split VaultConnector interface into clients per module

The connector interface has grown quite big and does not even cover all potential APIs. We now extract functionality into submodules and group them to handle each area in separate interfaces. Provide fluent access, strip prefixes from methods and preserve a 1:1 migration path. Examples: * connector.unseal() => connector.sys().unseal() * connector.readSecretVersion() => connector.kv2().readVersion() * connector.createToken() => connector.token().create() * connector.lookupAppRole() => connector.appRole().lookup() * connector.transitHash() => connector.transit().hash()
build: update maven-wrapper to 3.3.3
2025-09-02 15:35:18 +02:00 · 2025-09-02 13:27:29 +02:00 · 2025-08-30 09:53:46 +02:00 · 2025-08-30 09:41:09 +02:00 · 2025-08-30 09:11:21 +02:00 · 2025-08-30 09:10:26 +02:00
147 changed files with 3925 additions and 2749 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,50 +0,0 @@
 kind: pipeline
 name: default
 steps:
  - name: compile
    image: maven:3-eclipse-temurin-21
    commands:
      - mvn -B clean compile
    when:
      branch:
        - main
        - develop
        - feature/*
        - fix/*
        - release/*
  - name: unit-tests
    image: maven:3-eclipse-temurin-21
    commands:
      - mvn -B test
    when:
      branch:
        - develop
        - feature/*
        - fix/*
  - name: setup-vault
    image: alpine:latest
    environment:
      VAULT_VERSION: 1.15.4
    commands:
      - wget -q -O vault_$${VAULT_VERSION}_linux_amd64.zip https://releases.hashicorp.com/vault/$${VAULT_VERSION}/vault_$${VAULT_VERSION}_linux_amd64.zip
      - wget -q -O - https://releases.hashicorp.com/vault/$${VAULT_VERSION}/vault_$${VAULT_VERSION}_SHA256SUMS | grep linux_amd64 | sha256sum -c
      - unzip vault_$${VAULT_VERSION}_linux_amd64.zip
      - rm vault_$${VAULT_VERSION}_linux_amd64.zip
      - mkdir -p .bin
      - mv vault .bin/
    when:
      branch:
        - main
        - release/*
  - name: unit-integration-tests
    image: maven:3-eclipse-temurin-21
    environment:
      VAULT_VERSION: 1.15.4
    commands:
      - export PATH=.bin:$${PATH}
      - mvn -B -P integration-test verify
    when:
      branch:
        - main
        - release/*
--- a/.github/workflows/ci-it.yml
+++ b/.github/workflows/ci-it.yml
@@ -0,0 +1,56 @@
 name: CI
 on:
  push:
    branches:
      - 'main'
  pull_request:
    branches:
      - 'main'
 jobs:
  build-with-it:
    if: github.ref_name == 'main' || github.base_ref == 'main' || startsWith(github.ref_name, 'release/')
    runs-on: ubuntu-latest
    strategy:
      matrix:
        jdk: [ 11, 17, 21 ]
        vault: [ '1.2.0', '1.20.0' ]
        include:
          - jdk: 21
            vault: '1.20.0'
            analysis: true
    steps:
      - name: Checkout
        uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up Java
        uses: actions/setup-java@v5
        with:
          java-version: ${{ matrix.jdk }}
          distribution: 'temurin'
      - name: Compile
        run: ./mvnw -B clean compile
      - name: Set up Vault
        run: |
          wget -q "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_linux_amd64.zip"
          wget -q -O - "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_SHA256SUMS" | grep linux_amd64 | sha256sum -c
          tmp="$(mktemp -d)"
          unzip "vault_${{ matrix.vault }}_linux_amd64.zip" -d "$tmp"
          rm "vault_${{ matrix.vault }}_linux_amd64.zip"
          sudo mv "$tmp/vault" /usr/bin/vault
          rm -rf "$tmp"
      - name: Test (Unit & Integration)
        env:
          VAULT_VERSION: ${{ matrix.vault }}
        run: ./mvnw -B -P coverage -P integration-test verify
      - name: Analysis
        if: matrix.analysis && env.SONAR_TOKEN != ''
        run: >
          ./mvnw -B sonar:sonar
          -Dsonar.host.url=https://sonarcloud.io
          -Dsonar.organization=stklcode-github
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,48 +1,42 @@
 name: CI
-on: [ push, pull_request ]
+
 on:
  push:
    branches:
      - '**'
      - '!main'
  pull_request:
    branches:
      - '**'
      - '!main'
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        jdk: [ 11, 17, 21 ]
        vault: [ '1.2.0', '1.11.12', '1.15.4' ]
        include:
          - jdk: 21
            vault: '1.11.12'
            analysis: true
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v5
        with:
          java-version: ${{ matrix.jdk }}
          distribution: 'temurin'
      - name: Compile
-        run: mvn -B clean compile
+        run: ./mvnw -B clean compile
      - name: Set up Vault
        if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')
        run: |
          wget -q "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_linux_amd64.zip"
          wget -q -O - "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_SHA256SUMS" | grep linux_amd64 | sha256sum -c
          unzip "vault_${{ matrix.vault }}_linux_amd64.zip"
          rm "vault_${{ matrix.vault }}_linux_amd64.zip"
          sudo mv vault /usr/bin/vault
      - name: Test (Unit & Integration)
        if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')
        env:
          VAULT_VERSION: ${{ matrix.vault }}
        run: mvn -B -P coverage -P integration-test verify
      - name: Test (Unit)
-        if: github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/heads/release/')
+        run: ./mvnw -B -P coverage verify
        run: mvn -B -P coverage verify
      - name: Analysis
-        if: matrix.analysis
+        if: matrix.analysis && env.SONAR_TOKEN != ''
        run: >
-          mvn -B sonar:sonar
+          ./mvnw -B sonar:sonar
          -Dsonar.host.url=https://sonarcloud.io
          -Dsonar.organization=stklcode-github
        env:
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ release.properties
 dependency-reduced-pom.xml
 buildNumber.properties
 .mvn/timing.properties
 .mvn/wrapper/maven-wrapper.jar
 .idea
 *.iml
--- a/.mvn/wrapper/maven-wrapper.properties
+++ b/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1,2 @@
 distributionType=only-script
 distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.11/apache-maven-3.9.11-bin.zip
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,107 @@
 ## unreleased
 ### Dependencies
 * Updated Jackson to 2.20.0 (#106)
 ### Improvements
 * Extract API paths into a utility class (#108)
 ### Fix
 * Prevent potential off-by-1 error in internal `mapOf()` helper (#107)
 ## 1.5.2 (2025-07-16)
 ### Dependencies
 * Updated Jackson to 2.19.1 (#101)
 ### Fix
 * Use `Long` for numeric TTL fields (#103) (#104)
 ### Test
 * Tested against Vault 1.2 to 1.20 (#102)
 ## 1.5.1 (2025-06-02)
 ### Improvements
 * Use `lookup-self` for token check instead of `lookup` (#98) (#99)
 ### Dependencies
 * Updated Jackson to 2.19.0 (#97)
 ## 1.5.0 (2025-04-13)
 ### Deprecations
 * `read...Credentials()` methods for specific database mounts (#92)
 ### Features
 * Support Vault transit API (#89)
 * Support PEM certificate string from `VAULT_CACERT` environment variable (#93)
 ### Improvements
 * Replace deprecated `java.net.URL` usage with `java.net.URI` (#94)
 ### Fix
 * Fix initialization from environment without explicit port
 ### Dependencies
 * Updated Jackson to 2.18.3 (#90)
 ### Test
 * Tested against Vault 1.2 to 1.19
 ## 1.4.0 (2024-12-07)
 ### Removal
 * Remove deprecated `get...TimeString()` on model classes (#77)
 * Drop support for deprecated `App-ID` auth backend (#61) (#78)
 ### Fix
 * Add jackson-annotations requirement to module-info (#84)
 ### Dependencies
 * Updated Jackson to 2.18.2 (#85)
 ### Test
 * Tested against Vault 1.2 to 1.18
 ## 1.3.1 (2024-10-03)
 ### Dependencies
 * Updated Jackson to 2.18.0 (#80)
 ### Fix
 * Remove `Automatic-Module-Name` from JAR manifest (#79)
 ## 1.3.0 (2024-06-29)
 ### Improvements
 * Simplify JSON parsing in error handler
 * Add new fields from Vault 1.16 and 1.17 to `HealthResponse`
  * `echo_duration_ms`
  * `clock_skew_ms`
  * `replication_primary_canary_age_ms`
  * `enterprise`
 * Add missing `num_uses` field to `AuthData`
 * Add `mount_type` attribute to common response model
 * Add `auth` attribute to common response model
 * Add `custom_metadata`, `cas_required` and `delete_version_after` fields for KVv2 metadata
 * Generate and attach CycloneDX SBOM
 ### Fix
 * Rename `enable_local_secret_id` to `local_secret_ids` in `AppRole` model
 ### Dependencies
 * Updated Jackson to 2.17.1
 ### Test
 * Tested against Vault 1.2 to 1.17
 ## 1.2.0 (2023-12-11)
 ### Deprecations
--- a/README.md
+++ b/README.md
@@ -1,11 +1,11 @@
 # Java Vault Connector
-[![CI Status](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml/badge.svg)](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml)
+[![CI](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml/badge.svg)](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml)
-[![Quality Gate](https://sonarcloud.io/api/project_badges/measure?project=de.stklcode.jvault%3Ajvault-connector&metric=alert_status)](https://sonarcloud.io/dashboard?id=de.stklcode.jvault%3Ajvault-connector)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=de.stklcode.jvault%3Ajvault-connector&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=de.stklcode.jvault%3Ajvault-connector)
 [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/stklcode/jvaultconnector/blob/main/LICENSE.txt)
-[![Maven Central](https://img.shields.io/maven-central/v/de.stklcode.jvault/jvault-connector.svg)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22de.stklcode.jvault%22%20AND%20a%3A%22jvault-connector%22)
+[![Maven Central Version](https://img.shields.io/maven-central/v/de.stklcode.jvault/jvault-connector)](https://central.sonatype.com/artifact/de.stklcode.jvault/jvault-connector)
-![Logo](https://raw.githubusercontent.com/stklcode/jvaultconnector/main/assets/logo.png)
+![Logo](assets/logo.png)
 Java Vault Connector is a connector library for [Vault](https://www.vaultproject.io) by [Hashicorp](https://www.hashicorp.com) written in Java. The connector allows simple usage of Vault's secret store in own applications.
@@ -18,7 +18,6 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
    * Token
    * Username/Password
    * AppRole (register and authenticate)
    * AppID (register and authenticate) [_deprecated_]
 * Tokens
    * Creation and lookup of tokens and token roles
    * TokenBuilder for speaking creation of complex configurations
@@ -29,10 +28,11 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
    * Delete secrets
    * Renew/revoke leases
    * Raw secret content or JSON decoding
    * SQL secret handling
    * KV v1 and v2 support
    * Database secret handling
 * Transit API support
 * Connector Factory with builder pattern
-* Tested against Vault 1.2 to 1.15
+* Tested against Vault 1.2 to 1.20
 ## Maven Artifact
@@ -40,7 +40,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
 <dependency>
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>jvault-connector</artifactId>
-    <version>1.2.0</version>
+    <version>1.5.2</version>
 </dependency>
 ```
@@ -109,11 +109,11 @@ Token token = Token.builder()
                   .withDisplayName("new test token")
                   .withPolicies("pol1", "pol2")
                   .build();
-vault.createToken(token);
+vault.token().create(token);
 // Create AppRole credentials
-vault.createAppRole("testrole", policyList);
+vault.appRole().create("testrole", policyList);
-AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");
+AppRoleSecretResponse secret = vault.appRole().createSecret("testrole");
 ```
 ## Links
--- a/295
+++ b/295
@@ -0,0 +1,295 @@
 #!/bin/sh
 # ----------------------------------------------------------------------------
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 # ----------------------------------------------------------------------------
 # ----------------------------------------------------------------------------
 # Apache Maven Wrapper startup batch script, version 3.3.3
 #
 # Optional ENV vars
 # -----------------
 #   JAVA_HOME - location of a JDK home dir, required when download maven via java source
 #   MVNW_REPOURL - repo url base for downloading maven distribution
 #   MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven
 #   MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output
 # ----------------------------------------------------------------------------
 set -euf
 [ "${MVNW_VERBOSE-}" != debug ] || set -x
 # OS specific support.
 native_path() { printf %s\\n "$1"; }
 case "$(uname)" in
 CYGWIN* | MINGW*)
  [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")"
  native_path() { cygpath --path --windows "$1"; }
  ;;
 esac
 # set JAVACMD and JAVACCMD
 set_java_home() {
  # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched
  if [ -n "${JAVA_HOME-}" ]; then
    if [ -x "$JAVA_HOME/jre/sh/java" ]; then
      # IBM's JDK on AIX uses strange locations for the executables
      JAVACMD="$JAVA_HOME/jre/sh/java"
      JAVACCMD="$JAVA_HOME/jre/sh/javac"
    else
      JAVACMD="$JAVA_HOME/bin/java"
      JAVACCMD="$JAVA_HOME/bin/javac"
      if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then
        echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2
        echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2
        return 1
      fi
    fi
  else
    JAVACMD="$(
      'set' +e
      'unset' -f command 2>/dev/null
      'command' -v java
    )" || :
    JAVACCMD="$(
      'set' +e
      'unset' -f command 2>/dev/null
      'command' -v javac
    )" || :
    if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then
      echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2
      return 1
    fi
  fi
 }
 # hash string like Java String::hashCode
 hash_string() {
  str="${1:-}" h=0
  while [ -n "$str" ]; do
    char="${str%"${str#?}"}"
    h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296))
    str="${str#?}"
  done
  printf %x\\n $h
 }
 verbose() { :; }
 [ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; }
 die() {
  printf %s\\n "$1" >&2
  exit 1
 }
 trim() {
  # MWRAPPER-139:
  #   Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds.
  #   Needed for removing poorly interpreted newline sequences when running in more
  #   exotic environments such as mingw bash on Windows.
  printf "%s" "${1}" | tr -d '[:space:]'
 }
 scriptDir="$(dirname "$0")"
 scriptName="$(basename "$0")"
 # parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties
 while IFS="=" read -r key value; do
  case "${key-}" in
  distributionUrl) distributionUrl=$(trim "${value-}") ;;
  distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;;
  esac
 done <"$scriptDir/.mvn/wrapper/maven-wrapper.properties"
 [ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties"
 case "${distributionUrl##*/}" in
 maven-mvnd-*bin.*)
  MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/
  case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in
  *AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;;
  :Darwin*x86_64) distributionPlatform=darwin-amd64 ;;
  :Darwin*arm64) distributionPlatform=darwin-aarch64 ;;
  :Linux*x86_64*) distributionPlatform=linux-amd64 ;;
  *)
    echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2
    distributionPlatform=linux-amd64
    ;;
  esac
  distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip"
  ;;
 maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;;
 *) MVN_CMD="mvn${scriptName#mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;;
 esac
 # apply MVNW_REPOURL and calculate MAVEN_HOME
 # maven home pattern: ~/.m2/wrapper/dists/{apache-maven-<version>,maven-mvnd-<version>-<platform>}/<hash>
 [ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}"
 distributionUrlName="${distributionUrl##*/}"
 distributionUrlNameMain="${distributionUrlName%.*}"
 distributionUrlNameMain="${distributionUrlNameMain%-bin}"
 MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}"
 MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")"
 exec_maven() {
  unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || :
  exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD"
 }
 if [ -d "$MAVEN_HOME" ]; then
  verbose "found existing MAVEN_HOME at $MAVEN_HOME"
  exec_maven "$@"
 fi
 case "${distributionUrl-}" in
 *?-bin.zip | *?maven-mvnd-?*-?*.zip) ;;
 *) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;;
 esac
 # prepare tmp dir
 if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then
  clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; }
  trap clean HUP INT TERM EXIT
 else
  die "cannot create temp dir"
 fi
 mkdir -p -- "${MAVEN_HOME%/*}"
 # Download and Install Apache Maven
 verbose "Couldn't find MAVEN_HOME, downloading and installing it ..."
 verbose "Downloading from: $distributionUrl"
 verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName"
 # select .zip or .tar.gz
 if ! command -v unzip >/dev/null; then
  distributionUrl="${distributionUrl%.zip}.tar.gz"
  distributionUrlName="${distributionUrl##*/}"
 fi
 # verbose opt
 __MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR=''
 [ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v
 # normalize http auth
 case "${MVNW_PASSWORD:+has-password}" in
 '') MVNW_USERNAME='' MVNW_PASSWORD='' ;;
 has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;;
 esac
 if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then
  verbose "Found wget ... using wget"
  wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl"
 elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then
  verbose "Found curl ... using curl"
  curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl"
 elif set_java_home; then
  verbose "Falling back to use Java to download"
  javaSource="$TMP_DOWNLOAD_DIR/Downloader.java"
  targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName"
  cat >"$javaSource" <<-END
 	public class Downloader extends java.net.Authenticator
 	{
 	  protected java.net.PasswordAuthentication getPasswordAuthentication()
 	  {
 	    return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() );
 	  }
 	  public static void main( String[] args ) throws Exception
 	  {
 	    setDefault( new Downloader() );
 	    java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() );
 	  }
 	}
 	END
  # For Cygwin/MinGW, switch paths to Windows format before running javac and java
  verbose " - Compiling Downloader.java ..."
  "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java"
  verbose " - Running Downloader.java ..."
  "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")"
 fi
 # If specified, validate the SHA-256 sum of the Maven distribution zip file
 if [ -n "${distributionSha256Sum-}" ]; then
  distributionSha256Result=false
  if [ "$MVN_CMD" = mvnd.sh ]; then
    echo "Checksum validation is not supported for maven-mvnd." >&2
    echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2
    exit 1
  elif command -v sha256sum >/dev/null; then
    if echo "$distributionSha256Sum  $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c - >/dev/null 2>&1; then
      distributionSha256Result=true
    fi
  elif command -v shasum >/dev/null; then
    if echo "$distributionSha256Sum  $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then
      distributionSha256Result=true
    fi
  else
    echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2
    echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2
    exit 1
  fi
  if [ $distributionSha256Result = false ]; then
    echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2
    echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2
    exit 1
  fi
 fi
 # unzip and move
 if command -v unzip >/dev/null; then
  unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip"
 else
  tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar"
 fi
 # Find the actual extracted directory name (handles snapshots where filename != directory name)
 actualDistributionDir=""
 # First try the expected directory name (for regular distributions)
 if [ -d "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" ]; then
  if [ -f "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/bin/$MVN_CMD" ]; then
    actualDistributionDir="$distributionUrlNameMain"
  fi
 fi
 # If not found, search for any directory with the Maven executable (for snapshots)
 if [ -z "$actualDistributionDir" ]; then
  # enable globbing to iterate over items
  set +f
  for dir in "$TMP_DOWNLOAD_DIR"/*; do
    if [ -d "$dir" ]; then
      if [ -f "$dir/bin/$MVN_CMD" ]; then
        actualDistributionDir="$(basename "$dir")"
        break
      fi
    fi
  done
  set -f
 fi
 if [ -z "$actualDistributionDir" ]; then
  verbose "Contents of $TMP_DOWNLOAD_DIR:"
  verbose "$(ls -la "$TMP_DOWNLOAD_DIR")"
  die "Could not find Maven distribution directory in extracted archive"
 fi
 verbose "Found extracted Maven distribution directory: $actualDistributionDir"
 printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$actualDistributionDir/mvnw.url"
 mv -- "$TMP_DOWNLOAD_DIR/$actualDistributionDir" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME"
 clean || :
 exec_maven "$@"
--- a/mvnw.cmd
+++ b/mvnw.cmd
@@ -0,0 +1,189 @@
 <# : batch portion
@REM ----------------------------------------------------------------------------
@REM Licensed to the Apache Software Foundation (ASF) under one
@REM or more contributor license agreements.  See the NOTICE file
@REM distributed with this work for additional information
@REM regarding copyright ownership.  The ASF licenses this file
@REM to you under the Apache License, Version 2.0 (the
@REM "License"); you may not use this file except in compliance
@REM with the License.  You may obtain a copy of the License at
@REM
@REM    http://www.apache.org/licenses/LICENSE-2.0
@REM
@REM Unless required by applicable law or agreed to in writing,
@REM software distributed under the License is distributed on an
@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@REM KIND, either express or implied.  See the License for the
@REM specific language governing permissions and limitations
@REM under the License.
@REM ----------------------------------------------------------------------------
@REM ----------------------------------------------------------------------------
@REM Apache Maven Wrapper startup batch script, version 3.3.3
@REM
@REM Optional ENV vars
@REM   MVNW_REPOURL - repo url base for downloading maven distribution
@REM   MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven
@REM   MVNW_VERBOSE - true: enable verbose log; others: silence the output
@REM ----------------------------------------------------------------------------
@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0)
@SET __MVNW_CMD__=
@SET __MVNW_ERROR__=
@SET __MVNW_PSMODULEP_SAVE=%PSModulePath%
@SET PSModulePath=
@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @(
  IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B)
 )
@SET PSModulePath=%__MVNW_PSMODULEP_SAVE%
@SET __MVNW_PSMODULEP_SAVE=
@SET __MVNW_ARG0_NAME__=
@SET MVNW_USERNAME=
@SET MVNW_PASSWORD=
@IF NOT "%__MVNW_CMD__%"=="" ("%__MVNW_CMD__%" %*)
@echo Cannot start maven from wrapper >&2 && exit /b 1
@GOTO :EOF
 : end batch / begin powershell #>
 $ErrorActionPreference = "Stop"
 if ($env:MVNW_VERBOSE -eq "true") {
  $VerbosePreference = "Continue"
 }
 # calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties
 $distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl
 if (!$distributionUrl) {
  Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties"
 }
 switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) {
  "maven-mvnd-*" {
    $USE_MVND = $true
    $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip"
    $MVN_CMD = "mvnd.cmd"
    break
  }
  default {
    $USE_MVND = $false
    $MVN_CMD = $script -replace '^mvnw','mvn'
    break
  }
 }
 # apply MVNW_REPOURL and calculate MAVEN_HOME
 # maven home pattern: ~/.m2/wrapper/dists/{apache-maven-<version>,maven-mvnd-<version>-<platform>}/<hash>
 if ($env:MVNW_REPOURL) {
  $MVNW_REPO_PATTERN = if ($USE_MVND -eq $False) { "/org/apache/maven/" } else { "/maven/mvnd/" }
  $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace "^.*$MVNW_REPO_PATTERN",'')"
 }
 $distributionUrlName = $distributionUrl -replace '^.*/',''
 $distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$',''
 $MAVEN_M2_PATH = "$HOME/.m2"
 if ($env:MAVEN_USER_HOME) {
  $MAVEN_M2_PATH = "$env:MAVEN_USER_HOME"
 }
 if (-not (Test-Path -Path $MAVEN_M2_PATH)) {
    New-Item -Path $MAVEN_M2_PATH -ItemType Directory | Out-Null
 }
 $MAVEN_WRAPPER_DISTS = $null
 if ((Get-Item $MAVEN_M2_PATH).Target[0] -eq $null) {
  $MAVEN_WRAPPER_DISTS = "$MAVEN_M2_PATH/wrapper/dists"
 } else {
  $MAVEN_WRAPPER_DISTS = (Get-Item $MAVEN_M2_PATH).Target[0] + "/wrapper/dists"
 }
 $MAVEN_HOME_PARENT = "$MAVEN_WRAPPER_DISTS/$distributionUrlNameMain"
 $MAVEN_HOME_NAME = ([System.Security.Cryptography.SHA256]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join ''
 $MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME"
 if (Test-Path -Path "$MAVEN_HOME" -PathType Container) {
  Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME"
  Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD"
  exit $?
