prepare release v1.5.3

test: run IT against Vault 1.20.3
add token_bound_cidrs field to AppRoleSecret model (#110 )
2025-09-09 11:47:52 +02:00 · 2025-09-09 11:39:32 +02:00 · 2025-09-08 10:25:39 +02:00 · 2025-09-05 09:46:48 +02:00 · 2025-09-02 13:27:29 +02:00 · 2025-08-30 09:53:46 +02:00
142 changed files with 2610 additions and 1840 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,49 +0,0 @@
 kind: pipeline
 name: default
 steps:
  - name: compile
    image: maven:3-eclipse-temurin-21
    commands:
      - mvn -B clean compile
    when:
      branch:
        - main
        - develop
        - feature/*
        - fix/*
        - release/*
  - name: unit-tests
    image: maven:3-eclipse-temurin-21
    commands:
      - mvn -B test
    when:
      branch:
        - develop
        - feature/*
        - fix/*
  - name: setup-vault
    image: alpine:latest
    environment:
      VAULT_VERSION: 1.17.6
    commands:
      - wget -q -O vault_$${VAULT_VERSION}_linux_amd64.zip https://releases.hashicorp.com/vault/$${VAULT_VERSION}/vault_$${VAULT_VERSION}_linux_amd64.zip
      - wget -q -O - https://releases.hashicorp.com/vault/$${VAULT_VERSION}/vault_$${VAULT_VERSION}_SHA256SUMS | grep linux_amd64 | sha256sum -c
      - mkdir -p .bin
      - unzip vault_$${VAULT_VERSION}_linux_amd64.zip -d .bin
      - rm vault_$${VAULT_VERSION}_linux_amd64.zip
    when:
      branch:
        - main
        - release/*
  - name: unit-integration-tests
    image: maven:3-eclipse-temurin-21
    environment:
      VAULT_VERSION: 1.17.6
    commands:
      - export PATH=$${DRONE_WORKSPACE}/.bin:$${PATH}
      - mvn -B -P integration-test verify
    when:
      branch:
        - main
        - release/*
--- a/.github/workflows/ci-it.yml
+++ b/.github/workflows/ci-it.yml
@@ -0,0 +1,56 @@
 name: CI
 on:
  push:
    branches:
      - 'main'
  pull_request:
    branches:
      - 'main'
 jobs:
  build-with-it:
    if: github.ref_name == 'main' || github.base_ref == 'main' || startsWith(github.ref_name, 'release/')
    runs-on: ubuntu-latest
    strategy:
      matrix:
        jdk: [ 11, 17, 21 ]
        vault: [ '1.2.0', '1.20.3' ]
        include:
          - jdk: 21
            vault: '1.20.3'
            analysis: true
    steps:
      - name: Checkout
        uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up Java
        uses: actions/setup-java@v5
        with:
          java-version: ${{ matrix.jdk }}
          distribution: 'temurin'
      - name: Compile
        run: ./mvnw -B clean compile
      - name: Set up Vault
        run: |
          wget -q "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_linux_amd64.zip"
          wget -q -O - "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_SHA256SUMS" | grep linux_amd64 | sha256sum -c
          tmp="$(mktemp -d)"
          unzip "vault_${{ matrix.vault }}_linux_amd64.zip" -d "$tmp"
          rm "vault_${{ matrix.vault }}_linux_amd64.zip"
          sudo mv "$tmp/vault" /usr/bin/vault
          rm -rf "$tmp"
      - name: Test (Unit & Integration)
        env:
          VAULT_VERSION: ${{ matrix.vault }}
        run: ./mvnw -B -P coverage -P integration-test verify
      - name: Analysis
        if: matrix.analysis && env.SONAR_TOKEN != ''
        run: >
          ./mvnw -B sonar:sonar
          -Dsonar.host.url=https://sonarcloud.io
          -Dsonar.organization=stklcode-github
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,50 +1,42 @@
 name: CI
-on: [ push, pull_request ]
+
 on:
  push:
    branches:
      - '**'
      - '!main'
  pull_request:
    branches:
      - '**'
      - '!main'
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        jdk: [ 11, 17, 21 ]
        vault: [ '1.2.0', '1.11.12', '1.17.6' ]
        include:
          - jdk: 21
            vault: '1.11.12'
            analysis: true
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up Java
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
        with:
          java-version: ${{ matrix.jdk }}
          distribution: 'temurin'
      - name: Compile
-        run: mvn -B clean compile
+        run: ./mvnw -B clean compile
      - name: Set up Vault
        if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')
        run: |
          wget -q "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_linux_amd64.zip"
          wget -q -O - "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_SHA256SUMS" | grep linux_amd64 | sha256sum -c
          tmp="$(mktemp -d)"
          unzip "vault_${{ matrix.vault }}_linux_amd64.zip" -d "$tmp"
          rm "vault_${{ matrix.vault }}_linux_amd64.zip"
          sudo mv "$tmp/vault" /usr/bin/vault
          rm -rf "$tmp"
      - name: Test (Unit & Integration)
        if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')
        env:
          VAULT_VERSION: ${{ matrix.vault }}
        run: mvn -B -P coverage -P integration-test verify
      - name: Test (Unit)
-        if: github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/heads/release/')
+        run: ./mvnw -B -P coverage verify
        run: mvn -B -P coverage verify
      - name: Analysis
-        if: matrix.analysis
+        if: matrix.analysis && env.SONAR_TOKEN != ''
        run: >
-          mvn -B sonar:sonar
+          ./mvnw -B sonar:sonar
          -Dsonar.host.url=https://sonarcloud.io
          -Dsonar.organization=stklcode-github
        env:
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ release.properties
 dependency-reduced-pom.xml
 buildNumber.properties
 .mvn/timing.properties
 .mvn/wrapper/maven-wrapper.jar
 .idea
 *.iml
--- a/.mvn/wrapper/maven-wrapper.properties
+++ b/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1,2 @@
 distributionType=only-script
 distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.11/apache-maven-3.9.11-bin.zip
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,76 @@
 ## 1.5.3 (2025-09-09)
 ### Dependencies
 * Updated Jackson to 2.20.0 (#106)
 ### Improvements
 * Extract API paths into a utility class (#108)
 * Encode user-provided URL parts (#109)
 * Add `token_bound_cidrs` field to `AppRoleSecret` model (#110)
 ### Fix
 * Prevent potential off-by-1 error in internal `mapOf()` helper (#107)
 ## 1.5.2 (2025-07-16)
 ### Dependencies
 * Updated Jackson to 2.19.1 (#101)
 ### Fix
 * Use `Long` for numeric TTL fields (#103) (#104)
 ### Test
 * Tested against Vault 1.2 to 1.20 (#102)
 ## 1.5.1 (2025-06-02)
 ### Improvements
 * Use `lookup-self` for token check instead of `lookup` (#98) (#99)
 ### Dependencies
 * Updated Jackson to 2.19.0 (#97)
 ## 1.5.0 (2025-04-13)
 ### Deprecations
 * `read...Credentials()` methods for specific database mounts (#92)
 ### Features
 * Support Vault transit API (#89)
 * Support PEM certificate string from `VAULT_CACERT` environment variable (#93)
 ### Improvements
 * Replace deprecated `java.net.URL` usage with `java.net.URI` (#94)
 ### Fix
 * Fix initialization from environment without explicit port
 ### Dependencies
 * Updated Jackson to 2.18.3 (#90)
 ### Test
 * Tested against Vault 1.2 to 1.19
 ## 1.4.0 (2024-12-07)
 ### Removal
 * Remove deprecated `get...TimeString()` on model classes (#77)
 * Drop support for deprecated `App-ID` auth backend (#61) (#78)
 ### Fix
 * Add jackson-annotations requirement to module-info (#84)
 ### Dependencies
 * Updated Jackson to 2.18.2 (#85)
 ### Test
 * Tested against Vault 1.2 to 1.18
 ## 1.3.1 (2024-10-03)
 ### Dependencies
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
 [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/stklcode/jvaultconnector/blob/main/LICENSE.txt)
 [![Maven Central Version](https://img.shields.io/maven-central/v/de.stklcode.jvault/jvault-connector)](https://central.sonatype.com/artifact/de.stklcode.jvault/jvault-connector)
-![Logo](https://raw.githubusercontent.com/stklcode/jvaultconnector/main/assets/logo.png)
+![Logo](assets/logo.png)
 Java Vault Connector is a connector library for [Vault](https://www.vaultproject.io) by [Hashicorp](https://www.hashicorp.com) written in Java. The connector allows simple usage of Vault's secret store in own applications.
@@ -18,7 +18,6 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
    * Token
    * Username/Password
    * AppRole (register and authenticate)
    * AppID (register and authenticate) [_deprecated_]
 * Tokens
    * Creation and lookup of tokens and token roles
    * TokenBuilder for speaking creation of complex configurations
@@ -29,10 +28,11 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
    * Delete secrets
    * Renew/revoke leases
    * Raw secret content or JSON decoding
    * SQL secret handling
    * KV v1 and v2 support
    * Database secret handling
 * Transit API support
 * Connector Factory with builder pattern
-* Tested against Vault 1.2 to 1.17
+* Tested against Vault 1.2 to 1.20
 ## Maven Artifact
@@ -40,7 +40,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
 <dependency>
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>jvault-connector</artifactId>
-    <version>1.3.1</version>
+    <version>1.5.3</version>
 </dependency>
 ```
--- a/295
+++ b/295
@@ -0,0 +1,295 @@
 #!/bin/sh
 # ----------------------------------------------------------------------------
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 # ----------------------------------------------------------------------------
 # ----------------------------------------------------------------------------
 # Apache Maven Wrapper startup batch script, version 3.3.3
 #
 # Optional ENV vars
 # -----------------
 #   JAVA_HOME - location of a JDK home dir, required when download maven via java source
 #   MVNW_REPOURL - repo url base for downloading maven distribution
 #   MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven
 #   MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output
 # ----------------------------------------------------------------------------
 set -euf
 [ "${MVNW_VERBOSE-}" != debug ] || set -x
 # OS specific support.
 native_path() { printf %s\\n "$1"; }
 case "$(uname)" in
 CYGWIN* | MINGW*)
  [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")"
  native_path() { cygpath --path --windows "$1"; }
  ;;
 esac
 # set JAVACMD and JAVACCMD
 set_java_home() {
  # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched
  if [ -n "${JAVA_HOME-}" ]; then
    if [ -x "$JAVA_HOME/jre/sh/java" ]; then
      # IBM's JDK on AIX uses strange locations for the executables
      JAVACMD="$JAVA_HOME/jre/sh/java"
      JAVACCMD="$JAVA_HOME/jre/sh/javac"
    else
      JAVACMD="$JAVA_HOME/bin/java"
      JAVACCMD="$JAVA_HOME/bin/javac"
      if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then
        echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2
        echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2
        return 1
      fi
    fi
  else
    JAVACMD="$(
      'set' +e
      'unset' -f command 2>/dev/null
      'command' -v java
    )" || :
    JAVACCMD="$(
      'set' +e
      'unset' -f command 2>/dev/null
      'command' -v javac
    )" || :
    if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then
      echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2
      return 1
    fi
  fi
 }
 # hash string like Java String::hashCode
 hash_string() {
  str="${1:-}" h=0
  while [ -n "$str" ]; do
    char="${str%"${str#?}"}"
    h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296))
    str="${str#?}"
