MFA method name
+     */
+    public String getName() {
+        return name;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        MfaMethodId mfaMethodId = (MfaMethodId) o;
+        return Objects.equals(type, mfaMethodId.type) &&
+            Objects.equals(id, mfaMethodId.id) &&
+            Objects.equals(usesPasscode, mfaMethodId.usesPasscode) &&
+            Objects.equals(name, mfaMethodId.name);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(type, id, usesPasscode, name);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaRequirement.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 2016-2023 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Embedded multi-factor-authentication (MFA) requirement.
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.2
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public final class MfaRequirement implements Serializable {
+    private static final long serialVersionUID = -2516941512455319638L;
+
+    @JsonProperty("mfa_request_id")
+    private String mfaRequestId;
+
+    @JsonProperty("mfa_constraints")
+    private Map<String, MfaConstraintAny> mfaConstraints;
+
+    /**
+     * @return MFA request ID
+     */
+    public String getMfaRequestId() {
+        return mfaRequestId;
+    }
+
+    /**
+     * @return MFA constraints
+     */
+    public Map<String, MfaConstraintAny> getMfaConstraints() {
+        return mfaConstraints;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        MfaRequirement mfaRequirement = (MfaRequirement) o;
+        return Objects.equals(mfaRequestId, mfaRequirement.mfaRequestId) &&
+            Objects.equals(mfaConstraints, mfaRequirement.mfaConstraints);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(mfaRequestId, mfaConstraints);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MountConfig.java

@@ -0,0 +1,168 @@
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * Embedded mount config output.
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.2
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class MountConfig implements Serializable {
+    private static final long serialVersionUID = -8653909672663717792L;
+
+    @JsonProperty("default_lease_ttl")
+    private Integer defaultLeaseTtl;
+
+    @JsonProperty("max_lease_ttl")
+    private Integer maxLeaseTtl;
+
+    @JsonProperty("force_no_cache")
+    private Boolean forceNoCache;
+
+    @JsonProperty("token_type")
+    private String tokenType;
+
+    @JsonProperty("audit_non_hmac_request_keys")
+    private List<String> auditNonHmacRequestKeys;
+
+    @JsonProperty("audit_non_hmac_response_keys")
+    private List<String> auditNonHmacResponseKeys;
+
+    @JsonProperty("listing_visibility")
+    private String listingVisibility;
+
+    @JsonProperty("passthrough_request_headers")
+    private List<String> passthroughRequestHeaders;
+
+    @JsonProperty("allowed_response_headers")
+    private List<String> allowedResponseHeaders;
+
+    @JsonProperty("allowed_managed_keys")
+    private List<String> allowedManagedKeys;
+
+    @JsonProperty("delegated_auth_accessors")
+    private List<String> delegatedAuthAccessors;
+
+    @JsonProperty("user_lockout_config")
+    private UserLockoutConfig userLockoutConfig;
+
+    /**
+     * @return Default lease TTL
+     */
+    public Integer getDefaultLeaseTtl() {
+        return defaultLeaseTtl;
+    }
+
+    /**
+     * @return Maximum lease TTL
+     */
+    public Integer getMaxLeaseTtl() {
+        return maxLeaseTtl;
+    }
+
+    /**
+     * @return Force no cache?
+     */
+    public Boolean getForceNoCache() {
+        return forceNoCache;
+    }
+
+    /**
+     * @return Token type
+     */
+    public String getTokenType() {
+        return tokenType;
+    }
+
+    /**
+     * @return Audit non HMAC request keys
+     */
+    public List<String> getAuditNonHmacRequestKeys() {
+        return auditNonHmacRequestKeys;
+    }
+
+    /**
+     * @return Audit non HMAC response keys
+     */
+    public List<String> getAuditNonHmacResponseKeys() {
+        return auditNonHmacResponseKeys;
+    }
+
+    /**
+     * @return Listing visibility
+     */
+    public String getListingVisibility() {
+        return listingVisibility;
+    }
+
+    /**
+     * @return Passthrough request headers
+     */
+    public List<String> getPassthroughRequestHeaders() {
+        return passthroughRequestHeaders;
+    }
+
+    /**
+     * @return Allowed response headers
+     */
+    public List<String> getAllowedResponseHeaders() {
+        return allowedResponseHeaders;
+    }
+
+    /**
+     * @return Allowed managed keys
+     */
+    public List<String> getAllowedManagedKeys() {
+        return allowedManagedKeys;
+    }
+
+    /**
+     * @return Delegated auth accessors
+     */
+    public List<String> getDelegatedAuthAccessors() {
+        return delegatedAuthAccessors;
+    }
+
+    /**
+     * @return User lockout config
+     */
+    public UserLockoutConfig getUserLockoutConfig() {
+        return userLockoutConfig;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        } else if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        MountConfig that = (MountConfig) o;
+        return Objects.equals(defaultLeaseTtl, that.defaultLeaseTtl) &&
+            Objects.equals(maxLeaseTtl, that.maxLeaseTtl) &&
+            Objects.equals(forceNoCache, that.forceNoCache) &&
+            Objects.equals(tokenType, that.tokenType) &&
+            Objects.equals(auditNonHmacRequestKeys, that.auditNonHmacRequestKeys) &&
+            Objects.equals(auditNonHmacResponseKeys, that.auditNonHmacResponseKeys) &&
+            Objects.equals(listingVisibility, that.listingVisibility) &&
+            Objects.equals(passthroughRequestHeaders, that.passthroughRequestHeaders) &&
+            Objects.equals(allowedResponseHeaders, that.allowedResponseHeaders) &&
+            Objects.equals(allowedManagedKeys, that.allowedManagedKeys) &&
+            Objects.equals(delegatedAuthAccessors, that.delegatedAuthAccessors) &&
+            Objects.equals(userLockoutConfig, that.userLockoutConfig);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(defaultLeaseTtl, maxLeaseTtl, forceNoCache, tokenType, auditNonHmacRequestKeys,
+            auditNonHmacResponseKeys, listingVisibility, passthroughRequestHeaders, allowedResponseHeaders,
+            allowedManagedKeys, delegatedAuthAccessors, userLockoutConfig);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,7 +22,6 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
-import java.time.format.DateTimeParseException;
 import java.util.Map;
 import java.util.Objects;
 
@@ -35,12 +34,13 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class SecretMetadata implements Serializable {
-    private static final long serialVersionUID = 1684891108903409038L;
+    private static final long serialVersionUID = -4967896264361344676L;
 
-    private static final DateTimeFormatter TIME_FORMAT = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSX");
+    private static final DateTimeFormatter TIME_FORMAT =
+            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
 
     @JsonProperty("created_time")
-    private String createdTimeString;
+    private ZonedDateTime createdTime;
 
     @JsonProperty("current_version")
     private Integer currentVersion;
@@ -52,31 +52,29 @@ public final class SecretMetadata implements Serializable {
     private Integer oldestVersion;
 
     @JsonProperty("updated_time")
-    private String updatedTime;
+    private ZonedDateTime updatedTime;
 
     @JsonProperty("versions")
     private Map<Integer, VersionMetadata> versions;
 
     /**
      * @return Time of secret creation as raw string representation.
+     * @deprecated Method left for backwards compatibility only. Use {@link #getCreatedTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getCreatedTimeString() {
-        return createdTimeString;
+        if (createdTime != null) {
+            return TIME_FORMAT.format(createdTime);
+        }
+
+        return null;
     }
 
     /**
      * @return Time of secret creation.
      */
     public ZonedDateTime getCreatedTime() {
-        if (createdTimeString != null && !createdTimeString.isEmpty()) {
-            try {
-                return ZonedDateTime.parse(createdTimeString, TIME_FORMAT);
-            } catch (DateTimeParseException e) {
-                // Ignore.
-            }
-        }
-
-        return null;
+        return createdTime;
     }
 
     /**
@@ -102,26 +100,24 @@ public final class SecretMetadata implements Serializable {
 
     /**
      * @return Time of secret update as raw string representation.
+     * @deprecated Method left for backwards compatibility only. Use {@link #getUpdatedTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getUpdatedTimeString() {
-        return updatedTime;
-    }
-
-    /**
-     * @return Time of secret update..
-     */
-    public ZonedDateTime getUpdatedTime() {
-        if (updatedTime != null && !updatedTime.isEmpty()) {
-            try {
-                return ZonedDateTime.parse(updatedTime, TIME_FORMAT);
-            } catch (DateTimeParseException e) {
-                // Ignore.
-            }
+        if (updatedTime != null) {
+            return TIME_FORMAT.format(updatedTime);
         }
 
         return null;
     }
 
+    /**
+     * @return Time of secret update.
+     */
+    public ZonedDateTime getUpdatedTime() {
+        return updatedTime;
+    }
+
     /**
      * @return Version of the entry.
      */
@@ -137,7 +133,7 @@ public final class SecretMetadata implements Serializable {
             return false;
         }
         SecretMetadata that = (SecretMetadata) o;
-        return Objects.equals(createdTimeString, that.createdTimeString) &&
+        return Objects.equals(createdTime, that.createdTime) &&
                 Objects.equals(currentVersion, that.currentVersion) &&
                 Objects.equals(maxVersions, that.maxVersions) &&
                 Objects.equals(oldestVersion, that.oldestVersion) &&
@@ -147,6 +143,6 @@ public final class SecretMetadata implements Serializable {
 
     @Override
     public int hashCode() {
-        return Objects.hash(createdTimeString, currentVersion, maxVersions, oldestVersion, updatedTime, versions);
+        return Objects.hash(createdTime, currentVersion, maxVersions, oldestVersion, updatedTime, versions);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 
 import java.io.Serializable;
 import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -34,7 +35,10 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenData implements Serializable {
-    private static final long serialVersionUID = 2915180734313753649L;
+    private static final long serialVersionUID = -5749716740973138916L;
+
+    private static final DateTimeFormatter TIME_FORMAT =
+            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
 
     @JsonProperty("accessor")
     private String accessor;
@@ -52,7 +56,7 @@ public final class TokenData implements Serializable {
     private String entityId;
 
     @JsonProperty("expire_time")
-    private String expireTime;
+    private ZonedDateTime expireTime;
 