 }
 if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) {
  Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl"
 }
 # prepare tmp dir
 $TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile
 $TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir"
 $TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null
 trap {
  if ($TMP_DOWNLOAD_DIR.Exists) {
    try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null }
    catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" }
  }
 }
 New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null
 # Download and Install Apache Maven
 Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..."
 Write-Verbose "Downloading from: $distributionUrl"
 Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName"
 $webclient = New-Object System.Net.WebClient
 if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) {
  $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD)
 }
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 $webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null
 # If specified, validate the SHA-256 sum of the Maven distribution zip file
 $distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum
 if ($distributionSha256Sum) {
  if ($USE_MVND) {
    Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties."
  }
  Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash
  if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) {
    Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property."
  }
 }
 # unzip and move
 Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null
 # Find the actual extracted directory name (handles snapshots where filename != directory name)
 $actualDistributionDir = ""
 # First try the expected directory name (for regular distributions)
 $expectedPath = Join-Path "$TMP_DOWNLOAD_DIR" "$distributionUrlNameMain"
 $expectedMvnPath = Join-Path "$expectedPath" "bin/$MVN_CMD"
 if ((Test-Path -Path $expectedPath -PathType Container) -and (Test-Path -Path $expectedMvnPath -PathType Leaf)) {
  $actualDistributionDir = $distributionUrlNameMain
 }
 # If not found, search for any directory with the Maven executable (for snapshots)
 if (!$actualDistributionDir) {
  Get-ChildItem -Path "$TMP_DOWNLOAD_DIR" -Directory | ForEach-Object {
    $testPath = Join-Path $_.FullName "bin/$MVN_CMD"
    if (Test-Path -Path $testPath -PathType Leaf) {
      $actualDistributionDir = $_.Name
    }
  }
 }
 if (!$actualDistributionDir) {
  Write-Error "Could not find Maven distribution directory in extracted archive"
 }
 Write-Verbose "Found extracted Maven distribution directory: $actualDistributionDir"
 Rename-Item -Path "$TMP_DOWNLOAD_DIR/$actualDistributionDir" -NewName $MAVEN_HOME_NAME | Out-Null
 try {
  Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null
 } catch {
  if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) {
    Write-Error "fail to move MAVEN_HOME"
  }
 } finally {
  try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null }
  catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" }
 }
 Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD"
--- a/pom.xml
+++ b/pom.xml
@@ -1,10 +1,9 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>jvault-connector</artifactId>
-    <version>1.2.0</version>
+    <version>2.0.0-SNAPSHOT</version>
    <packaging>jar</packaging>
@@ -33,6 +32,7 @@
        <connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
        <developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
        <url>https://github.com/stklcode/jvaultconnector</url>
        <tag>HEAD</tag>
    </scm>
    <issueManagement>
@@ -42,31 +42,31 @@
    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <argLine></argLine>
+        <argLine />
    </properties>
    <dependencies>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
-            <version>2.16.0</version>
+            <version>2.20.0</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.datatype</groupId>
            <artifactId>jackson-datatype-jsr310</artifactId>
-            <version>2.16.0</version>
+            <version>2.20.0</version>
        </dependency>
        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter</artifactId>
-            <version>5.10.1</version>
+            <version>5.13.3</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.mockito</groupId>
            <artifactId>mockito-core</artifactId>
-            <version>5.8.0</version>
+            <version>5.19.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
@@ -78,25 +78,25 @@
        <dependency>
            <groupId>org.wiremock</groupId>
            <artifactId>wiremock</artifactId>
-            <version>3.3.1</version>
+            <version>3.13.1</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>commons-io</groupId>
            <artifactId>commons-io</artifactId>
-            <version>2.15.1</version>
+            <version>2.20.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>nl.jqno.equalsverifier</groupId>
            <artifactId>equalsverifier</artifactId>
-            <version>3.15.4</version>
+            <version>3.19.4</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.awaitility</groupId>
            <artifactId>awaitility</artifactId>
-            <version>4.2.0</version>
+            <version>4.3.0</version>
            <scope>test</scope>
        </dependency>
    </dependencies>
@@ -107,49 +107,42 @@
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-compiler-plugin</artifactId>
-                    <version>3.11.0</version>
+                    <version>3.14.0</version>
                    <configuration>
-                        <source>11</source>
+                        <release>11</release>
                        <target>11</target>
                    </configuration>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-clean-plugin</artifactId>
-                    <version>3.3.2</version>
+                    <version>3.5.0</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-deploy-plugin</artifactId>
-                    <version>3.1.1</version>
+                    <version>3.1.4</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-failsafe-plugin</artifactId>
-                    <version>3.2.2</version>
+                    <version>3.5.3</version>
                    <configuration>
                        <argLine>
                            @{argLine}
-                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
+                            --add-opens
                            de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
                        </argLine>
                    </configuration>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-install-plugin</artifactId>
-                    <version>3.1.1</version>
+                    <version>3.1.4</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-jar-plugin</artifactId>
-                    <version>3.3.0</version>
+                    <version>3.4.2</version>
                    <configuration>
                        <archive>
                            <manifestEntries>
                                <Automatic-Module-Name>de.stklcode.jvault.connector</Automatic-Module-Name>
                            </manifestEntries>
                        </archive>
                    </configuration>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
@@ -159,38 +152,62 @@
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-source-plugin</artifactId>
-                    <version>3.3.0</version>
+                    <version>3.3.1</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.2.2</version>
+                    <version>3.5.3</version>
                    <configuration>
                        <argLine>
                            @{argLine}
                            --add-opens java.base/java.util=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.exception=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response.embedded=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.datatype.jsr310
                        </argLine>
                    </configuration>
                </plugin>
                <plugin>
                    <groupId>org.cyclonedx</groupId>
                    <artifactId>cyclonedx-maven-plugin</artifactId>
                    <version>2.9.1</version>
                </plugin>
                <plugin>
                    <groupId>org.jacoco</groupId>
                    <artifactId>jacoco-maven-plugin</artifactId>
-                    <version>0.8.11</version>
+                    <version>0.8.13</version>
                </plugin>
                <plugin>
                    <groupId>org.sonarsource.scanner.maven</groupId>
                    <artifactId>sonar-maven-plugin</artifactId>
-                    <version>3.10.0.2594</version>
+                    <version> 5.2.0.4988</version>
                </plugin>
            </plugins>
        </pluginManagement>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-enforcer-plugin</artifactId>
                <version>3.6.1</version>
                <executions>
                    <execution>
                        <id>enforce-versions</id>
                        <goals>
                            <goal>enforce</goal>
                        </goals>
                        <configuration>
                            <rules>
                                <requireMavenVersion>
                                    <version>[3.6.3,)</version>
                                </requireMavenVersion>
                                <requireJavaVersion>
                                    <version>[11,)</version>
                                </requireJavaVersion>
                            </rules>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
    <profiles>
@@ -227,7 +244,7 @@
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.6.2</version>
+                        <version>3.11.3</version>
                        <configuration>
                            <source>11</source>
                        </configuration>
@@ -244,6 +261,29 @@
            </build>
        </profile>
        <profile>
            <id>sbom</id>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.cyclonedx</groupId>
                        <artifactId>cyclonedx-maven-plugin</artifactId>
                        <executions>
                            <execution>
                                <phase>package</phase>
                                <goals>
                                    <goal>makeBom</goal>
                                </goals>
                                <configuration>
                                    <skipNotDeployed>false</skipNotDeployed>
                                </configuration>
                            </execution>
                        </executions>
                    </plugin>
                </plugins>
            </build>
        </profile>
        <profile>
            <id>sign</id>
            <build>
@@ -251,7 +291,7 @@
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.1.0</version>
+                        <version>3.2.8</version>
                        <executions>
                            <execution>
                                <id>sign-artifacts</id>
@@ -322,7 +362,7 @@
                    <plugin>
                        <groupId>org.owasp</groupId>
                        <artifactId>dependency-check-maven</artifactId>
-                        <version>9.0.4</version>
+                        <version>12.1.3</version>
                        <configuration>
                            <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
                            <nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
@@ -340,17 +380,20 @@
        </profile>
        <profile>
-            <id>sonatype</id>
+            <id>central</id>
-            <distributionManagement>
+            <build>
-                <repository>
+                <plugins>
-                    <id>ossrh</id>
+                    <plugin>
-                    <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+                        <groupId>org.sonatype.central</groupId>
-                </repository>
+                        <artifactId>central-publishing-maven-plugin</artifactId>
-                <snapshotRepository>
+                        <version>0.8.0</version>
-                    <id>ossrh</id>
+                        <extensions>true</extensions>
-                    <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+                        <configuration>
-                </snapshotRepository>
+                            <publishingServerId>central</publishingServerId>
-            </distributionManagement>
+                        </configuration>
                    </plugin>
                </plugins>
            </build>
        </profile>
        <profile>
--- a/src/main/java/de/stklcode/jvault/connector/AppRoleClient.java
+++ b/src/main/java/de/stklcode/jvault/connector/AppRoleClient.java
@@ -0,0 +1,217 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import de.stklcode.jvault.connector.model.AppRole;
 import de.stklcode.jvault.connector.model.AppRoleSecret;
 import de.stklcode.jvault.connector.model.Token;
 import de.stklcode.jvault.connector.model.TokenRole;
 import de.stklcode.jvault.connector.model.response.*;
 import java.util.ArrayList;
 import java.util.List;
 /**
 * AppRole client interface.
 * Provides methods to interact with Vault's AppRole API.
 *
 * @since 2.0.0 extracted from {@link VaultConnector}
 */
 public interface AppRoleClient {
    /**
     * Register a new AppRole role from given metamodel.
     *
     * @param role The role
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    boolean create(final AppRole role) throws VaultConnectorException;
    /**
     * Register new AppRole role with default policy.
     *
     * @param roleName The role name
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default boolean create(final String roleName) throws VaultConnectorException {
        return create(roleName, new ArrayList<>());
    }
    /**
     * Register new AppRole role with policies.
     *
     * @param roleName The role name
     * @param policies The policies to associate with
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default boolean create(final String roleName, final List<String> policies) throws VaultConnectorException {
        return create(roleName, policies, null);
    }
    /**
     * Register new AppRole role with default policy and custom ID.
     *
     * @param roleName The role name
     * @param roleID   A custom role ID
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default boolean create(final String roleName, final String roleID) throws VaultConnectorException {
        return create(roleName, new ArrayList<>(), roleID);
    }
    /**
     * Register new AppRole role with policies and custom ID.
     *
     * @param roleName The role name
     * @param policies The policies to associate with
     * @param roleID   A custom role ID
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default boolean create(final String roleName, final List<String> policies, final String roleID)
        throws VaultConnectorException {
        return create(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
    }
    /**
     * Delete AppRole role from Vault.
     *
     * @param roleName The role name
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     */
    boolean delete(final String roleName) throws VaultConnectorException;
    /**
     * Lookup an AppRole role.
     *
     * @param roleName The role name
     * @return Result of the lookup
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    AppRoleResponse lookup(final String roleName) throws VaultConnectorException;
    /**
     * Retrieve ID for an AppRole role.
     *
     * @param roleName The role name
     * @return The role ID
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    String getRoleID(final String roleName) throws VaultConnectorException;
    /**
     * Set custom ID for an AppRole role.
     *
     * @param roleName The role name
     * @param roleID   The role ID
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    boolean setRoleID(final String roleName, final String roleID) throws VaultConnectorException;
    /**
     * Register new random generated AppRole secret.
     *
     * @param roleName The role name
     * @return The secret ID
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default AppRoleSecretResponse createSecret(final String roleName) throws VaultConnectorException {
        return createSecret(roleName, new AppRoleSecret());
    }
    /**
     * Register new AppRole secret with custom ID.
     *
     * @param roleName The role name
     * @param secretID A custom secret ID
     * @return The secret ID
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default AppRoleSecretResponse createSecret(final String roleName, final String secretID)
        throws VaultConnectorException {
        return createSecret(roleName, new AppRoleSecret(secretID));
    }
    /**
     * Register new AppRole secret with custom ID.
     *
     * @param roleName The role name
     * @param secret   The secret meta object
     * @return The secret ID
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    AppRoleSecretResponse createSecret(final String roleName, final AppRoleSecret secret)
        throws VaultConnectorException;
    /**
     * Lookup an AppRole secret.
     *
     * @param roleName The role name
     * @param secretID The secret ID
     * @return Result of the lookup
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    AppRoleSecretResponse lookupSecret(final String roleName, final String secretID)
        throws VaultConnectorException;
    /**
     * Destroy an AppRole secret.
     *
     * @param roleName The role name
     * @param secretID The secret meta object
     * @return The secret ID
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    boolean destroySecret(final String roleName, final String secretID) throws VaultConnectorException;
    /**
     * List existing (accessible) AppRole roles.
     *
     * @return List of roles
     * @throws VaultConnectorException on error
     */
    List<String> listRoles() throws VaultConnectorException;
    /**
     * List existing (accessible) secret IDs for AppRole role.
     *
     * @param roleName The role name
     * @return List of roles
     * @throws VaultConnectorException on error
     */
    List<String> listSecrets(final String roleName) throws VaultConnectorException;
 }
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -20,18 +20,17 @@ import de.stklcode.jvault.connector.exception.ConnectionException;
 import de.stklcode.jvault.connector.exception.TlsException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URL;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Objects;
 /**
 * Vault Connector Builder implementation for HTTP Vault connectors.
@@ -96,10 +95,14 @@ public final class HTTPVaultConnectorBuilder {
     * @since 1.0
     */
    public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) {
-        return withTLS(!("http".equalsIgnoreCase(Objects.requireNonNullElse(baseURL.getScheme(), ""))))
+        String path = baseURL.getPath();
        if (path == null || path.isBlank()) {
            path = DEFAULT_PREFIX;
        }
        return withTLS(!("http".equalsIgnoreCase(baseURL.getScheme())))
            .withHost(baseURL.getHost())
            .withPort(baseURL.getPort())
-                .withPrefix(baseURL.getPath());
+            .withPrefix(path);
    }
    /**
@@ -293,7 +296,7 @@ public final class HTTPVaultConnectorBuilder {
    }
    /**
-     * Build connector based on the {@code }VAULT_ADDR} and {@code VAULT_CACERT} (optional) environment variables.
+     * Build connector based on the {@code VAULT_ADDR} and {@code VAULT_CACERT} (optional) environment variables.
     *
     * @return self
     * @throws VaultConnectorException if Vault address from environment variables is malformed
@@ -301,13 +304,10 @@ public final class HTTPVaultConnectorBuilder {
     */
    public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
        /* Parse URL from environment variable */
-        if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) {
+        if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).isBlank()) {
            try {
-                var url = new URL(System.getenv(ENV_VAULT_ADDR));
+                withBaseURL(System.getenv(ENV_VAULT_ADDR));
-                this.host = url.getHost();
+            } catch (URISyntaxException e) {
                this.port = url.getPort();
                this.tls = url.getProtocol().equals("https");
            } catch (MalformedURLException e) {
                throw new ConnectionException("URL provided in environment variable malformed", e);
            }
        }
@@ -315,7 +315,7 @@ public final class HTTPVaultConnectorBuilder {
        /* Read number of retries */
        if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
            try {
-                numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES));
+                withNumberOfRetries(Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES)));
            } catch (NumberFormatException ignored) {
                /* Ignore malformed values. */
            }
@@ -325,8 +325,12 @@ public final class HTTPVaultConnectorBuilder {
        token = System.getenv(ENV_VAULT_TOKEN);
        /* Parse certificate, if set */
-        if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) {
+        if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).isBlank()) {
-            return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT)));
+            X509Certificate cert = certificateFromString(System.getenv(ENV_VAULT_CACERT));
            if (cert == null) {
                cert = certificateFromFile(Paths.get(System.getenv(ENV_VAULT_CACERT)));
            }
            return withTrustedCA(cert);
        }
        return this;
    }
@@ -398,6 +402,28 @@ public final class HTTPVaultConnectorBuilder {
        return con;
    }
    /**
     * Read given certificate file to X.509 certificate.
     *
     * @param cert Certificate string (optionally PEM)
     * @return X.509 Certificate object if parseable, else {@code null}
     * @throws TlsException on error
     * @since 1.5.0
     */
    private X509Certificate certificateFromString(final String cert) throws TlsException {
        // Check if PEM header is present in given string
        if (cert.contains("-BEGIN ") && cert.contains("-END")) {
            try (var is = new ByteArrayInputStream(cert.getBytes(StandardCharsets.UTF_8))) {
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
            } catch (IOException | CertificateException e) {
                throw new TlsException("Unable to read certificate.", e);
            }
        }
        // Not am PEM string, skip
        return null;
    }
    /**
     * Read given certificate file to X.509 certificate.
     *
--- a/src/main/java/de/stklcode/jvault/connector/KV2Client.java
+++ b/src/main/java/de/stklcode/jvault/connector/KV2Client.java
@@ -0,0 +1,200 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import de.stklcode.jvault.connector.model.response.MetadataResponse;
 import de.stklcode.jvault.connector.model.response.SecretResponse;
 import de.stklcode.jvault.connector.model.response.SecretVersionResponse;
 import java.util.Map;
 /**
 * KV v2 client interface.
 * Provides methods to interact with Vault's KV v2 API.
 *
 * @since 2.0.0 extracted from {@link VaultConnector}
 */
 public interface KV2Client {
    /**
     * Retrieve the latest secret data for specific version from Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret identifier
     * @return Secret response
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default SecretResponse readData(final String mount, final String key) throws VaultConnectorException {
        return readVersion(mount, key, null);
    }
    /**
     * Write secret to Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is written here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret identifier
     * @param data  Secret content. Value must be be JSON serializable.
     * @return Metadata for the created/updated secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default SecretVersionResponse writeData(final String mount,
                                            final String key,
                                            final Map<String, Object> data) throws VaultConnectorException {
        return writeData(mount, key, data, null);
    }
    /**
     * Write secret to Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is written here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret identifier
     * @param data  Secret content. Value must be be JSON serializable.
     * @param cas   Use Check-And-Set operation, i.e. only allow writing if current version matches this value.
     * @return Metadata for the created/updated secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    SecretVersionResponse writeData(final String mount,
                                    final String key,
                                    final Map<String, Object> data,
                                    final Integer cas) throws VaultConnectorException;
    /**
     * Retrieve secret data from Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param mount   Secret store mount point (without leading or trailing slash).
     * @param key     Secret identifier
     * @param version Version to read. If {@code null} or zero, the latest version will be returned.
     * @return Secret response.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    SecretResponse readVersion(final String mount, final String key, final Integer version)
        throws VaultConnectorException;
    /**
     * Retrieve secret metadata from Vault.
     * <br>
     * Path {@code <mount>/metadata/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret identifier
     * @return Metadata response
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    MetadataResponse readMetadata(final String mount, final String key) throws VaultConnectorException;
    /**
     * Update secret metadata.
     * <br>
     * Path {@code <mount>/metadata/<key>} is written here.
     * Only available for KV v2 secrets.
     *
     * @param mount       Secret store mount point (without leading or trailing slash).
     * @param key         Secret identifier
     * @param maxVersions Maximum number of versions (fallback to backend default if {@code null})
     * @param casRequired Specify if Check-And-Set is required for this secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void updateMetadata(final String mount,
                        final String key,
                        final Integer maxVersions,
                        final boolean casRequired) throws VaultConnectorException;
    /**
     * Delete latest version of a secret from Vault.
     * <br>
     * Only available for KV v2 stores.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret path.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void deleteLatestVersion(final String mount, final String key) throws VaultConnectorException;
    /**
     * Delete latest version of a secret from Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to path.
     * Only available for KV v2 stores.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret path.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void deleteAllVersions(final String mount, final String key) throws VaultConnectorException;
    /**
     * Delete secret versions from Vault.
     * <br>
     * Only available for KV v2 stores.
     *
     * @param mount    Secret store mount point (without leading or trailing slash).
     * @param key      Secret path.
     * @param versions Versions of the secret to delete.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void deleteVersions(final String mount, final String key, final int... versions)
        throws VaultConnectorException;
    /**
     * Undelete (restore) secret versions from Vault.
     * Only available for KV v2 stores.
     *
     * @param mount    Secret store mount point (without leading or trailing slash).
     * @param key      Secret path.
     * @param versions Versions of the secret to undelete.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void undeleteVersions(final String mount, final String key, final int... versions)
        throws VaultConnectorException;
    /**
     * Destroy secret versions from Vault.
     * Only available for KV v2 stores.
     *
     * @param mount    Secret store mount point (without leading or trailing slash).
     * @param key      Secret path.
     * @param versions Versions of the secret to destroy.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void destroyVersions(final String mount, final String key, final int... versions)
        throws VaultConnectorException;
 }
--- a/src/main/java/de/stklcode/jvault/connector/SysClient.java
+++ b/src/main/java/de/stklcode/jvault/connector/SysClient.java
@@ -0,0 +1,88 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import de.stklcode.jvault.connector.model.AuthBackend;
 import de.stklcode.jvault.connector.model.Token;
 import de.stklcode.jvault.connector.model.TokenRole;
 import de.stklcode.jvault.connector.model.response.*;
 import java.util.List;
 /**
 * Sys client interface.
 * Provides methods to interact with Vault's system API.
 *
 * @since 2.0.0 extracted from {@link VaultConnector}
 */
 public interface SysClient {
    /**
     * Retrieve status of vault seal.
     *
     * @return Seal status
     * @throws VaultConnectorException on error
     */
    SealResponse sealStatus() throws VaultConnectorException;
    /**
     * Seal vault.
     *
     * @throws VaultConnectorException on error
     */
    void seal() throws VaultConnectorException;
    /**
     * Unseal vault.
     *
     * @param key   A single master share key
     * @param reset Discard previously provided keys (optional)
     * @return Response with seal status
     * @throws VaultConnectorException on error
     */
    SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException;
    /**
     * Unseal vault.
     *
     * @param key A single master share key
     * @return Response with seal status
     * @throws VaultConnectorException on error
     */
    default SealResponse unseal(final String key) throws VaultConnectorException {
        return unseal(key, null);
    }
    /**
     * Query server health information.
     *
     * @return Health information.
     * @throws VaultConnectorException on error
     * @since 0.7.0
     */
    HealthResponse getHealth() throws VaultConnectorException;
    /**
     * Get all available authentication backends.
     *
     * @return List of backends
     * @throws VaultConnectorException on error
     */
    List<AuthBackend> getAuthBackends() throws VaultConnectorException;
 }
--- a/src/main/java/de/stklcode/jvault/connector/TokenClient.java
+++ b/src/main/java/de/stklcode/jvault/connector/TokenClient.java
@@ -0,0 +1,125 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import de.stklcode.jvault.connector.model.Token;
 import de.stklcode.jvault.connector.model.TokenRole;
 import de.stklcode.jvault.connector.model.response.AuthResponse;
 import de.stklcode.jvault.connector.model.response.TokenResponse;
 import de.stklcode.jvault.connector.model.response.TokenRoleResponse;
 import java.util.List;
 /**
 * Token client interface.