  done
  printf %x\\n $h
 }
 verbose() { :; }
 [ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; }
 die() {
  printf %s\\n "$1" >&2
  exit 1
 }
 trim() {
  # MWRAPPER-139:
  #   Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds.
  #   Needed for removing poorly interpreted newline sequences when running in more
  #   exotic environments such as mingw bash on Windows.
  printf "%s" "${1}" | tr -d '[:space:]'
 }
 scriptDir="$(dirname "$0")"
 scriptName="$(basename "$0")"
 # parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties
 while IFS="=" read -r key value; do
  case "${key-}" in
  distributionUrl) distributionUrl=$(trim "${value-}") ;;
  distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;;
  esac
 done <"$scriptDir/.mvn/wrapper/maven-wrapper.properties"
 [ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties"
 case "${distributionUrl##*/}" in
 maven-mvnd-*bin.*)
  MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/
  case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in
  *AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;;
  :Darwin*x86_64) distributionPlatform=darwin-amd64 ;;
  :Darwin*arm64) distributionPlatform=darwin-aarch64 ;;
  :Linux*x86_64*) distributionPlatform=linux-amd64 ;;
  *)
    echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2
    distributionPlatform=linux-amd64
    ;;
  esac
  distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip"
  ;;
 maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;;
 *) MVN_CMD="mvn${scriptName#mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;;
 esac
 # apply MVNW_REPOURL and calculate MAVEN_HOME
 # maven home pattern: ~/.m2/wrapper/dists/{apache-maven-<version>,maven-mvnd-<version>-<platform>}/<hash>
 [ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}"
 distributionUrlName="${distributionUrl##*/}"
 distributionUrlNameMain="${distributionUrlName%.*}"
 distributionUrlNameMain="${distributionUrlNameMain%-bin}"
 MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}"
 MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")"
 exec_maven() {
  unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || :
  exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD"
 }
 if [ -d "$MAVEN_HOME" ]; then
  verbose "found existing MAVEN_HOME at $MAVEN_HOME"
  exec_maven "$@"
 fi
 case "${distributionUrl-}" in
 *?-bin.zip | *?maven-mvnd-?*-?*.zip) ;;
 *) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;;
 esac
 # prepare tmp dir
 if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then
  clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; }
  trap clean HUP INT TERM EXIT
 else
  die "cannot create temp dir"
 fi
 mkdir -p -- "${MAVEN_HOME%/*}"
 # Download and Install Apache Maven
 verbose "Couldn't find MAVEN_HOME, downloading and installing it ..."
 verbose "Downloading from: $distributionUrl"
 verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName"
 # select .zip or .tar.gz
 if ! command -v unzip >/dev/null; then
  distributionUrl="${distributionUrl%.zip}.tar.gz"
  distributionUrlName="${distributionUrl##*/}"
 fi
 # verbose opt
 __MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR=''
 [ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v
 # normalize http auth
 case "${MVNW_PASSWORD:+has-password}" in
 '') MVNW_USERNAME='' MVNW_PASSWORD='' ;;
 has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;;
 esac
 if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then
  verbose "Found wget ... using wget"
  wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl"
 elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then
  verbose "Found curl ... using curl"
  curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl"
 elif set_java_home; then
  verbose "Falling back to use Java to download"
  javaSource="$TMP_DOWNLOAD_DIR/Downloader.java"
  targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName"
  cat >"$javaSource" <<-END
 	public class Downloader extends java.net.Authenticator
 	{
 	  protected java.net.PasswordAuthentication getPasswordAuthentication()
 	  {
 	    return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() );
 	  }
 	  public static void main( String[] args ) throws Exception
 	  {
 	    setDefault( new Downloader() );
 	    java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() );
 	  }
 	}
 	END
  # For Cygwin/MinGW, switch paths to Windows format before running javac and java
  verbose " - Compiling Downloader.java ..."
  "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java"
  verbose " - Running Downloader.java ..."
  "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")"
 fi
 # If specified, validate the SHA-256 sum of the Maven distribution zip file
 if [ -n "${distributionSha256Sum-}" ]; then
  distributionSha256Result=false
  if [ "$MVN_CMD" = mvnd.sh ]; then
    echo "Checksum validation is not supported for maven-mvnd." >&2
    echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2
    exit 1
  elif command -v sha256sum >/dev/null; then
    if echo "$distributionSha256Sum  $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c - >/dev/null 2>&1; then
      distributionSha256Result=true
    fi
  elif command -v shasum >/dev/null; then
    if echo "$distributionSha256Sum  $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then
      distributionSha256Result=true
    fi
  else
    echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2
    echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2
    exit 1
  fi
  if [ $distributionSha256Result = false ]; then
    echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2
    echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2
    exit 1
  fi
 fi
 # unzip and move
 if command -v unzip >/dev/null; then
  unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip"
 else
  tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar"
 fi
 # Find the actual extracted directory name (handles snapshots where filename != directory name)
 actualDistributionDir=""
 # First try the expected directory name (for regular distributions)
 if [ -d "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" ]; then
  if [ -f "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/bin/$MVN_CMD" ]; then
    actualDistributionDir="$distributionUrlNameMain"
  fi
 fi
 # If not found, search for any directory with the Maven executable (for snapshots)
 if [ -z "$actualDistributionDir" ]; then
  # enable globbing to iterate over items
  set +f
  for dir in "$TMP_DOWNLOAD_DIR"/*; do
    if [ -d "$dir" ]; then
      if [ -f "$dir/bin/$MVN_CMD" ]; then
        actualDistributionDir="$(basename "$dir")"
        break
      fi
    fi
  done
  set -f
 fi
 if [ -z "$actualDistributionDir" ]; then
  verbose "Contents of $TMP_DOWNLOAD_DIR:"
  verbose "$(ls -la "$TMP_DOWNLOAD_DIR")"
  die "Could not find Maven distribution directory in extracted archive"
 fi
 verbose "Found extracted Maven distribution directory: $actualDistributionDir"
 printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$actualDistributionDir/mvnw.url"
 mv -- "$TMP_DOWNLOAD_DIR/$actualDistributionDir" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME"
 clean || :
 exec_maven "$@"
--- a/mvnw.cmd
+++ b/mvnw.cmd
@@ -0,0 +1,189 @@
 <# : batch portion
@REM ----------------------------------------------------------------------------
@REM Licensed to the Apache Software Foundation (ASF) under one
@REM or more contributor license agreements.  See the NOTICE file
@REM distributed with this work for additional information
@REM regarding copyright ownership.  The ASF licenses this file
@REM to you under the Apache License, Version 2.0 (the
@REM "License"); you may not use this file except in compliance
@REM with the License.  You may obtain a copy of the License at
@REM
@REM    http://www.apache.org/licenses/LICENSE-2.0
@REM
@REM Unless required by applicable law or agreed to in writing,
@REM software distributed under the License is distributed on an
@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@REM KIND, either express or implied.  See the License for the
@REM specific language governing permissions and limitations
@REM under the License.
@REM ----------------------------------------------------------------------------
@REM ----------------------------------------------------------------------------
@REM Apache Maven Wrapper startup batch script, version 3.3.3
@REM
@REM Optional ENV vars
@REM   MVNW_REPOURL - repo url base for downloading maven distribution
@REM   MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven
@REM   MVNW_VERBOSE - true: enable verbose log; others: silence the output
@REM ----------------------------------------------------------------------------
@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0)
@SET __MVNW_CMD__=
@SET __MVNW_ERROR__=
@SET __MVNW_PSMODULEP_SAVE=%PSModulePath%
@SET PSModulePath=
@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @(
  IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B)
 )
@SET PSModulePath=%__MVNW_PSMODULEP_SAVE%
@SET __MVNW_PSMODULEP_SAVE=
@SET __MVNW_ARG0_NAME__=
@SET MVNW_USERNAME=
@SET MVNW_PASSWORD=
@IF NOT "%__MVNW_CMD__%"=="" ("%__MVNW_CMD__%" %*)
@echo Cannot start maven from wrapper >&2 && exit /b 1
@GOTO :EOF
 : end batch / begin powershell #>
 $ErrorActionPreference = "Stop"
 if ($env:MVNW_VERBOSE -eq "true") {
  $VerbosePreference = "Continue"
 }
 # calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties
 $distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl
 if (!$distributionUrl) {
  Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties"
 }
 switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) {
  "maven-mvnd-*" {
    $USE_MVND = $true
    $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip"
    $MVN_CMD = "mvnd.cmd"
    break
  }
  default {
    $USE_MVND = $false
    $MVN_CMD = $script -replace '^mvnw','mvn'
    break
  }
 }
 # apply MVNW_REPOURL and calculate MAVEN_HOME
 # maven home pattern: ~/.m2/wrapper/dists/{apache-maven-<version>,maven-mvnd-<version>-<platform>}/<hash>
 if ($env:MVNW_REPOURL) {
  $MVNW_REPO_PATTERN = if ($USE_MVND -eq $False) { "/org/apache/maven/" } else { "/maven/mvnd/" }
  $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace "^.*$MVNW_REPO_PATTERN",'')"
 }
 $distributionUrlName = $distributionUrl -replace '^.*/',''
 $distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$',''
 $MAVEN_M2_PATH = "$HOME/.m2"
 if ($env:MAVEN_USER_HOME) {
  $MAVEN_M2_PATH = "$env:MAVEN_USER_HOME"
 }
 if (-not (Test-Path -Path $MAVEN_M2_PATH)) {
    New-Item -Path $MAVEN_M2_PATH -ItemType Directory | Out-Null
 }
 $MAVEN_WRAPPER_DISTS = $null
 if ((Get-Item $MAVEN_M2_PATH).Target[0] -eq $null) {
  $MAVEN_WRAPPER_DISTS = "$MAVEN_M2_PATH/wrapper/dists"
 } else {
  $MAVEN_WRAPPER_DISTS = (Get-Item $MAVEN_M2_PATH).Target[0] + "/wrapper/dists"
 }
 $MAVEN_HOME_PARENT = "$MAVEN_WRAPPER_DISTS/$distributionUrlNameMain"
 $MAVEN_HOME_NAME = ([System.Security.Cryptography.SHA256]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join ''
 $MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME"
 if (Test-Path -Path "$MAVEN_HOME" -PathType Container) {
  Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME"
  Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD"
  exit $?
 }
 if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) {
  Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl"
 }
 # prepare tmp dir
 $TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile
 $TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir"
 $TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null
 trap {
  if ($TMP_DOWNLOAD_DIR.Exists) {
    try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null }
    catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" }
  }
 }
 New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null
 # Download and Install Apache Maven
 Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..."
 Write-Verbose "Downloading from: $distributionUrl"
 Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName"
 $webclient = New-Object System.Net.WebClient
 if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) {
  $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD)
 }
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 $webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null
 # If specified, validate the SHA-256 sum of the Maven distribution zip file
 $distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum
 if ($distributionSha256Sum) {
  if ($USE_MVND) {
    Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties."
  }
  Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash
  if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) {
    Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property."