     @JsonProperty("explicit_max_ttl")
     private Integer explicitMaxTtl;
@@ -61,7 +65,7 @@ public final class TokenData implements Serializable {
     private String id;
 
     @JsonProperty("issue_time")
-    private String issueTime;
+    private ZonedDateTime issueTime;
 
     @JsonProperty("meta")
     private Map<String, Object> meta;
@@ -126,9 +130,15 @@ public final class TokenData implements Serializable {
     /**
      * @return Expire time as raw string value
      * @since 0.9
+     * @deprecated Method left for backwards compatibility only. Use {@link #getExpireTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getExpireTimeString() {
-        return expireTime;
+        if (expireTime != null) {
+            return TIME_FORMAT.format(expireTime);
+        }
+
+        return null;
     }
 
     /**
@@ -136,11 +146,7 @@ public final class TokenData implements Serializable {
      * @since 0.9
      */
     public ZonedDateTime getExpireTime() {
-        if (expireTime == null) {
-            return null;
-        } else {
-            return ZonedDateTime.parse(expireTime);
-        }
+        return expireTime;
     }
 
     /**
@@ -161,9 +167,15 @@ public final class TokenData implements Serializable {
     /**
      * @return Issue time as raw string value
      * @since 0.9
+     * @deprecated Method left for backwards compatibility only. Use {@link #getIssueTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getIssueTimeString() {
-        return issueTime;
+        if (issueTime != null) {
+            return TIME_FORMAT.format(issueTime);
+        }
+
+        return null;
     }
 
     /**
@@ -171,11 +183,7 @@ public final class TokenData implements Serializable {
      * @since 0.9
      */
     public ZonedDateTime getIssueTime() {
-        if (issueTime == null) {
-            return null;
-        } else {
-            return ZonedDateTime.parse(issueTime);
-        }
+        return issueTime;
     }
 
     /**

src/main/java/de/stklcode/jvault/connector/model/response/embedded/UserLockoutConfig.java

@@ -0,0 +1,77 @@
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+import java.util.Objects;
+
+/**
+ * Embedded user lockout config output.
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.2
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class UserLockoutConfig implements Serializable {
+    private static final long serialVersionUID = -8051060041593140550L;
+
+    @JsonProperty("lockout_threshold")
+    private Integer lockoutThreshold;
+
+    @JsonProperty("lockout_duration")
+    private Integer lockoutDuration;
+
+    @JsonProperty("lockout_counter_reset_duration")
+    private Integer lockoutCounterResetDuration;
+
+    @JsonProperty("lockout_disable")
+    private Boolean lockoutDisable;
+
+    /**
+     * @return Lockout threshold
+     */
+    public Integer getLockoutThreshold() {
+        return lockoutThreshold;
+    }
+
+    /**
+     * @return Lockout duration
+     */
+    public Integer getLockoutDuration() {
+        return lockoutDuration;
+    }
+
+    /**
+     * @return Lockout counter reset duration
+     */
+    public Integer getLockoutCounterResetDuration() {
+        return lockoutCounterResetDuration;
+    }
+
+    /**
+     * @return Lockout disabled?
+     */
+    public Boolean getLockoutDisable() {
+        return lockoutDisable;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        } else if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        UserLockoutConfig that = (UserLockoutConfig) o;
+        return Objects.equals(lockoutThreshold, that.lockoutThreshold) &&
+            Objects.equals(lockoutDuration, that.lockoutDuration) &&
+            Objects.equals(lockoutCounterResetDuration, that.lockoutCounterResetDuration) &&
+            Objects.equals(lockoutDisable, that.lockoutDisable);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(lockoutThreshold, lockoutDuration, lockoutCounterResetDuration, lockoutDisable);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,7 +22,6 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
-import java.time.format.DateTimeParseException;
 import java.util.Objects;
 
 /**
@@ -34,15 +33,16 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class VersionMetadata implements Serializable {
-    private static final long serialVersionUID = -5286693953873839611L;
+    private static final long serialVersionUID = -6815731513868586713L;
 
-    private static final DateTimeFormatter TIME_FORMAT = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSX");
+    private static final DateTimeFormatter TIME_FORMAT =
+            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
 
     @JsonProperty("created_time")
-    private String createdTimeString;
+    private ZonedDateTime createdTime;
 
     @JsonProperty("deletion_time")
-    private String deletionTimeString;
+    private ZonedDateTime deletionTime;
 
     @JsonProperty("destroyed")
     private boolean destroyed;
@@ -52,46 +52,42 @@ public final class VersionMetadata implements Serializable {
 
     /**
      * @return Time of secret creation as raw string representation.
+     * @deprecated Method left for backwards compatibility only. Use {@link #getCreatedTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getCreatedTimeString() {
-        return createdTimeString;
+        if (createdTime != null) {
+            return TIME_FORMAT.format(createdTime);
+        }
+
+        return null;
     }
 
     /**
      * @return Time of secret creation.
      */
     public ZonedDateTime getCreatedTime() {
-        if (createdTimeString != null && !createdTimeString.isEmpty()) {
-            try {
-                return ZonedDateTime.parse(createdTimeString, TIME_FORMAT);
-            } catch (DateTimeParseException e) {
-                // Ignore.
-            }
-        }
-
-        return null;
+        return createdTime;
     }
 
     /**
      * @return Time for secret deletion as raw string representation.
+     * @deprecated Method left for backwards compatibility only. Use {@link #getDeletionTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getDeletionTimeString() {
-        return deletionTimeString;
+        if (deletionTime != null) {
+            return TIME_FORMAT.format(deletionTime);
+        }
+
+        return null;
     }
 
     /**
      * @return Time for secret deletion.
      */
     public ZonedDateTime getDeletionTime() {
-        if (deletionTimeString != null && !deletionTimeString.isEmpty()) {
-            try {
-                return ZonedDateTime.parse(deletionTimeString, TIME_FORMAT);
-            } catch (DateTimeParseException e) {
-                // Ignore.
-            }
-        }
-
-        return null;
+        return deletionTime;
     }
 
     /**
@@ -117,13 +113,13 @@ public final class VersionMetadata implements Serializable {
         }
         VersionMetadata that = (VersionMetadata) o;
         return destroyed == that.destroyed &&
-                Objects.equals(createdTimeString, that.createdTimeString) &&
-                Objects.equals(deletionTimeString, that.deletionTimeString) &&
+                Objects.equals(createdTime, that.createdTime) &&
+                Objects.equals(deletionTime, that.deletionTime) &&
                 Objects.equals(version, that.version);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(createdTimeString, deletionTimeString, destroyed, version);
+        return Objects.hash(createdTime, deletionTime, destroyed, version);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/WrapInfo.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
 import java.io.Serializable;
+import java.time.ZonedDateTime;
 import java.util.Objects;
 
 /**
@@ -28,7 +29,7 @@ import java.util.Objects;
  * @since 1.1
  */
 public class WrapInfo implements Serializable {
-    private static final long serialVersionUID = -7764500642913116581L;
+    private static final long serialVersionUID = 4864973237090355607L;
 
     @JsonProperty("token")
     private String token;
@@ -37,7 +38,7 @@ public class WrapInfo implements Serializable {
     private Integer ttl;
 
     @JsonProperty("creation_time")
-    private String creationTime;
+    private ZonedDateTime creationTime;
 
     @JsonProperty("creation_path")
     private String creationPath;
@@ -59,7 +60,7 @@ public class WrapInfo implements Serializable {
     /**
      * @return Creation time
      */
-    public String getCreationTime() {
+    public ZonedDateTime getCreationTime() {
         return creationTime;
     }
 

src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/module-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,7 +30,7 @@ module de.stklcode.jvault.connector {
     opens de.stklcode.jvault.connector.model.response to com.fasterxml.jackson.databind;
     opens de.stklcode.jvault.connector.model.response.embedded to com.fasterxml.jackson.databind;
 
-    requires java.base;
     requires java.net.http;
     requires com.fasterxml.jackson.databind;
+    requires com.fasterxml.jackson.datatype.jsr310;
 }

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@ import de.stklcode.jvault.connector.model.response.*;
 import de.stklcode.jvault.connector.test.Credentials;
 import de.stklcode.jvault.connector.test.VaultConfiguration;
 import org.junit.jupiter.api.*;
+import org.junit.jupiter.api.condition.EnabledIf;
 import org.junit.jupiter.api.io.TempDir;
 
 import java.io.*;
@@ -37,6 +38,7 @@ import java.util.regex.Pattern;
 
 import static java.util.Collections.singletonMap;
 import static org.apache.commons.io.FileUtils.copyDirectory;
+import static org.awaitility.Awaitility.await;
 import static org.junit.jupiter.api.Assertions.*;
 import static org.junit.jupiter.api.Assumptions.assumeFalse;
 import static org.junit.jupiter.api.Assumptions.assumeTrue;
@@ -49,7 +51,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
  * @since 0.1
  */
 class HTTPVaultConnectorIT {
-    private static String VAULT_VERSION = "1.10.1";  // The vault version this test is supposed to run against.
+    private static String VAULT_VERSION = "1.15.4";  // The vault version this test is supposed to run against.
     private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
     private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
     private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
@@ -57,6 +59,7 @@ class HTTPVaultConnectorIT {
     private static final String USER_VALID = "validUser";
     private static final String PASS_VALID = "validPass";
 
+    private static boolean legacy;
     private Process vaultProcess;
     private VaultConnector connector;
 
@@ -67,6 +70,9 @@ class HTTPVaultConnectorIT {
             VAULT_VERSION = System.getenv("VAULT_VERSION");
             System.out.println("Vault version set to " + VAULT_VERSION);
         }
+        if (compareVersions(VAULT_VERSION, "1.12.0") < 0) {
+            legacy = true;
+        }
     }
 
     /**
@@ -80,11 +86,6 @@ class HTTPVaultConnectorIT {
 
         // Initialize Vault.
         VaultConfiguration config = initializeVault(tempDir, isTls);
-        try {
-            TimeUnit.SECONDS.sleep(1);
-        } catch (InterruptedException e) {
-            e.printStackTrace();
-        }
 