 * Provides methods to interact with Vault's token API.
 *
 * @since 2.0.0 extracted from {@link VaultConnector}
 */
 public interface TokenClient {
    /**
     * Create a new token.
     *
     * @param token the token
     * @return the result response
     * @throws VaultConnectorException on error
     */
    AuthResponse create(final Token token) throws VaultConnectorException;
    /**
     * Create a new token.
     *
     * @param token  the token
     * @param orphan create orphan token
     * @return the result response
     * @throws VaultConnectorException on error
     */
    AuthResponse create(final Token token, boolean orphan) throws VaultConnectorException;
    /**
     * Create a new token for specific role.
     *
     * @param token the token
     * @param role  the role name
     * @return the result response
     * @throws VaultConnectorException on error
     */
    AuthResponse create(final Token token, final String role) throws VaultConnectorException;
    /**
     * Lookup token information.
     *
     * @param token the token
     * @return the result response
     * @throws VaultConnectorException on error
     */
    TokenResponse lookup(final String token) throws VaultConnectorException;
    /**
     * Create a new or update an existing token role.
     *
     * @param role the role entity (name must be set)
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.9
     */
    default boolean createOrUpdateRole(final TokenRole role) throws VaultConnectorException {
        return createOrUpdateRole(role.getName(), role);
    }
    /**
     * Create a new or update an existing token role.
     *
     * @param name the role name (overrides name possibly set in role entity)
     * @param role the role entity
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.9
     */
    boolean createOrUpdateRole(final String name, final TokenRole role) throws VaultConnectorException;
    /**
     * Lookup token information.
     *
     * @param name the role name
     * @return the result response
     * @throws VaultConnectorException on error
     * @since 0.9
     */
    TokenRoleResponse readRole(final String name) throws VaultConnectorException;
    /**
     * List available token roles from Vault.
     *
     * @return List of token roles
     * @throws VaultConnectorException on error
     * @since 0.9
     */
    List<String> listRoles() throws VaultConnectorException;
    /**
     * Delete a token role.
     *
     * @param name the role name to delete
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.9
     */
    boolean deleteRole(final String name) throws VaultConnectorException;
 }
--- a/src/main/java/de/stklcode/jvault/connector/TransitClient.java
+++ b/src/main/java/de/stklcode/jvault/connector/TransitClient.java
@@ -0,0 +1,107 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import de.stklcode.jvault.connector.model.response.TransitResponse;
 import java.util.Base64;
 /**
 * Transit client interface.
 * Provides methods to interact with Vault's transit API.
 *
 * @since 2.0.0 extracted from {@link VaultConnector}
 */
 public interface TransitClient {
    /**
     * Encrypt plaintext via transit engine from Vault.
     *
     * @param keyName   Transit key name
     * @param plaintext Text to encrypt (Base64 encoded)
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    TransitResponse encrypt(final String keyName, final String plaintext) throws VaultConnectorException;
    /**
     * Encrypt plaintext via transit engine from Vault.
     *
     * @param keyName   Transit key name
     * @param plaintext Binary data to encrypt
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    default TransitResponse encrypt(final String keyName, final byte[] plaintext)
        throws VaultConnectorException {
        return encrypt(keyName, Base64.getEncoder().encodeToString(plaintext));
    }
    /**
     * Decrypt ciphertext via transit engine from Vault.
     *
     * @param keyName    Transit key name
     * @param ciphertext Text to decrypt
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    TransitResponse decrypt(final String keyName, final String ciphertext) throws VaultConnectorException;
    /**
     * Hash data in hex format via transit engine from Vault.
     *
     * @param algorithm Specifies the hash algorithm to use
     * @param input     Data to hash
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    default TransitResponse hash(final String algorithm, final String input) throws VaultConnectorException {
        return hash(algorithm, input, "hex");
    }
    /**
     * Hash data via transit engine from Vault.
     *
     * @param algorithm Specifies the hash algorithm to use
     * @param input     Data to hash (Base64 encoded)
     * @param format    Specifies the output encoding (hex/base64)
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    TransitResponse hash(final String algorithm, final String input, final String format)
        throws VaultConnectorException;
    /**
     * Hash data via transit engine from Vault.
     *
     * @param algorithm Specifies the hash algorithm to use
     * @param input     Data to hash
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    default TransitResponse hash(final String algorithm, final byte[] input, final String format)
        throws VaultConnectorException {
        return hash(algorithm, Base64.getEncoder().encodeToString(input), format);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -21,10 +21,7 @@ import de.stklcode.jvault.connector.model.*;
 import de.stklcode.jvault.connector.model.response.*;
 import java.io.Serializable;
-import java.util.ArrayList;
+import java.util.*;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 /**
 * Vault Connector interface.
@@ -40,59 +37,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    void resetAuth();
    /**
     * Retrieve status of vault seal.
     *
     * @return Seal status
     * @throws VaultConnectorException on error
     */
    SealResponse sealStatus() throws VaultConnectorException;
    /**
     * Seal vault.
     *
     * @throws VaultConnectorException on error
     */
    void seal() throws VaultConnectorException;
    /**
     * Unseal vault.
     *
     * @param key   A single master share key
     * @param reset Discard previously provided keys (optional)
     * @return Response with seal status
     * @throws VaultConnectorException on error
     */
    SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException;
    /**
     * Unseal vault.
     *
     * @param key A single master share key
     * @return Response with seal status
     * @throws VaultConnectorException on error
     */
    default SealResponse unseal(final String key) throws VaultConnectorException {
        return unseal(key, null);
    }
    /**
     * Query server health information.
     *
     * @return Health information.
     * @throws VaultConnectorException on error
     * @since 0.7.0
     */
    HealthResponse getHealth() throws VaultConnectorException;
    /**
     * Get all available authentication backends.
     *
     * @return List of backends
     * @throws VaultConnectorException on error
     */
    List<AuthBackend> getAuthBackends() throws VaultConnectorException;
    /**
     * Authorize to Vault using token.
     *
@@ -112,19 +56,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    AuthResponse authUserPass(final String username, final String password) throws VaultConnectorException;
    /**
     * Authorize to Vault using AppID method.
     *
     * @param appID  The App ID
     * @param userID The User ID
     * @return The {@link AuthResponse}
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
     * Consider using {@link #authAppRole} instead.
     */
    @Deprecated(since = "0.4", forRemoval = true)
    AuthResponse authAppId(final String appID, final String userID) throws VaultConnectorException;
    /**
     * Authorize to Vault using AppRole method without secret ID.
     *
@@ -148,234 +79,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException;
    /**
     * Register new App-ID with policy.
     *
     * @param appID       The unique App-ID
     * @param policy      The policy to associate with
     * @param displayName Arbitrary name to display
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
     * Consider using {@link #createAppRole} instead.
     */
    @Deprecated(since = "0.4", forRemoval = true)
    boolean registerAppId(final String appID, final String policy, final String displayName)
            throws VaultConnectorException;
    /**
     * Register a new AppRole role from given metamodel.
     *
     * @param role The role
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    boolean createAppRole(final AppRole role) throws VaultConnectorException;
    /**
     * Register new AppRole role with default policy.
     *
     * @param roleName The role name
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default boolean createAppRole(final String roleName) throws VaultConnectorException {
        return createAppRole(roleName, new ArrayList<>());
    }
    /**
     * Register new AppRole role with policies.
     *
     * @param roleName The role name
     * @param policies The policies to associate with
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default boolean createAppRole(final String roleName, final List<String> policies) throws VaultConnectorException {
        return createAppRole(roleName, policies, null);
    }
    /**
     * Register new AppRole role with default policy and custom ID.
     *
     * @param roleName The role name
     * @param roleID   A custom role ID
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default boolean createAppRole(final String roleName, final String roleID) throws VaultConnectorException {
        return createAppRole(roleName, new ArrayList<>(), roleID);
    }
    /**
     * Register new AppRole role with policies and custom ID.
     *
     * @param roleName The role name
     * @param policies The policies to associate with
     * @param roleID   A custom role ID
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
            throws VaultConnectorException {
        return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
    }
    /**
     * Delete AppRole role from Vault.
     *
     * @param roleName The role name
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     */
    boolean deleteAppRole(final String roleName) throws VaultConnectorException;
    /**
     * Lookup an AppRole role.
     *
     * @param roleName The role name
     * @return Result of the lookup
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    AppRoleResponse lookupAppRole(final String roleName) throws VaultConnectorException;
    /**
     * Retrieve ID for an AppRole role.
     *
     * @param roleName The role name
     * @return The role ID
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    String getAppRoleID(final String roleName) throws VaultConnectorException;
    /**
     * Set custom ID for an AppRole role.
     *
     * @param roleName The role name
     * @param roleID   The role ID
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    boolean setAppRoleID(final String roleName, final String roleID) throws VaultConnectorException;
    /**
     * Register new random generated AppRole secret.
     *
     * @param roleName The role name
     * @return The secret ID
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default AppRoleSecretResponse createAppRoleSecret(final String roleName) throws VaultConnectorException {
        return createAppRoleSecret(roleName, new AppRoleSecret());
    }
    /**
     * Register new AppRole secret with custom ID.
     *
     * @param roleName The role name
     * @param secretID A custom secret ID
     * @return The secret ID
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
            throws VaultConnectorException {
        return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
    }
    /**
     * Register new AppRole secret with custom ID.
     *
     * @param roleName The role name
     * @param secret   The secret meta object
     * @return The secret ID
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
            throws VaultConnectorException;
    /**
     * Lookup an AppRole secret.
     *
     * @param roleName The role name
     * @param secretID The secret ID
     * @return Result of the lookup
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
            throws VaultConnectorException;
    /**
     * Destroy an AppRole secret.
     *
     * @param roleName The role name
     * @param secretID The secret meta object
     * @return The secret ID
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    boolean destroyAppRoleSecret(final String roleName, final String secretID) throws VaultConnectorException;
    /**
     * List existing (accessible) AppRole roles.
     *
     * @return List of roles
     * @throws VaultConnectorException on error
     */
    List<String> listAppRoles() throws VaultConnectorException;
    /**
     * List existing (accessible) secret IDs for AppRole role.
     *
     * @param roleName The role name
     * @return List of roles
     * @throws VaultConnectorException on error
     */
    List<String> listAppRoleSecrets(final String roleName) throws VaultConnectorException;
    /**
     * Register User-ID with App-ID.
     *
     * @param appID  The App-ID
     * @param userID The User-ID
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
     * Consider using {@link #createAppRoleSecret} instead.
     */
    @Deprecated(since = "0.4", forRemoval = true)
    boolean registerUserId(final String appID, final String userID) throws VaultConnectorException;
    /**
     * Register new App-ID and User-ID at once.
     *
     * @param appID       The App-ID
     * @param policy      The policy to associate with
     * @param displayName Arbitrary name to display
     * @param userID      The User-ID
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
     */
    @Deprecated(since = "0.4", forRemoval = true)
    default boolean registerAppUserId(final String appID,
                                      final String policy,
                                      final String displayName,
                                      final String userID) throws VaultConnectorException {
        return registerAppId(appID, policy, userID) && registerUserId(appID, userID);
    }
    /**
     * Get authorization status.
     *
@@ -393,108 +96,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    SecretResponse read(final String key) throws VaultConnectorException;
    /**
     * Retrieve the latest secret data for specific version from Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret identifier
     * @return Secret response
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default SecretResponse readSecretData(final String mount, final String key) throws VaultConnectorException {
        return readSecretVersion(mount, key, null);
    }
    /**
     * Write secret to Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is written here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret identifier
     * @param data  Secret content. Value must be be JSON serializable.
     * @return Metadata for the created/updated secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default SecretVersionResponse writeSecretData(final String mount,
                                                  final String key,
                                                  final Map<String, Object> data) throws VaultConnectorException {
        return writeSecretData(mount, key, data, null);
    }
    /**
     * Write secret to Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is written here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret identifier
     * @param data  Secret content. Value must be be JSON serializable.
     * @param cas   Use Check-And-Set operation, i.e. only allow writing if current version matches this value.
     * @return Metadata for the created/updated secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    SecretVersionResponse writeSecretData(final String mount,
                                          final String key,
                                          final Map<String, Object> data,
                                          final Integer cas) throws VaultConnectorException;
    /**
     * Retrieve secret data from Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param mount   Secret store mount point (without leading or trailing slash).
     * @param key     Secret identifier
     * @param version Version to read. If {@code null} or zero, the latest version will be returned.
     * @return Secret response.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
            throws VaultConnectorException;
    /**
     * Retrieve secret metadata from Vault.
     * <br>
     * Path {@code <mount>/metadata/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret identifier
     * @return Metadata response
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    MetadataResponse readSecretMetadata(final String mount, final String key) throws VaultConnectorException;
    /**
     * Update secret metadata.
     * <br>
     * Path {@code <mount>/metadata/<key>} is written here.
     * Only available for KV v2 secrets.
     *
     * @param mount       Secret store mount point (without leading or trailing slash).
     * @param key         Secret identifier
     * @param maxVersions Maximum number of versions (fallback to backend default if {@code null})
     * @param casRequired Specify if Check-And-Set is required for this secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void updateSecretMetadata(final String mount,
                              final String key,
                              final Integer maxVersions,
                              final boolean casRequired) throws VaultConnectorException;
    /**
     * List available nodes from Vault.
     *
@@ -550,71 +151,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    void delete(final String key) throws VaultConnectorException;
    /**
     * Delete latest version of a secret from Vault.
     * <br>
     * Only available for KV v2 stores.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret path.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void deleteLatestSecretVersion(final String mount, final String key) throws VaultConnectorException;
    /**
     * Delete latest version of a secret from Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to path.
     * Only available for KV v2 stores.
     *
     * @param mount Secret store mount point (without leading or trailing slash).
     * @param key   Secret path.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void deleteAllSecretVersions(final String mount, final String key) throws VaultConnectorException;
    /**
     * Delete secret versions from Vault.
     * <br>
     * Only available for KV v2 stores.
     *
     * @param mount    Secret store mount point (without leading or trailing slash).
     * @param key      Secret path.
     * @param versions Versions of the secret to delete.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void deleteSecretVersions(final String mount, final String key, final int... versions)
            throws VaultConnectorException;
    /**
     * Undelete (restore) secret versions from Vault.
     * Only available for KV v2 stores.
     *
     * @param mount    Secret store mount point (without leading or trailing slash).
     * @param key      Secret path.
     * @param versions Versions of the secret to undelete.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void undeleteSecretVersions(final String mount, final String key, final int... versions)
            throws VaultConnectorException;
    /**
     * Destroy secret versions from Vault.
     * Only available for KV v2 stores.
     *
     * @param mount    Secret store mount point (without leading or trailing slash).
     * @param key      Secret path.
     * @param versions Versions of the secret to destroy.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void destroySecretVersions(final String mount, final String key, final int... versions)
            throws VaultConnectorException;
    /**
     * Revoke given lease immediately.
     *
@@ -645,94 +181,44 @@ public interface VaultConnector extends AutoCloseable, Serializable {
    SecretResponse renew(final String leaseID, final Integer increment) throws VaultConnectorException;
    /**
-     * Create a new token.
+     * Get client for KV v2 API.
     *
-     * @param token the token
+     * @return KV v2 client
-     * @return the result response
+     * @since 2.0.0
     * @throws VaultConnectorException on error
     */
-    AuthResponse createToken(final Token token) throws VaultConnectorException;
+    KV2Client kv2();
    /**
-     * Create a new token.
+     * Get client for token API.
     *
-     * @param token  the token
+     * @return Token client
-     * @param orphan create orphan token
+     * @since 2.0.0
     * @return the result response
     * @throws VaultConnectorException on error
     */
-    AuthResponse createToken(final Token token, boolean orphan) throws VaultConnectorException;
+    TokenClient token();
    /**
-     * Create a new token for specific role.
+     * Get client for AppRole API.
     *
-     * @param token the token
+     * @return AppRole client
-     * @param role  the role name
+     * @since 2.0.0
     * @return the result response
     * @throws VaultConnectorException on error
     */
-    AuthResponse createToken(final Token token, final String role) throws VaultConnectorException;
+    AppRoleClient appRole();
    /**
-     * Lookup token information.
+     * Get client for transit API.
     *
-     * @param token the token
+     * @return Transit client
-     * @return the result response
+     * @since 2.0.0
     * @throws VaultConnectorException on error
     */
-    TokenResponse lookupToken(final String token) throws VaultConnectorException;
+    TransitClient transit();
    /**
-     * Create a new or update an existing token role.
+     * Get client for system API.
     *
-     * @param role the role entity (name must be set)
+     * @return System client
-     * @return {@code true} on success
+     * @since 2.0.0
     * @throws VaultConnectorException on error
     * @since 0.9
     */
-    default boolean createOrUpdateTokenRole(final TokenRole role) throws VaultConnectorException {
+    SysClient sys();
        return createOrUpdateTokenRole(role.getName(), role);
    }
    /**
     * Create a new or update an existing token role.
     *
     * @param name the role name (overrides name possibly set in role entity)
     * @param role the role entity
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.9
     */
    boolean createOrUpdateTokenRole(final String name, final TokenRole role) throws VaultConnectorException;
    /**
     * Lookup token information.
     *
     * @param name the role name
     * @return the result response
     * @throws VaultConnectorException on error
     * @since 0.9
     */
    TokenRoleResponse readTokenRole(final String name) throws VaultConnectorException;
    /**
     * List available token roles from Vault.
     *
     * @return List of token roles
     * @throws VaultConnectorException on error
     * @since 0.9
     */
    List<String> listTokenRoles() throws VaultConnectorException;
    /**
     * Delete a token role.
     *
     * @param name the role name to delete
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.9
     */
    boolean deleteTokenRole(final String name) throws VaultConnectorException;
    /**
     * Read credentials for MySQL backend at default mount point.
@@ -741,7 +227,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your MySQL mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mysql");
    }
@@ -753,7 +241,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your PostgreSQL mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "postgresql");
    }
@@ -765,28 +255,32 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your MSSQL mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mssql");
    }
    /**
-     * Read credentials for MSSQL backend at default mount point.
+     * Read credentials for MongoDB backend at default mount point.
     *
     * @param role the role name
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your MongoDB mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mongodb");
    }
    /**
-     * Read credentials for SQL backends.
+     * Read credentials for database backends.
     *
     * @param role  the role name
-     * @param mount mount point of the SQL backend
+     * @param mount mount point of the database backend
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
@@ -795,4 +289,5 @@ public interface VaultConnector extends AutoCloseable, Serializable {
        throws VaultConnectorException {
        return (CredentialsResponse) read(mount + "/creds/" + role);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -23,4 +23,5 @@ package de.stklcode.jvault.connector.exception;
 * @since 0.1
 */
 public class AuthorizationRequiredException extends VaultConnectorException {
    private static final long serialVersionUID = 2629577936657393880L;
 }
--- a/src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -23,6 +23,8 @@ package de.stklcode.jvault.connector.exception;
 * @since 0.1
 */
 public class ConnectionException extends VaultConnectorException {
    private static final long serialVersionUID = 3005430116002990418L;
    /**
     * Constructs a new empty exception.
     */
--- a/src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -23,6 +23,8 @@ package de.stklcode.jvault.connector.exception;
 * @since 0.1
 */
 public class InvalidRequestException extends VaultConnectorException {
    private static final long serialVersionUID = -6712239648281809159L;
    /**
     * Constructs a new empty exception.
     */
--- a/src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -24,6 +24,8 @@ package de.stklcode.jvault.connector.exception;
 * @since 0.1
 */
 public final class InvalidResponseException extends VaultConnectorException {
    private static final long serialVersionUID = 2003151038614163479L;
    private final Integer statusCode;
    private final String response;
--- a/src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -23,6 +23,8 @@ package de.stklcode.jvault.connector.exception;
 * @since 0.1
 */
 public class PermissionDeniedException extends VaultConnectorException {
    private static final long serialVersionUID = -7149134015090750776L;
    /**
     * Constructs a new empty exception.
     */
--- a/src/main/java/de/stklcode/jvault/connector/exception/TlsException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/TlsException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -23,6 +23,8 @@ package de.stklcode.jvault.connector.exception;
 * @since 0.4.0
 */
 public class TlsException extends VaultConnectorException {
    private static final long serialVersionUID = -5139276834988258086L;
    /**
     * Constructs a new empty exception.
     */
--- a/src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -23,6 +23,8 @@ package de.stklcode.jvault.connector.exception;
 * @since 0.1
 */
 public abstract class VaultConnectorException extends Exception {
    private static final long serialVersionUID = -2612477894310906036L;
    /**
     * Constructs a new empty exception.
     */
--- a/src/main/java/de/stklcode/jvault/connector/exception/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/internal/Error.java
+++ b/src/main/java/de/stklcode/jvault/connector/internal/Error.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java
+++ b/src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java
@@ -2,8 +2,8 @@ package de.stklcode.jvault.connector.internal;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.*;
 import de.stklcode.jvault.connector.model.response.ErrorResponse;
@@ -44,7 +44,7 @@ public final class RequestHelper implements Serializable {
    private final int retries;                      // Number of retries on 5xx errors.
    private final String tlsVersion;                // TLS version (#22).
    private final X509Certificate trustedCaCert;    // Trusted CA certificate.
-    private final ObjectMapper jsonMapper;
+    private final JsonMapper jsonMapper;
    /**
     * Constructor of the request helper.
@@ -65,10 +65,11 @@ public final class RequestHelper implements Serializable {
        this.timeout = timeout;
        this.tlsVersion = tlsVersion;
        this.trustedCaCert = trustedCaCert;
-        this.jsonMapper = new ObjectMapper()
+        this.jsonMapper = JsonMapper.builder()
-                .registerModule(new JavaTimeModule())
+            .addModule(new JavaTimeModule())
            .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+            .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
            .build();
    }
    /**
@@ -431,18 +432,19 @@ public final class RequestHelper implements Serializable {
     * @throws VaultConnectorException Expected exception with details to throw
     */
    private void handleError(final HttpResponse<InputStream> response) throws VaultConnectorException {
-        if (response.body() != null) {
+        try (var body = response.body()) {
-            try (var reader = new BufferedReader(new InputStreamReader(response.body(), UTF_8))) {
+            if (body != null) {
-                var responseString = reader.lines().collect(Collectors.joining("\n"));
+                try (var reader = new BufferedReader(new InputStreamReader(body, UTF_8))) {
-                ErrorResponse er = jsonMapper.readValue(responseString, ErrorResponse.class);
+                    ErrorResponse er = jsonMapper.readValue(reader, ErrorResponse.class);
                    /* Check for "permission denied" response */
                    if (!er.getErrors().isEmpty() && er.getErrors().get(0).equals("permission denied")) {
                        throw new PermissionDeniedException();
                    }
                    throw new InvalidResponseException(Error.RESPONSE_CODE, response.statusCode(), er.toString());
                }
            }
        } catch (IOException ignored) {
            // Exception ignored.
        }
    }
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/internal/VaultApiPath.java
+++ b/src/main/java/de/stklcode/jvault/connector/internal/VaultApiPath.java
@@ -0,0 +1,74 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.internal;
 /**
 * Vault API path constants.