  }
 }
 # unzip and move
 Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null
 # Find the actual extracted directory name (handles snapshots where filename != directory name)
 $actualDistributionDir = ""
 # First try the expected directory name (for regular distributions)
 $expectedPath = Join-Path "$TMP_DOWNLOAD_DIR" "$distributionUrlNameMain"
 $expectedMvnPath = Join-Path "$expectedPath" "bin/$MVN_CMD"
 if ((Test-Path -Path $expectedPath -PathType Container) -and (Test-Path -Path $expectedMvnPath -PathType Leaf)) {
  $actualDistributionDir = $distributionUrlNameMain
 }
 # If not found, search for any directory with the Maven executable (for snapshots)
 if (!$actualDistributionDir) {
  Get-ChildItem -Path "$TMP_DOWNLOAD_DIR" -Directory | ForEach-Object {
    $testPath = Join-Path $_.FullName "bin/$MVN_CMD"
    if (Test-Path -Path $testPath -PathType Leaf) {
      $actualDistributionDir = $_.Name
    }
  }
 }
 if (!$actualDistributionDir) {
  Write-Error "Could not find Maven distribution directory in extracted archive"
 }
 Write-Verbose "Found extracted Maven distribution directory: $actualDistributionDir"
 Rename-Item -Path "$TMP_DOWNLOAD_DIR/$actualDistributionDir" -NewName $MAVEN_HOME_NAME | Out-Null
 try {
  Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null
 } catch {
  if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) {
    Write-Error "fail to move MAVEN_HOME"
  }
 } finally {
  try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null }
  catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" }
 }
 Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD"
--- a/pom.xml
+++ b/pom.xml
@@ -1,10 +1,9 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>jvault-connector</artifactId>
-    <version>1.3.1</version>
+    <version>1.5.3</version>
    <packaging>jar</packaging>
@@ -33,6 +32,7 @@
        <connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
        <developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
        <url>https://github.com/stklcode/jvaultconnector</url>
        <tag>v1.5.3</tag>
    </scm>
    <issueManagement>
@@ -42,31 +42,32 @@
    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <argLine></argLine>
+        <project.build.outputTimestamp>2025-09-09T09:45:59Z</project.build.outputTimestamp>
        <argLine />
    </properties>
    <dependencies>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
-            <version>2.18.0</version>
+            <version>2.20.0</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.datatype</groupId>
            <artifactId>jackson-datatype-jsr310</artifactId>
-            <version>2.18.0</version>
+            <version>2.20.0</version>
        </dependency>
        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter</artifactId>
-            <version>5.11.1</version>
+            <version>5.13.3</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.mockito</groupId>
            <artifactId>mockito-core</artifactId>
-            <version>5.14.1</version>
+            <version>5.19.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
@@ -78,25 +79,25 @@
        <dependency>
            <groupId>org.wiremock</groupId>
            <artifactId>wiremock</artifactId>
-            <version>3.9.1</version>
+            <version>3.13.1</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>commons-io</groupId>
            <artifactId>commons-io</artifactId>
-            <version>2.17.0</version>
+            <version>2.20.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>nl.jqno.equalsverifier</groupId>
            <artifactId>equalsverifier</artifactId>
-            <version>3.17.1</version>
+            <version>3.19.4</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.awaitility</groupId>
            <artifactId>awaitility</artifactId>
-            <version>4.2.2</version>
+            <version>4.3.0</version>
            <scope>test</scope>
        </dependency>
    </dependencies>
@@ -107,37 +108,37 @@
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-compiler-plugin</artifactId>
-                    <version>3.13.0</version>
+                    <version>3.14.0</version>
                    <configuration>
-                        <source>11</source>
+                        <release>11</release>
                        <target>11</target>
                    </configuration>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-clean-plugin</artifactId>
-                    <version>3.4.0</version>
+                    <version>3.5.0</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-deploy-plugin</artifactId>
-                    <version>3.1.3</version>
+                    <version>3.1.4</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-failsafe-plugin</artifactId>
-                    <version>3.5.0</version>
+                    <version>3.5.3</version>
                    <configuration>
                        <argLine>
                            @{argLine}
-                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
+                            --add-opens
                            de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
                        </argLine>
                    </configuration>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-install-plugin</artifactId>
-                    <version>3.1.3</version>
+                    <version>3.1.4</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
@@ -157,38 +158,57 @@
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.5.0</version>
+                    <version>3.5.3</version>
                    <configuration>
                        <argLine>
                            @{argLine}
                            --add-opens java.base/java.util=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.exception=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response.embedded=ALL-UNNAMED
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.datatype.jsr310
                        </argLine>
                    </configuration>
                </plugin>
                <plugin>
                    <groupId>org.cyclonedx</groupId>
                    <artifactId>cyclonedx-maven-plugin</artifactId>
-                    <version>2.8.2</version>
+                    <version>2.9.1</version>
                </plugin>
                <plugin>
                    <groupId>org.jacoco</groupId>
                    <artifactId>jacoco-maven-plugin</artifactId>
-                    <version>0.8.12</version>
+                    <version>0.8.13</version>
                </plugin>
                <plugin>
                    <groupId>org.sonarsource.scanner.maven</groupId>
                    <artifactId>sonar-maven-plugin</artifactId>
-                    <version>4.0.0.4121</version>
+                    <version>5.2.0.4988</version>
                </plugin>
            </plugins>
        </pluginManagement>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-enforcer-plugin</artifactId>
                <version>3.6.1</version>
                <executions>
                    <execution>
                        <id>enforce-versions</id>
                        <goals>
                            <goal>enforce</goal>
                        </goals>
                        <configuration>
                            <rules>
                                <requireMavenVersion>
                                    <version>[3.6.3,)</version>
                                </requireMavenVersion>
                                <requireJavaVersion>
                                    <version>[11,)</version>
                                </requireJavaVersion>
                            </rules>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
    <profiles>
@@ -225,7 +245,7 @@
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.10.0</version>
+                        <version>3.11.3</version>
                        <configuration>
                            <source>11</source>
                        </configuration>
@@ -255,6 +275,9 @@
                                <goals>
                                    <goal>makeBom</goal>
                                </goals>
                                <configuration>
                                    <skipNotDeployed>false</skipNotDeployed>
                                </configuration>
                            </execution>
                        </executions>
                    </plugin>
@@ -269,7 +292,7 @@
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.2.7</version>
+                        <version>3.2.8</version>
                        <executions>
                            <execution>
                                <id>sign-artifacts</id>
@@ -340,7 +363,7 @@
                    <plugin>
                        <groupId>org.owasp</groupId>
                        <artifactId>dependency-check-maven</artifactId>
-                        <version>10.0.4</version>
+                        <version>12.1.3</version>
                        <configuration>
                            <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
                            <nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
@@ -358,17 +381,20 @@
        </profile>
        <profile>
-            <id>sonatype</id>
+            <id>central</id>
-            <distributionManagement>
+            <build>
-                <repository>
+                <plugins>
-                    <id>ossrh</id>
+                    <plugin>
-                    <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+                        <groupId>org.sonatype.central</groupId>
-                </repository>
+                        <artifactId>central-publishing-maven-plugin</artifactId>
-                <snapshotRepository>
+                        <version>0.8.0</version>
-                    <id>ossrh</id>
+                        <extensions>true</extensions>
-                    <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+                        <configuration>
-                </snapshotRepository>
+                            <publishingServerId>central</publishingServerId>
-            </distributionManagement>
+                        </configuration>
                    </plugin>
                </plugins>
            </build>
        </profile>
        <profile>
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -31,6 +31,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
 import static de.stklcode.jvault.connector.internal.RequestHelper.encode;
 import static de.stklcode.jvault.connector.internal.VaultApiPath.*;
 import static java.util.Collections.emptyMap;
 import static java.util.Collections.singletonMap;
@@ -41,34 +43,6 @@ import static java.util.Collections.singletonMap;
 * @since 0.1
 */
 public class HTTPVaultConnector implements VaultConnector {
    private static final String PATH_SYS = "sys";
    private static final String PATH_SYS_AUTH = PATH_SYS + "/auth";
    private static final String PATH_RENEW = PATH_SYS + "/leases/renew";
    private static final String PATH_REVOKE = PATH_SYS + "/leases/revoke/";
    private static final String PATH_HEALTH = PATH_SYS + "/health";
    private static final String PATH_SEAL = PATH_SYS + "/seal";
    private static final String PATH_SEAL_STATUS = PATH_SYS + "/seal-status";
    private static final String PATH_UNSEAL = PATH_SYS + "/unseal";
    private static final String PATH_AUTH = "auth";
    private static final String PATH_AUTH_TOKEN = PATH_AUTH + "/token";
    private static final String PATH_LOOKUP = "/lookup";
    private static final String PATH_CREATE = "/create";
    private static final String PATH_ROLES = "/roles";
    private static final String PATH_CREATE_ORPHAN = "/create-orphan";
    private static final String PATH_AUTH_USERPASS = PATH_AUTH + "/userpass/login/";
    private static final String PATH_AUTH_APPID = PATH_AUTH + "/app-id";
    private static final String PATH_AUTH_APPROLE = PATH_AUTH + "/approle";
    private static final String PATH_AUTH_APPROLE_ROLE = PATH_AUTH_APPROLE + "/role/%s%s";
    private static final String PATH_DATA = "/data/";
    private static final String PATH_METADATA = "/metadata/";
    private static final String PATH_LOGIN = "/login";
    private static final String PATH_DELETE = "/delete/";
    private static final String PATH_UNDELETE = "/undelete/";
    private static final String PATH_DESTROY = "/destroy/";
    private final RequestHelper request;
    private boolean authorized = false;     // Authorization status.
@@ -135,12 +109,12 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final SealResponse sealStatus() throws VaultConnectorException {
-        return request.get(PATH_SEAL_STATUS, emptyMap(), token, SealResponse.class);
+        return request.get(SYS_SEAL_STATUS, emptyMap(), token, SealResponse.class);
    }
    @Override
    public final void seal() throws VaultConnectorException {
-        request.put(PATH_SEAL, emptyMap(), token);
+        request.put(SYS_SEAL, emptyMap(), token);
    }
    @Override
@@ -150,14 +124,14 @@ public class HTTPVaultConnector implements VaultConnector {
            "reset", reset
        );
-        return request.put(PATH_UNSEAL, param, token, SealResponse.class);
+        return request.put(SYS_UNSEAL, param, token, SealResponse.class);
    }
    @Override
    public HealthResponse getHealth() throws VaultConnectorException {
        return request.get(
-                PATH_HEALTH,
+            SYS_HEALTH,
            // Force status code to be 200, so we don't need to modify the request sequence.
            Map.of(
                "standbycode", "200",   // Default: 429.