         // Initialize connector.
         HTTPVaultConnectorBuilder builder = HTTPVaultConnector.builder()
@@ -551,6 +552,9 @@ class HTTPVaultConnectorIT {
 
     @Nested
     @DisplayName("App-ID Tests")
+    @EnabledIf(value = "de.stklcode.jvault.connector.HTTPVaultConnectorIT#isLegacy",
+            disabledReason = "AppID tests no longer available for Vault 1.12 and above")
+    @SuppressWarnings("deprecation")
     class AppIdTests {
         private static final String APP_ID = "152AEA38-85FB-47A8-9CBD-612D645BFACA";
         private static final String USER_ID = "5ADF8218-D7FB-4089-9E38-287465DBF37E";
@@ -561,7 +565,6 @@ class HTTPVaultConnectorIT {
         @Test
         @Order(10)
         @DisplayName("Authenticate with App-ID")
-        @SuppressWarnings("deprecation")
         void authAppIdTest() {
             // Try unauthorized access first.
             assumeFalse(connector.isAuthorized());
@@ -584,7 +587,6 @@ class HTTPVaultConnectorIT {
         @Test
         @Order(20)
         @DisplayName("Register App-ID")
-        @SuppressWarnings("deprecation")
         void registerAppIdTest() {
             // Authorize.
             authRoot();
@@ -908,7 +910,8 @@ class HTTPVaultConnectorIT {
             assertFalse(res.getAuth().isOrphan(), "Root token should not be orphan");
 
             // Starting with Vault 1.0 a warning "custom ID uses weaker SHA1.." is given.
-            assertEquals(1, res.getWarnings().size(), "Token creation did not return expected warning");
+            // Starting with Vault 1.11 a second warning "Endpoint ignored unrecognized parameters" is given.
+            assertFalse(res.getWarnings().isEmpty(), "Token creation did not return expected warning");
 
             // Create token with attributes.
             Token token2 = Token.builder()
@@ -1077,8 +1080,13 @@ class HTTPVaultConnectorIT {
                     () -> connector.getAuthBackends(),
                     "Could not list supported auth backends"
             );
-            assertEquals(4, supportedBackends.size());
-            assertTrue(supportedBackends.containsAll(List.of(AuthBackend.TOKEN, AuthBackend.USERPASS, AuthBackend.APPID, AuthBackend.APPROLE)));
+            if (legacy) {
+                assertEquals(4, supportedBackends.size());
+                assertTrue(supportedBackends.containsAll(List.of(AuthBackend.TOKEN, AuthBackend.USERPASS, AuthBackend.APPID, AuthBackend.APPROLE)));
+            } else {
+                assertEquals(3, supportedBackends.size());
+                assertTrue(supportedBackends.containsAll(List.of(AuthBackend.TOKEN, AuthBackend.USERPASS, AuthBackend.APPROLE)));
+            }
         }
 
         /**
@@ -1204,7 +1212,11 @@ class HTTPVaultConnectorIT {
      */
     private VaultConfiguration initializeVault(File dir, boolean tls) throws IllegalStateException, IOException {
         File dataDir = new File(dir, "data");
-        copyDirectory(new File(getClass().getResource("/data_dir").getPath()), dataDir);
+        if (legacy) {
+            copyDirectory(new File(getClass().getResource("/data_dir_legacy").getPath()), dataDir);
+        } else {
+            copyDirectory(new File(getClass().getResource("/data_dir").getPath()), dataDir);
+        }
 
         // Generate vault local unencrypted configuration.
         VaultConfiguration config = new VaultConfiguration()
@@ -1221,30 +1233,37 @@ class HTTPVaultConnectorIT {
         }
 
         // Write configuration file.
-        BufferedWriter bw = null;
-        File configFile;
-        try {
-            configFile = new File(dir, "vault.conf");
-            bw = new BufferedWriter(new FileWriter(configFile));
+        File configFile = new File(dir, "vault.conf");
+        try (BufferedWriter bw = new BufferedWriter(new FileWriter(configFile))) {
             bw.write(config.toString());
         } catch (IOException e) {
             throw new IllegalStateException("Unable to generate config file", e);
-        } finally {
-            try {
-                if (bw != null)
-                    bw.close();
-            } catch (IOException e) {
-                e.printStackTrace();
-            }
         }
 
         // Start vault process.
         try {
-            vaultProcess = Runtime.getRuntime().exec("vault server -config " + configFile.toString());
+            vaultProcess = Runtime.getRuntime().exec("vault server -config " + configFile);
         } catch (IOException e) {
             throw new IllegalStateException("Unable to start vault. Make sure vault binary is in your executable path", e);
         }
 
+        await().atMost(5, TimeUnit.SECONDS).until(() -> {
+            try (InputStream stdout = vaultProcess.getInputStream();
+                 InputStreamReader reader = new InputStreamReader(stdout);
+                 BufferedReader br = new BufferedReader(reader)) {
+                String line = br.readLine();
+                while (line != null) {
+                    if (line.contains("Vault server started")) {
+                        return true;
+                    } else {
+                        line = br.readLine();
+                    }
+                }
+
+                return false;
+            }
+        });
+
         return config;
     }
 
@@ -1269,28 +1288,14 @@ class HTTPVaultConnectorIT {
      * @return port number
      */
     private static Integer getFreePort() {
-        ServerSocket socket = null;
-        try {
-            socket = new ServerSocket(0);
+        try (ServerSocket socket = new ServerSocket(0)) {
             socket.setReuseAddress(true);
-            int port = socket.getLocalPort();
-            try {
-                socket.close();
-            } catch (IOException e) {
-                // Ignore IOException on close()
-            }
-            return port;
+
+            return socket.getLocalPort();
         } catch (IOException e) {
             e.printStackTrace();
-        } finally {
-            if (socket != null) {
-                try {
-                    socket.close();
-                } catch (IOException e) {
-                    e.printStackTrace();
-                }
-            }
         }
+
         throw new IllegalStateException("Unable to find a free TCP port");
     }
 
@@ -1305,4 +1310,35 @@ class HTTPVaultConnectorIT {
         th.printStackTrace(new PrintWriter(sw, true));
         return sw.getBuffer().toString();
     }
+
+    /**
+     * Compare two version strings.
+     *
+     * @param version1 Version 1
+     * @param version2 Version 2
+     * @return negative value if version 1 is smaller than version2, positive value of version 1 is greater, 0 if equal
+     */
+    private static int compareVersions(String version1, String version2) {
+        int comparisonResult = 0;
+
+        String[] version1Splits = version1.split("\\.");
+        String[] version2Splits = version2.split("\\.");
+        int maxLengthOfVersionSplits = Math.max(version1Splits.length, version2Splits.length);
+
+        for (int i = 0; i < maxLengthOfVersionSplits; i++) {
+            Integer v1 = i < version1Splits.length ? Integer.parseInt(version1Splits[i]) : 0;
+            Integer v2 = i < version2Splits.length ? Integer.parseInt(version2Splits[i]) : 0;
+            int compare = v1.compareTo(v2);
+            if (compare != 0) {
+                comparisonResult = compare;
+                break;
+            }
+        }
+
+        return comparisonResult;
+    }
+
+    private static boolean isLegacy() {
+        return legacy;
+    }
 }

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/AbstractModelTest.java

@@ -1,5 +1,9 @@
 package de.stklcode.jvault.connector.model;
 
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import nl.jqno.equalsverifier.EqualsVerifier;
 import org.junit.jupiter.api.Test;
 
@@ -16,6 +20,7 @@ import static org.junit.jupiter.api.Assertions.fail;
  */
 public abstract class AbstractModelTest<T> {
     protected final Class<?> modelClass;
+    protected final ObjectMapper objectMapper;
 
     /**
      * Test case constructor.
@@ -24,6 +29,10 @@ public abstract class AbstractModelTest<T> {
      */
     protected AbstractModelTest(Class<T> modelClass) {
         this.modelClass = modelClass;
+        this.objectMapper = new ObjectMapper()
+                .registerModule(new JavaTimeModule())
+                .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
+                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
     }
 
     /**

src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 
 package de.stklcode.jvault.connector.model;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.Test;
 
 import java.lang.reflect.Field;
@@ -116,16 +115,14 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
      */
     @Test
     void jsonTest() throws NoSuchFieldException, IllegalAccessException {
-        ObjectMapper mapper = new ObjectMapper();
-
         // A simple roundtrip first. All set fields should be present afterwards..
         AppRoleSecret secret = new AppRoleSecret(TEST_ID, TEST_META, TEST_CIDR);
-        String secretJson = assertDoesNotThrow(() -> mapper.writeValueAsString(secret), "Serialization failed");
+        String secretJson = assertDoesNotThrow(() -> objectMapper.writeValueAsString(secret), "Serialization failed");
         // CIDR list is comma-separated when used as input, but List otherwise, hence convert string to list.
         String secretJson2 = commaSeparatedToList(secretJson);
 
         AppRoleSecret secret2 = assertDoesNotThrow(
-                () -> mapper.readValue(secretJson2, AppRoleSecret.class),
+                () -> objectMapper.readValue(secretJson2, AppRoleSecret.class),
                 "Deserialization failed"
         );
         assertEquals(secret2.getId(), secret.getId());
@@ -145,9 +142,9 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
         assumeTrue(secret.getNumUses() == 678);
         setPrivateField(secret, "ttl", 12345);
         assumeTrue(secret.getTtl() == 12345);
-        String secretJson3 = assertDoesNotThrow(() -> mapper.writeValueAsString(secret), "Serialization failed");
+        String secretJson3 = assertDoesNotThrow(() -> objectMapper.writeValueAsString(secret), "Serialization failed");
         secret2 = assertDoesNotThrow(
-                () -> mapper.readValue(commaSeparatedToList(secretJson3), AppRoleSecret.class),
+                () -> objectMapper.readValue(commaSeparatedToList(secretJson3), AppRoleSecret.class),
                 "Deserialization failed"
         );
         assertEquals(secret2.getId(), secret.getId());
@@ -165,7 +162,7 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
                 "\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
                 "\"creation_time\":\"TEST_CREATION\",\"expiration_time\":\"TEST_EXPIRATION\"," +
                 "\"last_updated_time\":\"TEST_LASTUPDATE\",\"secret_id_num_uses\":678,\"secret_id_ttl\":12345}";
-        secret2 = assertDoesNotThrow(() -> mapper.readValue(secretJson4, AppRoleSecret.class), "Deserialization failed");
+        secret2 = assertDoesNotThrow(() -> objectMapper.readValue(secretJson4, AppRoleSecret.class), "Deserialization failed");
         assertEquals("TEST_ACCESSOR", secret2.getAccessor());
         assertEquals("TEST_CREATION", secret2.getCreationTime());
         assertEquals("TEST_EXPIRATION", secret2.getExpirationTime());

src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 
@@ -110,7 +109,7 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
         assertNull(role.getTokenType());
 