 *
 * @author Stefan Kalscheuer
 * @since 1.5.3
 */
 public final class VaultApiPath {
    // Base paths
    private static final String SYS = "sys";
    private static final String AUTH = "auth";
    private static final String TRANSIT = "transit";
    // System paths
    public static final String SYS_AUTH = SYS + "/auth";
    public static final String SYS_LEASES_RENEW = SYS + "/leases/renew";
    public static final String SYS_LEASES_REVOKE = SYS + "/leases/revoke/";
    public static final String SYS_HEALTH = SYS + "/health";
    public static final String SYS_SEAL = SYS + "/seal";
    public static final String SYS_SEAL_STATUS = SYS + "/seal-status";
    public static final String SYS_UNSEAL = SYS + "/unseal";
    // Auth paths
    public static final String AUTH_TOKEN = AUTH + "/token";
    public static final String AUTH_USERPASS_LOGIN = AUTH + "/userpass/login/";
    public static final String AUTH_APPROLE = AUTH + "/approle";
    public static final String AUTH_APPROLE_ROLE = AUTH_APPROLE + "/role/%s%s";
    // Token operations
    public static final String TOKEN_LOOKUP = "/lookup";
    public static final String TOKEN_LOOKUP_SELF = "/lookup-self";
    public static final String TOKEN_CREATE = "/create";
    public static final String TOKEN_CREATE_ORPHAN = "/create-orphan";
    public static final String TOKEN_ROLES = "/roles";
    // Secret engine paths
    public static final String SECRET_DATA = "/data/";
    public static final String SECRET_METADATA = "/metadata/";
    public static final String SECRET_DELETE = "/delete/";
    public static final String SECRET_UNDELETE = "/undelete/";
    public static final String SECRET_DESTROY = "/destroy/";
    // Generic paths
    public static final String LOGIN = "/login";
    // Transit engine paths
    public static final String TRANSIT_ENCRYPT = TRANSIT + "/encrypt/";
    public static final String TRANSIT_DECRYPT = TRANSIT + "/decrypt/";
    public static final String TRANSIT_HASH = TRANSIT + "/hash/";
    /**
     * Private constructor to prevent instantiation.
     */
    private VaultApiPath() {
        // Utility class
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/AppRole.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AppRole.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class AppRole implements Serializable {
-    private static final long serialVersionUID = -6248529625864573990L;
+    private static final long serialVersionUID = 1546673231280751679L;
    @JsonProperty("role_name")
    private String name;
@@ -53,19 +53,19 @@ public final class AppRole implements Serializable {
    @JsonProperty("secret_id_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer secretIdTtl;
+    private Long secretIdTtl;
-    @JsonProperty("enable_local_secret_ids")
+    @JsonProperty("local_secret_ids")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Boolean enableLocalSecretIds;
+    private Boolean localSecretIds;
    @JsonProperty("token_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer tokenTtl;
+    private Long tokenTtl;
    @JsonProperty("token_max_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer tokenMaxTtl;
+    private Long tokenMaxTtl;
    private List<String> tokenPolicies;
@@ -75,7 +75,7 @@ public final class AppRole implements Serializable {
    @JsonProperty("token_explicit_max_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer tokenExplicitMaxTtl;
+    private Long tokenExplicitMaxTtl;
    @JsonProperty("token_no_default_policy")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -111,7 +111,7 @@ public final class AppRole implements Serializable {
        this.secretIdBoundCidrs = builder.secretIdBoundCidrs;
        this.secretIdNumUses = builder.secretIdNumUses;
        this.secretIdTtl = builder.secretIdTtl;
-        this.enableLocalSecretIds = builder.enableLocalSecretIds;
+        this.localSecretIds = builder.localSecretIds;
        this.tokenTtl = builder.tokenTtl;
        this.tokenMaxTtl = builder.tokenMaxTtl;
        this.tokenPolicies = builder.tokenPolicies;
@@ -255,29 +255,30 @@ public final class AppRole implements Serializable {
    /**
     * @return maximum TTL in seconds for secrets
     */
-    public Integer getSecretIdTtl() {
+    public Long getSecretIdTtl() {
        return secretIdTtl;
    }
    /**
     * @return Enable local secret IDs?
     * @since 0.9
     * @since 1.3 renamed to {@code getLocalSecretIds()}
     */
-    public Boolean getEnableLocalSecretIds() {
+    public Boolean getLocalSecretIds() {
-        return enableLocalSecretIds;
+        return localSecretIds;
    }
    /**
     * @return token TTL in seconds
     */
-    public Integer getTokenTtl() {
+    public Long getTokenTtl() {
        return tokenTtl;
    }
    /**
     * @return maximum token TTL in seconds, including renewals
     */
-    public Integer getTokenMaxTtl() {
+    public Long getTokenMaxTtl() {
        return tokenMaxTtl;
    }
@@ -285,7 +286,7 @@ public final class AppRole implements Serializable {
     * @return explicit maximum token TTL in seconds, including renewals
     * @since 0.9
     */
-    public Integer getTokenExplicitMaxTtl() {
+    public Long getTokenExplicitMaxTtl() {
        return tokenExplicitMaxTtl;
    }
@@ -335,7 +336,7 @@ public final class AppRole implements Serializable {
            Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) &&
            Objects.equals(secretIdNumUses, appRole.secretIdNumUses) &&
            Objects.equals(secretIdTtl, appRole.secretIdTtl) &&
-                Objects.equals(enableLocalSecretIds, appRole.enableLocalSecretIds) &&
+            Objects.equals(localSecretIds, appRole.localSecretIds) &&
            Objects.equals(tokenTtl, appRole.tokenTtl) &&
            Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) &&
            Objects.equals(tokenPolicies, appRole.tokenPolicies) &&
@@ -350,7 +351,7 @@ public final class AppRole implements Serializable {
    @Override
    public int hashCode() {
        return Objects.hash(name, id, bindSecretId, secretIdBoundCidrs, secretIdNumUses, secretIdTtl,
-                enableLocalSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
+            localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
            tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
    }
@@ -369,12 +370,12 @@ public final class AppRole implements Serializable {
        private List<String> secretIdBoundCidrs;
        private List<String> tokenPolicies;
        private Integer secretIdNumUses;
-        private Integer secretIdTtl;
+        private Long secretIdTtl;
-        private Boolean enableLocalSecretIds;
+        private Boolean localSecretIds;
-        private Integer tokenTtl;
+        private Long tokenTtl;
-        private Integer tokenMaxTtl;
+        private Long tokenMaxTtl;
        private List<String> tokenBoundCidrs;
-        private Integer tokenExplicitMaxTtl;
+        private Long tokenExplicitMaxTtl;
        private Boolean tokenNoDefaultPolicy;
        private Integer tokenNumUses;
        private Integer tokenPeriod;
@@ -519,7 +520,7 @@ public final class AppRole implements Serializable {
         * @param secretIdTtl the TTL
         * @return self
         */
-        public Builder withSecretIdTtl(final Integer secretIdTtl) {
+        public Builder withSecretIdTtl(final Long secretIdTtl) {
            this.secretIdTtl = secretIdTtl;
            return this;
        }
@@ -527,12 +528,13 @@ public final class AppRole implements Serializable {
        /**
         * Enable or disable local secret IDs.
         *
-         * @param enableLocalSecretIds Enable local secret IDs?
+         * @param localSecretIds Enable local secret IDs?
         * @return self
         * @since 0.9
         * @since 1.3 renamed to {@code withLocalSecretIds()}
         */
-        public Builder withEnableLocalSecretIds(final Boolean enableLocalSecretIds) {
+        public Builder withLocalSecretIds(final Boolean localSecretIds) {
-            this.enableLocalSecretIds = enableLocalSecretIds;
+            this.localSecretIds = localSecretIds;
            return this;
        }
@@ -542,7 +544,7 @@ public final class AppRole implements Serializable {
         * @param tokenTtl the TTL
         * @return self
         */
-        public Builder withTokenTtl(final Integer tokenTtl) {
+        public Builder withTokenTtl(final Long tokenTtl) {
            this.tokenTtl = tokenTtl;
            return this;
        }
@@ -553,7 +555,7 @@ public final class AppRole implements Serializable {
         * @param tokenMaxTtl the TTL
         * @return self
         */
-        public Builder withTokenMaxTtl(final Integer tokenMaxTtl) {
+        public Builder withTokenMaxTtl(final Long tokenMaxTtl) {
            this.tokenMaxTtl = tokenMaxTtl;
            return this;
        }
@@ -594,7 +596,7 @@ public final class AppRole implements Serializable {
         * @param tokenExplicitMaxTtl the TTL
         * @return self
         */
-        public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) {
+        public Builder withTokenExplicitMaxTtl(final Long tokenExplicitMaxTtl) {
            this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
            return this;
        }
--- a/src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -24,8 +24,6 @@ package de.stklcode.jvault.connector.model;
 */
 public enum AuthBackend {
    TOKEN("token"),
    @Deprecated(since = "1.1.3", forRemoval = true)
    APPID("app-id"),
    APPROLE("approle"),
    USERPASS("userpass"),
    GITHUB("github"),   // Not supported yet.
--- a/src/main/java/de/stklcode/jvault/connector/model/Token.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/Token.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ import java.util.*;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class Token implements Serializable {
-    private static final long serialVersionUID = 5208508683665365287L;
+    private static final long serialVersionUID = 7003016071684507115L;
    @JsonProperty("id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -56,11 +56,11 @@ public final class Token implements Serializable {
    @JsonProperty("ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer ttl;
+    private Long ttl;
    @JsonProperty("explicit_max_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer explicitMaxTtl;
+    private Long explicitMaxTtl;
    @JsonProperty("num_uses")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -162,7 +162,7 @@ public final class Token implements Serializable {
    /**
     * @return Time-to-live in seconds
     */
-    public Integer getTtl() {
+    public Long getTtl() {
        return ttl;
    }
@@ -170,7 +170,7 @@ public final class Token implements Serializable {
     * @return Explicit maximum time-to-live in seconds
     * @since 0.9
     */
-    public Integer getExplicitMaxTtl() {
+    public Long getExplicitMaxTtl() {
        return explicitMaxTtl;
    }
@@ -282,8 +282,8 @@ public final class Token implements Serializable {
        private String displayName;
        private Boolean noParent;
        private Boolean noDefaultPolicy;
-        private Integer ttl;
+        private Long ttl;
-        private Integer explicitMaxTtl;
+        private Long explicitMaxTtl;
        private Integer numUses;
        private List<String> policies;
        private Map<String, String> meta;
@@ -331,7 +331,7 @@ public final class Token implements Serializable {
         * @param ttl the ttl
         * @return self
         */
-        public Builder withTtl(final Integer ttl) {
+        public Builder withTtl(final Long ttl) {
            this.ttl = ttl;
            return this;
        }
@@ -342,7 +342,7 @@ public final class Token implements Serializable {
         * @param explicitMaxTtl the explicit max. TTL
         * @return self
         */
-        public Builder withExplicitMaxTtl(final Integer explicitMaxTtl) {
+        public Builder withExplicitMaxTtl(final Long explicitMaxTtl) {
            this.explicitMaxTtl = explicitMaxTtl;
            return this;
        }
--- a/src/main/java/de/stklcode/jvault/connector/model/TokenRole.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/TokenRole.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenRole implements Serializable {
-    private static final long serialVersionUID = -3505215215838576321L;
+    private static final long serialVersionUID = -4856948364869438439L;
    @JsonProperty("name")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -78,7 +78,7 @@ public final class TokenRole implements Serializable {
    @JsonProperty("token_explicit_max_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer tokenExplicitMaxTtl;
+    private Long tokenExplicitMaxTtl;
    @JsonProperty("token_no_default_policy")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -204,7 +204,7 @@ public final class TokenRole implements Serializable {
    /**
     * @return Token explicit maximum TTL
     */
-    public Integer getTokenExplicitMaxTtl() {
+    public Long getTokenExplicitMaxTtl() {
        return tokenExplicitMaxTtl;
    }
@@ -285,7 +285,7 @@ public final class TokenRole implements Serializable {
        private String pathSuffix;
        private List<String> allowedEntityAliases;
        private List<String> tokenBoundCidrs;
-        private Integer tokenExplicitMaxTtl;
+        private Long tokenExplicitMaxTtl;
        private Boolean tokenNoDefaultPolicy;
        private Integer tokenNumUses;
        private Integer tokenPeriod;
@@ -537,7 +537,7 @@ public final class TokenRole implements Serializable {
         * @param tokenExplicitMaxTtl explicit maximum TTL
         * @return self
         */
-        public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) {
+        public Builder withTokenExplicitMaxTtl(final Long tokenExplicitMaxTtl) {
            this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
            return this;
        }
--- a/src/main/java/de/stklcode/jvault/connector/model/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -17,11 +17,8 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.AuthData;
 import java.util.Objects;
 /**
 * Vault response for authentication providing auth info in {@link AuthData} field.
 *
@@ -31,30 +28,4 @@ import java.util.Objects;
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthResponse extends VaultDataResponse {
    private static final long serialVersionUID = 1628851361067456715L;
    @JsonProperty("auth")
    private AuthData auth;
    /**
     * @return Authentication data
     */
    public AuthData getAuth() {
        return auth;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o) {
            return true;
        } else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
            return false;
        }
        AuthResponse that = (AuthResponse) o;
        return Objects.equals(auth, that.auth);
    }
    @Override
    public int hashCode() {
        return Objects.hash(super.hashCode(), auth);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class HealthResponse implements VaultResponse {
-    private static final long serialVersionUID = 6483840078694294401L;
+    private static final long serialVersionUID = 8675155916902904516L;
    @JsonProperty("cluster_id")
    private String clusterID;
@@ -61,6 +61,18 @@ public final class HealthResponse implements VaultResponse {
    @JsonProperty("performance_standby")
    private Boolean performanceStandby;
    @JsonProperty("echo_duration_ms")
    private Long echoDurationMs;
    @JsonProperty("clock_skew_ms")
    private Long clockSkewMs;
    @JsonProperty("replication_primary_canary_age_ms")
    private Long replicationPrimaryCanaryAgeMs;
    @JsonProperty("enterprise")
    private Boolean enterprise;
    /**
     * @return The Cluster ID.
     */
@@ -134,6 +146,38 @@ public final class HealthResponse implements VaultResponse {
        return performanceStandby;
    }
    /**
     * @return Heartbeat echo duration in milliseconds (since Vault 1.16)
     * @since 1.3
     */
    public Long getEchoDurationMs() {
        return echoDurationMs;
    }
    /**
     * @return Clock skew in milliseconds (since Vault 1.16)
     * @since 1.3
     */
    public Long getClockSkewMs() {
        return clockSkewMs;
    }
    /**
     * @return Replication primary canary age in milliseconds (since Vault 1.17)
     * @since 1.3
     */
    public Long getReplicationPrimaryCanaryAgeMs() {
        return replicationPrimaryCanaryAgeMs;
    }
    /**
     * @return Enterprise instance? (since Vault 1.17)
     * @since 1.3
     */
    public Boolean isEnterprise() {
        return enterprise;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o) {
@@ -151,12 +195,17 @@ public final class HealthResponse implements VaultResponse {
            Objects.equals(initialized, that.initialized) &&
            Objects.equals(replicationPerfMode, that.replicationPerfMode) &&
            Objects.equals(replicationDrMode, that.replicationDrMode) &&
-                Objects.equals(performanceStandby, that.performanceStandby);
+            Objects.equals(performanceStandby, that.performanceStandby) &&
            Objects.equals(echoDurationMs, that.echoDurationMs) &&
            Objects.equals(clockSkewMs, that.clockSkewMs) &&
            Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) &&
            Objects.equals(enterprise, that.enterprise);
    }
    @Override
    public int hashCode() {
        return Objects.hash(clusterID, clusterName, version, serverTimeUTC, standby, sealed, initialized,
-                replicationPerfMode, replicationDrMode, performanceStandby);
+            replicationPerfMode, replicationDrMode, performanceStandby, echoDurationMs, clockSkewMs,
            replicationPrimaryCanaryAgeMs, enterprise);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/MetaSecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/MetaSecretResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/PlainSecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/PlainSecretResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -18,8 +18,8 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
@@ -85,10 +85,11 @@ public abstract class SecretResponse extends VaultDataResponse {
            } else if (type.isInstance(rawValue)) {
                return type.cast(rawValue);
            } else {
-                var om = new ObjectMapper()
+                var om = JsonMapper.builder()
-                        .registerModule(new JavaTimeModule())
+                    .addModule(new JavaTimeModule())
                    .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-                        .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+                    .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
                    .build();
                if (rawValue instanceof String) {
                    return om.readValue((String) rawValue, type);
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -30,14 +30,11 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenResponse extends VaultDataResponse {
-    private static final long serialVersionUID = -4053126653764241197L;
+    private static final long serialVersionUID = -4341114947980033457L;
    @JsonProperty("data")
    private TokenData data;
    @JsonProperty("auth")
    private Boolean auth;
    /**
     * @return Token data
     */
@@ -45,12 +42,6 @@ public final class TokenResponse extends VaultDataResponse {
        return data;
    }
    /**
     * @return Auth data
     */
    public Boolean getAuth() {
        return auth;
    }
    @Override
    public boolean equals(Object o) {
@@ -60,11 +51,11 @@ public final class TokenResponse extends VaultDataResponse {
            return false;
        }
        TokenResponse that = (TokenResponse) o;
-        return Objects.equals(data, that.data) && Objects.equals(auth, that.auth);
+        return Objects.equals(data, that.data);
    }
    @Override
    public int hashCode() {
-        return Objects.hash(super.hashCode(), data, auth);
+        return Objects.hash(super.hashCode(), data);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java
@@ -0,0 +1,92 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonSetter;
 import java.util.Map;
 import java.util.Objects;
 /**
 * Response entity for transit operations.
 *
 * @author Stefan Kalscheuer
 * @since 1.5.0
 */
 public class TransitResponse extends VaultDataResponse {
    private static final long serialVersionUID = 6873804240772242771L;
    private String ciphertext;
    private String plaintext;
    private String sum;
    @JsonSetter("data")
    private void setData(Map<String, String> data) {
        ciphertext = data.get("ciphertext");
        plaintext = data.get("plaintext");
        sum = data.get("sum");
    }
    /**
     * Get ciphertext.
     * Populated after encryption.
     *
     * @return Ciphertext
     */
    public String getCiphertext() {
        return ciphertext;
    }
    /**
     * Get plaintext.
     * Base64 encoded, populated after decryption.
     *
     * @return Plaintext
     */
    public String getPlaintext() {
        return plaintext;
    }
    /**
     * Get hash sum.
     * Hex or Base64 string. Populated after hashing.
     *
     * @return Hash sum
     */
    public String getSum() {
        return sum;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o) {
            return true;
        } else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
            return false;
        }
        TransitResponse that = (TransitResponse) o;
        return Objects.equals(ciphertext, that.ciphertext) &&
            Objects.equals(plaintext, that.plaintext) &&
            Objects.equals(sum, that.sum);
    }
    @Override
    public int hashCode() {
        return Objects.hash(super.hashCode(), ciphertext, plaintext, sum);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.AuthData;
 import de.stklcode.jvault.connector.model.response.embedded.WrapInfo;
 import java.util.List;
@@ -29,7 +30,7 @@ import java.util.Objects;
 * @since 0.1
 */
 public abstract class VaultDataResponse implements VaultResponse {
-    private static final long serialVersionUID = 7486270767477652184L;
+    private static final long serialVersionUID = 4787715235558510045L;
    @JsonProperty("request_id")
    private String requestId;
@@ -49,6 +50,12 @@ public abstract class VaultDataResponse implements VaultResponse {
    @JsonProperty("wrap_info")
    private WrapInfo wrapInfo;
    @JsonProperty("auth")
    private AuthData auth;
    @JsonProperty("mount_type")
    private String mountType;
    /**
     * @return Request ID
     * @since 1.1
@@ -93,6 +100,22 @@ public abstract class VaultDataResponse implements VaultResponse {
        return wrapInfo;
    }
    /**
     * @return Authentication information for this response
     * @since 1.3
     */
    public final AuthData getAuth() {
        return auth;
    }
    /**
     * @return Information about the type of mount this secret is from (since Vault 1.17)
     * @since 1.3
     */
    public final String getMountType() {
        return mountType;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o) {
@@ -106,11 +129,13 @@ public abstract class VaultDataResponse implements VaultResponse {
            Objects.equals(leaseId, that.leaseId) &&
            Objects.equals(leaseDuration, that.leaseDuration) &&
            Objects.equals(warnings, that.warnings) &&
-                Objects.equals(wrapInfo, that.wrapInfo);
+            Objects.equals(wrapInfo, that.wrapInfo) &&
            Objects.equals(auth, that.auth) &&
            Objects.equals(mountType, that.mountType);
    }
    @Override
    public int hashCode() {
-        return Objects.hash(requestId, leaseId, renewable, leaseDuration, warnings, wrapInfo);
+        return Objects.hash(requestId, leaseId, renewable, leaseDuration, warnings, wrapInfo, auth, mountType);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -33,7 +33,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthData implements Serializable {
-    private static final long serialVersionUID = 3067695351664603536L;
+    private static final long serialVersionUID = 5969334512309655317L;
    @JsonProperty("client_token")
    private String clientToken;
@@ -65,6 +65,9 @@ public final class AuthData implements Serializable {
    @JsonProperty("orphan")
    private boolean orphan;
    @JsonProperty("num_uses")
    private Integer numUses;
    @JsonProperty("mfa_requirement")
    private MfaRequirement mfaRequirement;
@@ -134,6 +137,14 @@ public final class AuthData implements Serializable {
        return accessor;
    }
    /**
     * @return allowed number of uses for the issued token
     * @since 1.3
     */
    public Integer getNumUses() {
        return numUses;
    }
    /**
     * @return Token is orphan
     * @since 0.9
@@ -169,12 +180,13 @@ public final class AuthData implements Serializable {
            Objects.equals(leaseDuration, authData.leaseDuration) &&
            Objects.equals(entityId, authData.entityId) &&
            Objects.equals(tokenType, authData.tokenType) &&
            Objects.equals(numUses, authData.numUses) &&
            Objects.equals(mfaRequirement, authData.mfaRequirement);
    }
    @Override
    public int hashCode() {
        return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable,
-                entityId, tokenType, orphan, mfaRequirement);
+            entityId, tokenType, orphan, numUses, mfaRequirement);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaConstraintAny.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaConstraintAny.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaMethodId.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaMethodId.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaRequirement.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaRequirement.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MountConfig.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MountConfig.java
@@ -15,13 +15,13 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public class MountConfig implements Serializable {
-    private static final long serialVersionUID = -8653909672663717792L;
+    private static final long serialVersionUID = 7241631159224756605L;
    @JsonProperty("default_lease_ttl")
-    private Integer defaultLeaseTtl;
+    private Long defaultLeaseTtl;
    @JsonProperty("max_lease_ttl")
-    private Integer maxLeaseTtl;
+    private Long maxLeaseTtl;
    @JsonProperty("force_no_cache")
    private Boolean forceNoCache;
@@ -56,14 +56,14 @@ public class MountConfig implements Serializable {
    /**
     * @return Default lease TTL
     */
-    public Integer getDefaultLeaseTtl() {
+    public Long getDefaultLeaseTtl() {
        return defaultLeaseTtl;
    }
    /**
     * @return Maximum lease TTL
     */
-    public Integer getMaxLeaseTtl() {
+    public Long getMaxLeaseTtl() {
        return maxLeaseTtl;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -21,7 +21,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
-import java.time.format.DateTimeFormatter;
+import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
@@ -34,10 +34,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class SecretMetadata implements Serializable {
-    private static final long serialVersionUID = -4967896264361344676L;
+    private static final long serialVersionUID = -905059942871916214L;
    private static final DateTimeFormatter TIME_FORMAT =
            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
    @JsonProperty("created_time")
    private ZonedDateTime createdTime;
@@ -57,18 +54,14 @@ public final class SecretMetadata implements Serializable {
    @JsonProperty("versions")
    private Map<Integer, VersionMetadata> versions;
-    /**
+    @JsonProperty("cas_required")
-     * @return Time of secret creation as raw string representation.