@@ -177,7 +151,7 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final List<AuthBackend> getAuthBackends() throws VaultConnectorException {
        /* Issue request and parse response */
-        AuthMethodsResponse amr = request.get(PATH_SYS_AUTH, emptyMap(), token, AuthMethodsResponse.class);
+        AuthMethodsResponse amr = request.get(SYS_AUTH, emptyMap(), token, AuthMethodsResponse.class);
        return amr.getSupportedMethods().values().stream().map(AuthMethod::getType).collect(Collectors.toList());
    }
@@ -187,7 +161,7 @@ public class HTTPVaultConnector implements VaultConnector {
        /* set token */
        this.token = token;
        this.tokenTTL = 0;
-        TokenResponse res = request.post(PATH_AUTH_TOKEN + PATH_LOOKUP, emptyMap(), token, TokenResponse.class);
+        TokenResponse res = request.get(AUTH_TOKEN + TOKEN_LOOKUP_SELF, emptyMap(), token, TokenResponse.class);
        authorized = true;
        return res;
@@ -197,19 +171,7 @@ public class HTTPVaultConnector implements VaultConnector {
    public final AuthResponse authUserPass(final String username, final String password)
        throws VaultConnectorException {
        final Map<String, String> payload = singletonMap("password", password);
-        return queryAuth(PATH_AUTH_USERPASS + username, payload);
+        return queryAuth(AUTH_USERPASS_LOGIN + encode(username), payload);
    }
    @Override
    @Deprecated(since = "0.4", forRemoval = true)
    public final AuthResponse authAppId(final String appID, final String userID) throws VaultConnectorException {
        return queryAuth(
                PATH_AUTH_APPID + PATH_LOGIN,
                Map.of(
                        "app_id", appID,
                        "user_id", userID
                )
        );
    }
    @Override
@@ -218,7 +180,7 @@ public class HTTPVaultConnector implements VaultConnector {
            "role_id", roleID,
            "secret_id", secretID
        );
-        return queryAuth(PATH_AUTH_APPROLE + PATH_LOGIN, payload);
+        return queryAuth(AUTH_APPROLE + "login", payload);
    }
    /**
@@ -241,46 +203,12 @@ public class HTTPVaultConnector implements VaultConnector {
        return auth;
    }
    @Override
    @Deprecated(since = "0.4", forRemoval = true)
    public final boolean registerAppId(final String appID, final String policy, final String displayName)
            throws VaultConnectorException {
        requireAuth();
        /* Issue request and expect code 204 with empty response */
        request.postWithoutResponse(
                PATH_AUTH_APPID + "/map/app-id/" + appID,
                Map.of(
                        "value", policy,
                        "display_name", displayName
                ),
                token
        );
        return true;
    }
    @Override
    @Deprecated(since = "0.4", forRemoval = true)
    public final boolean registerUserId(final String appID, final String userID) throws VaultConnectorException {
        requireAuth();
        /* Issue request and expect code 204 with empty response */
        request.postWithoutResponse(
                PATH_AUTH_APPID + "/map/user-id/" + userID,
                singletonMap("value", appID),
                token
        );
        return true;
    }
    @Override
    public final boolean createAppRole(final AppRole role) throws VaultConnectorException {
        requireAuth();
        /* Issue request and expect code 204 with empty response */
-        request.postWithoutResponse(String.format(PATH_AUTH_APPROLE_ROLE, role.getName(), ""), role, token);
+        request.postWithoutResponse(AUTH_APPROLE_ROLE + encode(role.getName()), role, token);
        /* Set custom ID if provided */
        return !(role.getId() != null && !role.getId().isEmpty()) || setAppRoleID(role.getName(), role.getId());
@@ -291,7 +219,7 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        /* Request HTTP response and parse Secret */
        return request.get(
-                String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""),
+            AUTH_APPROLE_ROLE + encode(roleName),
            emptyMap(),
            token,
            AppRoleResponse.class
@@ -303,7 +231,7 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        /* Issue request and expect code 204 with empty response */
-        request.deleteWithoutResponse(String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""), token);
+        request.deleteWithoutResponse(AUTH_APPROLE_ROLE + encode(roleName), token);
        return true;
    }
@@ -313,7 +241,7 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        /* Issue request, parse response and extract Role ID */
        return request.get(
-                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
+            AUTH_APPROLE_ROLE + encode(roleName) + "/role-id",
            emptyMap(),
            token,
            RawDataResponse.class
@@ -326,7 +254,7 @@ public class HTTPVaultConnector implements VaultConnector {
        /* Issue request and expect code 204 with empty response */
        request.postWithoutResponse(
-                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
+            AUTH_APPROLE_ROLE + encode(roleName) + "/role-id",
            singletonMap("role_id", roleID),
            token
        );
@@ -341,14 +269,14 @@ public class HTTPVaultConnector implements VaultConnector {
        if (secret.getId() != null && !secret.getId().isEmpty()) {
            return request.post(
-                    String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"),
+                AUTH_APPROLE_ROLE + encode(roleName) + "/custom-secret-id",
                secret,
                token,
                AppRoleSecretResponse.class
            );
        } else {
            return request.post(
-                    String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"),
+                AUTH_APPROLE_ROLE + encode(roleName) + "/secret-id",
                secret, token,
                AppRoleSecretResponse.class
            );
@@ -362,7 +290,7 @@ public class HTTPVaultConnector implements VaultConnector {
        /* Issue request and parse secret response */
        return request.post(
-                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"),
+            AUTH_APPROLE_ROLE + encode(roleName) + "/secret-id/lookup",
            new AppRoleSecret(secretID),
            token,
            AppRoleSecretResponse.class
@@ -376,7 +304,7 @@ public class HTTPVaultConnector implements VaultConnector {
        /* Issue request and expect code 204 with empty response */
        request.postWithoutResponse(
-                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"),
+            AUTH_APPROLE_ROLE + encode(roleName) + "/secret-id/destroy",
            new AppRoleSecret(secretID),
            token);
@@ -388,7 +316,7 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        SecretListResponse secrets = request.get(
-                PATH_AUTH_APPROLE + "/role?list=true",
+            AUTH_APPROLE + "role?list=true",
            emptyMap(),
            token,
            SecretListResponse.class
@@ -402,7 +330,7 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        SecretListResponse secrets = request.get(
-                String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"),
+            AUTH_APPROLE_ROLE + encode(roleName) + "/secret-id?list=true",
            emptyMap(),
            token,
            SecretListResponse.class
@@ -425,7 +353,7 @@ public class HTTPVaultConnector implements VaultConnector {
        /* Request HTTP response and parse secret metadata */
        Map<String, String> args = mapOfStrings("version", version);
-        return request.get(mount + PATH_DATA + key, args, token, MetaSecretResponse.class);
+        return request.get(mount + SECRET_DATA + key, args, token, MetaSecretResponse.class);
    }
    @Override
@@ -434,7 +362,7 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        /* Request HTTP response and parse secret metadata */
-        return request.get(mount + PATH_METADATA + key, emptyMap(), token, MetadataResponse.class);
+        return request.get(mount + SECRET_METADATA + key, emptyMap(), token, MetadataResponse.class);
    }
    @Override
@@ -449,7 +377,7 @@ public class HTTPVaultConnector implements VaultConnector {
            "cas_required", casRequired
        );
-        write(mount + PATH_METADATA + key, payload);
+        write(mount + SECRET_METADATA + key, payload);
    }
    @Override
@@ -468,7 +396,7 @@ public class HTTPVaultConnector implements VaultConnector {
        /* Issue request and parse metadata response */
        return request.post(
-                mount + PATH_DATA + key,
+            mount + SECRET_DATA + key,
            Map.of(
                "data", data,
                "options", options
@@ -521,30 +449,30 @@ public class HTTPVaultConnector implements VaultConnector {
    @Override
    public final void deleteLatestSecretVersion(final String mount, final String key) throws VaultConnectorException {
-        delete(mount + PATH_DATA + key);
+        delete(mount + SECRET_DATA + key);
    }
    @Override
    public final void deleteAllSecretVersions(final String mount, final String key) throws VaultConnectorException {
-        delete(mount + PATH_METADATA + key);
+        delete(mount + SECRET_METADATA + key);
    }
    @Override
    public final void deleteSecretVersions(final String mount, final String key, final int... versions)
        throws VaultConnectorException {
-        handleSecretVersions(mount, PATH_DELETE, key, versions);
+        handleSecretVersions(mount, SECRET_DELETE, key, versions);
    }
    @Override
    public final void undeleteSecretVersions(final String mount, final String key, final int... versions)
        throws VaultConnectorException {
-        handleSecretVersions(mount, PATH_UNDELETE, key, versions);
+        handleSecretVersions(mount, SECRET_UNDELETE, key, versions);
    }
    @Override
    public final void destroySecretVersions(final String mount, final String key, final int... versions)
        throws VaultConnectorException {
-        handleSecretVersions(mount, PATH_DESTROY, key, versions);
+        handleSecretVersions(mount, SECRET_DESTROY, key, versions);
    }
    /**
@@ -575,7 +503,7 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        /* Issue request and expect code 204 with empty response */
-        request.putWithoutResponse(PATH_REVOKE + leaseID, emptyMap(), token);
+        request.putWithoutResponse(SYS_LEASES_REVOKE + encode(leaseID), emptyMap(), token);
    }
    @Override
@@ -588,17 +516,17 @@ public class HTTPVaultConnector implements VaultConnector {
        );
        /* Issue request and parse secret response */
-        return request.put(PATH_RENEW, payload, token, SecretResponse.class);
+        return request.put(SYS_LEASES_RENEW, payload, token, SecretResponse.class);
    }
    @Override
    public final AuthResponse createToken(final Token token) throws VaultConnectorException {
-        return createTokenInternal(token, PATH_AUTH_TOKEN + PATH_CREATE);
+        return createTokenInternal(token, AUTH_TOKEN + TOKEN_CREATE);
    }
    @Override
    public final AuthResponse createToken(final Token token, final boolean orphan) throws VaultConnectorException {
-        return createTokenInternal(token, PATH_AUTH_TOKEN + PATH_CREATE_ORPHAN);
+        return createTokenInternal(token, AUTH_TOKEN + TOKEN_CREATE_ORPHAN);
    }
    @Override
@@ -606,7 +534,7 @@ public class HTTPVaultConnector implements VaultConnector {
        if (role == null || role.isEmpty()) {
            throw new InvalidRequestException("No role name specified.");
        }
-        return createTokenInternal(token, PATH_AUTH_TOKEN + PATH_CREATE + "/" + role);
+        return createTokenInternal(token, AUTH_TOKEN + TOKEN_CREATE + "/" + encode(role));
    }
    @Override
@@ -641,7 +569,7 @@ public class HTTPVaultConnector implements VaultConnector {
        /* Request HTTP response and parse Secret */
        return request.get(
-                PATH_AUTH_TOKEN + PATH_LOOKUP,
+            AUTH_TOKEN + TOKEN_LOOKUP,
            singletonMap("token", token),
            token,
            TokenResponse.class
@@ -659,7 +587,7 @@ public class HTTPVaultConnector implements VaultConnector {
        }
        // Issue request and expect code 204 with empty response.
-        request.postWithoutResponse(PATH_AUTH_TOKEN + PATH_ROLES + "/" + name, role, token);
+        request.postWithoutResponse(AUTH_TOKEN + TOKEN_ROLES + "/" + encode(name), role, token);
        return true;
    }
@@ -669,14 +597,14 @@ public class HTTPVaultConnector implements VaultConnector {
        requireAuth();
        // Request HTTP response and parse response.
-        return request.get(PATH_AUTH_TOKEN + PATH_ROLES + "/" + name, emptyMap(), token, TokenRoleResponse.class);
+        return request.get(AUTH_TOKEN + TOKEN_ROLES + "/" + encode(name), emptyMap(), token, TokenRoleResponse.class);
    }
    @Override
    public List<String> listTokenRoles() throws VaultConnectorException {
        requireAuth();
-        return list(PATH_AUTH_TOKEN + PATH_ROLES);
+        return list(AUTH_TOKEN + TOKEN_ROLES);
    }
    @Override
@@ -688,11 +616,52 @@ public class HTTPVaultConnector implements VaultConnector {
        }
        // Issue request and expect code 204 with empty response.
-        request.deleteWithoutResponse(PATH_AUTH_TOKEN + PATH_ROLES + "/" + name, token);
+        request.deleteWithoutResponse(AUTH_TOKEN + TOKEN_ROLES + "/" + encode(name), token);
        return true;
    }
    @Override
    public final TransitResponse transitEncrypt(final String keyName, final String plaintext)
        throws VaultConnectorException {
        requireAuth();
        Map<String, Object> payload = mapOf(
            "plaintext", plaintext
        );
        return request.post(TRANSIT_ENCRYPT + encode(keyName), payload, token, TransitResponse.class);
    }
    @Override
    public final TransitResponse transitDecrypt(final String keyName, final String ciphertext)
        throws VaultConnectorException {
        requireAuth();
        Map<String, Object> payload = mapOf(
            "ciphertext", ciphertext
        );
        return request.post(TRANSIT_DECRYPT + encode(keyName), payload, token, TransitResponse.class);
    }
    @Override
    public final TransitResponse transitHash(final String algorithm, final String input, final String format)
        throws VaultConnectorException {
        if (format != null && !"hex".equals(format) && !"base64".equals(format)) {
            throw new IllegalArgumentException("Unsupported format " + format);
        }
        requireAuth();
        Map<String, Object> payload = mapOf(
            "input", input,
            "format", format
        );
        return request.post(TRANSIT_HASH + encode(algorithm), payload, token, TransitResponse.class);
    }
    /**
     * Check for required authorization.
     *
@@ -732,7 +701,7 @@ public class HTTPVaultConnector implements VaultConnector {
     */
    private static Map<String, Object> mapOf(Object... keyValues) {
        Map<String, Object> map = new HashMap<>(keyValues.length / 2, 1);
-        for (int i = 0; i < keyValues.length; i = i + 2) {
+        for (int i = 0; i < keyValues.length - 1; i = i + 2) {
            Object key = keyValues[i];
            Object val = keyValues[i + 1];
            if (key instanceof String && val != null) {
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -20,18 +20,17 @@ import de.stklcode.jvault.connector.exception.ConnectionException;
 import de.stklcode.jvault.connector.exception.TlsException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URL;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Objects;
 /**
 * Vault Connector Builder implementation for HTTP Vault connectors.