         // Optional fields should be ignored, so JSON string should only contain role_name.
-        assertEquals(JSON_MIN, new ObjectMapper().writeValueAsString(role));
+        assertEquals(JSON_MIN, objectMapper.writeValueAsString(role));
     }
 
     /**
@@ -137,7 +136,7 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
         assertEquals(TOKEN_TYPE.value(), role.getTokenType());
 
         // Verify that all parameters are included in JSON string.
-        assertEquals(JSON_FULL, new ObjectMapper().writeValueAsString(role));
+        assertEquals(JSON_FULL, objectMapper.writeValueAsString(role));
     }
 
     /**

src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -33,6 +33,7 @@ class AuthBackendTest {
      * Test forType() method.
      */
     @Test
+    @SuppressWarnings("deprecation")
     void forTypeTest() {
         assertEquals(AuthBackend.TOKEN, AuthBackend.forType("token"));
         assertEquals(AuthBackend.APPID, AuthBackend.forType("app-id"));

src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.Test;
 
 import java.util.Arrays;
@@ -133,7 +132,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
         assertNull(role.getTokenType());
 
         // Optional fields should be ignored, so JSON string should be empty.
-        assertEquals("{}", new ObjectMapper().writeValueAsString(role));
+        assertEquals("{}", objectMapper.writeValueAsString(role));
     }
 
     /**
@@ -177,7 +176,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
         assertEquals(role, new TokenRole());
 
         // Optional fields should be ignored, so JSON string should be empty.
-        assertEquals("{}", new ObjectMapper().writeValueAsString(role));
+        assertEquals("{}", objectMapper.writeValueAsString(role));
     }
 
     /**
@@ -208,6 +207,6 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
         assertEquals(TOKEN_TYPE.value(), role.getTokenType());
 
         // Verify that all parameters are included in JSON string.
-        assertEquals(JSON_FULL, new ObjectMapper().writeValueAsString(role));
+        assertEquals(JSON_FULL, objectMapper.writeValueAsString(role));
     }
 }

src/test/java/de/stklcode/jvault/connector/model/TokenTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 
@@ -103,7 +102,7 @@ class TokenTest extends AbstractModelTest<Token> {
         assertNull(token.getEntityAlias());
 
         // Optional fields should be ignored, so JSON string should be empty.
-        assertEquals("{}", new ObjectMapper().writeValueAsString(token));
+        assertEquals("{}", objectMapper.writeValueAsString(token));
 
         // Empty builder should be equal to no-arg construction.
         assertEquals(token, new Token());
@@ -129,7 +128,7 @@ class TokenTest extends AbstractModelTest<Token> {
         assertEquals(PERIOD, token.getPeriod());
 
         // Verify that all parameters are included in JSON string.
-        assertEquals(JSON_FULL, new ObjectMapper().writeValueAsString(token));
+        assertEquals(JSON_FULL, objectMapper.writeValueAsString(token));
     }
 
     /**

src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.AppRole;
 import org.junit.jupiter.api.Test;
@@ -69,7 +68,7 @@ class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
     @Override
     protected AppRoleResponse createFull() {
         try {
-            return new ObjectMapper().readValue(RES_JSON, AppRoleResponse.class);
+            return objectMapper.readValue(RES_JSON, AppRoleResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -92,7 +91,7 @@ class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
     @Test
     void jsonRoundtrip() {
         AppRoleResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(RES_JSON, AppRoleResponse.class),
+                () -> objectMapper.readValue(RES_JSON, AppRoleResponse.class),
                 "AuthResponse deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");

src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.AuthBackend;
 import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
@@ -47,7 +46,10 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
     private static final String TK_ACCESSOR = "auth_token_ac0dd95a";
     private static final String TK_DESCR = "token based credentials";
     private static final Integer TK_LEASE_TTL = 0;
+    private static final Boolean TK_FORCE_NO_CACHE = false;
     private static final Integer TK_MAX_LEASE_TTL = 0;
+    private static final String TK_TOKEN_TYPE = "default-service";
+    private static final String TK_RUNNING_PLUGIN_VERSION = "v1.15.3+builtin.vault";
 
     private static final String RES_JSON = "{\n" +
             "  \"data\": {" +
@@ -63,9 +65,15 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
             "    \"" + TK_PATH + "\": {\n" +
             "      \"config\": {\n" +
             "        \"default_lease_ttl\": " + TK_LEASE_TTL + ",\n" +
-            "        \"max_lease_ttl\": " + TK_MAX_LEASE_TTL + "\n" +
+            "        \"force_no_cache\": " + TK_FORCE_NO_CACHE + ",\n" +
+            "        \"max_lease_ttl\": " + TK_MAX_LEASE_TTL + ",\n" +
+            "        \"token_type\": \"" + TK_TOKEN_TYPE + "\"\n" +
             "      },\n" +
             "      \"description\": \"" + TK_DESCR + "\",\n" +
+            "      \"options\": null,\n" +
+            "      \"plugin_version\": \"\",\n" +
+            "      \"running_plugin_version\": \"" + TK_RUNNING_PLUGIN_VERSION + "\",\n" +
+            "      \"running_sha256\": \"\",\n" +
             "      \"type\": \"" + TK_TYPE + "\",\n" +
             "      \"uuid\": \"" + TK_UUID + "\",\n" +
             "      \"accessor\": \"" + TK_ACCESSOR + "\",\n" +
@@ -83,7 +91,7 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
     @Override
     protected AuthMethodsResponse createFull() {
         try {
-            return new ObjectMapper().readValue(RES_JSON, AuthMethodsResponse.class);
+            return objectMapper.readValue(RES_JSON, AuthMethodsResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -106,7 +114,7 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
     @Test
     void jsonRoundtrip() {
         AuthMethodsResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(RES_JSON, AuthMethodsResponse.class),
+                () -> objectMapper.readValue(RES_JSON, AuthMethodsResponse.class),
                 "AuthResponse deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");
@@ -138,15 +146,16 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
         assertTrue(method.isLocal(), "Unexpected local flag for Token");
         assertFalse(method.isExternalEntropyAccess(), "Unexpected external entropy flag for Token");
         assertFalse(method.isSealWrap(), "Unexpected seal wrap flag for GitHub");
+        assertEquals("", method.getPluginVersion(), "Unexpected plugin version");
+        assertEquals(TK_RUNNING_PLUGIN_VERSION, method.getRunningPluginVersion(), "Unexpected running plugin version");
+        assertEquals("", method.getRunningSha256(), "Unexpected running SHA256");
 
         assertNotNull(method.getConfig(), "Missing config for Token");
-        assertEquals(
-                Map.of(
-                        "default_lease_ttl", TK_LEASE_TTL.toString(),
-                        "max_lease_ttl", TK_MAX_LEASE_TTL.toString()
-                ),
-                method.getConfig(),
-                "Unexpected config for Token"
-        );
+        assertEquals(TK_LEASE_TTL, method.getConfig().getDefaultLeaseTtl(), "Unexpected default TTL");
+        assertEquals(TK_MAX_LEASE_TTL, method.getConfig().getMaxLeaseTtl(), "Unexpected max TTL");
+        assertEquals(TK_FORCE_NO_CACHE, method.getConfig().getForceNoCache(), "Unexpected force no cache flag");
+        assertEquals(TK_TOKEN_TYPE, method.getConfig().getTokenType(), "Unexpected token type");
+
+        assertNull(method.getOptions(), "Unexpected options");
     }
 }

src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,9 +17,12 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.response.embedded.AuthData;
+import de.stklcode.jvault.connector.model.response.embedded.MfaConstraintAny;
+import de.stklcode.jvault.connector.model.response.embedded.MfaMethodId;
+import de.stklcode.jvault.connector.model.response.embedded.MfaRequirement;
+import nl.jqno.equalsverifier.EqualsVerifier;
 import org.junit.jupiter.api.Test;
 
 import java.util.Map;
@@ -45,29 +48,50 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
     private static final String AUTH_ENTITY_ID = "";
     private static final String AUTH_TOKEN_TYPE = "service";
     private static final Boolean AUTH_ORPHAN = false;
+    private static final String MFA_REQUEST_ID = "d0c9eec7-6921-8cc0-be62-202b289ef163";
+    private static final String MFA_KEY = "enforcementConfigUserpass";
+    private static final String MFA_METHOD_TYPE = "totp";
+    private static final String MFA_METHOD_ID = "820997b3-110e-c251-7e8b-ff4aa428a6e1";
+    private static final Boolean MFA_METHOD_USES_PASSCODE = true;
+    private static final String MFA_METHOD_NAME = "sample_mfa_method_name";
 