+    private Boolean casRequired;
     * @deprecated Method left for backwards compatibility only. Use {@link #getCreatedTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getCreatedTimeString() {
        if (createdTime != null) {
            return TIME_FORMAT.format(createdTime);
        }
-        return null;
+    @JsonProperty("custom_metadata")
-    }
+    private HashMap<String, String> customMetadata;
    @JsonProperty("delete_version_after")
    private String deleteVersionAfter;
    /**
     * @return Time of secret creation.
@@ -98,19 +91,6 @@ public final class SecretMetadata implements Serializable {
        return oldestVersion;
    }
    /**
     * @return Time of secret update as raw string representation.
     * @deprecated Method left for backwards compatibility only. Use {@link #getUpdatedTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getUpdatedTimeString() {
        if (updatedTime != null) {
            return TIME_FORMAT.format(updatedTime);
        }
        return null;
    }
    /**
     * @return Time of secret update.
     */
@@ -125,6 +105,30 @@ public final class SecretMetadata implements Serializable {
        return versions;
    }
    /**
     * @return CAS required?
     * @since 1.3
     */
    public Boolean isCasRequired() {
        return casRequired;
    }
    /**
     * @return Custom metadata.
     * @since 1.3
     */
    public Map<String, String> getCustomMetadata() {
        return customMetadata;
    }
    /**
     * @return time duration to delete version
     * @since 1.3
     */
    public String getDeleteVersionAfter() {
        return deleteVersionAfter;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o) {
@@ -138,11 +142,15 @@ public final class SecretMetadata implements Serializable {
            Objects.equals(maxVersions, that.maxVersions) &&
            Objects.equals(oldestVersion, that.oldestVersion) &&
            Objects.equals(updatedTime, that.updatedTime) &&
-                Objects.equals(versions, that.versions);
+            Objects.equals(versions, that.versions) &&
            Objects.equals(casRequired, that.casRequired) &&
            Objects.equals(customMetadata, that.customMetadata) &&
            Objects.equals(deleteVersionAfter, that.deleteVersionAfter);
    }
    @Override
    public int hashCode() {
-        return Objects.hash(createdTime, currentVersion, maxVersions, oldestVersion, updatedTime, versions);
+        return Objects.hash(createdTime, currentVersion, maxVersions, oldestVersion, updatedTime, versions, casRequired,
            customMetadata, deleteVersionAfter);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -35,10 +34,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenData implements Serializable {
-    private static final long serialVersionUID = -5749716740973138916L;
+    private static final long serialVersionUID = -4168046151053509784L;
    private static final DateTimeFormatter TIME_FORMAT =
            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
    @JsonProperty("accessor")
    private String accessor;
@@ -47,7 +43,7 @@ public final class TokenData implements Serializable {
    private Integer creationTime;
    @JsonProperty("creation_ttl")
-    private Integer creationTtl;
+    private Long creationTtl;
    @JsonProperty("display_name")
    private String name;
@@ -59,7 +55,7 @@ public final class TokenData implements Serializable {
    private ZonedDateTime expireTime;
    @JsonProperty("explicit_max_ttl")
-    private Integer explicitMaxTtl;
+    private Long explicitMaxTtl;
    @JsonProperty("id")
    private String id;
@@ -86,7 +82,7 @@ public final class TokenData implements Serializable {
    private boolean renewable;
    @JsonProperty("ttl")
-    private Integer ttl;
+    private Long ttl;
    @JsonProperty("type")
    private String type;
@@ -108,7 +104,7 @@ public final class TokenData implements Serializable {
    /**
     * @return Creation TTL (in seconds)
     */
-    public Integer getCreationTtl() {
+    public Long getCreationTtl() {
        return creationTtl;
    }
@@ -127,20 +123,6 @@ public final class TokenData implements Serializable {
        return entityId;
    }
    /**
     * @return Expire time as raw string value
     * @since 0.9
     * @deprecated Method left for backwards compatibility only. Use {@link #getExpireTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getExpireTimeString() {
        if (expireTime != null) {
            return TIME_FORMAT.format(expireTime);
        }
        return null;
    }
    /**
     * @return Expire time (parsed)
     * @since 0.9
@@ -153,7 +135,7 @@ public final class TokenData implements Serializable {
     * @return Explicit maximum TTL
     * @since 0.9
     */
-    public Integer getExplicitMaxTtl() {
+    public Long getExplicitMaxTtl() {
        return explicitMaxTtl;
    }
@@ -164,20 +146,6 @@ public final class TokenData implements Serializable {
        return id;
    }
    /**
     * @return Issue time as raw string value
     * @since 0.9
     * @deprecated Method left for backwards compatibility only. Use {@link #getIssueTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getIssueTimeString() {
        if (issueTime != null) {
            return TIME_FORMAT.format(issueTime);
        }
        return null;
    }
    /**
     * @return Expire time (parsed)
     * @since 0.9
@@ -234,7 +202,7 @@ public final class TokenData implements Serializable {
    /**
     * @return Token TTL (in seconds)
     */
-    public Integer getTtl() {
+    public Long getTtl() {
        return ttl;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -21,7 +21,8 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
-import java.time.format.DateTimeFormatter;
+import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
 /**
@@ -33,10 +34,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class VersionMetadata implements Serializable {
-    private static final long serialVersionUID = -6815731513868586713L;
+    private static final long serialVersionUID = 8495687554714216478L;
    private static final DateTimeFormatter TIME_FORMAT =
            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
    @JsonProperty("created_time")
    private ZonedDateTime createdTime;
@@ -50,18 +48,8 @@ public final class VersionMetadata implements Serializable {
    @JsonProperty("version")
    private Integer version;
-    /**
+    @JsonProperty("custom_metadata")
-     * @return Time of secret creation as raw string representation.
+    private HashMap<String, String> customMetadata;
     * @deprecated Method left for backwards compatibility only. Use {@link #getCreatedTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getCreatedTimeString() {
        if (createdTime != null) {
            return TIME_FORMAT.format(createdTime);
        }
        return null;
    }
    /**
     * @return Time of secret creation.
@@ -70,19 +58,6 @@ public final class VersionMetadata implements Serializable {
        return createdTime;
    }
    /**
     * @return Time for secret deletion as raw string representation.
     * @deprecated Method left for backwards compatibility only. Use {@link #getDeletionTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getDeletionTimeString() {
        if (deletionTime != null) {
            return TIME_FORMAT.format(deletionTime);
        }
        return null;
    }
    /**
     * @return Time for secret deletion.
     */
@@ -104,6 +79,14 @@ public final class VersionMetadata implements Serializable {
        return version;
    }
    /**
     * @return Custom metadata.
     * @since 1.3
     */
    public Map<String, String> getCustomMetadata() {
        return customMetadata;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o) {
@@ -115,11 +98,12 @@ public final class VersionMetadata implements Serializable {
        return destroyed == that.destroyed &&
            Objects.equals(createdTime, that.createdTime) &&
            Objects.equals(deletionTime, that.deletionTime) &&
-                Objects.equals(version, that.version);
+            Objects.equals(version, that.version) &&
            Objects.equals(customMetadata, that.customMetadata);
    }
    @Override
    public int hashCode() {
-        return Objects.hash(createdTime, deletionTime, destroyed, version);
+        return Objects.hash(createdTime, deletionTime, destroyed, version, customMetadata);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/WrapInfo.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/WrapInfo.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/module-info.java
+++ b/src/main/java/module-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ module de.stklcode.jvault.connector {
    opens de.stklcode.jvault.connector.model.response.embedded to com.fasterxml.jackson.databind;
    requires java.net.http;
    requires com.fasterxml.jackson.annotation;
    requires com.fasterxml.jackson.databind;
    requires com.fasterxml.jackson.datatype.jsr310;
 }
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -25,7 +25,10 @@ import org.junit.jupiter.api.io.TempDir;
 import java.io.File;
 import java.lang.reflect.Field;
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Paths;
 import java.util.concurrent.atomic.AtomicReference;
 import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable;
 import static org.junit.jupiter.api.Assertions.*;
@@ -38,6 +41,8 @@ import static org.junit.jupiter.api.Assertions.*;
 */
 class HTTPVaultConnectorBuilderTest {
    private static final String VAULT_ADDR = "https://localhost:8201";
    private static final String VAULT_ADDR_2 = "http://localhost";
    private static final String VAULT_ADDR_3 = "https://localhost/vault/";
    private static final Integer VAULT_MAX_RETRIES = 13;
    private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
@@ -112,6 +117,22 @@ class HTTPVaultConnectorBuilderTest {
            return null;
        });
        withVaultEnv(VAULT_ADDR_2, null, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                () -> HTTPVaultConnector.builder().fromEnv(),
                "Factory creation from minimal environment failed"
            );
            assertEquals(VAULT_ADDR_2 + "/v1/", getRequestHelperPrivate(builder.build(), "baseURL"), "URL without port not set correctly");
            return null;
        });
        withVaultEnv(VAULT_ADDR_3, null, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                () -> HTTPVaultConnector.builder().fromEnv(),
                "Factory creation from minimal environment failed"
            );
            assertEquals(VAULT_ADDR_3, getRequestHelperPrivate(builder.build(), "baseURL"), "URL with custom path not set correctly");
            return null;
        });
        // Provide address and number of retries.
        withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
@@ -128,20 +149,6 @@ class HTTPVaultConnectorBuilderTest {
            return null;
        });
        // Provide CA certificate.
        String VAULT_CACERT = tempDir.toString() + "/doesnotexist";
        withVaultEnv(VAULT_ADDR, VAULT_CACERT, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
            TlsException e = assertThrows(
                    TlsException.class,
                    () -> HTTPVaultConnector.builder().fromEnv(),
                    "Creation with unknown cert path failed"
            );
            assertTrue(e.getCause() instanceof NoSuchFileException);
            assertEquals(VAULT_CACERT, ((NoSuchFileException) e.getCause()).getFile());
            return null;
        });
        // Automatic authentication.
        withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
@@ -165,11 +172,64 @@ class HTTPVaultConnectorBuilderTest {
        });
    }
-    private SystemLambda.WithEnvironmentVariables withVaultEnv(String vault_addr, String vault_cacert, String vault_max_retries, String vault_token) {
+    /**
-        return withEnvironmentVariable("VAULT_ADDR", vault_addr)
+     * Test CA certificate handling from environment variables
-                .and("VAULT_CACERT", vault_cacert)
+     */
-                .and("VAULT_MAX_RETRIES", vault_max_retries)
+    @Test
-                .and("VAULT_TOKEN", vault_token);
+    void testCertificateFromEnv() throws Exception {
        // From direct PEM content
        String pem = Files.readString(Paths.get(getClass().getResource("/tls/ca.pem").toURI()));
        AtomicReference<Object> certFromPem = new AtomicReference<>();
        withVaultEnv(VAULT_ADDR, pem, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                () -> HTTPVaultConnector.builder().fromEnv(),
                "Builder with PEM certificate from environment failed"
            );
            HTTPVaultConnector connector = builder.build();
            certFromPem.set(getRequestHelperPrivate(connector, "trustedCaCert"));
            assertNotNull(certFromPem.get(), "Trusted CA cert from PEM not set");
            return null;
        });
        // From file path
        String file = Paths.get(getClass().getResource("/tls/ca.pem").toURI()).toString();
        AtomicReference<Object> certFromFile = new AtomicReference<>();
        withVaultEnv(VAULT_ADDR, file, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                () -> HTTPVaultConnector.builder().fromEnv(),
                "Builder with certificate path from environment failed"
            );
            HTTPVaultConnector connector = builder.build();
            certFromFile.set(getRequestHelperPrivate(connector, "trustedCaCert"));
            assertNotNull(certFromFile.get(), "Trusted CA cert from file not set");
            return null;
        });
        assertEquals(certFromPem.get(), certFromFile.get(), "Certificates from PEM and file should be equal");
        // Non-existing path CA certificate path
        String doesNotExist = tempDir.toString() + "/doesnotexist";
        withVaultEnv(VAULT_ADDR, doesNotExist, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
            TlsException e = assertThrows(
                TlsException.class,
                () -> HTTPVaultConnector.builder().fromEnv(),
                "Creation with unknown cert path failed"
            );
            assertEquals(doesNotExist, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
            return null;
        });
    }
    private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) {
        return withEnvironmentVariable("VAULT_ADDR", vaultAddr)
            .and("VAULT_CACERT", vaultCacert)
            .and("VAULT_MAX_RETRIES", vaultMaxRetries)
            .and("VAULT_TOKEN", vaultToken);
    }
    private Object getRequestHelperPrivate(HTTPVaultConnector connector, String fieldName) throws NoSuchFieldException, IllegalAccessException {
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -25,17 +25,18 @@ import de.stklcode.jvault.connector.model.response.*;
 import de.stklcode.jvault.connector.test.Credentials;
 import de.stklcode.jvault.connector.test.VaultConfiguration;
 import org.junit.jupiter.api.*;
 import org.junit.jupiter.api.condition.EnabledIf;
 import org.junit.jupiter.api.io.TempDir;
 import java.io.*;
 import java.lang.reflect.Field;
 import java.net.ServerSocket;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
 import java.util.regex.Pattern;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static java.util.Collections.singletonMap;
 import static org.apache.commons.io.FileUtils.copyDirectory;
 import static org.awaitility.Awaitility.await;
@@ -51,7 +52,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
 * @since 0.1
 */
 class HTTPVaultConnectorIT {
-    private static String VAULT_VERSION = "1.15.4";  // The vault version this test is supposed to run against.
+    private static String VAULT_VERSION = "1.20.0";  // The vault version this test is supposed to run against.
    private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
    private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
    private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
@@ -59,7 +60,6 @@ class HTTPVaultConnectorIT {
    private static final String USER_VALID = "validUser";
    private static final String PASS_VALID = "validPass";
    private static boolean legacy;
    private Process vaultProcess;
    private VaultConnector connector;
@@ -70,9 +70,6 @@ class HTTPVaultConnectorIT {
            VAULT_VERSION = System.getenv("VAULT_VERSION");
            System.out.println("Vault version set to " + VAULT_VERSION);
        }
        if (compareVersions(VAULT_VERSION, "1.12.0") < 0) {
            legacy = true;
        }
    }
    /**
@@ -98,10 +95,10 @@ class HTTPVaultConnectorIT {
        connector = builder.build();
        // Unseal Vault and check result.
-        SealResponse sealStatus = connector.unseal(KEY1);
+        SealResponse sealStatus = connector.sys().unseal(KEY1);
        assumeTrue(sealStatus != null, "Seal status could not be determined after startup");
        assumeTrue(sealStatus.isSealed(), "Vault is not sealed after startup");
-        sealStatus = connector.unseal(KEY2);
+        sealStatus = connector.sys().unseal(KEY2);
        assumeTrue(sealStatus != null, "Seal status could not be determined");
        assumeFalse(sealStatus.isSealed(), "Vault is not unsealed");
        assumeTrue(sealStatus.isInitialized(), "Vault is not initialized"); // Initialized flag of Vault 0.11.2 (#20).
@@ -129,13 +126,11 @@ class HTTPVaultConnectorIT {
        @Test
        @Order(10)
        @DisplayName("Read secrets")
        @SuppressWarnings("deprecation")
        void readSecretTest() {
            authUser();
            assumeTrue(connector.isAuthorized());
            // Try to read path user has no permission to read.
            SecretResponse res = null;
            final String invalidPath = "secret/invalid/path";
            VaultConnectorException e = assertThrows(
@@ -151,7 +146,7 @@ class HTTPVaultConnectorIT {
            assertFalse(Pattern.compile("[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}").matcher(stackTrace(e)).find());
            // Try to read accessible path with known value.
-            res = assertDoesNotThrow(
+            SecretResponse res = assertDoesNotThrow(
                () -> connector.read(SECRET_PATH + "/" + SECRET_KEY),
                "Valid secret path could not be read"
            );
@@ -216,7 +211,6 @@ class HTTPVaultConnectorIT {
        @Test
        @Order(30)
        @DisplayName("Write secrets")
        @SuppressWarnings("deprecation")
        void writeSecretTest() {
            authUser();
            assumeTrue(connector.isAuthorized());
@@ -343,7 +337,7 @@ class HTTPVaultConnectorIT {
            // Try to read accessible path with known value.
            SecretResponse res = assertDoesNotThrow(
-                    () -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readData(MOUNT_KV2, SECRET2_KEY),
                "Valid secret path could not be read"
            );
            assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
@@ -352,7 +346,7 @@ class HTTPVaultConnectorIT {
            // Try to read different version of same secret.
            res = assertDoesNotThrow(
-                    () -> connector.readSecretVersion(MOUNT_KV2, SECRET2_KEY, 1),
+                () -> connector.kv2().readVersion(MOUNT_KV2, SECRET2_KEY, 1),
                "Valid secret version could not be read"
            );
            assertEquals(1, res.getMetadata().getVersion(), "Unexpected secret version");
@@ -371,7 +365,7 @@ class HTTPVaultConnectorIT {
            // First get the current version of the secret.
            MetadataResponse res = assertDoesNotThrow(
-                    () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
                "Reading secret metadata failed"
            );
            int currentVersion = res.getMetadata().getCurrentVersion();
@@ -380,7 +374,7 @@ class HTTPVaultConnectorIT {
            Map<String, Object> data = new HashMap<>();
            data.put("value", SECRET2_VALUE3);
            SecretVersionResponse res2 = assertDoesNotThrow(
-                    () -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data),
+                () -> connector.kv2().writeData(MOUNT_KV2, SECRET2_KEY, data),
                "Writing secret to KV v2 store failed"
            );
            assertEquals(currentVersion + 1, res2.getMetadata().getVersion(), "Version not updated after writing secret");
@@ -388,7 +382,7 @@ class HTTPVaultConnectorIT {
            // Verify the content.
            SecretResponse res3 = assertDoesNotThrow(
-                    () -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readData(MOUNT_KV2, SECRET2_KEY),
                "Reading secret from KV v2 store failed"
            );
            assertEquals(SECRET2_VALUE3, res3.get("value"), "Data not updated correctly");
@@ -397,13 +391,13 @@ class HTTPVaultConnectorIT {
            Map<String, Object> data4 = singletonMap("value", SECRET2_VALUE4);
            assertThrows(
                InvalidResponseException.class,
-                    () -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data4, currentVersion2 - 1),
+                () -> connector.kv2().writeData(MOUNT_KV2, SECRET2_KEY, data4, currentVersion2 - 1),
                "Writing secret to KV v2 with invalid CAS value succeeded"
            );
            // And finally with a correct CAS value.
            Map<String, Object> data5 = singletonMap("value", SECRET2_VALUE4);
-            assertDoesNotThrow(() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data5, currentVersion2));
+            assertDoesNotThrow(() -> connector.kv2().writeData(MOUNT_KV2, SECRET2_KEY, data5, currentVersion2));
        }
        /**
@@ -418,7 +412,7 @@ class HTTPVaultConnectorIT {
            // Read current metadata first.
            MetadataResponse res = assertDoesNotThrow(
-                    () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
                "Reading secret metadata failed"
            );
            Integer maxVersions = res.getMetadata().getMaxVersions();
@@ -426,13 +420,13 @@ class HTTPVaultConnectorIT {
            // Now update the metadata.
            assertDoesNotThrow(
-                    () -> connector.updateSecretMetadata(MOUNT_KV2, SECRET2_KEY, maxVersions + 1, true),
+                () -> connector.kv2().updateMetadata(MOUNT_KV2, SECRET2_KEY, maxVersions + 1, true),
                "Updating secret metadata failed"
            );
            // And verify the result.
            res = assertDoesNotThrow(
-                    () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
                "Reading secret metadata failed"
            );
            assertEquals(maxVersions + 1, res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
@@ -450,7 +444,7 @@ class HTTPVaultConnectorIT {
            // Try to read accessible path with known value.
            MetadataResponse res = assertDoesNotThrow(
-                    () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
                "Valid secret path could not be read"
            );
            assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
@@ -473,21 +467,21 @@ class HTTPVaultConnectorIT {
            // Try to delete non-existing versions.
            assertDoesNotThrow(
-                    () -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 5, 42),
+                () -> connector.kv2().deleteVersions(MOUNT_KV2, SECRET2_KEY, 5, 42),
                "Revealed non-existence of secret versions"
            );
            assertDoesNotThrow(
-                    () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
                "Revealed non-existence of secret versions"
            );
            // Now delete existing version and verify.
            assertDoesNotThrow(
-                    () -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
+                () -> connector.kv2().deleteVersions(MOUNT_KV2, SECRET2_KEY, 1),
                "Deleting existing version failed"
            );
            MetadataResponse meta = assertDoesNotThrow(
-                    () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
                "Reading deleted secret metadata failed"
            );
            assertNotNull(
@@ -497,11 +491,11 @@ class HTTPVaultConnectorIT {
            // Undelete the just deleted version.
            assertDoesNotThrow(
-                    () -> connector.undeleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
+                () -> connector.kv2().undeleteVersions(MOUNT_KV2, SECRET2_KEY, 1),
                "Undeleting existing version failed"
            );
            meta = assertDoesNotThrow(
-                    () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
                "Reading deleted secret metadata failed"
            );
            assertNull(
@@ -511,11 +505,11 @@ class HTTPVaultConnectorIT {
            // Now destroy it.
            assertDoesNotThrow(
-                    () -> connector.destroySecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
+                () -> connector.kv2().destroyVersions(MOUNT_KV2, SECRET2_KEY, 1),
                "Destroying existing version failed"
            );
            meta = assertDoesNotThrow(
-                    () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
                "Reading destroyed secret metadata failed"
            );
            assertTrue(
@@ -525,11 +519,11 @@ class HTTPVaultConnectorIT {
            // Delete latest version.
            assertDoesNotThrow(
-                    () -> connector.deleteLatestSecretVersion(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().deleteLatestVersion(MOUNT_KV2, SECRET2_KEY),
                "Deleting latest version failed"
            );
            meta = assertDoesNotThrow(
-                    () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
                "Reading deleted secret metadata failed"
            );
            assertNotNull(
@@ -539,85 +533,17 @@ class HTTPVaultConnectorIT {
            // Delete all versions.
            assertDoesNotThrow(
-                    () -> connector.deleteAllSecretVersions(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().deleteAllVersions(MOUNT_KV2, SECRET2_KEY),
                "Deleting latest version failed"
            );
            assertThrows(
                InvalidResponseException.class,
-                    () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
+                () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
                "Reading metadata of deleted secret should not succeed"
            );
        }
    }
    @Nested
    @DisplayName("App-ID Tests")
    @EnabledIf(value = "de.stklcode.jvault.connector.HTTPVaultConnectorIT#isLegacy",
            disabledReason = "AppID tests no longer available for Vault 1.12 and above")
    @SuppressWarnings("deprecation")
    class AppIdTests {
        private static final String APP_ID = "152AEA38-85FB-47A8-9CBD-612D645BFACA";
        private static final String USER_ID = "5ADF8218-D7FB-4089-9E38-287465DBF37E";
        /**
         * App-ID authentication roundtrip.