@@ -96,10 +95,14 @@ public final class HTTPVaultConnectorBuilder {
     * @since 1.0
     */
    public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) {
-        return withTLS(!("http".equalsIgnoreCase(Objects.requireNonNullElse(baseURL.getScheme(), ""))))
+        String path = baseURL.getPath();
        if (path == null || path.isBlank()) {
            path = DEFAULT_PREFIX;
        }
        return withTLS(!("http".equalsIgnoreCase(baseURL.getScheme())))
            .withHost(baseURL.getHost())
            .withPort(baseURL.getPort())
-                .withPrefix(baseURL.getPath());
+            .withPrefix(path);
    }
    /**
@@ -301,13 +304,10 @@ public final class HTTPVaultConnectorBuilder {
     */
    public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
        /* Parse URL from environment variable */
-        if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) {
+        if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).isBlank()) {
            try {
-                var url = new URL(System.getenv(ENV_VAULT_ADDR));
+                withBaseURL(System.getenv(ENV_VAULT_ADDR));
-                this.host = url.getHost();
+            } catch (URISyntaxException e) {
                this.port = url.getPort();
                this.tls = url.getProtocol().equals("https");
            } catch (MalformedURLException e) {
                throw new ConnectionException("URL provided in environment variable malformed", e);
            }
        }
@@ -315,7 +315,7 @@ public final class HTTPVaultConnectorBuilder {
        /* Read number of retries */
        if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
            try {
-                numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES));
+                withNumberOfRetries(Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES)));
            } catch (NumberFormatException ignored) {
                /* Ignore malformed values. */
            }
@@ -325,8 +325,12 @@ public final class HTTPVaultConnectorBuilder {
        token = System.getenv(ENV_VAULT_TOKEN);
        /* Parse certificate, if set */
-        if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) {
+        if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).isBlank()) {
-            return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT)));
+            X509Certificate cert = certificateFromString(System.getenv(ENV_VAULT_CACERT));
            if (cert == null) {
                cert = certificateFromFile(Paths.get(System.getenv(ENV_VAULT_CACERT)));
            }
            return withTrustedCA(cert);
        }
        return this;
    }
@@ -398,6 +402,28 @@ public final class HTTPVaultConnectorBuilder {
        return con;
    }
    /**
     * Read given certificate file to X.509 certificate.
     *
     * @param cert Certificate string (optionally PEM)
     * @return X.509 Certificate object if parseable, else {@code null}
     * @throws TlsException on error
     * @since 1.5.0
     */
    private X509Certificate certificateFromString(final String cert) throws TlsException {
        // Check if PEM header is present in given string
        if (cert.contains("-BEGIN ") && cert.contains("-END")) {
            try (var is = new ByteArrayInputStream(cert.getBytes(StandardCharsets.UTF_8))) {
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
            } catch (IOException | CertificateException e) {
                throw new TlsException("Unable to read certificate.", e);
            }
        }
        // Not am PEM string, skip
        return null;
    }
    /**
     * Read given certificate file to X.509 certificate.
     *
--- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -21,10 +21,7 @@ import de.stklcode.jvault.connector.model.*;
 import de.stklcode.jvault.connector.model.response.*;
 import java.io.Serializable;
-import java.util.ArrayList;
+import java.util.*;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 /**
 * Vault Connector interface.
@@ -112,19 +109,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    AuthResponse authUserPass(final String username, final String password) throws VaultConnectorException;
    /**
     * Authorize to Vault using AppID method.
     *
     * @param appID  The App ID
     * @param userID The User ID
     * @return The {@link AuthResponse}
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
     * Consider using {@link #authAppRole} instead.
     */
    @Deprecated(since = "0.4", forRemoval = true)
    AuthResponse authAppId(final String appID, final String userID) throws VaultConnectorException;
    /**
     * Authorize to Vault using AppRole method without secret ID.
     *
@@ -148,21 +132,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException;
    /**
     * Register new App-ID with policy.
     *
     * @param appID       The unique App-ID
     * @param policy      The policy to associate with
     * @param displayName Arbitrary name to display
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
     * Consider using {@link #createAppRole} instead.
     */
    @Deprecated(since = "0.4", forRemoval = true)
    boolean registerAppId(final String appID, final String policy, final String displayName)
            throws VaultConnectorException;
    /**
     * Register a new AppRole role from given metamodel.
     *
@@ -344,38 +313,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    List<String> listAppRoleSecrets(final String roleName) throws VaultConnectorException;
    /**
     * Register User-ID with App-ID.
     *
     * @param appID  The App-ID
     * @param userID The User-ID
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
     * Consider using {@link #createAppRoleSecret} instead.
     */
    @Deprecated(since = "0.4", forRemoval = true)
    boolean registerUserId(final String appID, final String userID) throws VaultConnectorException;
    /**
     * Register new App-ID and User-ID at once.
     *
     * @param appID       The App-ID
     * @param policy      The policy to associate with
     * @param displayName Arbitrary name to display
     * @param userID      The User-ID
     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. App-ID was removed in Vault 1.12.
     */
    @Deprecated(since = "0.4", forRemoval = true)
    default boolean registerAppUserId(final String appID,
                                      final String policy,
                                      final String displayName,
                                      final String userID) throws VaultConnectorException {
        return registerAppId(appID, policy, userID) && registerUserId(appID, userID);
    }
    /**
     * Get authorization status.
     *
@@ -734,6 +671,82 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    boolean deleteTokenRole(final String name) throws VaultConnectorException;
    /**
     * Encrypt plaintext via transit engine from Vault.
     *
     * @param keyName   Transit key name
     * @param plaintext Text to encrypt (Base64 encoded)
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    TransitResponse transitEncrypt(final String keyName, final String plaintext) throws VaultConnectorException;
    /**
     * Encrypt plaintext via transit engine from Vault.
     *
     * @param keyName   Transit key name
     * @param plaintext Binary data to encrypt
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    default TransitResponse transitEncrypt(final String keyName, final byte[] plaintext)
        throws VaultConnectorException {
        return transitEncrypt(keyName, Base64.getEncoder().encodeToString(plaintext));
    }
    /**
     * Decrypt ciphertext via transit engine from Vault.
     *
     * @param keyName    Transit key name
     * @param ciphertext Text to decrypt
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    TransitResponse transitDecrypt(final String keyName, final String ciphertext) throws VaultConnectorException;
    /**
     * Hash data in hex format via transit engine from Vault.
     *
     * @param algorithm Specifies the hash algorithm to use
     * @param input     Data to hash
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    default TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException {
        return transitHash(algorithm, input, "hex");
    }
    /**
     * Hash data via transit engine from Vault.
     *
     * @param algorithm Specifies the hash algorithm to use
     * @param input     Data to hash (Base64 encoded)
     * @param format    Specifies the output encoding (hex/base64)
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    TransitResponse transitHash(final String algorithm, final String input, final String format)
        throws VaultConnectorException;
    /**
     * Hash data via transit engine from Vault.
     *
     * @param algorithm Specifies the hash algorithm to use
     * @param input     Data to hash
     * @return Transit response
     * @throws VaultConnectorException on error
     * @since 1.5.0
     */
    default TransitResponse transitHash(final String algorithm, final byte[] input, final String format)
        throws VaultConnectorException {
        return transitHash(algorithm, Base64.getEncoder().encodeToString(input), format);
    }
    /**
     * Read credentials for MySQL backend at default mount point.
     *
@@ -741,7 +754,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your MySQL mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mysql");
    }
@@ -753,7 +768,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your PostgreSQL mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "postgresql");
    }
@@ -765,28 +782,32 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your MSSQL mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mssql");
    }
    /**
-     * Read credentials for MSSQL backend at default mount point.
+     * Read credentials for MongoDB backend at default mount point.
     *
     * @param role the role name
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     * @deprecated use {@link #readDbCredentials(String, String)} your MongoDB mountpoint
     */
    @Deprecated(since = "1.5.0", forRemoval = true)
    default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mongodb");
    }
    /**
-     * Read credentials for SQL backends.
+     * Read credentials for database backends.
     *
     * @param role  the role name
-     * @param mount mount point of the SQL backend
+     * @param mount mount point of the database backend
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
--- a/src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/TlsException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/TlsException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/internal/Error.java
+++ b/src/main/java/de/stklcode/jvault/connector/internal/Error.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java
+++ b/src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java
@@ -2,8 +2,8 @@ package de.stklcode.jvault.connector.internal;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.*;
 import de.stklcode.jvault.connector.model.response.ErrorResponse;
@@ -25,6 +25,7 @@ import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.time.Duration;
 import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.CompletionException;
 import java.util.stream.Collectors;
@@ -44,7 +45,7 @@ public final class RequestHelper implements Serializable {
    private final int retries;                      // Number of retries on 5xx errors.
    private final String tlsVersion;                // TLS version (#22).
    private final X509Certificate trustedCaCert;    // Trusted CA certificate.
-    private final ObjectMapper jsonMapper;
+    private final JsonMapper jsonMapper;
    /**
     * Constructor of the request helper.
@@ -65,10 +66,11 @@ public final class RequestHelper implements Serializable {
        this.timeout = timeout;
        this.tlsVersion = tlsVersion;
        this.trustedCaCert = trustedCaCert;
-        this.jsonMapper = new ObjectMapper()
+        this.jsonMapper = JsonMapper.builder()
-                .registerModule(new JavaTimeModule())
+            .addModule(new JavaTimeModule())
            .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+            .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
            .build();
    }
    /**
@@ -262,9 +264,9 @@ public final class RequestHelper implements Serializable {
        if (!payload.isEmpty()) {
            uriBuilder.append("?").append(
-                    payload.entrySet().stream().map(par ->
+                payload.entrySet().stream()
-                            URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
+                    .map(par -> encode(par.getKey()) + "=" + encode(par.getValue()))
-                    ).collect(Collectors.joining("&"))
+                    .collect(Collectors.joining("&"))
            );
        }
@@ -306,6 +308,17 @@ public final class RequestHelper implements Serializable {
        }
    }
    /**
     * Encode URL part.
     *
     * @param part Path part to URL-encode and insert into the template
     * @return Encoded URL part
     * @since 1.5.3
     */
    public static String encode(final String part) {
        return URLEncoder.encode(Objects.requireNonNullElse(part, ""), UTF_8);
    }
    /**
     * Execute prepared HTTP request and return result.
     *
--- a/src/main/java/de/stklcode/jvault/connector/internal/VaultApiPath.java
+++ b/src/main/java/de/stklcode/jvault/connector/internal/VaultApiPath.java
@@ -0,0 +1,71 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.internal;
 /**
 * Vault API path constants.
 *
 * @author Stefan Kalscheuer
 * @since 1.5.3
 */
 public final class VaultApiPath {
    // Base paths
    private static final String SYS = "sys";
    private static final String AUTH = "auth";
    private static final String TRANSIT = "transit";
    // System paths
    public static final String SYS_AUTH = SYS + "/auth";
    public static final String SYS_LEASES_RENEW = SYS + "/leases/renew";
    public static final String SYS_LEASES_REVOKE = SYS + "/leases/revoke/";
    public static final String SYS_HEALTH = SYS + "/health";
    public static final String SYS_SEAL = SYS + "/seal";
    public static final String SYS_SEAL_STATUS = SYS + "/seal-status";
    public static final String SYS_UNSEAL = SYS + "/unseal";
    // Auth paths
    public static final String AUTH_TOKEN = AUTH + "/token";
    public static final String AUTH_USERPASS_LOGIN = AUTH + "/userpass/login/";
    public static final String AUTH_APPROLE = AUTH + "/approle/";
    public static final String AUTH_APPROLE_ROLE = AUTH_APPROLE + "role/";
    // Token operations
    public static final String TOKEN_LOOKUP = "/lookup";
    public static final String TOKEN_LOOKUP_SELF = "/lookup-self";
    public static final String TOKEN_CREATE = "/create";
    public static final String TOKEN_CREATE_ORPHAN = "/create-orphan";
    public static final String TOKEN_ROLES = "/roles";
    // Secret engine paths
    public static final String SECRET_DATA = "/data/";
    public static final String SECRET_METADATA = "/metadata/";
    public static final String SECRET_DELETE = "/delete/";
    public static final String SECRET_UNDELETE = "/undelete/";
    public static final String SECRET_DESTROY = "/destroy/";
    // Transit engine paths
    public static final String TRANSIT_ENCRYPT = TRANSIT + "/encrypt/";
    public static final String TRANSIT_DECRYPT = TRANSIT + "/decrypt/";
    public static final String TRANSIT_HASH = TRANSIT + "/hash/";
    /**
     * Private constructor to prevent instantiation.