     private static final String RES_JSON = "{\n" +
-            "  \"auth\": {\n" +
-            "    \"accessor\": \"" + AUTH_ACCESSOR + "\",\n" +
-            "    \"client_token\": \"" + AUTH_CLIENT_TOKEN + "\",\n" +
-            "    \"policies\": [\n" +
-            "      \"" + AUTH_POLICY_1 + "\", \n" +
-            "      \"" + AUTH_POLICY_2 + "\"\n" +
-            "    ],\n" +
-            "    \"token_policies\": [\n" +
-            "      \"" + AUTH_POLICY_2 + "\",\n" +
-            "      \"" + AUTH_POLICY_1 + "\" \n" +
-            "    ],\n" +
-            "    \"metadata\": {\n" +
-            "      \"" + AUTH_META_KEY + "\": \"" + AUTH_META_VALUE + "\"\n" +
-            "    },\n" +
-            "    \"lease_duration\": " + AUTH_LEASE_DURATION + ",\n" +
-            "    \"renewable\": " + AUTH_RENEWABLE + ",\n" +
-            "    \"entity_id\": \"" + AUTH_ENTITY_ID + "\",\n" +
-            "    \"token_type\": \"" + AUTH_TOKEN_TYPE + "\",\n" +
-            "    \"orphan\": " + AUTH_ORPHAN + "\n" +
-            "  }\n" +
-            "}";
+        "  \"auth\": {\n" +
+        "    \"accessor\": \"" + AUTH_ACCESSOR + "\",\n" +
+        "    \"client_token\": \"" + AUTH_CLIENT_TOKEN + "\",\n" +
+        "    \"policies\": [\n" +
+        "      \"" + AUTH_POLICY_1 + "\", \n" +
+        "      \"" + AUTH_POLICY_2 + "\"\n" +
+        "    ],\n" +
+        "    \"token_policies\": [\n" +
+        "      \"" + AUTH_POLICY_2 + "\",\n" +
+        "      \"" + AUTH_POLICY_1 + "\" \n" +
+        "    ],\n" +
+        "    \"metadata\": {\n" +
+        "      \"" + AUTH_META_KEY + "\": \"" + AUTH_META_VALUE + "\"\n" +
+        "    },\n" +
+        "    \"lease_duration\": " + AUTH_LEASE_DURATION + ",\n" +
+        "    \"renewable\": " + AUTH_RENEWABLE + ",\n" +
+        "    \"entity_id\": \"" + AUTH_ENTITY_ID + "\",\n" +
+        "    \"token_type\": \"" + AUTH_TOKEN_TYPE + "\",\n" +
+        "    \"orphan\": " + AUTH_ORPHAN + ",\n" +
+        "    \"mfa_requirement\": {\n" +
+        "      \"mfa_request_id\": \"" + MFA_REQUEST_ID + "\",\n" +
+        "      \"mfa_constraints\": {\n" +
+        "        \"" + MFA_KEY + "\": {\n" +
+        "          \"any\": [\n" +
+        "            {\n" +
+        "              \"type\": \"" + MFA_METHOD_TYPE + "\",\n" +
+        "              \"id\": \"" + MFA_METHOD_ID + "\",\n" +
+        "              \"uses_passcode\": " + MFA_METHOD_USES_PASSCODE + ",\n" +
+        "              \"name\": \"" + MFA_METHOD_NAME + "\"\n" +
+        "            }\n" +
+        "          ]\n" +
+        "        }\n" +
+        "      }\n" +
+        "    }\n" +
+        "  }\n" +
+        "}";
 
     AuthResponseTest() {
         super(AuthResponse.class);
@@ -76,20 +100,27 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
     @Override
     protected AuthResponse createFull() {
         try {
-            return new ObjectMapper().readValue(RES_JSON, AuthResponse.class);
+            return objectMapper.readValue(RES_JSON, AuthResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
         }
     }
 
+    @Test
+    void testEqualsHashcodeMfa() {
+        EqualsVerifier.simple().forClass(MfaRequirement.class).verify();
+        EqualsVerifier.simple().forClass(MfaConstraintAny.class).verify();
+        EqualsVerifier.simple().forClass(MfaMethodId.class).verify();
+    }
+
     /**
      * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
      */
     @Test
     void jsonRoundtrip() {
         AuthResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(RES_JSON, AuthResponse.class),
+                () -> objectMapper.readValue(RES_JSON, AuthResponse.class),
                 "AuthResponse deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");
@@ -108,5 +139,14 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
         assertEquals(2, data.getTokenPolicies().size(), "Incorrect number of token policies");
         assertTrue(data.getTokenPolicies().containsAll(Set.of(AUTH_POLICY_2, AUTH_POLICY_1)), "Incorrect token policies");
         assertEquals(Map.of(AUTH_META_KEY, AUTH_META_VALUE), data.getMetadata(), "Incorrect auth metadata");
+
+        assertEquals(MFA_REQUEST_ID, data.getMfaRequirement().getMfaRequestId(), "Incorrect MFA request ID");
+        assertEquals(Set.of(MFA_KEY), data.getMfaRequirement().getMfaConstraints().keySet(), "Incorrect MFA constraint keys");
+        var mfaConstraint = data.getMfaRequirement().getMfaConstraints().get(MFA_KEY);
+        assertEquals(1, mfaConstraint.getAny().size(), "Incorrect number of any constraints");
+        assertEquals(MFA_METHOD_TYPE, mfaConstraint.getAny().get(0).getType(), "Incorrect MFA method type");
+        assertEquals(MFA_METHOD_ID, mfaConstraint.getAny().get(0).getId(), "Incorrect MFA method type");
+        assertEquals(MFA_METHOD_USES_PASSCODE, mfaConstraint.getAny().get(0).getUsesPasscode(), "Incorrect MFA method uses passcode");
+        assertEquals(MFA_METHOD_NAME, mfaConstraint.getAny().get(0).getName(), "Incorrect MFA method uses passcode");
     }
 }

src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -52,7 +51,7 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
     @Override
     protected CredentialsResponse createFull() {
         try {
-            return new ObjectMapper().readValue(JSON, CredentialsResponse.class);
+            return objectMapper.readValue(JSON, CredentialsResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -72,7 +71,7 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
         assertNull(res.getPassword(), "Password not present in data map should not return anything");
 
         res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(JSON, CredentialsResponse.class),
+                () -> objectMapper.readValue(JSON, CredentialsResponse.class),
                 "Deserialization of CredentialsResponse failed"
         );
         assertEquals(VAL_USER, res.getUsername(), "Incorrect username");

src/test/java/de/stklcode/jvault/connector/model/response/ErrorResponseTest.java

@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
@@ -44,7 +43,7 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
     @Override
     protected ErrorResponse createFull() {
         try {
-            return new ObjectMapper().readValue(JSON, ErrorResponse.class);
+            return objectMapper.readValue(JSON, ErrorResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -56,16 +55,15 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
      */
     @Test
     void jsonRoundtrip() {
-        ObjectMapper om = new ObjectMapper();
         ErrorResponse res = assertDoesNotThrow(
-                () -> om.readValue(JSON, ErrorResponse.class),
+                () -> objectMapper.readValue(JSON, ErrorResponse.class),
                 "ErrorResponse deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");
         assertEquals(List.of(ERROR_1, ERROR_2), res.getErrors(), "Unexpected error messages");
         assertEquals(
                 JSON,
-                assertDoesNotThrow(() -> om.writeValueAsString(res), "ErrorResponse serialization failed"),
+                assertDoesNotThrow(() -> objectMapper.writeValueAsString(res), "ErrorResponse serialization failed"),
                 "Unexpected JSON string after serialization"
         );
     }
@@ -74,13 +72,13 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
     @Test
     void testToString() {
         ErrorResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(JSON, ErrorResponse.class),
+                () -> objectMapper.readValue(JSON, ErrorResponse.class),
                 "ErrorResponse deserialization failed"
         );
         assertEquals(ERROR_1, res.toString());
 
         res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(JSON_EMPTY, ErrorResponse.class),
+                () -> objectMapper.readValue(JSON_EMPTY, ErrorResponse.class),
                 "ErrorResponse deserialization failed with empty list"
         );
         assertEquals("error response", res.toString());

src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
@@ -61,7 +60,7 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
     @Override
     protected HealthResponse createFull() {
         try {
-            return new ObjectMapper().readValue(RES_JSON, HealthResponse.class);
+            return objectMapper.readValue(RES_JSON, HealthResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -74,7 +73,7 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
     @Test
     void jsonRoundtrip() {
         HealthResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(RES_JSON, HealthResponse.class),
+                () -> objectMapper.readValue(RES_JSON, HealthResponse.class),
                 "Health deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");

src/test/java/de/stklcode/jvault/connector/model/response/HelpResponseTest.java

@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
@@ -40,7 +39,7 @@ class HelpResponseTest extends AbstractModelTest<HelpResponse> {
     @Override
     protected HelpResponse createFull() {
         try {
-            return new ObjectMapper().readValue(JSON, HelpResponse.class);
+            return objectMapper.readValue(JSON, HelpResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -52,16 +51,15 @@ class HelpResponseTest extends AbstractModelTest<HelpResponse> {
      */
     @Test
     void jsonRoundtrip() {
-        ObjectMapper om = new ObjectMapper();
         HelpResponse res = assertDoesNotThrow(
-                () -> om.readValue(JSON, HelpResponse.class),
+                () -> objectMapper.readValue(JSON, HelpResponse.class),
                 "HelpResponse deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");
         assertEquals(HELP, res.getHelp(), "Unexpected help text");
         assertEquals(
                 JSON,
-                assertDoesNotThrow(() -> om.writeValueAsString(res), "HelpResponse serialization failed"),
+                assertDoesNotThrow(() -> objectMapper.writeValueAsString(res), "HelpResponse serialization failed"),
                 "Unexpected JSON string after serialization"
         );
     }

src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
@@ -89,7 +88,7 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
     @Override
     protected MetaSecretResponse createFull() {
         try {
-            return new ObjectMapper().readValue(SECRET_JSON_V2, MetaSecretResponse.class);
+            return objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -103,21 +102,21 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
     void jsonRoundtrip() {
         // KV v2 secret.
         MetaSecretResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(SECRET_JSON_V2, MetaSecretResponse.class),
+                () -> objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class),
                 "SecretResponse deserialization failed"
         );
         assertSecretData(res);
         assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
         assertEquals(SECRET_META_CREATED, res.getMetadata().getCreatedTimeString(), "Incorrect creation date string");
         assertNotNull(res.getMetadata().getCreatedTime(), "Creation date parsing failed");
-        assertEquals("", res.getMetadata().getDeletionTimeString(), "Incorrect deletion date string");
+        assertNull(res.getMetadata().getDeletionTimeString(), "Incorrect deletion date string");
         assertNull(res.getMetadata().getDeletionTime(), "Incorrect deletion date");
         assertFalse(res.getMetadata().isDestroyed(), "Secret destroyed when not expected");
         assertEquals(1, res.getMetadata().getVersion(), "Incorrect secret version");
 