         */
        @Test
        @Order(10)
        @DisplayName("Authenticate with App-ID")
        void authAppIdTest() {
            // Try unauthorized access first.
            assumeFalse(connector.isAuthorized());
            assertThrows(
                    AuthorizationRequiredException.class,
                    () -> connector.registerAppId("", "", ""),
                    "Expected exception not thrown"
            );
            assertThrows(
                    AuthorizationRequiredException.class,
                    () -> connector.registerUserId("", ""),
                    "Expected exception not thrown"
            );
        }
        /**
         * App-ID authentication roundtrip.
         */
        @Test
        @Order(20)
        @DisplayName("Register App-ID")
        void registerAppIdTest() {
            // Authorize.
            authRoot();
            assumeTrue(connector.isAuthorized());
            // Register App-ID.
            boolean res = assertDoesNotThrow(
                    () -> connector.registerAppId(APP_ID, "user", "App Name"),
                    "Failed to register App-ID"
            );
            assertTrue(res, "Failed to register App-ID");
            // Register User-ID.
            res = assertDoesNotThrow(
                    () -> connector.registerUserId(APP_ID, USER_ID),
                    "Failed to register App-ID"
            );
            assertTrue(res, "Failed to register App-ID");
            connector.resetAuth();
            assumeFalse(connector.isAuthorized());
            // Authenticate with created credentials.
            AuthResponse resp = assertDoesNotThrow(
                    () -> connector.authAppId(APP_ID, USER_ID),
                    "Failed to authenticate using App-ID"
            );
            assertTrue(connector.isAuthorized(), "Authorization flag not set after App-ID login");
        }
    }
    @Nested
    @DisplayName("AppRole Tests")
    @TestMethodOrder(MethodOrderer.OrderAnnotation.class)
@@ -694,21 +620,21 @@ class HTTPVaultConnectorIT {
            // Try unauthorized access first.
            assumeFalse(connector.isAuthorized());
-            assertThrows(AuthorizationRequiredException.class, () -> connector.listAppRoles());
+            assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().listRoles());
-            assertThrows(AuthorizationRequiredException.class, () -> connector.listAppRoleSecrets(""));
+            assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().listSecrets(""));
            // Authorize.
            authRoot();
            assumeTrue(connector.isAuthorized());
            // Verify pre-existing rules.
-            List<String> res = assertDoesNotThrow(() -> connector.listAppRoles(), "Role listing failed");
+            List<String> res = assertDoesNotThrow(() -> connector.appRole().listRoles(), "Role listing failed");
            assertEquals(2, res.size(), "Unexpected number of AppRoles");
            assertTrue(res.containsAll(List.of(APPROLE_ROLE_NAME, APPROLE_ROLE2_NAME)), "Pre-configured roles not listed");
            // Check secret IDs.
-            res = assertDoesNotThrow(() -> connector.listAppRoleSecrets(APPROLE_ROLE_NAME), "AppRole secret listing failed");
+            res = assertDoesNotThrow(() -> connector.appRole().listSecrets(APPROLE_ROLE_NAME), "AppRole secret listing failed");
            assertEquals(List.of(APPROLE_SECRET_ACCESSOR), res, "Pre-configured AppRole secret not listed");
        }
@@ -721,14 +647,14 @@ class HTTPVaultConnectorIT {
        void createAppRoleTest() {
            // Try unauthorized access first.
            assumeFalse(connector.isAuthorized());
-            assertThrows(AuthorizationRequiredException.class, () -> connector.createAppRole(new AppRole()));
+            assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().create(new AppRole()));
-            assertThrows(AuthorizationRequiredException.class, () -> connector.lookupAppRole(""));
+            assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().lookup(""));
-            assertThrows(AuthorizationRequiredException.class, () -> connector.deleteAppRole(""));
+            assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().delete(""));
-            assertThrows(AuthorizationRequiredException.class, () -> connector.getAppRoleID(""));
+            assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().getRoleID(""));
-            assertThrows(AuthorizationRequiredException.class, () -> connector.setAppRoleID("", ""));
+            assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().setRoleID("", ""));
-            assertThrows(AuthorizationRequiredException.class, () -> connector.createAppRoleSecret("", ""));
+            assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().createSecret("", ""));
-            assertThrows(AuthorizationRequiredException.class, () -> connector.lookupAppRoleSecret("", ""));
+            assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().lookupSecret("", ""));
-            assertThrows(AuthorizationRequiredException.class, () -> connector.destroyAppRoleSecret("", ""));
+            assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().destroySecret("", ""));
            // Authorize.
            authRoot();
@@ -740,23 +666,23 @@ class HTTPVaultConnectorIT {
            AppRole role = AppRole.builder(roleName).build();
            // Create role.
-            boolean createRes = assertDoesNotThrow(() -> connector.createAppRole(role), "Role creation failed");
+            boolean createRes = assertDoesNotThrow(() -> connector.appRole().create(role), "Role creation failed");
            assertTrue(createRes, "Role creation failed");
            // Lookup role.
-            AppRoleResponse res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName), "Role lookup failed");
+            AppRoleResponse res = assertDoesNotThrow(() -> connector.appRole().lookup(roleName), "Role lookup failed");
            assertNotNull(res.getRole(), "Role lookup returned no role");
            // Lookup role ID.
-            String roleID = assertDoesNotThrow(() -> connector.getAppRoleID(roleName), "Role ID lookup failed");
+            String roleID = assertDoesNotThrow(() -> connector.appRole().getRoleID(roleName), "Role ID lookup failed");
            assertNotEquals("", roleID, "Role ID lookup returned empty ID");
            // Set custom role ID.
            String roleID2 = "custom-role-id";
-            assertDoesNotThrow(() -> connector.setAppRoleID(roleName, roleID2), "Setting custom role ID failed");
+            assertDoesNotThrow(() -> connector.appRole().setRoleID(roleName, roleID2), "Setting custom role ID failed");
            // Verify role ID.
-            String res2 = assertDoesNotThrow(() -> connector.getAppRoleID(roleName), "Role ID lookup failed");
+            String res2 = assertDoesNotThrow(() -> connector.appRole().getRoleID(roleName), "Role ID lookup failed");
            assertEquals(roleID2, res2, "Role ID lookup returned wrong ID");
            // Update role model with custom flags.
@@ -765,44 +691,44 @@ class HTTPVaultConnectorIT {
                .build();
            // Create role.
-            boolean res3 = assertDoesNotThrow(() -> connector.createAppRole(role2), "Role creation failed");
+            boolean res3 = assertDoesNotThrow(() -> connector.appRole().create(role2), "Role creation failed");
            assertTrue(res3, "No result given");
            // Lookup updated role.
-            res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName), "Role lookup failed");
+            res = assertDoesNotThrow(() -> connector.appRole().lookup(roleName), "Role lookup failed");
            assertNotNull(res.getRole(), "Role lookup returned no role");
            assertEquals(321, res.getRole().getTokenPeriod(), "Token period not set for role");
            // Create role by name.
            String roleName2 = "RoleByName";
-            assertDoesNotThrow(() -> connector.createAppRole(roleName2), "Creation of role by name failed");
+            assertDoesNotThrow(() -> connector.appRole().create(roleName2), "Creation of role by name failed");
-            res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName2), "Creation of role by name failed");
+            res = assertDoesNotThrow(() -> connector.appRole().lookup(roleName2), "Creation of role by name failed");
            assertNotNull(res.getRole(), "Role lookuo returned not value");
            // Create role by name with custom ID.
            String roleName3 = "RoleByName";
            String roleID3 = "RolyByNameID";
-            assertDoesNotThrow(() -> connector.createAppRole(roleName3, roleID3), "Creation of role by name failed");
+            assertDoesNotThrow(() -> connector.appRole().create(roleName3, roleID3), "Creation of role by name failed");
-            res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName3), "Creation of role by name failed");
+            res = assertDoesNotThrow(() -> connector.appRole().lookup(roleName3), "Creation of role by name failed");
            assertNotNull(res.getRole(), "Role lookuo returned not value");
-            res2 = assertDoesNotThrow(() -> connector.getAppRoleID(roleName3), "Creation of role by name failed");
+            res2 = assertDoesNotThrow(() -> connector.appRole().getRoleID(roleName3), "Creation of role by name failed");
            assertEquals(roleID3, res2, "Role lookuo returned wrong ID");
            // Create role by name with policies.
            assertDoesNotThrow(
-                    () -> connector.createAppRole(roleName3, Collections.singletonList("testpolicy")),
+                () -> connector.appRole().create(roleName3, Collections.singletonList("testpolicy")),
                "Creation of role by name failed"
            );
-            res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName3), "Creation of role by name failed");
+            res = assertDoesNotThrow(() -> connector.appRole().lookup(roleName3), "Creation of role by name failed");
            // Note: As of Vault 0.8.3 default policy is not added automatically, so this test should return 1, not 2.
            assertEquals(List.of("testpolicy"), res.getRole().getTokenPolicies(), "Role lookup returned unexpected policies");
            // Delete role.
-            assertDoesNotThrow(() -> connector.deleteAppRole(roleName3), "Deletion of role failed");
+            assertDoesNotThrow(() -> connector.appRole().delete(roleName3), "Deletion of role failed");
            assertThrows(
                InvalidResponseException.class,
-                    () -> connector.lookupAppRole(roleName3),
+                () -> connector.appRole().lookup(roleName3),
                "Deleted role could be looked up"
            );
        }
@@ -819,7 +745,7 @@ class HTTPVaultConnectorIT {
            // Create default (random) secret for existing role.
            AppRoleSecretResponse res = assertDoesNotThrow(
-                    () -> connector.createAppRoleSecret(APPROLE_ROLE_NAME),
+                () -> connector.appRole().createSecret(APPROLE_ROLE_NAME),
                "AppRole secret creation failed"
            );
            assertNotNull(res.getSecret(), "No secret returned");
@@ -827,26 +753,26 @@ class HTTPVaultConnectorIT {
            // Create secret with custom ID.
            String secretID = "customSecretId";
            res = assertDoesNotThrow(
-                    () -> connector.createAppRoleSecret(APPROLE_ROLE_NAME, secretID),
+                () -> connector.appRole().createSecret(APPROLE_ROLE_NAME, secretID),
                "AppRole secret creation failed"
            );
            assertEquals(secretID, res.getSecret().getId(), "Unexpected secret ID returned");
            // Lookup secret.
            res = assertDoesNotThrow(
-                    () -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
+                () -> connector.appRole().lookupSecret(APPROLE_ROLE_NAME, secretID),
                "AppRole secret lookup failed"
            );
            assertNotNull(res.getSecret(), "No secret information returned");
            // Destroy secret.
            assertDoesNotThrow(
-                    () -> connector.destroyAppRoleSecret(APPROLE_ROLE_NAME, secretID),
+                () -> connector.appRole().destroySecret(APPROLE_ROLE_NAME, secretID),
                "AppRole secret destruction failed"
            );
            assertThrows(
                InvalidResponseException.class,
-                    () -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
+                () -> connector.appRole().lookupSecret(APPROLE_ROLE_NAME, secretID),
                "Destroyed AppRole secret successfully read"
            );
        }
@@ -899,7 +825,7 @@ class HTTPVaultConnectorIT {
                .build();
            // Create token.
-            AuthResponse res = assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed");
+            AuthResponse res = assertDoesNotThrow(() -> connector.token().create(token), "Token creation failed");
            assertNotNull(res, "No result given");
            assertEquals("test-id", res.getAuth().getClientToken(), "Invalid token ID returned");
            assertEquals(List.of("root"), res.getAuth().getPolicies(), "Expected inherited root policy");
@@ -909,7 +835,7 @@ class HTTPVaultConnectorIT {
            assertFalse(res.getAuth().isRenewable(), "Root token should not be renewable");
            assertFalse(res.getAuth().isOrphan(), "Root token should not be orphan");
-            // Starting with Vault 1.0 a warning "custom ID uses weaker SHA1.." is given.
+            // Starting with Vault 1.0 a warning "custom ID uses weaker SHA1..." is given.
            // Starting with Vault 1.11 a second warning "Endpoint ignored unrecognized parameters" is given.
            assertFalse(res.getWarnings().isEmpty(), "Token creation did not return expected warning");
@@ -921,7 +847,7 @@ class HTTPVaultConnectorIT {
                .withoutDefaultPolicy()
                .withMeta("foo", "bar")
                .build();
-            res = assertDoesNotThrow(() -> connector.createToken(token2), "Token creation failed");
+            res = assertDoesNotThrow(() -> connector.token().create(token2), "Token creation failed");
            assertEquals("test-id2", res.getAuth().getClientToken(), "Invalid token ID returned");
            assertEquals(List.of("testpolicy"), res.getAuth().getPolicies(), "Invalid policies returned");
            assertNotNull(res.getAuth().getMetadata(), "Metadata not given");
@@ -936,11 +862,11 @@ class HTTPVaultConnectorIT {
                .withDefaultPolicy()
                .withMeta("test", "success")
                .withMeta("key", "value")
-                    .withTtl(1234)
+                .withTtl(1234L)
                .build();
            InvalidResponseException e = assertThrows(
                InvalidResponseException.class,
-                    () -> connector.createToken(token3),
+                () -> connector.token().create(token3),
                "Overwriting token should fail as of Vault 0.8.0"
            );
            assertEquals(400, e.getStatusCode());
@@ -954,7 +880,7 @@ class HTTPVaultConnectorIT {
                .withoutDefaultPolicy()
                .withType(Token.Type.BATCH)
                .build();
-            res = assertDoesNotThrow(() -> connector.createToken(token4), "Token creation failed");
+            res = assertDoesNotThrow(() -> connector.token().create(token4), "Token creation failed");
            assertTrue(
                // Expecting batch token. "hvb." Prefix as of Vault 1.10, "b." before.
                res.getAuth().getClientToken().startsWith("b.") || res.getAuth().getClientToken().startsWith("hvb."),
@@ -982,12 +908,12 @@ class HTTPVaultConnectorIT {
                .withId("my-token")
                .withType(Token.Type.SERVICE)
                .build();
-            assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed");
+            assertDoesNotThrow(() -> connector.token().create(token), "Token creation failed");
            authRoot();
            assumeTrue(connector.isAuthorized());
-            TokenResponse res = assertDoesNotThrow(() -> connector.lookupToken("my-token"), "Token creation failed");
+            TokenResponse res = assertDoesNotThrow(() -> connector.token().lookup("my-token"), "Token creation failed");
            assertEquals(token.getId(), res.getData().getId(), "Unexpected token ID");
            assertEquals(1, res.getData().getPolicies().size(), "Unexpected number of policies");
            assertTrue(res.getData().getPolicies().contains("root"), "Unexpected policy");
@@ -1010,14 +936,14 @@ class HTTPVaultConnectorIT {
            final TokenRole role = TokenRole.builder().build();
            boolean creationRes = assertDoesNotThrow(
-                    () -> connector.createOrUpdateTokenRole(roleName, role),
+                () -> connector.token().createOrUpdateRole(roleName, role),
                "Token role creation failed"
            );
            assertTrue(creationRes, "Token role creation failed");
            // Read the role.
            TokenRoleResponse res = assertDoesNotThrow(
-                    () -> connector.readTokenRole(roleName),
+                () -> connector.token().readRole(roleName),
                "Reading token role failed"
            );
            assertNotNull(res, "Token role response must not be null");
@@ -1037,12 +963,12 @@ class HTTPVaultConnectorIT {
                .build();
            creationRes = assertDoesNotThrow(
-                    () -> connector.createOrUpdateTokenRole(role2),
+                () -> connector.token().createOrUpdateRole(role2),
                "Token role update failed"
            );
            assertTrue(creationRes, "Token role update failed");
-            res = assertDoesNotThrow(() -> connector.readTokenRole(roleName), "Reading token role failed");
+            res = assertDoesNotThrow(() -> connector.token().readRole(roleName), "Reading token role failed");
            assertNotNull(res, "Token role response must not be null");
            assertNotNull(res.getData(), "Token role must not be null");
            assertEquals(roleName, res.getData().getName(), "Token role name not as expected");
@@ -1051,15 +977,84 @@ class HTTPVaultConnectorIT {
            assertEquals(42, res.getData().getTokenNumUses(), "Unexpected number of token uses after update");
            // List roles.
-            List<String> listRes = assertDoesNotThrow(() -> connector.listTokenRoles(), "Listing token roles failed");
+            List<String> listRes = assertDoesNotThrow(() -> connector.token().listRoles(), "Listing token roles failed");
            assertNotNull(listRes, "Token role list must not be null");
            assertEquals(List.of(roleName), listRes, "Unexpected token role list");
            // Delete the role.
-            creationRes = assertDoesNotThrow(() -> connector.deleteTokenRole(roleName), "Token role deletion failed");
+            creationRes = assertDoesNotThrow(() -> connector.token().deleteRole(roleName), "Token role deletion failed");
            assertTrue(creationRes, "Token role deletion failed");
-            assertThrows(InvalidResponseException.class, () -> connector.readTokenRole(roleName), "Reading nonexistent token role should fail");
+            assertThrows(InvalidResponseException.class, () -> connector.token().readRole(roleName), "Reading nonexistent token role should fail");
-            assertThrows(InvalidResponseException.class, () -> connector.listTokenRoles(), "Listing nonexistent token roles should fail");
+            assertThrows(InvalidResponseException.class, () -> connector.token().listRoles(), "Listing nonexistent token roles should fail");
        }
    }
    @Nested
    @DisplayName("Transit Tests")
    class TransitTests {
        @Test
        @DisplayName("Transit encryption")
        void transitEncryptTest() {
            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
            assumeTrue(connector.isAuthorized());
            TransitResponse transitResponse = assertDoesNotThrow(
                () -> connector.transit().encrypt("my-key", "dGVzdCBtZQ=="),
                "Failed to encrypt via transit"
            );
            assertNotNull(transitResponse.getCiphertext());
            assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
            transitResponse = assertDoesNotThrow(
                () -> connector.transit().encrypt("my-key", "test me".getBytes(UTF_8)),
                "Failed to encrypt binary data via transit"
            );
            assertNotNull(transitResponse.getCiphertext());
            assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
        }
        @Test
        @DisplayName("Transit decryption")
        void transitDecryptTest() {
            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
            assumeTrue(connector.isAuthorized());
            TransitResponse transitResponse = assertDoesNotThrow(
                () -> connector.transit().decrypt("my-key", "vault:v1:1mhLVkBAR2nrFtIkJF/qg57DWfRj0FWgR6tvkGO8XOnL6sw="),
                "Failed to decrypt via transit"
            );
            assertEquals("dGVzdCBtZQ==", transitResponse.getPlaintext());
        }
        @Test
        @DisplayName("Transit hash")
        void transitHashText() {
            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
            assumeTrue(connector.isAuthorized());
            TransitResponse transitResponse = assertDoesNotThrow(
                () -> connector.transit().hash("sha2-512", "dGVzdCBtZQ=="),
                "Failed to hash via transit"
            );
            assertEquals("7677af0ee4effaa9f35e9b1e82d182f79516ab8321786baa23002de7c06851059492dd37d5fc3791f17d81d4b58198d24a6fd8bbd62c42c1c30b371da500f193", transitResponse.getSum());
            TransitResponse transitResponseBase64 = assertDoesNotThrow(
                () -> connector.transit().hash("sha2-256", "dGVzdCBtZQ==", "base64"),
                "Failed to hash via transit with base64 output"
            );
            assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
            transitResponseBase64 = assertDoesNotThrow(
                () -> connector.transit().hash("sha2-256", "test me".getBytes(UTF_8), "base64"),
                "Failed to hash binary data via transit"
            );
            assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
        }
    }
@@ -1077,17 +1072,13 @@ class HTTPVaultConnectorIT {
            assumeTrue(connector.isAuthorized());
            List<AuthBackend> supportedBackends = assertDoesNotThrow(
-                    () -> connector.getAuthBackends(),
+                () -> connector.sys().getAuthBackends(),
                "Could not list supported auth backends"
            );
-            if (legacy) {
+
                assertEquals(4, supportedBackends.size());
                assertTrue(supportedBackends.containsAll(List.of(AuthBackend.TOKEN, AuthBackend.USERPASS, AuthBackend.APPID, AuthBackend.APPROLE)));
            } else {
            assertEquals(3, supportedBackends.size());
            assertTrue(supportedBackends.containsAll(List.of(AuthBackend.TOKEN, AuthBackend.USERPASS, AuthBackend.APPROLE)));
        }
        }
        /**
         * Test authentication using username and password.
@@ -1141,22 +1132,22 @@ class HTTPVaultConnectorIT {
        @Test
        @DisplayName("Seal test")
        void sealTest() throws VaultConnectorException {
-            SealResponse sealStatus = connector.sealStatus();
+            SealResponse sealStatus = connector.sys().sealStatus();
            assumeFalse(sealStatus.isSealed());
            // Unauthorized sealing should fail.
-            assertThrows(VaultConnectorException.class, connector::seal, "Unauthorized sealing succeeded");
+            assertThrows(VaultConnectorException.class, () -> connector.sys().seal(), "Unauthorized sealing succeeded");
            assertFalse(sealStatus.isSealed(), "Vault sealed, although sealing failed");
            // Root user should be able to seal.
            authRoot();
            assumeTrue(connector.isAuthorized());
-            assertDoesNotThrow(connector::seal, "Sealing failed");
+            assertDoesNotThrow(() -> connector.sys().seal(), "Sealing failed");
-            sealStatus = connector.sealStatus();
+            sealStatus = connector.sys().sealStatus();
            assertTrue(sealStatus.isSealed(), "Vault not sealed");
-            sealStatus = connector.unseal(KEY2);
+            sealStatus = connector.sys().unseal(KEY2);
            assertTrue(sealStatus.isSealed(), "Vault unsealed with only 1 key");
-            sealStatus = connector.unseal(KEY3);
+            sealStatus = connector.sys().unseal(KEY3);
            assertFalse(sealStatus.isSealed(), "Vault not unsealed");
        }
@@ -1166,7 +1157,7 @@ class HTTPVaultConnectorIT {
        @Test
        @DisplayName("Health test")
        void healthTest() {
-            HealthResponse res = assertDoesNotThrow(connector::getHealth, "Retrieving health status failed");
+            HealthResponse res = assertDoesNotThrow(() -> connector.sys().getHealth(), "Retrieving health status failed");
            assertNotNull(res, "Health response should be set");
            assertEquals(VAULT_VERSION, res.getVersion(), "Unexpected version");
            assertTrue(res.isInitialized(), "Unexpected init status");
@@ -1175,11 +1166,11 @@ class HTTPVaultConnectorIT {
            // No seal vault and verify correct status.
            authRoot();
-            assertDoesNotThrow(connector::seal, "Unexpected exception on sealing");
+            assertDoesNotThrow(() -> connector.sys().seal(), "Unexpected exception on sealing");
-            SealResponse sealStatus = assertDoesNotThrow(connector::sealStatus);
+            SealResponse sealStatus = assertDoesNotThrow(() -> connector.sys().sealStatus());
            assumeTrue(sealStatus.isSealed());
            connector.resetAuth();  // Should work unauthenticated
-            res = assertDoesNotThrow(connector::getHealth, "Retrieving health status failed when sealed");
+            res = assertDoesNotThrow(() -> connector.sys().getHealth(), "Retrieving health status failed when sealed");
            assertTrue(res.isSealed(), "Unexpected seal status");
        }
@@ -1212,11 +1203,7 @@ class HTTPVaultConnectorIT {
     */
    private VaultConfiguration initializeVault(File dir, boolean tls) throws IllegalStateException, IOException {
        File dataDir = new File(dir, "data");
        if (legacy) {
            copyDirectory(new File(getClass().getResource("/data_dir_legacy").getPath()), dataDir);
        } else {
        copyDirectory(new File(getClass().getResource("/data_dir").getPath()), dataDir);
        }
        // Generate vault local unencrypted configuration.