     */
    private VaultApiPath() {
        // Utility class
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/AppRole.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AppRole.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class AppRole implements Serializable {
-    private static final long serialVersionUID = 693228837510483448L;
+    private static final long serialVersionUID = 1546673231280751679L;
    @JsonProperty("role_name")
    private String name;
@@ -53,7 +53,7 @@ public final class AppRole implements Serializable {
    @JsonProperty("secret_id_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer secretIdTtl;
+    private Long secretIdTtl;
    @JsonProperty("local_secret_ids")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -61,11 +61,11 @@ public final class AppRole implements Serializable {
    @JsonProperty("token_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer tokenTtl;
+    private Long tokenTtl;
    @JsonProperty("token_max_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer tokenMaxTtl;
+    private Long tokenMaxTtl;
    private List<String> tokenPolicies;
@@ -75,7 +75,7 @@ public final class AppRole implements Serializable {
    @JsonProperty("token_explicit_max_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer tokenExplicitMaxTtl;
+    private Long tokenExplicitMaxTtl;
    @JsonProperty("token_no_default_policy")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -255,7 +255,7 @@ public final class AppRole implements Serializable {
    /**
     * @return maximum TTL in seconds for secrets
     */
-    public Integer getSecretIdTtl() {
+    public Long getSecretIdTtl() {
        return secretIdTtl;
    }
@@ -271,14 +271,14 @@ public final class AppRole implements Serializable {
    /**
     * @return token TTL in seconds
     */
-    public Integer getTokenTtl() {
+    public Long getTokenTtl() {
        return tokenTtl;
    }
    /**
     * @return maximum token TTL in seconds, including renewals
     */
-    public Integer getTokenMaxTtl() {
+    public Long getTokenMaxTtl() {
        return tokenMaxTtl;
    }
@@ -286,7 +286,7 @@ public final class AppRole implements Serializable {
     * @return explicit maximum token TTL in seconds, including renewals
     * @since 0.9
     */
-    public Integer getTokenExplicitMaxTtl() {
+    public Long getTokenExplicitMaxTtl() {
        return tokenExplicitMaxTtl;
    }
@@ -370,12 +370,12 @@ public final class AppRole implements Serializable {
        private List<String> secretIdBoundCidrs;
        private List<String> tokenPolicies;
        private Integer secretIdNumUses;
-        private Integer secretIdTtl;
+        private Long secretIdTtl;
        private Boolean localSecretIds;
-        private Integer tokenTtl;
+        private Long tokenTtl;
-        private Integer tokenMaxTtl;
+        private Long tokenMaxTtl;
        private List<String> tokenBoundCidrs;
-        private Integer tokenExplicitMaxTtl;
+        private Long tokenExplicitMaxTtl;
        private Boolean tokenNoDefaultPolicy;
        private Integer tokenNumUses;
        private Integer tokenPeriod;
@@ -520,7 +520,7 @@ public final class AppRole implements Serializable {
         * @param secretIdTtl the TTL
         * @return self
         */
-        public Builder withSecretIdTtl(final Integer secretIdTtl) {
+        public Builder withSecretIdTtl(final Long secretIdTtl) {
            this.secretIdTtl = secretIdTtl;
            return this;
        }
@@ -544,7 +544,7 @@ public final class AppRole implements Serializable {
         * @param tokenTtl the TTL
         * @return self
         */
-        public Builder withTokenTtl(final Integer tokenTtl) {
+        public Builder withTokenTtl(final Long tokenTtl) {
            this.tokenTtl = tokenTtl;
            return this;
        }
@@ -555,7 +555,7 @@ public final class AppRole implements Serializable {
         * @param tokenMaxTtl the TTL
         * @return self
         */
-        public Builder withTokenMaxTtl(final Integer tokenMaxTtl) {
+        public Builder withTokenMaxTtl(final Long tokenMaxTtl) {
            this.tokenMaxTtl = tokenMaxTtl;
            return this;
        }
@@ -596,7 +596,7 @@ public final class AppRole implements Serializable {
         * @param tokenExplicitMaxTtl the TTL
         * @return self
         */
-        public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) {
+        public Builder withTokenExplicitMaxTtl(final Long tokenExplicitMaxTtl) {
            this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
            return this;
        }
--- a/src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class AppRoleSecret implements Serializable {
-    private static final long serialVersionUID = -3401074170145792641L;
+    private static final long serialVersionUID = 3079272087137299819L;
    @JsonProperty("secret_id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -47,6 +47,8 @@ public final class AppRoleSecret implements Serializable {
    private List<String> cidrList;
    private List<String> tokenBoundCidrs;
    @JsonProperty(value = "creation_time", access = JsonProperty.Access.WRITE_ONLY)
    private String creationTime;
@@ -137,6 +139,36 @@ public final class AppRoleSecret implements Serializable {
        return String.join(",", cidrList);
    }
    /**
     * @return list of bound CIDR subnets of associated tokens
     * @since 1.5.3
     */
    public List<String> getTokenBoundCidrs() {
        return tokenBoundCidrs;
    }
    /**
     * @param boundCidrList list of subnets in CIDR notation to bind role to
     * @since 1.5.3
     */
    @JsonSetter("token_bound_cidrs")
    public void setTokenBoundCidrs(final List<String> boundCidrList) {
        this.tokenBoundCidrs = boundCidrList;
    }
    /**
     * @return list of subnets in CIDR notation as comma-separated {@link String}
     * @since 1.5.3
     */
    @JsonGetter("token_bound_cidrs")
    @JsonInclude(JsonInclude.Include.NON_EMPTY)
    public String getTokenBoundCidrsString() {
        if (tokenBoundCidrs == null || tokenBoundCidrs.isEmpty()) {
            return "";
        }
        return String.join(",", tokenBoundCidrs);
    }
    /**
     * @return Creation time
     */
@@ -184,6 +216,7 @@ public final class AppRoleSecret implements Serializable {
            Objects.equals(accessor, that.accessor) &&
            Objects.equals(metadata, that.metadata) &&
            Objects.equals(cidrList, that.cidrList) &&
            Objects.equals(tokenBoundCidrs, that.tokenBoundCidrs) &&
            Objects.equals(creationTime, that.creationTime) &&
            Objects.equals(expirationTime, that.expirationTime) &&
            Objects.equals(lastUpdatedTime, that.lastUpdatedTime) &&
@@ -193,7 +226,7 @@ public final class AppRoleSecret implements Serializable {
    @Override
    public int hashCode() {
-        return Objects.hash(id, accessor, metadata, cidrList, creationTime, expirationTime, lastUpdatedTime, numUses,
+        return Objects.hash(id, accessor, metadata, cidrList, tokenBoundCidrs, creationTime, expirationTime,
-                ttl);
+            lastUpdatedTime, numUses, ttl);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -24,8 +24,6 @@ package de.stklcode.jvault.connector.model;
 */
 public enum AuthBackend {
    TOKEN("token"),
    @Deprecated(since = "1.1.3", forRemoval = true)
    APPID("app-id"),
    APPROLE("approle"),
    USERPASS("userpass"),
    GITHUB("github"),   // Not supported yet.
--- a/src/main/java/de/stklcode/jvault/connector/model/Token.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/Token.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ import java.util.*;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class Token implements Serializable {
-    private static final long serialVersionUID = 5208508683665365287L;
+    private static final long serialVersionUID = 7003016071684507115L;
    @JsonProperty("id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -56,11 +56,11 @@ public final class Token implements Serializable {
    @JsonProperty("ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer ttl;
+    private Long ttl;
    @JsonProperty("explicit_max_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer explicitMaxTtl;
+    private Long explicitMaxTtl;
    @JsonProperty("num_uses")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -162,7 +162,7 @@ public final class Token implements Serializable {
    /**
     * @return Time-to-live in seconds
     */
-    public Integer getTtl() {
+    public Long getTtl() {
        return ttl;
    }
@@ -170,7 +170,7 @@ public final class Token implements Serializable {
     * @return Explicit maximum time-to-live in seconds
     * @since 0.9
     */
-    public Integer getExplicitMaxTtl() {
+    public Long getExplicitMaxTtl() {
        return explicitMaxTtl;
    }
@@ -282,8 +282,8 @@ public final class Token implements Serializable {
        private String displayName;
        private Boolean noParent;
        private Boolean noDefaultPolicy;
-        private Integer ttl;
+        private Long ttl;
-        private Integer explicitMaxTtl;
+        private Long explicitMaxTtl;
        private Integer numUses;
        private List<String> policies;
        private Map<String, String> meta;
@@ -331,7 +331,7 @@ public final class Token implements Serializable {
         * @param ttl the ttl
         * @return self
         */
-        public Builder withTtl(final Integer ttl) {
+        public Builder withTtl(final Long ttl) {
            this.ttl = ttl;
            return this;
        }
@@ -342,7 +342,7 @@ public final class Token implements Serializable {
         * @param explicitMaxTtl the explicit max. TTL
         * @return self
         */
-        public Builder withExplicitMaxTtl(final Integer explicitMaxTtl) {
+        public Builder withExplicitMaxTtl(final Long explicitMaxTtl) {
            this.explicitMaxTtl = explicitMaxTtl;
            return this;
        }
--- a/src/main/java/de/stklcode/jvault/connector/model/TokenRole.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/TokenRole.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenRole implements Serializable {
-    private static final long serialVersionUID = -3505215215838576321L;
+    private static final long serialVersionUID = -4856948364869438439L;
    @JsonProperty("name")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -78,7 +78,7 @@ public final class TokenRole implements Serializable {
    @JsonProperty("token_explicit_max_ttl")
    @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer tokenExplicitMaxTtl;
+    private Long tokenExplicitMaxTtl;
    @JsonProperty("token_no_default_policy")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -204,7 +204,7 @@ public final class TokenRole implements Serializable {
    /**
     * @return Token explicit maximum TTL
     */
-    public Integer getTokenExplicitMaxTtl() {
+    public Long getTokenExplicitMaxTtl() {
        return tokenExplicitMaxTtl;
    }
@@ -285,7 +285,7 @@ public final class TokenRole implements Serializable {
        private String pathSuffix;
        private List<String> allowedEntityAliases;
        private List<String> tokenBoundCidrs;
-        private Integer tokenExplicitMaxTtl;
+        private Long tokenExplicitMaxTtl;
        private Boolean tokenNoDefaultPolicy;
        private Integer tokenNumUses;
        private Integer tokenPeriod;
@@ -537,7 +537,7 @@ public final class TokenRole implements Serializable {
         * @param tokenExplicitMaxTtl explicit maximum TTL
         * @return self
         */
-        public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) {
+        public Builder withTokenExplicitMaxTtl(final Long tokenExplicitMaxTtl) {
            this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
            return this;
        }
--- a/src/main/java/de/stklcode/jvault/connector/model/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/MetaSecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/MetaSecretResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/PlainSecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/PlainSecretResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -18,8 +18,8 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
@@ -85,10 +85,11 @@ public abstract class SecretResponse extends VaultDataResponse {
            } else if (type.isInstance(rawValue)) {
                return type.cast(rawValue);
            } else {
-                var om = new ObjectMapper()
+                var om = JsonMapper.builder()
-                        .registerModule(new JavaTimeModule())
+                    .addModule(new JavaTimeModule())
                    .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-                        .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+                    .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
                    .build();
                if (rawValue instanceof String) {
                    return om.readValue((String) rawValue, type);
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java
@@ -0,0 +1,92 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonSetter;
 import java.util.Map;
 import java.util.Objects;
 /**
 * Response entity for transit operations.
 *
 * @author Stefan Kalscheuer
 * @since 1.5.0
 */
 public class TransitResponse extends VaultDataResponse {
    private static final long serialVersionUID = 6873804240772242771L;
    private String ciphertext;
    private String plaintext;
    private String sum;
    @JsonSetter("data")
    private void setData(Map<String, String> data) {
        ciphertext = data.get("ciphertext");
        plaintext = data.get("plaintext");
        sum = data.get("sum");
    }
    /**
     * Get ciphertext.
     * Populated after encryption.