         // Deleted KV v2 secret.
         res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(SECRET_JSON_V2_2, MetaSecretResponse.class),
+                () -> objectMapper.readValue(SECRET_JSON_V2_2, MetaSecretResponse.class),
                 "SecretResponse deserialization failed"
         );
         assertSecretData(res);

src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
@@ -71,7 +70,7 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
     @Override
     protected MetadataResponse createFull() {
         try {
-            return new ObjectMapper().readValue(META_JSON, MetadataResponse.class);
+            return objectMapper.readValue(META_JSON, MetadataResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -84,7 +83,7 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
     @Test
     void jsonRoundtrip() {
         MetadataResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(META_JSON, MetadataResponse.class),
+                () -> objectMapper.readValue(META_JSON, MetadataResponse.class),
                 "MetadataResponse deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");

src/test/java/de/stklcode/jvault/connector/model/response/PlainSecretResponseTest.java

@@ -16,12 +16,13 @@
 
 package de.stklcode.jvault.connector.model.response;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
+import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
-import java.util.List;
+import java.util.*;
 
 import static org.junit.jupiter.api.Assertions.*;
 
@@ -60,7 +61,7 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
     @Override
     protected PlainSecretResponse createFull() {
         try {
-            return new ObjectMapper().readValue(SECRET_JSON, PlainSecretResponse.class);
+            return objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -73,7 +74,7 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
     @Test
     void jsonRoundtrip() {
         SecretResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(SECRET_JSON, PlainSecretResponse.class),
+                () -> objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class),
                 "SecretResponse deserialization failed"
         );
 
@@ -86,4 +87,137 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
         assertEquals(SECRET_DATA_V1, res.get(SECRET_DATA_K1), "Response does not contain correct data");
         assertEquals(SECRET_DATA_V2, res.get(SECRET_DATA_K2), "Response does not contain correct data");
     }
+
+    /**
+     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
+     */
+    @Test
+    void testGetter() {
+        final var stringKey = "string";
+        final var stringVal = "test";
+
+        final var numberKey = "number";
+        final var numberVal = 123.45;
+
+        final var listKey = "list";
+        final var listVal = List.of("foo", "bar");
+
+        final var complexKey = "complex";
+        final var complexVal = new ComplexType("val1", 678);
+
+        SecretResponse res = assertDoesNotThrow(
+                () -> objectMapper.readValue(
+                        "{\n" +
+                                "  \"request_id\": \"req-id\",\n" +
+                                "  \"lease_id\": \"lea-id\",\n" +
+                                "  \"lease_duration\": " + 123456 + ",\n" +
+                                "  \"renewable\": true,\n" +
+                                "  \"data\": {\n" +
+                                "    \"" + stringKey + "\": \"" + stringVal + "\",\n" +
+                                "    \"" + numberKey + "\": \"" + numberVal + "\",\n" +
+                                "    \"" + listKey + "\": [\"" + String.join("\", \"", listVal) + "\"],\n" +
+                                "    \"" + complexKey + "\": {" +
+                                "      \"field1\": \"" + complexVal.field1 + "\",\n" +
+                                "      \"field2\": " + complexVal.field2 + "\n" +
+                                "    },\n" +
+                                "    \"" + complexKey + "Json\": \"" + objectMapper.writeValueAsString(complexVal).replace("\"", "\\\"") + "\"\n" +
+                                "  }\n" +
+                                "}",
+                        PlainSecretResponse.class
+                ),
+                "SecretResponse deserialization failed"
+        );
+
+        assertEquals(stringVal, res.get(stringKey), "unexpected value for string (implicit)");
+        assertEquals(
+                stringVal,
+                assertDoesNotThrow(() -> res.get(stringKey, String.class), "getting string failed"),
+                "unexpected value for string (explicit)"
+        );
+
+        assertEquals(String.valueOf(numberVal), res.get(numberKey), "unexpected value for number (implicit)");
+        assertEquals(
+                numberVal,
+                assertDoesNotThrow(() -> res.get(numberKey, Double.class), "getting number failed"),
+                "unexpected value for number (explicit)"
+        );
+        assertEquals(
+                String.valueOf(numberVal),
+                assertDoesNotThrow(() -> res.get(numberKey, String.class), "getting number as string failed"),
+                "unexpected value for number as string (explicit)"
+        );
+
+        assertEquals(listVal, res.get(listKey), "unexpected value for list (implicit)");
+        assertEquals(
+                listVal,
+                assertDoesNotThrow(() -> res.get(listKey, ArrayList.class), "getting list failed"),
+                "unexpected value for list (explicit)"
+        );
+
+        assertEquals(complexVal.toMap(), res.get(complexKey), "unexpected value for complex type (implicit)");
+        assertEquals(
+                complexVal.toMap(),
+                assertDoesNotThrow(() -> res.get(complexKey, HashMap.class), "getting complex type as map failed"),
+                "unexpected value for complex type as map (explicit)"
+        );
+        assertEquals(
+                complexVal,
+                assertDoesNotThrow(() -> res.get(complexKey, ComplexType.class), "getting complex type failed"),
+                "unexpected value for complex type (explicit)"
+        );
+        assertThrows(
+                InvalidResponseException.class,
+                () -> res.get(complexKey, Integer.class),
+                "getting complex type as integer should fail"
+        );
+        assertEquals(
+                complexVal,
+                assertDoesNotThrow(() -> res.get(complexKey + "Json", ComplexType.class), "getting complex type from JSON string failed"),
+                "unexpected value for complex type from JSON string"
+        );
+    }
+
+
+    /**
+     * Test class for complex field mapping.
+     */
+    private static class ComplexType {
+        @JsonProperty("field1")
+        private String field1;
+
+        @JsonProperty("field2")
+        private Integer field2;
+
+        private ComplexType() {
+            // Required for JSON deserialization.
+        }
+
+        private ComplexType(String field1, Integer field2) {
+            this.field1 = field1;
+            this.field2 = field2;
+        }
+
+        private Map<String, Object> toMap() {
+            return Map.of(
+                    "field1", field1,
+                    "field2", field2
+            );
+        }
+
+        @Override
+        public boolean equals(Object o) {
+            if (this == o) {
+                return true;
+            } else if (o == null || getClass() != o.getClass()) {
+                return false;
+            }
+            ComplexType that = (ComplexType) o;
+            return Objects.equals(field1, that.field1) && Objects.equals(field2, that.field2);
+        }
+
+        @Override
+        public int hashCode() {
+            return Objects.hash(field1, field2);
+        }
+    }
 }

src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,10 +17,11 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
+import java.time.ZonedDateTime;
+
 import static org.junit.jupiter.api.Assertions.*;
 
 /**
@@ -35,7 +36,8 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
     private static final Integer SHARES = 5;
     private static final Integer PROGRESS_SEALED = 2;
     private static final Integer PROGRESS_UNSEALED = 0;
-    private static final String VERSION = "1.8.2";
+    private static final String VERSION = "1.15.4";
+    private static final String BUILD_DATE = "2023-11-22T20:59:54Z";
     private static final String CLUSTER_NAME = "vault-cluster-d6ec3c7f";
     private static final String CLUSTER_ID = "3e8b3fec-3749-e056-ba41-b62a63b997e8";
     private static final String NONCE = "ef05d55d-4d2c-c594-a5e8-55bc88604c24";
@@ -52,6 +54,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
             "  \"progress\": " + PROGRESS_SEALED + ",\n" +
             "  \"nonce\": \"\",\n" +
             "  \"version\": \"" + VERSION + "\",\n" +
+            "  \"build_date\": \"" + BUILD_DATE + "\",\n" +
             "  \"migration\": \"" + MIGRATION + "\",\n" +
             "  \"recovery_seal\": \"" + RECOVERY_SEAL + "\",\n" +
             "  \"storage_type\": \"" + STORAGE_TYPE + "\"\n" +
@@ -65,6 +68,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
             "  \"n\": " + SHARES + ",\n" +
             "  \"progress\": " + PROGRESS_UNSEALED + ",\n" +
             "  \"version\": \"" + VERSION + "\",\n" +
+            "  \"build_date\": \"" + BUILD_DATE + "\",\n" +
             "  \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
             "  \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
             "  \"nonce\": \"" + NONCE + "\",\n" +
@@ -80,7 +84,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
     @Override
     protected SealResponse createFull() {
         try {
-            return new ObjectMapper().readValue(RES_UNSEALED, SealResponse.class);
+            return objectMapper.readValue(RES_UNSEALED, SealResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -94,7 +98,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
     void jsonRoundtripSealed() {
         // First test sealed Vault's response.
         SealResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(RES_SEALED, SealResponse.class),
+                () -> objectMapper.readValue(RES_SEALED, SealResponse.class),
                 "SealResponse deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");
@@ -106,6 +110,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
         assertEquals(PROGRESS_SEALED, res.getProgress(), "Incorrect progress");
         assertEquals("", res.getNonce(), "Nonce not empty");
         assertEquals(VERSION, res.getVersion(), "Incorrect version");
+        assertEquals(ZonedDateTime.parse(BUILD_DATE), res.getBuildDate(), "Incorrect build date");
         assertEquals(MIGRATION, res.getMigration(), "Incorrect migration");
         assertEquals(RECOVERY_SEAL, res.getRecoverySeal(), "Incorrect recovery seal");
         assertEquals(STORAGE_TYPE, res.getStorageType(), "Incorrect storage type");
@@ -116,7 +121,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
 