        VaultConfiguration config = new VaultConfiguration()
@@ -1234,15 +1221,17 @@ class HTTPVaultConnectorIT {
        // Write configuration file.
        File configFile = new File(dir, "vault.conf");
-        try (BufferedWriter bw = new BufferedWriter(new FileWriter(configFile))) {
+        try {
-            bw.write(config.toString());
+            Files.writeString(configFile.toPath(), config.toString(), UTF_8);
        } catch (IOException e) {
            throw new IllegalStateException("Unable to generate config file", e);
        }
        // Start vault process.
        try {
-            vaultProcess = Runtime.getRuntime().exec("vault server -config " + configFile);
+            vaultProcess = new ProcessBuilder("vault", "server", "-config", configFile.toString())
                .directory(dir)
                .start();
        } catch (IOException e) {
            throw new IllegalStateException("Unable to start vault. Make sure vault binary is in your executable path", e);
        }
@@ -1293,10 +1282,8 @@ class HTTPVaultConnectorIT {
            return socket.getLocalPort();
        } catch (IOException e) {
-            e.printStackTrace();
+            throw new IllegalStateException("Unable to find a free TCP port", e);
        }
        throw new IllegalStateException("Unable to find a free TCP port");
    }
    /**
@@ -1310,35 +1297,4 @@ class HTTPVaultConnectorIT {
        th.printStackTrace(new PrintWriter(sw, true));
        return sw.getBuffer().toString();
    }
    /**
     * Compare two version strings.
     *
     * @param version1 Version 1
     * @param version2 Version 2
     * @return negative value if version 1 is smaller than version2, positive value of version 1 is greater, 0 if equal
     */
    private static int compareVersions(String version1, String version2) {
        int comparisonResult = 0;
        String[] version1Splits = version1.split("\\.");
        String[] version2Splits = version2.split("\\.");
        int maxLengthOfVersionSplits = Math.max(version1Splits.length, version2Splits.length);
        for (int i = 0; i < maxLengthOfVersionSplits; i++) {
            Integer v1 = i < version1Splits.length ? Integer.parseInt(version1Splits[i]) : 0;
            Integer v2 = i < version2Splits.length ? Integer.parseInt(version2Splits[i]) : 0;
            int compare = v1.compareTo(v2);
            if (compare != 0) {
                comparisonResult = compare;
                break;
            }
        }
        return comparisonResult;
    }
    private static boolean isLegacy() {
        return legacy;
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -17,13 +17,13 @@
 package de.stklcode.jvault.connector;
 import com.github.tomakehurst.wiremock.client.WireMock;
-import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
+import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
 import com.github.tomakehurst.wiremock.junit5.WireMockTest;
 import de.stklcode.jvault.connector.exception.ConnectionException;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.exception.PermissionDeniedException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 import org.junit.jupiter.api.function.Executable;
 import java.io.IOException;
@@ -36,9 +36,7 @@ import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.*;
 import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
 import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
 import static org.junit.jupiter.api.Assertions.*;
 /**
@@ -48,25 +46,21 @@ import static org.junit.jupiter.api.Assertions.*;
 * @author Stefan Kalscheuer
 * @since 0.7.0
 */
@WireMockTest
 class HTTPVaultConnectorTest {
    @RegisterExtension
    static WireMockExtension wireMock = WireMockExtension.newInstance()
            .options(wireMockConfig().dynamicPort())
            .build();
    /**
     * Test exceptions thrown during request.
     */
    @Test
-    void requestExceptionTest() throws IOException, URISyntaxException {
+    void requestExceptionTest(WireMockRuntimeInfo wireMock) throws IOException, URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
+        try (var connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build()) {
            // Test invalid response code.
            final int responseCode = 400;
            mockHttpResponse(responseCode, "", "application/json");
            VaultConnectorException e = assertThrows(
                InvalidResponseException.class,
-                connector::getHealth,
+                () -> connector.sys().getHealth(),
                "Querying health status succeeded on invalid instance"
            );
            assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message");
@@ -77,33 +71,34 @@ class HTTPVaultConnectorTest {
            mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json");
            assertThrows(
                PermissionDeniedException.class,
-                connector::getHealth,
+                () -> connector.sys().getHealth(),
                "Querying health status succeeded on invalid instance"
            );
        }
        // Test exception thrown during request.
-        try (ServerSocket s = new ServerSocket(0)) {
+        try (ServerSocket s = new ServerSocket(0);
-            connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build();
+             var connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build()) {
-        }
+            var e = assertThrows(
        e = assertThrows(
                ConnectionException.class,
-                connector::getHealth,
+                () -> connector.sys().getHealth(),
                "Querying health status succeeded on invalid instance"
            );
            assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
-        assertTrue(e.getCause() instanceof IOException, "Unexpected cause");
+            assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
        }
        // Now simulate a failing request that succeeds on second try.
-        connector = HTTPVaultConnector.builder(wireMock.url("/")).withNumberOfRetries(1).withTimeout(250).build();
+        try (var connector3 = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withNumberOfRetries(1).withTimeout(250).build()) {
-
+            stubFor(
        wireMock.stubFor(
                WireMock.any(anyUrl())
                    .willReturn(aResponse().withStatus(500))
                    .willReturn(aResponse().withStatus(500))
                    .willReturn(aResponse().withStatus(500))
                    .willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json"))
            );
-        assertDoesNotThrow(connector::getHealth, "Request failed unexpectedly");
+            assertDoesNotThrow(() -> connector3.sys().getHealth(), "Request failed unexpectedly");
        }
    }
    /**
@@ -165,7 +160,7 @@ class HTTPVaultConnectorTest {
        }
        ConnectionException e = assertThrows(
            ConnectionException.class,
-                connector::sealStatus,
+            () -> connector.sys().sealStatus(),
            "Querying seal status succeeded on invalid instance"
        );
        assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
@@ -183,7 +178,7 @@ class HTTPVaultConnectorTest {
        }
        ConnectionException e = assertThrows(
            ConnectionException.class,
-                connector::getHealth,
+            () -> connector.sys().getHealth(),
            "Querying health status succeeded on invalid instance"
        );
        assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
@@ -193,29 +188,29 @@ class HTTPVaultConnectorTest {
     * Test behavior on unparsable responses.
     */
    @Test
-    void parseExceptionTest() throws URISyntaxException {
+    void parseExceptionTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
        // Mock authorization.
        setPrivate(connector, "authorized", true);
        // Mock response.
        mockHttpResponse(200, "invalid", "application/json");
        // Now test the methods.
-        assertParseError(connector::sealStatus, "sealStatus() succeeded on invalid instance");
+        assertParseError(() -> connector.sys().sealStatus(), "sys().sealStatus() succeeded on invalid instance");
-        assertParseError(() -> connector.unseal("key"), "unseal() succeeded on invalid instance");
+        assertParseError(() -> connector.sys().unseal("key"), "sys().unseal() succeeded on invalid instance");
-        assertParseError(connector::getHealth, "getHealth() succeeded on invalid instance");
+        assertParseError(() -> connector.sys().getHealth(), "sys().getHealth() succeeded on invalid instance");
-        assertParseError(connector::getAuthBackends, "getAuthBackends() succeeded on invalid instance");
+        assertParseError(() -> connector.sys().getAuthBackends(), "sys().getAuthBackends() succeeded on invalid instance");
        assertParseError(() -> connector.authToken("token"), "authToken() succeeded on invalid instance");
-        assertParseError(() -> connector.lookupAppRole("roleName"), "lookupAppRole() succeeded on invalid instance");
+        assertParseError(() -> connector.appRole().lookup("roleName"), "appRole().lookup() succeeded on invalid instance");
-        assertParseError(() -> connector.getAppRoleID("roleName"), "getAppRoleID() succeeded on invalid instance");
+        assertParseError(() -> connector.appRole().getRoleID("roleName"), "appRole().getRoleID() succeeded on invalid instance");
-        assertParseError(() -> connector.createAppRoleSecret("roleName"), "createAppRoleSecret() succeeded on invalid instance");
+        assertParseError(() -> connector.appRole().createSecret("roleName"), "appRole().createSecret() succeeded on invalid instance");
-        assertParseError(() -> connector.lookupAppRoleSecret("roleName", "secretID"), "lookupAppRoleSecret() succeeded on invalid instance");
+        assertParseError(() -> connector.appRole().lookupSecret("roleName", "secretID"), "appRole().lookupSecret() succeeded on invalid instance");
-        assertParseError(connector::listAppRoles, "listAppRoles() succeeded on invalid instance");
+        assertParseError(() -> connector.appRole().listRoles(), "appRole().listRoles() succeeded on invalid instance");
-        assertParseError(() -> connector.listAppRoleSecrets("roleName"), "listAppRoleSecrets() succeeded on invalid instance");
+        assertParseError(() -> connector.appRole().listSecrets("roleName"), "appRole().listSecrets() succeeded on invalid instance");
        assertParseError(() -> connector.read("key"), "read() succeeded on invalid instance");
        assertParseError(() -> connector.list("path"), "list() succeeded on invalid instance");
        assertParseError(() -> connector.renew("leaseID"), "renew() succeeded on invalid instance");
-        assertParseError(() -> connector.lookupToken("token"), "lookupToken() succeeded on invalid instance");
+        assertParseError(() -> connector.token().lookup("token"), "token().lookup() succeeded on invalid instance");
    }
    private void assertParseError(Executable executable, String message) {
@@ -227,8 +222,8 @@ class HTTPVaultConnectorTest {
     * Test requests that expect an empty response with code 204, but receive a 200 body.
     */
    @Test
-    void nonEmpty204ResponseTest() throws URISyntaxException {
+    void nonEmpty204ResponseTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
        // Mock authorization.
        setPrivate(connector, "authorized", true);
        // Mock response.
@@ -237,44 +232,32 @@ class HTTPVaultConnectorTest {
        // Now test the methods expecting a 204.
        assertThrows(
            InvalidResponseException.class,
-                () -> connector.registerAppId("appID", "policy", "displayName"),
+            () -> connector.appRole().create("appID", Collections.singletonList("policy")),
-                "registerAppId() with 200 response succeeded"
+            "appRole().create() with 200 response succeeded"
        );
        assertThrows(
            InvalidResponseException.class,
-                () -> connector.registerUserId("appID", "userID"),
+            () -> connector.delete("roleName"),
-                "registerUserId() with 200 response succeeded"
+            "appRole().delete() with 200 response succeeded"
        );
        assertThrows(
            InvalidResponseException.class,
-                () -> connector.createAppRole("appID", Collections.singletonList("policy")),
+            () -> connector.appRole().setRoleID("roleName", "roleID"),
-                "createAppRole() with 200 response succeeded"
+            "appRole().setRoleID() with 200 response succeeded"
        );
        assertThrows(
            InvalidResponseException.class,
-                () -> connector.deleteAppRole("roleName"),
+            () -> connector.appRole().destroySecret("roleName", "secretID"),
-                "deleteAppRole() with 200 response succeeded"
+            "appRole().destroySecret() with 200 response succeeded"
        );
        assertThrows(
            InvalidResponseException.class,
-                () -> connector.setAppRoleID("roleName", "roleID"),
+            () -> connector.appRole().destroySecret("roleName", "secretUD"),
-                "setAppRoleID() with 200 response succeeded"
+            "appRole().destroySecret() with 200 response succeeded"
        );
        assertThrows(
                InvalidResponseException.class,
                () -> connector.destroyAppRoleSecret("roleName", "secretID"),
                "destroyAppRoleSecret() with 200 response succeeded"
        );
        assertThrows(
                InvalidResponseException.class,
                () -> connector.destroyAppRoleSecret("roleName", "secretUD"),
                "destroyAppRoleSecret() with 200 response succeeded"
        );
        assertThrows(
@@ -300,7 +283,7 @@ class HTTPVaultConnectorTest {
    private Object getPrivate(Object target, String fieldName) throws NoSuchFieldException, IllegalAccessException {
        Field field = target.getClass().getDeclaredField(fieldName);
-        if (field.isAccessible()) {
+        if (field.canAccess(target)) {
            return field.get(target);
        }
        field.setAccessible(true);
@@ -312,7 +295,7 @@ class HTTPVaultConnectorTest {
    private void setPrivate(Object target, String fieldName, Object value) {
        try {
            Field field = target.getClass().getDeclaredField(fieldName);
-            boolean accessible = field.isAccessible();
+            boolean accessible = field.canAccess(target);
            field.setAccessible(true);
            field.set(target, value);
            field.setAccessible(accessible);
@@ -322,7 +305,7 @@ class HTTPVaultConnectorTest {
    }
    private void mockHttpResponse(int status, String body, String contentType) {
-        wireMock.stubFor(
+        stubFor(
            WireMock.any(anyUrl()).willReturn(
                aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
            )
--- a/src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/AbstractModelTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AbstractModelTest.java
@@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import nl.jqno.equalsverifier.EqualsVerifier;
 import org.junit.jupiter.api.Test;
@@ -29,10 +30,11 @@ public abstract class AbstractModelTest<T> {
     */
    protected AbstractModelTest(Class<T> modelClass) {
        this.modelClass = modelClass;
-        this.objectMapper = new ObjectMapper()
+        this.objectMapper = JsonMapper.builder()
-                .registerModule(new JavaTimeModule())
+            .addModule(new JavaTimeModule())
            .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+            .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
            .build();
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -115,7 +115,7 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
     */
    @Test
    void jsonTest() throws NoSuchFieldException, IllegalAccessException {
-        // A simple roundtrip first. All set fields should be present afterwards..
+        // A simple roundtrip first. All set fields should be present afterward.
        AppRoleSecret secret = new AppRoleSecret(TEST_ID, TEST_META, TEST_CIDR);
        String secretJson = assertDoesNotThrow(() -> objectMapper.writeValueAsString(secret), "Serialization failed");
        // CIDR list is comma-separated when used as input, but List otherwise, hence convert string to list.
@@ -173,14 +173,14 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
    private static void setPrivateField(Object object, String fieldName, Object value) throws NoSuchFieldException, IllegalAccessException {
        Field field = object.getClass().getDeclaredField(fieldName);
-        boolean accessible = field.isAccessible();
+        boolean accessible = field.canAccess(object);
        field.setAccessible(true);
        field.set(object, value);
        field.setAccessible(accessible);
    }
    private static String commaSeparatedToList(String json) {
-        return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":\\[$1\\]")
+        return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":[$1]")
            .replaceAll("(\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+)", "\"$1\"");
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -42,18 +42,18 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
    private static final String POLICY = "policy";
    private static final String POLICY_2 = "policy2";
    private static final Integer SECRET_ID_NUM_USES = 10;
-    private static final Integer SECRET_ID_TTL = 7200;
+    private static final Long SECRET_ID_TTL = 7200L;
-    private static final Boolean ENABLE_LOCAL_SECRET_IDS = false;
+    private static final Boolean LOCAL_SECRET_IDS = false;
-    private static final Integer TOKEN_TTL = 4800;
+    private static final Long TOKEN_TTL = 4800L;
-    private static final Integer TOKEN_MAX_TTL = 9600;
+    private static final Long TOKEN_MAX_TTL = 9600L;
-    private static final Integer TOKEN_EXPLICIT_MAX_TTL = 14400;
+    private static final Long TOKEN_EXPLICIT_MAX_TTL = 14400L;
    private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
    private static final Integer TOKEN_NUM_USES = 42;
    private static final Integer TOKEN_PERIOD = 1234;
    private static final Token.Type TOKEN_TYPE = Token.Type.DEFAULT_SERVICE;
    private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}";
-    private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"enable_local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}",
+    private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}",
-            NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, ENABLE_LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value());
+        NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value());
    AppRoleTest() {
        super(AppRole.class);
@@ -68,7 +68,7 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
            .withTokenPolicies(POLICIES)
            .withSecretIdNumUses(SECRET_ID_NUM_USES)
            .withSecretIdTtl(SECRET_ID_TTL)
-                .withEnableLocalSecretIds(ENABLE_LOCAL_SECRET_IDS)
+            .withLocalSecretIds(LOCAL_SECRET_IDS)
            .withTokenTtl(TOKEN_TTL)
            .withTokenMaxTtl(TOKEN_MAX_TTL)
            .withTokenBoundCidrs(BOUND_CIDR_LIST)
@@ -98,7 +98,7 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
        assertNull(role.getTokenPolicies());
        assertNull(role.getSecretIdNumUses());
        assertNull(role.getSecretIdTtl());
-        assertNull(role.getEnableLocalSecretIds());
+        assertNull(role.getLocalSecretIds());
        assertNull(role.getTokenTtl());
        assertNull(role.getTokenMaxTtl());
        assertNull(role.getTokenBoundCidrs());
@@ -125,7 +125,7 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
        assertEquals(POLICIES, role.getTokenPolicies());
        assertEquals(SECRET_ID_NUM_USES, role.getSecretIdNumUses());
        assertEquals(SECRET_ID_TTL, role.getSecretIdTtl());
-        assertEquals(ENABLE_LOCAL_SECRET_IDS, role.getEnableLocalSecretIds());
+        assertEquals(LOCAL_SECRET_IDS, role.getLocalSecretIds());
        assertEquals(TOKEN_TTL, role.getTokenTtl());
        assertEquals(TOKEN_MAX_TTL, role.getTokenMaxTtl());
        assertEquals(BOUND_CIDR_LIST, role.getTokenBoundCidrs());
--- a/src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -33,10 +33,8 @@ class AuthBackendTest {
     * Test forType() method.
     */
    @Test
    @SuppressWarnings("deprecation")
    void forTypeTest() {
        assertEquals(AuthBackend.TOKEN, AuthBackend.forType("token"));
        assertEquals(AuthBackend.APPID, AuthBackend.forType("app-id"));
        assertEquals(AuthBackend.USERPASS, AuthBackend.forType("userpass"));
        assertEquals(AuthBackend.GITHUB, AuthBackend.forType("github"));
        assertEquals(AuthBackend.UNKNOWN, AuthBackend.forType(""));
--- a/src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -59,7 +59,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
    private static final String TOKEN_BOUND_CIDR_2 = "198.51.100.0/24";
    private static final String TOKEN_BOUND_CIDR_3 = "203.0.113.0/24";
    private static final List<String> TOKEN_BOUND_CIDRS = Arrays.asList(TOKEN_BOUND_CIDR_2, TOKEN_BOUND_CIDR_1);
-    private static final Integer TOKEN_EXPLICIT_MAX_TTL = 1234;
+    private static final Long TOKEN_EXPLICIT_MAX_TTL = 1234L;
    private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
    private static final Integer TOKEN_NUM_USES = 5;
    private static final Integer TOKEN_PERIOD = 2345;
@@ -173,7 +173,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
        assertNull(role.getTokenType());
        // Empty builder should be equal to no-arg construction.
-        assertEquals(role, new TokenRole());
+        assertEquals(new TokenRole(), role);
        // Optional fields should be ignored, so JSON string should be empty.
        assertEquals("{}", objectMapper.writeValueAsString(role));
--- a/src/test/java/de/stklcode/jvault/connector/model/TokenTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/TokenTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -35,8 +35,8 @@ class TokenTest extends AbstractModelTest<Token> {
    private static final String DISPLAY_NAME = "display-name";
    private static final Boolean NO_PARENT = false;
    private static final Boolean NO_DEFAULT_POLICY = false;
-    private static final Integer TTL = 123;
+    private static final Long TTL = 123L;
-    private static final Integer EXPLICIT_MAX_TTL = 456;
+    private static final Long EXPLICIT_MAX_TTL = 456L;
    private static final Integer NUM_USES = 4;
    private static final List<String> POLICIES = new ArrayList<>();
    private static final String POLICY = "policy";
@@ -105,7 +105,7 @@ class TokenTest extends AbstractModelTest<Token> {
        assertEquals("{}", objectMapper.writeValueAsString(token));
        // Empty builder should be equal to no-arg construction.
-        assertEquals(token, new Token());
+        assertEquals(new Token(), token);
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.AppRole;
 import org.junit.jupiter.api.Test;
@@ -32,9 +31,9 @@ import static org.junit.jupiter.api.Assertions.*;
 * @since 0.6.2
 */
 class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
-    private static final Integer ROLE_TOKEN_TTL = 1200;
+    private static final Long ROLE_TOKEN_TTL = 1200L;
-    private static final Integer ROLE_TOKEN_MAX_TTL = 1800;
+    private static final Long ROLE_TOKEN_MAX_TTL = 1800L;
-    private static final Integer ROLE_SECRET_TTL = 600;
+    private static final Long ROLE_SECRET_TTL = 600L;
    private static final Integer ROLE_SECRET_NUM_USES = 40;
    private static final String ROLE_POLICY = "default";
    private static final Integer ROLE_PERIOD = 0;
@@ -67,12 +66,10 @@ class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
    @Override
    protected AppRoleResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, AppRoleResponse.class);
+            () -> objectMapper.readValue(RES_JSON, AppRoleResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.AuthBackend;
 import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
@@ -45,9 +44,9 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
    private static final String TK_UUID = "32ea9681-6bd6-6cec-eec3-d11260ba9741";
    private static final String TK_ACCESSOR = "auth_token_ac0dd95a";
    private static final String TK_DESCR = "token based credentials";
-    private static final Integer TK_LEASE_TTL = 0;
+    private static final Long TK_LEASE_TTL = 0L;
    private static final Boolean TK_FORCE_NO_CACHE = false;
-    private static final Integer TK_MAX_LEASE_TTL = 0;
+    private static final Long TK_MAX_LEASE_TTL = 0L;
    private static final String TK_TOKEN_TYPE = "default-service";
    private static final String TK_RUNNING_PLUGIN_VERSION = "v1.15.3+builtin.vault";
@@ -90,12 +89,10 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
    @Override
    protected AuthMethodsResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, AuthMethodsResponse.class);
+            () -> objectMapper.readValue(RES_JSON, AuthMethodsResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.response.embedded.AuthData;
 import de.stklcode.jvault.connector.model.response.embedded.MfaConstraintAny;
@@ -48,6 +47,7 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
    private static final String AUTH_ENTITY_ID = "";
    private static final String AUTH_TOKEN_TYPE = "service";
    private static final Boolean AUTH_ORPHAN = false;
    private static final Integer AUTH_NUM_USES = 42;
    private static final String MFA_REQUEST_ID = "d0c9eec7-6921-8cc0-be62-202b289ef163";
    private static final String MFA_KEY = "enforcementConfigUserpass";
    private static final String MFA_METHOD_TYPE = "totp";
@@ -75,6 +75,7 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
        "    \"entity_id\": \"" + AUTH_ENTITY_ID + "\",\n" +
        "    \"token_type\": \"" + AUTH_TOKEN_TYPE + "\",\n" +
        "    \"orphan\": " + AUTH_ORPHAN + ",\n" +
        "    \"num_uses\": " + AUTH_NUM_USES + ",\n" +
        "    \"mfa_requirement\": {\n" +
        "      \"mfa_request_id\": \"" + MFA_REQUEST_ID + "\",\n" +
        "      \"mfa_constraints\": {\n" +
@@ -99,12 +100,10 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
    @Override
    protected AuthResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, AuthResponse.class);
+            () -> objectMapper.readValue(RES_JSON, AuthResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    @Test
@@ -134,6 +133,7 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
        assertEquals(AUTH_ORPHAN, data.isOrphan(), "Incorrect auth orphan flag");
        assertEquals(AUTH_TOKEN_TYPE, data.getTokenType(), "Incorrect auth token type");
        assertEquals(AUTH_ENTITY_ID, data.getEntityId(), "Incorrect auth entity id");
        assertEquals(AUTH_NUM_USES, data.getNumUses(), "Incorrect auth num uses");
        assertEquals(2, data.getPolicies().size(), "Incorrect number of policies");
        assertTrue(data.getPolicies().containsAll(Set.of(AUTH_POLICY_1, AUTH_POLICY_2)));
        assertEquals(2, data.getTokenPolicies().size(), "Incorrect number of token policies");
--- a/src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,8 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -50,21 +48,17 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
    @Override
    protected CredentialsResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(JSON, CredentialsResponse.class);
+            () -> objectMapper.readValue(JSON, CredentialsResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
     * Test getter, setter and get-methods for response data.