     *
     * @return Ciphertext
     */
    public String getCiphertext() {
        return ciphertext;
    }
    /**
     * Get plaintext.
     * Base64 encoded, populated after decryption.
     *
     * @return Plaintext
     */
    public String getPlaintext() {
        return plaintext;
    }
    /**
     * Get hash sum.
     * Hex or Base64 string. Populated after hashing.
     *
     * @return Hash sum
     */
    public String getSum() {
        return sum;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o) {
            return true;
        } else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
            return false;
        }
        TransitResponse that = (TransitResponse) o;
        return Objects.equals(ciphertext, that.ciphertext) &&
            Objects.equals(plaintext, that.plaintext) &&
            Objects.equals(sum, that.sum);
    }
    @Override
    public int hashCode() {
        return Objects.hash(super.hashCode(), ciphertext, plaintext, sum);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -115,6 +115,7 @@ public abstract class VaultDataResponse implements VaultResponse {
    public final String getMountType() {
        return mountType;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o) {
--- a/src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaConstraintAny.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaConstraintAny.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaMethodId.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaMethodId.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaRequirement.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaRequirement.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MountConfig.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/MountConfig.java
@@ -15,13 +15,13 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public class MountConfig implements Serializable {
-    private static final long serialVersionUID = -8653909672663717792L;
+    private static final long serialVersionUID = 7241631159224756605L;
    @JsonProperty("default_lease_ttl")
-    private Integer defaultLeaseTtl;
+    private Long defaultLeaseTtl;
    @JsonProperty("max_lease_ttl")
-    private Integer maxLeaseTtl;
+    private Long maxLeaseTtl;
    @JsonProperty("force_no_cache")
    private Boolean forceNoCache;
@@ -56,14 +56,14 @@ public class MountConfig implements Serializable {
    /**
     * @return Default lease TTL
     */
-    public Integer getDefaultLeaseTtl() {
+    public Long getDefaultLeaseTtl() {
        return defaultLeaseTtl;
    }
    /**
     * @return Maximum lease TTL
     */
-    public Integer getMaxLeaseTtl() {
+    public Long getMaxLeaseTtl() {
        return maxLeaseTtl;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
@@ -37,9 +36,6 @@ import java.util.Objects;
 public final class SecretMetadata implements Serializable {
    private static final long serialVersionUID = -905059942871916214L;
    private static final DateTimeFormatter TIME_FORMAT =
            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
    @JsonProperty("created_time")
    private ZonedDateTime createdTime;
@@ -67,19 +63,6 @@ public final class SecretMetadata implements Serializable {
    @JsonProperty("delete_version_after")
    private String deleteVersionAfter;
    /**
     * @return Time of secret creation as raw string representation.
     * @deprecated Method left for backwards compatibility only. Use {@link #getCreatedTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getCreatedTimeString() {
        if (createdTime != null) {
            return TIME_FORMAT.format(createdTime);
        }
        return null;
    }
    /**
     * @return Time of secret creation.
     */
@@ -108,19 +91,6 @@ public final class SecretMetadata implements Serializable {
        return oldestVersion;
    }
    /**
     * @return Time of secret update as raw string representation.
     * @deprecated Method left for backwards compatibility only. Use {@link #getUpdatedTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getUpdatedTimeString() {
        if (updatedTime != null) {
            return TIME_FORMAT.format(updatedTime);
        }
        return null;
    }
    /**
     * @return Time of secret update.
     */
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -35,10 +34,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenData implements Serializable {
-    private static final long serialVersionUID = -5749716740973138916L;
+    private static final long serialVersionUID = -4168046151053509784L;
    private static final DateTimeFormatter TIME_FORMAT =
            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
    @JsonProperty("accessor")
    private String accessor;
@@ -47,7 +43,7 @@ public final class TokenData implements Serializable {
    private Integer creationTime;
    @JsonProperty("creation_ttl")
-    private Integer creationTtl;
+    private Long creationTtl;
    @JsonProperty("display_name")
    private String name;
@@ -59,7 +55,7 @@ public final class TokenData implements Serializable {
    private ZonedDateTime expireTime;
    @JsonProperty("explicit_max_ttl")
-    private Integer explicitMaxTtl;
+    private Long explicitMaxTtl;
    @JsonProperty("id")
    private String id;
@@ -86,7 +82,7 @@ public final class TokenData implements Serializable {
    private boolean renewable;
    @JsonProperty("ttl")
-    private Integer ttl;
+    private Long ttl;
    @JsonProperty("type")
    private String type;
@@ -108,7 +104,7 @@ public final class TokenData implements Serializable {
    /**
     * @return Creation TTL (in seconds)
     */
-    public Integer getCreationTtl() {
+    public Long getCreationTtl() {
        return creationTtl;
    }
@@ -127,20 +123,6 @@ public final class TokenData implements Serializable {
        return entityId;
    }
    /**
     * @return Expire time as raw string value
     * @since 0.9
     * @deprecated Method left for backwards compatibility only. Use {@link #getExpireTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getExpireTimeString() {
        if (expireTime != null) {
            return TIME_FORMAT.format(expireTime);
        }
        return null;
    }
    /**
     * @return Expire time (parsed)
     * @since 0.9
@@ -153,7 +135,7 @@ public final class TokenData implements Serializable {
     * @return Explicit maximum TTL
     * @since 0.9
     */
-    public Integer getExplicitMaxTtl() {
+    public Long getExplicitMaxTtl() {
        return explicitMaxTtl;
    }
@@ -164,20 +146,6 @@ public final class TokenData implements Serializable {
        return id;
    }
    /**
     * @return Issue time as raw string value
     * @since 0.9
     * @deprecated Method left for backwards compatibility only. Use {@link #getIssueTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getIssueTimeString() {
        if (issueTime != null) {
            return TIME_FORMAT.format(issueTime);
        }
        return null;
    }
    /**
     * @return Expire time (parsed)
     * @since 0.9
@@ -234,7 +202,7 @@ public final class TokenData implements Serializable {
    /**
     * @return Token TTL (in seconds)
     */
-    public Integer getTtl() {
+    public Long getTtl() {
        return ttl;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
@@ -37,9 +36,6 @@ import java.util.Objects;
 public final class VersionMetadata implements Serializable {
    private static final long serialVersionUID = 8495687554714216478L;
    private static final DateTimeFormatter TIME_FORMAT =
            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
    @JsonProperty("created_time")
    private ZonedDateTime createdTime;
@@ -55,19 +51,6 @@ public final class VersionMetadata implements Serializable {
    @JsonProperty("custom_metadata")
    private HashMap<String, String> customMetadata;
    /**
     * @return Time of secret creation as raw string representation.
     * @deprecated Method left for backwards compatibility only. Use {@link #getCreatedTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getCreatedTimeString() {
        if (createdTime != null) {
            return TIME_FORMAT.format(createdTime);
        }
        return null;
    }
    /**
     * @return Time of secret creation.
     */
@@ -75,19 +58,6 @@ public final class VersionMetadata implements Serializable {
        return createdTime;
    }
    /**
     * @return Time for secret deletion as raw string representation.
     * @deprecated Method left for backwards compatibility only. Use {@link #getDeletionTime()} instead.
     */
    @Deprecated(since = "1.2", forRemoval = true)
    public String getDeletionTimeString() {
        if (deletionTime != null) {
            return TIME_FORMAT.format(deletionTime);
        }
        return null;
    }
    /**
     * @return Time for secret deletion.
     */
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/WrapInfo.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/WrapInfo.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/module-info.java
+++ b/src/main/java/module-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ module de.stklcode.jvault.connector {
    opens de.stklcode.jvault.connector.model.response.embedded to com.fasterxml.jackson.databind;
    requires java.net.http;
    requires com.fasterxml.jackson.annotation;
    requires com.fasterxml.jackson.databind;
    requires com.fasterxml.jackson.datatype.jsr310;
 }
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -25,7 +25,10 @@ import org.junit.jupiter.api.io.TempDir;
 import java.io.File;
 import java.lang.reflect.Field;
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Paths;
 import java.util.concurrent.atomic.AtomicReference;
 import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable;
 import static org.junit.jupiter.api.Assertions.*;
@@ -38,6 +41,8 @@ import static org.junit.jupiter.api.Assertions.*;
 */
 class HTTPVaultConnectorBuilderTest {
    private static final String VAULT_ADDR = "https://localhost:8201";
    private static final String VAULT_ADDR_2 = "http://localhost";
    private static final String VAULT_ADDR_3 = "https://localhost/vault/";
    private static final Integer VAULT_MAX_RETRIES = 13;
    private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
@@ -112,6 +117,22 @@ class HTTPVaultConnectorBuilderTest {
            return null;
        });
        withVaultEnv(VAULT_ADDR_2, null, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                () -> HTTPVaultConnector.builder().fromEnv(),
                "Factory creation from minimal environment failed"
            );
            assertEquals(VAULT_ADDR_2 + "/v1/", getRequestHelperPrivate(builder.build(), "baseURL"), "URL without port not set correctly");
            return null;
        });
        withVaultEnv(VAULT_ADDR_3, null, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                () -> HTTPVaultConnector.builder().fromEnv(),
                "Factory creation from minimal environment failed"
            );
            assertEquals(VAULT_ADDR_3, getRequestHelperPrivate(builder.build(), "baseURL"), "URL with custom path not set correctly");
            return null;
        });
        // Provide address and number of retries.
        withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
@@ -128,19 +149,6 @@ class HTTPVaultConnectorBuilderTest {
            return null;
        });
        // Provide CA certificate.
        String vaultCacert = tempDir.toString() + "/doesnotexist";
        withVaultEnv(VAULT_ADDR, vaultCacert, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
            TlsException e = assertThrows(
                    TlsException.class,
                    () -> HTTPVaultConnector.builder().fromEnv(),
                    "Creation with unknown cert path failed"
            );
            assertEquals(vaultCacert, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
            return null;
        });
        // Automatic authentication.
        withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
@@ -164,6 +172,59 @@ class HTTPVaultConnectorBuilderTest {
        });
    }
    /**
     * Test CA certificate handling from environment variables
     */
    @Test
    void testCertificateFromEnv() throws Exception {
        // From direct PEM content
        String pem = Files.readString(Paths.get(getClass().getResource("/tls/ca.pem").toURI()));
        AtomicReference<Object> certFromPem = new AtomicReference<>();
        withVaultEnv(VAULT_ADDR, pem, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                () -> HTTPVaultConnector.builder().fromEnv(),
                "Builder with PEM certificate from environment failed"
            );
            HTTPVaultConnector connector = builder.build();
            certFromPem.set(getRequestHelperPrivate(connector, "trustedCaCert"));
            assertNotNull(certFromPem.get(), "Trusted CA cert from PEM not set");
            return null;
        });
        // From file path
        String file = Paths.get(getClass().getResource("/tls/ca.pem").toURI()).toString();
        AtomicReference<Object> certFromFile = new AtomicReference<>();
        withVaultEnv(VAULT_ADDR, file, null, null).execute(() -> {
            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
                () -> HTTPVaultConnector.builder().fromEnv(),
                "Builder with certificate path from environment failed"
            );
            HTTPVaultConnector connector = builder.build();
            certFromFile.set(getRequestHelperPrivate(connector, "trustedCaCert"));
            assertNotNull(certFromFile.get(), "Trusted CA cert from file not set");
            return null;
        });
        assertEquals(certFromPem.get(), certFromFile.get(), "Certificates from PEM and file should be equal");
        // Non-existing path CA certificate path
        String doesNotExist = tempDir.toString() + "/doesnotexist";
        withVaultEnv(VAULT_ADDR, doesNotExist, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
            TlsException e = assertThrows(
                TlsException.class,
                () -> HTTPVaultConnector.builder().fromEnv(),
                "Creation with unknown cert path failed"
            );
            assertEquals(doesNotExist, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
            return null;
        });
    }
    private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) {
        return withEnvironmentVariable("VAULT_ADDR", vaultAddr)
            .and("VAULT_CACERT", vaultCacert)
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -25,7 +25,6 @@ import de.stklcode.jvault.connector.model.response.*;
 import de.stklcode.jvault.connector.test.Credentials;
 import de.stklcode.jvault.connector.test.VaultConfiguration;
 import org.junit.jupiter.api.*;
 import org.junit.jupiter.api.condition.EnabledIf;
 import org.junit.jupiter.api.io.TempDir;
 import java.io.*;
@@ -53,7 +52,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
 * @since 0.1
 */
 class HTTPVaultConnectorIT {
-    private static String VAULT_VERSION = "1.17.6";  // The vault version this test is supposed to run against.