         // Not test unsealed Vault's response.
         res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(RES_UNSEALED, SealResponse.class),
+                () -> objectMapper.readValue(RES_UNSEALED, SealResponse.class),
                 "SealResponse deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");
@@ -128,6 +133,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
         assertEquals(PROGRESS_UNSEALED, res.getProgress(), "Incorrect progress");
         assertEquals(NONCE, res.getNonce(), "Incorrect nonce");
         assertEquals(VERSION, res.getVersion(), "Incorrect version");
+        assertEquals(ZonedDateTime.parse(BUILD_DATE), res.getBuildDate(), "Incorrect build date");
         assertEquals(CLUSTER_NAME, res.getClusterName(), "Incorrect cluster name");
         assertEquals(CLUSTER_ID, res.getClusterId(), "Incorrect cluster ID");
         assertEquals(MIGRATION, res.getMigration(), "Incorrect migration");

src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
@@ -54,7 +53,7 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
     @Override
     protected SecretListResponse createFull() {
         try {
-            return new ObjectMapper().readValue(JSON, SecretListResponse.class);
+            return objectMapper.readValue(JSON, SecretListResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -67,7 +66,7 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
     @Test
     void getKeysTest() {
         SecretListResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(JSON, SecretListResponse.class),
+                () -> objectMapper.readValue(JSON, SecretListResponse.class),
                 "SecretListResponse deserialization failed"
         );
 

src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
@@ -50,7 +49,7 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
     @Override
     protected SecretVersionResponse createFull() {
         try {
-            return new ObjectMapper().readValue(META_JSON, SecretVersionResponse.class);
+            return objectMapper.readValue(META_JSON, SecretVersionResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -63,7 +62,7 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
     @Test
     void jsonRoundtrip() {
         SecretVersionResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(META_JSON, SecretVersionResponse.class),
+                () -> objectMapper.readValue(META_JSON, SecretVersionResponse.class),
                 "SecretVersionResponse deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");

src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.response.embedded.TokenData;
 import org.junit.jupiter.api.Test;
@@ -96,7 +95,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
     @Override
     protected TokenResponse createFull() {
         try {
-            return new ObjectMapper().readValue(RES_JSON, TokenResponse.class);
+            return objectMapper.readValue(RES_JSON, TokenResponse.class);
         } catch (JsonProcessingException e) {
             fail("Creation of full model instance failed", e);
             return null;
@@ -119,7 +118,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
     @Test
     void jsonRoundtrip() {
         TokenResponse res = assertDoesNotThrow(
-                () -> new ObjectMapper().readValue(RES_JSON, TokenResponse.class),
+                () -> objectMapper.readValue(RES_JSON, TokenResponse.class),
                 "TokenResponse deserialization failed"
         );
         assertNotNull(res, "Parsed response is NULL");

src/test/java/de/stklcode/jvault/connector/model/response/embedded/MountConfigTest.java

@@ -0,0 +1,103 @@
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import de.stklcode.jvault.connector.model.AbstractModelTest;
+import org.junit.jupiter.api.Test;
+
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+/**
+ * Unit test for {@link MountConfig}.
+ *
+ * @author Stefan Kalscheuer
+ */
+class MountConfigTest extends AbstractModelTest<MountConfig> {
+    private static final Integer DEFAULT_LEASE_TTL = 1800;
+    private static final Integer MAX_LEASE_TTL = 3600;
+    private static final Boolean FORCE_NO_CACHE = false;
+    private static final String TOKEN_TYPE = "default-service";
+    private static final String AUDIT_NON_HMAC_REQ_KEYS_1 = "req1";
+    private static final String AUDIT_NON_HMAC_REQ_KEYS_2 = "req2";
+    private static final String AUDIT_NON_HMAC_RES_KEYS_1 = "res1";
+    private static final String AUDIT_NON_HMAC_RES_KEYS_2 = "res2";
+    private static final String LISTING_VISIBILITY = "unauth";
+    private static final String PT_REQ_HEADER_1 = "prh1";
+    private static final String PT_REQ_HEADER_2 = "prh2";
+    private static final String ALLOWED_RES_HEADER_1 = "arh1";
+    private static final String ALLOWED_RES_HEADER_2 = "arh2";
+    private static final String ALLOWED_MANAGED_KEY_1 = "amk1";
+    private static final String ALLOWED_MANAGED_KEY_2 = "amk2";
+    private static final String DEL_AUTH_ACCESSOR_1 = "daa1";
+    private static final String DEL_AUTH_ACCESSOR_2 = "daa2";
+    private static final Integer LOCKOUT_THRESH = 7200;
+    private static final Integer LOCKOUT_DURATION = 86400;
+    private static final Integer LOCKOUT_CNT_RESET_DURATION = 43200;
+    private static final Boolean LOCKOUT_DISABLE = false;
+
+    private static final String RES_JSON = "{\n" +
+        "  \"default_lease_ttl\": " + DEFAULT_LEASE_TTL + ",\n" +
+        "  \"force_no_cache\": " + FORCE_NO_CACHE + ",\n" +
+        "  \"max_lease_ttl\": " + MAX_LEASE_TTL + ",\n" +
+        "  \"token_type\": \"" + TOKEN_TYPE + "\",\n" +
+        "  \"audit_non_hmac_request_keys\": [\"" + AUDIT_NON_HMAC_REQ_KEYS_1 + "\", \"" + AUDIT_NON_HMAC_REQ_KEYS_2 + "\"],\n" +
+        "  \"audit_non_hmac_response_keys\": [\"" + AUDIT_NON_HMAC_RES_KEYS_1 + "\", \"" + AUDIT_NON_HMAC_RES_KEYS_2 + "\"],\n" +
+        "  \"listing_visibility\": \"" + LISTING_VISIBILITY + "\",\n" +
+        "  \"passthrough_request_headers\": [\"" + PT_REQ_HEADER_1 + "\", \"" + PT_REQ_HEADER_2 + "\"],\n" +
+        "  \"allowed_response_headers\": [\"" + ALLOWED_RES_HEADER_1 + "\", \"" + ALLOWED_RES_HEADER_2 + "\"],\n" +
+        "  \"allowed_managed_keys\": [\"" + ALLOWED_MANAGED_KEY_1 + "\", \"" + ALLOWED_MANAGED_KEY_2 + "\"],\n" +
+        "  \"delegated_auth_accessors\": [\"" + DEL_AUTH_ACCESSOR_1 + "\", \"" + DEL_AUTH_ACCESSOR_2 + "\"],\n" +
+        "  \"user_lockout_config\": {\n" +
+        "    \"lockout_threshold\": " + LOCKOUT_THRESH + ",\n" +
+        "    \"lockout_duration\": " + LOCKOUT_DURATION + ",\n" +
+        "    \"lockout_counter_reset_duration\": " + LOCKOUT_CNT_RESET_DURATION + ",\n" +
+        "    \"lockout_disable\": " + LOCKOUT_DISABLE + "\n" +
+        "  }\n" +
+        "}";
+
+    MountConfigTest() {
+        super(MountConfig.class);
+    }
+
+    @Override
+    protected MountConfig createFull() {
+        try {
+            return objectMapper.readValue(RES_JSON, MountConfig.class);
+        } catch (JsonProcessingException e) {
+            fail("Creation of full model instance failed", e);
+            return null;
+        }
+    }
+
+    /**
+     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
+     */
+    @Test
+    void jsonRoundtrip() {
+        MountConfig mountConfig = assertDoesNotThrow(
+            () -> objectMapper.readValue(RES_JSON, MountConfig.class),
+            "MountConfig deserialization failed"
+        );
+        assertNotNull(mountConfig, "Parsed response is NULL");
+
+        // Verify data.
+        assertEquals(DEFAULT_LEASE_TTL, mountConfig.getDefaultLeaseTtl(), "Unexpected default lease TTL");
+        assertEquals(MAX_LEASE_TTL, mountConfig.getMaxLeaseTtl(), "Unexpected max lease TTL");
+        assertEquals(FORCE_NO_CACHE, mountConfig.getForceNoCache(), "Unexpected force no cache");
+        assertEquals(TOKEN_TYPE, mountConfig.getTokenType(), "Unexpected token type");
+        assertEquals(List.of(AUDIT_NON_HMAC_REQ_KEYS_1, AUDIT_NON_HMAC_REQ_KEYS_2), mountConfig.getAuditNonHmacRequestKeys(), "Unexpected audit no HMAC request keys");
+        assertEquals(List.of(AUDIT_NON_HMAC_RES_KEYS_1, AUDIT_NON_HMAC_RES_KEYS_2), mountConfig.getAuditNonHmacResponseKeys(), "Unexpected audit no HMAC response keys");
+        assertEquals(LISTING_VISIBILITY, mountConfig.getListingVisibility(), "Unexpected listing visibility");
+        assertEquals(List.of(PT_REQ_HEADER_1, PT_REQ_HEADER_2), mountConfig.getPassthroughRequestHeaders(), "Unexpected passthrough request headers");
+        assertEquals(List.of(ALLOWED_RES_HEADER_1, ALLOWED_RES_HEADER_2), mountConfig.getAllowedResponseHeaders(), "Unexpected allowed response headers");
+        assertEquals(List.of(ALLOWED_MANAGED_KEY_1, ALLOWED_MANAGED_KEY_2), mountConfig.getAllowedManagedKeys(), "Unexpected allowed managed keys");
+        assertEquals(List.of(DEL_AUTH_ACCESSOR_1, DEL_AUTH_ACCESSOR_2), mountConfig.getDelegatedAuthAccessors(), "Unexpected delegate auth accessors");
+        assertNotNull(mountConfig.getUserLockoutConfig(), "Missing user lockout config");
+        var ulc = mountConfig.getUserLockoutConfig();
+        assertEquals(LOCKOUT_THRESH, ulc.getLockoutThreshold(), "Unexpected lockout threshold");
+        assertEquals(LOCKOUT_DURATION, ulc.getLockoutDuration(), "Unexpected lockout duration");
+        assertEquals(LOCKOUT_CNT_RESET_DURATION, ulc.getLockoutCounterResetDuration(), "Unexpected lockout counter reset duration");
+        assertEquals(LOCKOUT_DISABLE, ulc.getLockoutDisable(), "Unexpected lockout disable");
+    }
+}

src/test/java/de/stklcode/jvault/connector/test/Credentials.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 Stefan Kalscheuer
+ * Copyright 2016-2023 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/resources/data_dir/core/_auth