     *
     * @throws InvalidResponseException Should not occur
     */
    @Test
-    void getCredentialsTest() throws InvalidResponseException {
+    void getCredentialsTest() {
        // Create empty Object.
        CredentialsResponse res = new CredentialsResponse();
        assertNull(res.getUsername(), "Username not present in data map should not return anything");
--- a/src/test/java/de/stklcode/jvault/connector/model/response/ErrorResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/ErrorResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -42,12 +41,10 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
    @Override
    protected ErrorResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(JSON, ErrorResponse.class);
+            () -> objectMapper.readValue(JSON, ErrorResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -31,7 +30,7 @@ import static org.junit.jupiter.api.Assertions.*;
 class HealthResponseTest extends AbstractModelTest<HealthResponse> {
    private static final String CLUSTER_ID = "c9abceea-4f46-4dab-a688-5ce55f89e228";
    private static final String CLUSTER_NAME = "vault-cluster-5515c810";
-    private static final String VERSION = "0.9.2";
+    private static final String VERSION = "0.17.0";
    private static final Long SERVER_TIME_UTC = 1469555798L;
    private static final Boolean STANDBY = false;
    private static final Boolean SEALED = false;
@@ -39,6 +38,10 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
    private static final Boolean PERF_STANDBY = false;
    private static final String REPL_PERF_MODE = "disabled";
    private static final String REPL_DR_MODE = "disabled";
    private static final Long ECHO_DURATION = 1L;
    private static final Long CLOCK_SKEW = 0L;
    private static final Long REPL_PRIM_CANARY_AGE = 2L;
    private static final Boolean ENTERPRISE = false;
    private static final String RES_JSON = "{\n" +
        "  \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
@@ -50,7 +53,11 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
        "  \"initialized\": " + INITIALIZED + ",\n" +
        "  \"replication_performance_mode\": \"" + REPL_PERF_MODE + "\",\n" +
        "  \"replication_dr_mode\": \"" + REPL_DR_MODE + "\",\n" +
-            "  \"performance_standby\": " + PERF_STANDBY + "\n" +
+        "  \"performance_standby\": " + PERF_STANDBY + ",\n" +
        "  \"echo_duration_ms\": " + ECHO_DURATION + ",\n" +
        "  \"clock_skew_ms\": " + CLOCK_SKEW + ",\n" +
        "  \"replication_primary_canary_age_ms\": " + REPL_PRIM_CANARY_AGE + ",\n" +
        "  \"enterprise\": " + ENTERPRISE + "\n" +
        "}";
    HealthResponseTest() {
@@ -59,12 +66,10 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
    @Override
    protected HealthResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, HealthResponse.class);
+            () -> objectMapper.readValue(RES_JSON, HealthResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
@@ -87,5 +92,9 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
        assertEquals(PERF_STANDBY, res.isPerformanceStandby(), "Incorrect performance standby state");
        assertEquals(REPL_PERF_MODE, res.getReplicationPerfMode(), "Incorrect replication perf mode");
        assertEquals(REPL_DR_MODE, res.getReplicationDrMode(), "Incorrect replication DR mode");
        assertEquals(ECHO_DURATION, res.getEchoDurationMs(), "Incorrect echo duration");
        assertEquals(CLOCK_SKEW, res.getClockSkewMs(), "Incorrect clock skew");
        assertEquals(REPL_PRIM_CANARY_AGE, res.getReplicationPrimaryCanaryAgeMs(), "Incorrect canary age");
        assertEquals(ENTERPRISE, res.isEnterprise(), "Incorrect enterprise flag");
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/HelpResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/HelpResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -38,12 +37,10 @@ class HelpResponseTest extends AbstractModelTest<HelpResponse> {
    @Override
    protected HelpResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(JSON, HelpResponse.class);
+            () -> objectMapper.readValue(JSON, HelpResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,11 +16,11 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 import java.util.List;
 import java.util.Map;
 import static org.junit.jupiter.api.Assertions.*;
@@ -42,6 +42,9 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
    private static final String SECRET_META_CREATED = "2018-03-22T02:24:06.945319214Z";
    private static final String SECRET_META_DELETED = "2018-03-23T03:25:07.056420325Z";
    private static final List<String> SECRET_WARNINGS = null;
    private static final String CUSTOM_META_KEY = "foo";
    private static final String CUSTOM_META_VAL = "bar";
    private static final String SECRET_JSON_V2 = "{\n" +
        "    \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
        "    \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
@@ -54,6 +57,7 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
        "      },\n" +
        "      \"metadata\": {\n" +
        "          \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
        "          \"custom_metadata\": null,\n" +
        "          \"deletion_time\": \"\",\n" +
        "          \"destroyed\": false,\n" +
        "          \"version\": 1\n" +
@@ -73,6 +77,9 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
        "      },\n" +
        "      \"metadata\": {\n" +
        "          \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
        "          \"custom_metadata\": {" +
        "            \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" +
        "          },\n" +
        "          \"deletion_time\": \"" + SECRET_META_DELETED + "\",\n" +
        "          \"destroyed\": true,\n" +
        "          \"version\": 2\n" +
@@ -87,12 +94,10 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
    @Override
    protected MetaSecretResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class);
+            () -> objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
@@ -107,12 +112,11 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
        );
        assertSecretData(res);
        assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
        assertEquals(SECRET_META_CREATED, res.getMetadata().getCreatedTimeString(), "Incorrect creation date string");
        assertNotNull(res.getMetadata().getCreatedTime(), "Creation date parsing failed");
        assertNull(res.getMetadata().getDeletionTimeString(), "Incorrect deletion date string");
        assertNull(res.getMetadata().getDeletionTime(), "Incorrect deletion date");
        assertFalse(res.getMetadata().isDestroyed(), "Secret destroyed when not expected");
        assertEquals(1, res.getMetadata().getVersion(), "Incorrect secret version");
        assertNull(res.getMetadata().getCustomMetadata(), "Incorrect custom metadata");
        // Deleted KV v2 secret.
        res = assertDoesNotThrow(
@@ -121,12 +125,11 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
        );
        assertSecretData(res);
        assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
        assertEquals(SECRET_META_CREATED, res.getMetadata().getCreatedTimeString(), "Incorrect creation date string");
        assertNotNull(res.getMetadata().getCreatedTime(), "Creation date parsing failed");
        assertEquals(SECRET_META_DELETED, res.getMetadata().getDeletionTimeString(), "Incorrect deletion date string");
        assertNotNull(res.getMetadata().getDeletionTime(), "Incorrect deletion date");
        assertTrue(res.getMetadata().isDestroyed(), "Secret destroyed when not expected");
        assertEquals(2, res.getMetadata().getVersion(), "Incorrect secret version");
        assertEquals(Map.of(CUSTOM_META_KEY, CUSTOM_META_VAL), res.getMetadata().getCustomMetadata(), "Incorrect custom metadata");
    }
    private void assertSecretData(SecretResponse res) {
--- a/src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,10 +16,11 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 import java.util.Map;
 import static org.junit.jupiter.api.Assertions.*;
 /**
@@ -35,11 +36,20 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
    private static final Integer CURRENT_VERSION = 3;
    private static final Integer MAX_VERSIONS = 0;
    private static final Integer OLDEST_VERSION = 1;
    private static final Boolean CAS_REQUIRED = false;
    private static final String CUSTOM_META_KEY = "test";
    private static final String CUSTOM_META_VAL = "123";
    private static final String DELETE_VERSION_AFTER = "0s";
    private static final String META_JSON = "{\n" +
        "  \"data\": {\n" +
        "    \"cas_required\": " + CAS_REQUIRED + ",\n" +
        "    \"created_time\": \"" + V1_TIME + "\",\n" +
        "    \"current_version\": " + CURRENT_VERSION + ",\n" +
        "    \"custom_metadata\": {" +
        "      \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" +
        "    },\n" +
        "    \"delete_version_after\": \"" + DELETE_VERSION_AFTER + "\"," +
        "    \"max_versions\": " + MAX_VERSIONS + ",\n" +
        "    \"oldest_version\": " + OLDEST_VERSION + ",\n" +
        "    \"updated_time\": \"" + V3_TIME + "\",\n" +
@@ -69,12 +79,10 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
    @Override
    protected MetadataResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(META_JSON, MetadataResponse.class);
+            () -> objectMapper.readValue(META_JSON, MetadataResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
@@ -88,18 +96,17 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
        );
        assertNotNull(res, "Parsed response is NULL");
        assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
-        assertEquals(V1_TIME, res.getMetadata().getCreatedTimeString(), "Incorrect created time");
+        assertEquals(CAS_REQUIRED, res.getMetadata().isCasRequired(), "Incorrect CAS required flag");
        assertNotNull(res.getMetadata().getCreatedTime(), "Parting created time failed");
        assertEquals(CURRENT_VERSION, res.getMetadata().getCurrentVersion(), "Incorrect current version");
        assertEquals(MAX_VERSIONS, res.getMetadata().getMaxVersions(), "Incorrect max versions");
        assertEquals(OLDEST_VERSION, res.getMetadata().getOldestVersion(), "Incorrect oldest version");
-        assertEquals(V3_TIME, res.getMetadata().getUpdatedTimeString(), "Incorrect updated time");
+        assertEquals(Map.of(CUSTOM_META_KEY, CUSTOM_META_VAL), res.getMetadata().getCustomMetadata(), "Incorrect custom metadata");
        assertEquals(DELETE_VERSION_AFTER, res.getMetadata().getDeleteVersionAfter(), "Incorrect delete version after");
        assertNotNull(res.getMetadata().getUpdatedTime(), "Parting updated time failed");
        assertEquals(3, res.getMetadata().getVersions().size(), "Incorrect number of versions");
        assertEquals(V2_TIME, res.getMetadata().getVersions().get(1).getDeletionTimeString(), "Incorrect version 1 delete time");
        assertNotNull(res.getMetadata().getVersions().get(1).getDeletionTime(), "Parsing version delete time failed");
        assertTrue(res.getMetadata().getVersions().get(1).isDestroyed(), "Incorrect version 1 destroyed state");
        assertEquals(V2_TIME, res.getMetadata().getVersions().get(2).getCreatedTimeString(), "Incorrect version 2 created time");
        assertNotNull(res.getMetadata().getVersions().get(2).getCreatedTime(), "Parsing version created failed");
        assertFalse(res.getMetadata().getVersions().get(3).isDestroyed(), "Incorrect version 3 destroyed state");
    }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/PlainSecretResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/PlainSecretResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -60,12 +59,10 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
    @Override
    protected PlainSecretResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class);
+            () -> objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -83,12 +82,10 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
    @Override
    protected SealResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_UNSEALED, SealResponse.class);
+            () -> objectMapper.readValue(RES_UNSEALED, SealResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,13 +16,13 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 import java.util.List;
-import static org.junit.jupiter.api.Assertions.*;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 /**
 * JUnit Test for {@link SecretListResponse} model.
@@ -52,12 +52,10 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
    @Override
    protected SecretListResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(JSON, SecretListResponse.class);
+            () -> objectMapper.readValue(JSON, SecretListResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -48,12 +47,10 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
    @Override
    protected SecretVersionResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(META_JSON, SecretVersionResponse.class);
+            () -> objectMapper.readValue(META_JSON, SecretVersionResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
@@ -67,8 +64,6 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
        );
        assertNotNull(res, "Parsed response is NULL");
        assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
        assertEquals(CREATION_TIME, res.getMetadata().getCreatedTimeString(), "Incorrect created time");
        assertEquals(DELETION_TIME, res.getMetadata().getDeletionTimeString(), "Incorrect deletion time");
        assertFalse(res.getMetadata().isDestroyed(), "Incorrect destroyed state");
        assertEquals(VERSION, res.getMetadata().getVersion(), "Incorrect version");
    }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.response.embedded.TokenData;
 import org.junit.jupiter.api.Test;
@@ -35,8 +34,8 @@ import static org.junit.jupiter.api.Assertions.*;
 */
 class TokenResponseTest extends AbstractModelTest<TokenResponse> {
    private static final Integer TOKEN_CREATION_TIME = 1457533232;
-    private static final Integer TOKEN_TTL = 2764800;
+    private static final Long TOKEN_TTL = 2764800L;
-    private static final Integer TOKEN_EXPLICIT_MAX_TTL = 0;
+    private static final Long TOKEN_EXPLICIT_MAX_TTL = 0L;
    private static final String TOKEN_DISPLAY_NAME = "token";
    private static final String TOKEN_META_KEY = "foo";
    private static final String TOKEN_META_VALUE = "bar";
@@ -47,7 +46,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
    private static final String TOKEN_POLICY_1 = "default";
    private static final String TOKEN_POLICY_2 = "web";
    private static final Boolean RES_RENEWABLE = false;
-    private static final Integer RES_TTL = 2591976;
+    private static final Long RES_TTL = 2591976L;
    private static final Integer RES_LEASE_DURATION = 0;
    private static final String TOKEN_ACCESSOR = "VKvzT2fKHFsZFUus9LyoXCvu";
    private static final String TOKEN_ENTITY_ID = "7d2e3179-f69b-450c-7179-ac8ee8bd8ca9";
@@ -55,6 +54,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
    private static final String TOKEN_ID = "my-token";
    private static final String TOKEN_ISSUE_TIME = "2018-04-17T11:35:54.466476078-04:00";
    private static final String TOKEN_TYPE = "service";
    private static final String MOUNT_TYPE = "token";
    private static final String RES_JSON = "{\n" +
        "  \"lease_id\": \"\",\n" +
@@ -85,7 +85,8 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
        "    \"type\": \"" + TOKEN_TYPE + "\"\n" +
        "  },\n" +
        "  \"warnings\": null,\n" +
-            "  \"auth\": null\n" +
+        "  \"auth\": null,\n" +
        "  \"mount_type\": \"" + MOUNT_TYPE + "\"\n" +
        "}";
    TokenResponseTest() {
@@ -94,12 +95,10 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
    @Override
    protected TokenResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, TokenResponse.class);
+            () -> objectMapper.readValue(RES_JSON, TokenResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
@@ -125,6 +124,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
        assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect lease duration");
        assertEquals(RES_RENEWABLE, res.isRenewable(), "Incorrect response renewable flag");
        assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect response lease duration");
        assertEquals(MOUNT_TYPE, res.getMountType(), "Incorrect mount type");
        // Extract token data.
        TokenData data = res.getData();
        assertNotNull(data, "Token data is NULL");
@@ -133,11 +133,9 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
        assertEquals(TOKEN_TTL, data.getCreationTtl(), "Incorrect token creation TTL");
        assertEquals(TOKEN_DISPLAY_NAME, data.getName(), "Incorrect token display name");
        assertEquals(TOKEN_ENTITY_ID, data.getEntityId(), "Incorrect token entity ID");
        assertEquals(TOKEN_EXPIRE_TIME, data.getExpireTimeString(), "Incorrect token expire time");
        assertEquals(ZonedDateTime.parse(TOKEN_EXPIRE_TIME), data.getExpireTime(), "Incorrect parsed token expire time");
        assertEquals(TOKEN_EXPLICIT_MAX_TTL, data.getExplicitMaxTtl(), "Incorrect token explicit max TTL");
        assertEquals(TOKEN_ID, data.getId(), "Incorrect token ID");
        assertEquals(TOKEN_ISSUE_TIME, data.getIssueTimeString(), "Incorrect token issue time");
        assertEquals(ZonedDateTime.parse(TOKEN_ISSUE_TIME), data.getIssueTime(), "Incorrect parsed token issue time");
        assertEquals(Map.of(TOKEN_META_KEY, TOKEN_META_VALUE), data.getMeta(), "Incorrect token metadata");
        assertEquals(TOKEN_NUM_USES, data.getNumUses(), "Incorrect token number of uses");
--- a/src/test/java/de/stklcode/jvault/connector/model/response/TransitResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/TransitResponseTest.java
@@ -0,0 +1,134 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 import static org.junit.jupiter.api.Assertions.*;
 /**
 * JUnit Test for {@link TransitResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 1.5.0
 */
 class TransitResponseTest extends AbstractModelTest<TransitResponse> {
    private static final String CIPHERTEXT = "vault:v1:XjsPWPjqPrBi1N2Ms2s1QM798YyFWnO4TR4lsFA=";
    private static final String PLAINTEXT = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
    private static final String SUM = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
    TransitResponseTest() {
        super(TransitResponse.class);
    }
    @Override
    protected TransitResponse createFull() {
        return assertDoesNotThrow(
            () -> objectMapper.readValue(
                json(
                    "\"ciphertext\": \"" + CIPHERTEXT + "\", " +
                        "\"plaintext\": \"" + PLAINTEXT + "\", " +
                        "\"sum\": \"" + SUM + "\""
                ),
                TransitResponse.class
            ),
            "Creation of full model failed"
        );
    }
    @Test
    void encryptionTest() {
        TransitResponse res = assertDoesNotThrow(
            () -> objectMapper.readValue(
                json("\"ciphertext\": \"" + CIPHERTEXT + "\""),
                TransitResponse.class
            ),
            "TransitResponse deserialization failed"
        );
        assertNotNull(res, "Parsed response is NULL");
        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
        assertEquals("", res.getLeaseId(), "Unexpected lease id");
        assertFalse(res.isRenewable(), "Unexpected renewable flag");
        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
        assertEquals(CIPHERTEXT, res.getCiphertext(), "Incorrect ciphertext");
        assertNull(res.getPlaintext(), "Unexpected plaintext");
        assertNull(res.getSum(), "Unexpected sum");
        assertNull(res.getWrapInfo(), "Unexpected wrap info");
        assertNull(res.getWarnings(), "Unexpected warnings");
        assertNull(res.getAuth(), "Unexpected auth");
    }
    @Test
    void decryptionTest() {
        TransitResponse res = assertDoesNotThrow(
            () -> objectMapper.readValue(
                json("\"plaintext\": \"" + PLAINTEXT + "\""),
                TransitResponse.class
            ),
            "TransitResponse deserialization failed"
        );
        assertNotNull(res, "Parsed response is NULL");
        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
        assertEquals("", res.getLeaseId(), "Unexpected lease id");
        assertFalse(res.isRenewable(), "Unexpected renewable flag");
        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
        assertNull(res.getCiphertext(), "Unexpected ciphertext");
        assertEquals(PLAINTEXT, res.getPlaintext(), "Incorrect plaintext");
        assertNull(res.getSum(), "Unexpected sum");
        assertNull(res.getWrapInfo(), "Unexpected wrap info");
        assertNull(res.getWarnings(), "Unexpected warnings");
        assertNull(res.getAuth(), "Unexpected auth");
    }
    @Test
    void hashTest() {
        TransitResponse res = assertDoesNotThrow(
            () -> objectMapper.readValue(
                json("\"sum\": \"" + SUM + "\""),
                TransitResponse.class
            ),
            "TransitResponse deserialization failed"
        );
        assertNotNull(res, "Parsed response is NULL");
        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
        assertEquals("", res.getLeaseId(), "Unexpected lease id");
        assertFalse(res.isRenewable(), "Unexpected renewable flag");
        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
        assertNull(res.getCiphertext(), "Unexpected ciphertext");
        assertNull(res.getPlaintext(), "Unexpected plaintext");
        assertEquals(SUM, res.getSum(), "Incorrect sum");
        assertNull(res.getWrapInfo(), "Unexpected wrap info");
        assertNull(res.getWarnings(), "Unexpected warnings");
        assertNull(res.getAuth(), "Unexpected auth");
    }
    private static String json(String data) {
        return "{\n" +
            "  \"request_id\" : \"987c6daf-b0e2-4142-a970-1e61fdb249d7\",\n" +
            "  \"lease_id\" : \"\",\n" +
            "  \"renewable\" : false,\n" +
            "  \"lease_duration\" : 0,\n" +
            "  \"data\" : {\n" +
            "    " + data + "\n" +
            "  },\n" +
            "  \"wrap_info\" : null,\n" +
            "  \"warnings\" : null,\n" +
            "  \"auth\" : null\n" +
            "}";
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/embedded/MountConfigTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/embedded/MountConfigTest.java
@@ -1,6 +1,5 @@
 package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -14,8 +13,8 @@ import static org.junit.jupiter.api.Assertions.*;
 * @author Stefan Kalscheuer
 */
 class MountConfigTest extends AbstractModelTest<MountConfig> {
-    private static final Integer DEFAULT_LEASE_TTL = 1800;
+    private static final Long DEFAULT_LEASE_TTL = 1800L;
-    private static final Integer MAX_LEASE_TTL = 3600;
+    private static final Long MAX_LEASE_TTL = 3600L;
    private static final Boolean FORCE_NO_CACHE = false;
    private static final String TOKEN_TYPE = "default-service";
    private static final String AUDIT_NON_HMAC_REQ_KEYS_1 = "req1";
@@ -62,12 +61,10 @@ class MountConfigTest extends AbstractModelTest<MountConfig> {
    @Override
    protected MountConfig createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, MountConfig.class);
+            () -> objectMapper.readValue(RES_JSON, MountConfig.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/test/Credentials.java
+++ b/src/test/java/de/stklcode/jvault/connector/test/Credentials.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java
+++ b/src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/resources/data_dir/core/_mounts
+++ b/src/test/resources/data_dir/core/_mounts
@@ -1 +1 @@
-{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="}
+{"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}
--- a/src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/archive/_my-key
+++ b/src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/archive/_my-key
@@ -0,0 +1 @@
 {"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`distributionType=only-script`
							`distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.11/apache-maven-3.9.11-bin.zip`
`@@ -1 +1 @@`
	{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="}	{"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}
		`@@ -0,0 +1 @@`
							{"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}