@@ -1 +1 @@
-{"Value":"AAAAAQKHd7fFuNKfj/RnIQoxQEOTorNNl1NfcVtynLwYvtvZGDvhAO34YmOFKJSQVSiT4Js08ik48DWWnZHCZzAyMlK0HqNGYQRzCkuHkzYpH0uLrTcddXLuKyc7j6IiRTl3qYb1pzdlTzDtlwsi4J7s+7orETS146yY/GnGPWM/Tmet7p5qOECRq7m04gBX0pnwZl12iRqWG4aHHY5D4aFp9KjKUBKCIhz2Tb9wcSKV/Aa/ct1d0K0k8pyu1r1OkaJqCQXQeIaJR/WBMECR4omezvg7IGCoBIkMjwFR1urSaB0xNdgk+ByZE0C5zeDfmVRylYlypPAlIBrGL/Q/d6+NWiiOzXdoQoqAa/Pyg7e2gClsKDBFDvSL1QVBdsnBIskDeig2t46Ew5qM00wY58BWlUxqjlCgsNm3nPHtWpc6+XiR4ZkEZ9VeEIQhwC/R+NxS+QCDKeuSfyZM3OqQBwOx22mTL0i86YzlUph0alBmDF1b1FkDbg46MSWTANrkov1LPDnOvvNet7pb0L6exN5Q+HKitmxn36E0KAiqj1hEaHMZF6Pe+IIScLPClgPNeMkZWLeD5kvLv9kfObTYneHVHqj8O9jGtk03T4vOoaUNJY9U0irBGzlV+GkneJUgBL1QBspfK4GvFvUrd0Ds/teayJba8HDxlpCEWr6h062BXsNPg5gUn4H/uvginsFng02M8IyrDA1QOb4XS1zdfrvq"}
+{"Value":"AAAAAQK788ueZMqWkxK0+QrdrSU6/fJE0BHpMFCmXuZch21YdFNQSxZwgbTTH6uAyzxlEpHvAa4v9ScNyYXqRCLFK4X0DtDmpheIr/Ow6BPU8yxNglfI+qW5SKZKeYAYMHal0jX1MYsaIdYp8LJm52VMa+CdjTRx1J7ZhrNqiNHXbVJr6uOM+FDbGU4W8LyDy1ZhBKo17fwMnOycl5vBHu7b964iVHAIDkZHBq/4N1R/w7Sne7K/JvNPfuBNd1evRSErRNJRPp4DEkpK2v8lgIAXFjemE+aOysWYjGh/XVi8EzP09K1QFwfsvgIeIX0XVP4wMNn2xHedDyWQV55FJbD1LcrM2Q54HAHM0YGItI+MwPPzmP06Udoq3PZNRMWRI3l1rdjnIT+3FtbJr43EF8mf6SuYCzf9QWkGkixWAPAsMO+ZYCkHfsp8Ebq5IQmgK2IXzR7Dw8+tizs+8jaXB5JJ1vru0dZJa3b1oV9eizW5U53yIWNhC2v/d0rVxivvMbZ2deAP9OaqXm+oFukIjaFHDNbAskqvpHh8/7e91fqDFla2ZNEEPtVSsBBmyKHO0gDiDHKC3T2hrvvSRHsMHplIpD1mnppE2E4BlngIDgrfAe3G2jKUHg9eYLq9dMXBeysfzc8UtBI="}

src/test/resources/data_dir_legacy/auth/243a5842-b58f-24d5-d3b0-24304c57b7cc/user/_validuser

@@ -0,0 +1 @@
+{"Value":"AAAAAQINZKQEssY4IzHI/0k27nBtxSvnC6LkivYrqky6CblcjyAmQIg/4/cKQIBCXzmrWEv/SqMQbLw+4Lp63Xu1niF+U0NbyqDmFaPqnD2yfPs7meXvZr21+P9E/0APZMHQaSR7DIEY46zedHRjQ/pkhR2Axcjuy5gdfzBzC2XvUcNqdyR0pQwcDwGhAIdO0gxJfZCeBuvv8ceYS+aPs4gDHtIlA3szi+5qAQ8HvPBTDKQn1lHVYnzTdNbMS7v3mtzCyG8AeMkaUw=="}

src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/_salt

@@ -0,0 +1 @@
+{"Value":"AAAAAQJiN0bHxM8aNJpY7aHGZ/p3qOhJbd7JIXwFMEI4LtKmO6pP5Oa4P5z+2LK+2qzZhhX/iDeM4u+nR+lxt/GsBPKf"}

src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/accessor/_a9566f93ca05120fa8955f887ee0ca1a1422802df2ad979f2ac2951e95703089

@@ -0,0 +1 @@
+{"Value":"AAAAAQIZ5rvzLtBcBQvWqwwDoRADwUo6W0ECKgmcvXejbLKiYcbO0hP8fceCqB12J41wxcMViQ8vvWoIgyOX2HwcZS09GGCqQbjvyVfz/w+kyox9dJzr845f26tJjHVYlHX2YFsnxytwe5qCKdCsD5QP9kyz8J0="}

src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role/_testrole1

@@ -0,0 +1 @@
+{"Value":"AAAAAQJIKXgvJ2Prr92Fn7qZK/WZxb+Q+vJsXyjMo44en/+zqbbnLfs5m7uH7hEUOfDM/MjzTrhfkOWxf6qcrC4MR3ocrFJwtbJ6j+QrNLg61gVIiLBUVBkvh8ErqCFnSjNIqhaIMQhuZXWANsgGF9K2+HBGJerWGe26C1rdWRZV4J0M23HnxLBf8aYDlOfkHe24I30rHUqXIk9/BKEuekcnhETw9Tx4Fk7KxxxEdGmHPbg+4G14c27wVj8IrpWHBpyLmt55Qdb/y24i5RzFYv1FQ2kQZIO6TQiYkwAUxJ5cIdCiAsEDNt+rBJ9zX1MvkEfkVj/WvzC9pxB7ad+j5vYIJgCUD1o09t0w2ChjBojGoOAWDSvNAeY8kr5PDKwYk+gBY5M2JHDI6ELvOVu8gsW+sqk9St9V3VisShTfU3+qln7TOWw/LQ+fUzGvYrAWG6UyPVpIEYeNmN0iGCIM8rzjQYvVC3KcQMG96MwK3ZlSQzgPpvTGxNxFm2omTn3ue7QHn7Ni6+c/K6xVy0bbJ+jS4yyfl2wFBm1tF1l3BITLqw3TiP3LEw=="}

src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role/_testrole2

@@ -0,0 +1 @@
+{"Value":"AAAAAQIUt2iYYy9zOwkx1mtNMHt69RjdHbUmcN8zydVQTMGjhv1kjEW+d4AaBv1qE22rPTs0xL3pJ1AjIvkBXXVBAuc/FE63t5dE81Fa+MvSY4tBeMtl6i09ykkAYyQUeeV2HlbjRpMUwPyq2QIslYw3d4lc73yT0S82s5I3MfjodKmDpheWMOgg5hGes/wstBHN5HEZkKV8gOPRZ/BsTM7tMXH1piM/JT8sNfsDh6TAGD1OEsS+N2QlKvS4yImNzcKrH0EgdkXB4sRZ9e/SmMaEVaagB1n0M5LukC+pyExgC7eK4EU8o2Xye3iij3YMWBaGollDzJBJFP5aSO4E5u+NnRc5/ZbLRCbqgfQj8IY86WF9hya31aJxbc8Pg28Yfez8hbGRJZZws/ojIUgEz+VtH3OyaW2Wohnycop7i4fK8xlJ2gYOGvlw43czOH6Y6joTce+QBZWI7KR6ugB0dI8pnK2eFy14OZeww1NEew7r1u7PgD10Obg8okIJSD8cGkxUHu/oOLxvKKOAJBLSPfKnJfKEiKrqYED7EPkmgP/t7okvo4c95qeuWy1BLtKfxw5lkv0="}

src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role_id/_4b3d052da8b3d9af8d551a4e515289bc4319f2c21012a70de2c9e9fea6e0f7e0

@@ -0,0 +1 @@
+{"Value":"AAAAAQKv0Yr+QFSWxYe8o51TBwGz/yAhNYFmkNHPISEK6EbIVGkpEJMHFYvHWxTXUzF7f2/a"}

src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role_id/_c779a2e6599b8e4b6b6a3c68a7690a8e7d31fa0201ad73973dcd24f83e2950de

@@ -0,0 +1 @@
+{"Value":"AAAAAQKs2/ICwQPLv6siBGDbBnB52fBVo52BkSKGvm74p4oHrdMEvejJ4cJljOADYyDT2QYa"}

src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/secret_id/c79a3b6ce2e8e8b725c8c0fcdd23521375fadf2190fb5823d459a2fd2cb5a670/_f5954e87c0b1a0eb9c8fa4fc2ed7ab6f4338a8d77341e06460de0870316e7320

@@ -0,0 +1 @@
+{"Value":"AAAAAQIq05o3NmsucipTxPrcRbT1sXpAJ8w2PpiShnof74Kuzf/4kkHj3AZL5AObGFLAkYUvUrv3RRmYBIhw6Jk4FCbgdQyJAjPNVUTwBun/kQVyzP5sQ9hUFgHJwINomtVDiDgPkOc92zk8ydr1hfnMmTAtS71G3xloHDn6CF/1Y9WI1PkHdSkZ8d+yBNxr+qjGyewrV3QVmQvAfpY56uQ6AOztItD9NgiPrtNP+clbCczsieY6Y9Ce2FZawmuKFi9svMcBtnEcMILV/SGt4iCiMgFwkCJ9gQsGEdWPifu6ITPB92LgT4Ccw4gVRO31QVcPl6S+FG6iCeN6lk2yRXYjyhBuU+GklouEZIsA6SoxlIXPZuvauyS1MWwMxtSOQUFVYr3kvtXzCpcpEHDyBOEUdxPaYUZXHNdhGtMr/JuJCN50t0ng5mEAqfhjoJfJ/tBTqAjySj4zmEHuY0RnqYLPmsp203Q="}

src/test/resources/data_dir_legacy/core/_audit

@@ -0,0 +1 @@
+{"Value":"AAAAAQI695zhv1Tv/6m1Fx/L62lITd+ZWCi+xCDHkev2YtCSIDPrZgNzYnrCHG3cUjBePZt6NYUSgzvZTXbxZPN4rK2rPj/BN9xj9v1vH1woOMY6lNPmBR7r"}