+    private static String VAULT_VERSION = "1.20.3";  // The vault version this test is supposed to run against.
    private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
    private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
    private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
@@ -61,7 +60,6 @@ class HTTPVaultConnectorIT {
    private static final String USER_VALID = "validUser";
    private static final String PASS_VALID = "validPass";
    private static boolean legacy;
    private Process vaultProcess;
    private VaultConnector connector;
@@ -72,9 +70,6 @@ class HTTPVaultConnectorIT {
            VAULT_VERSION = System.getenv("VAULT_VERSION");
            System.out.println("Vault version set to " + VAULT_VERSION);
        }
        if (compareVersions(VAULT_VERSION, "1.12.0") < 0) {
            legacy = true;
        }
    }
    /**
@@ -549,74 +544,6 @@ class HTTPVaultConnectorIT {
        }
    }
    @Nested
    @DisplayName("App-ID Tests")
    @EnabledIf(value = "de.stklcode.jvault.connector.HTTPVaultConnectorIT#isLegacy",
            disabledReason = "AppID tests no longer available for Vault 1.12 and above")
    @SuppressWarnings("deprecation")
    class AppIdTests {
        private static final String APP_ID = "152AEA38-85FB-47A8-9CBD-612D645BFACA";
        private static final String USER_ID = "5ADF8218-D7FB-4089-9E38-287465DBF37E";
        /**
         * App-ID authentication roundtrip.
         */
        @Test
        @Order(10)
        @DisplayName("Authenticate with App-ID")
        void authAppIdTest() {
            // Try unauthorized access first.
            assumeFalse(connector.isAuthorized());
            assertThrows(
                    AuthorizationRequiredException.class,
                    () -> connector.registerAppId("", "", ""),
                    "Expected exception not thrown"
            );
            assertThrows(
                    AuthorizationRequiredException.class,
                    () -> connector.registerUserId("", ""),
                    "Expected exception not thrown"
            );
        }
        /**
         * App-ID authentication roundtrip.
         */
        @Test
        @Order(20)
        @DisplayName("Register App-ID")
        void registerAppIdTest() {
            // Authorize.
            authRoot();
            assumeTrue(connector.isAuthorized());
            // Register App-ID.
            boolean res = assertDoesNotThrow(
                    () -> connector.registerAppId(APP_ID, "user", "App Name"),
                    "Failed to register App-ID"
            );
            assertTrue(res, "Failed to register App-ID");
            // Register User-ID.
            res = assertDoesNotThrow(
                    () -> connector.registerUserId(APP_ID, USER_ID),
                    "Failed to register App-ID"
            );
            assertTrue(res, "Failed to register App-ID");
            connector.resetAuth();
            assumeFalse(connector.isAuthorized());
            // Authenticate with created credentials.
            assertDoesNotThrow(
                    () -> connector.authAppId(APP_ID, USER_ID),
                    "Failed to authenticate using App-ID"
            );
            assertTrue(connector.isAuthorized(), "Authorization flag not set after App-ID login");
        }
    }
    @Nested
    @DisplayName("AppRole Tests")
    @TestMethodOrder(MethodOrderer.OrderAnnotation.class)
@@ -935,7 +862,7 @@ class HTTPVaultConnectorIT {
                .withDefaultPolicy()
                .withMeta("test", "success")
                .withMeta("key", "value")
-                    .withTtl(1234)
+                .withTtl(1234L)
                .build();
            InvalidResponseException e = assertThrows(
                InvalidResponseException.class,
@@ -1062,6 +989,75 @@ class HTTPVaultConnectorIT {
        }
    }
    @Nested
    @DisplayName("Transit Tests")
    class TransitTests {
        @Test
        @DisplayName("Transit encryption")
        void transitEncryptTest() {
            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
            assumeTrue(connector.isAuthorized());
            TransitResponse transitResponse = assertDoesNotThrow(
                () -> connector.transitEncrypt("my-key", "dGVzdCBtZQ=="),
                "Failed to encrypt via transit"
            );
            assertNotNull(transitResponse.getCiphertext());
            assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
            transitResponse = assertDoesNotThrow(
                () -> connector.transitEncrypt("my-key", "test me".getBytes(UTF_8)),
                "Failed to encrypt binary data via transit"
            );
            assertNotNull(transitResponse.getCiphertext());
            assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
        }
        @Test
        @DisplayName("Transit decryption")
        void transitDecryptTest() {
            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
            assumeTrue(connector.isAuthorized());
            TransitResponse transitResponse = assertDoesNotThrow(
                () -> connector.transitDecrypt("my-key", "vault:v1:1mhLVkBAR2nrFtIkJF/qg57DWfRj0FWgR6tvkGO8XOnL6sw="),
                "Failed to decrypt via transit"
            );
            assertEquals("dGVzdCBtZQ==", transitResponse.getPlaintext());
        }
        @Test
        @DisplayName("Transit hash")
        void transitHashText() {
            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
            assumeTrue(connector.isAuthorized());
            TransitResponse transitResponse = assertDoesNotThrow(
                () -> connector.transitHash("sha2-512", "dGVzdCBtZQ=="),
                "Failed to hash via transit"
            );
            assertEquals("7677af0ee4effaa9f35e9b1e82d182f79516ab8321786baa23002de7c06851059492dd37d5fc3791f17d81d4b58198d24a6fd8bbd62c42c1c30b371da500f193", transitResponse.getSum());
            TransitResponse transitResponseBase64 = assertDoesNotThrow(
                () -> connector.transitHash("sha2-256", "dGVzdCBtZQ==", "base64"),
                "Failed to hash via transit with base64 output"
            );
            assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
            transitResponseBase64 = assertDoesNotThrow(
                () -> connector.transitHash("sha2-256", "test me".getBytes(UTF_8), "base64"),
                "Failed to hash binary data via transit"
            );
            assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
        }
    }
    @Nested
    @DisplayName("Misc Tests")
    class MiscTests {
@@ -1079,14 +1075,10 @@ class HTTPVaultConnectorIT {
                () -> connector.getAuthBackends(),
                "Could not list supported auth backends"
            );
-            if (legacy) {
+
                assertEquals(4, supportedBackends.size());
                assertTrue(supportedBackends.containsAll(List.of(AuthBackend.TOKEN, AuthBackend.USERPASS, AuthBackend.APPID, AuthBackend.APPROLE)));
            } else {
            assertEquals(3, supportedBackends.size());
            assertTrue(supportedBackends.containsAll(List.of(AuthBackend.TOKEN, AuthBackend.USERPASS, AuthBackend.APPROLE)));
        }
        }
        /**
         * Test authentication using username and password.
@@ -1211,11 +1203,7 @@ class HTTPVaultConnectorIT {
     */
    private VaultConfiguration initializeVault(File dir, boolean tls) throws IllegalStateException, IOException {
        File dataDir = new File(dir, "data");
        if (legacy) {
            copyDirectory(new File(getClass().getResource("/data_dir_legacy").getPath()), dataDir);
        } else {
        copyDirectory(new File(getClass().getResource("/data_dir").getPath()), dataDir);
        }
        // Generate vault local unencrypted configuration.
        VaultConfiguration config = new VaultConfiguration()
@@ -1234,7 +1222,7 @@ class HTTPVaultConnectorIT {
        // Write configuration file.
        File configFile = new File(dir, "vault.conf");
        try {
-            Files.write(configFile.toPath(), config.toString().getBytes(UTF_8));
+            Files.writeString(configFile.toPath(), config.toString(), UTF_8);
        } catch (IOException e) {
            throw new IllegalStateException("Unable to generate config file", e);
        }
@@ -1294,10 +1282,8 @@ class HTTPVaultConnectorIT {
            return socket.getLocalPort();
        } catch (IOException e) {
-            e.printStackTrace();
+            throw new IllegalStateException("Unable to find a free TCP port", e);
        }
        throw new IllegalStateException("Unable to find a free TCP port");
    }
    /**
@@ -1311,35 +1297,4 @@ class HTTPVaultConnectorIT {
        th.printStackTrace(new PrintWriter(sw, true));
        return sw.getBuffer().toString();
    }
    /**
     * Compare two version strings.
     *
     * @param version1 Version 1
     * @param version2 Version 2
     * @return negative value if version 1 is smaller than version2, positive value of version 1 is greater, 0 if equal
     */
    private static int compareVersions(String version1, String version2) {
        int comparisonResult = 0;
        String[] version1Splits = version1.split("\\.");
        String[] version2Splits = version2.split("\\.");
        int maxLengthOfVersionSplits = Math.max(version1Splits.length, version2Splits.length);
        for (int i = 0; i < maxLengthOfVersionSplits; i++) {
            Integer v1 = i < version1Splits.length ? Integer.parseInt(version1Splits[i]) : 0;
            Integer v2 = i < version2Splits.length ? Integer.parseInt(version2Splits[i]) : 0;
            int compare = v1.compareTo(v2);
            if (compare != 0) {
                comparisonResult = compare;
                break;
            }
        }
        return comparisonResult;
    }
    private static boolean isLegacy() {
        return legacy;
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -17,13 +17,13 @@
 package de.stklcode.jvault.connector;
 import com.github.tomakehurst.wiremock.client.WireMock;
-import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
+import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
 import com.github.tomakehurst.wiremock.junit5.WireMockTest;
 import de.stklcode.jvault.connector.exception.ConnectionException;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.exception.PermissionDeniedException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 import org.junit.jupiter.api.function.Executable;
 import java.io.IOException;
@@ -36,9 +36,7 @@ import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.*;
 import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
 import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
 import static org.junit.jupiter.api.Assertions.*;
 /**
@@ -48,18 +46,15 @@ import static org.junit.jupiter.api.Assertions.*;
 * @author Stefan Kalscheuer
 * @since 0.7.0
 */
@WireMockTest
 class HTTPVaultConnectorTest {
    @RegisterExtension
    static WireMockExtension wireMock = WireMockExtension.newInstance()
            .options(wireMockConfig().dynamicPort())
            .build();
    /**
     * Test exceptions thrown during request.
     */
    @Test
-    void requestExceptionTest() throws IOException, URISyntaxException {
+    void requestExceptionTest(WireMockRuntimeInfo wireMock) throws IOException, URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
        // Test invalid response code.
        final int responseCode = 400;
@@ -94,9 +89,9 @@ class HTTPVaultConnectorTest {
        assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
        // Now simulate a failing request that succeeds on second try.
-        connector = HTTPVaultConnector.builder(wireMock.url("/")).withNumberOfRetries(1).withTimeout(250).build();
+        connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withNumberOfRetries(1).withTimeout(250).build();
-        wireMock.stubFor(
+        stubFor(
            WireMock.any(anyUrl())
                .willReturn(aResponse().withStatus(500))
                .willReturn(aResponse().withStatus(500))
@@ -193,8 +188,8 @@ class HTTPVaultConnectorTest {
     * Test behavior on unparsable responses.
     */
    @Test
-    void parseExceptionTest() throws URISyntaxException {
+    void parseExceptionTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
        // Mock authorization.
        setPrivate(connector, "authorized", true);
        // Mock response.
@@ -227,26 +222,14 @@ class HTTPVaultConnectorTest {
     * Test requests that expect an empty response with code 204, but receive a 200 body.
     */
    @Test
-    void nonEmpty204ResponseTest() throws URISyntaxException {
+    void nonEmpty204ResponseTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
        // Mock authorization.
        setPrivate(connector, "authorized", true);
        // Mock response.
        mockHttpResponse(200, "{}", "application/json");
        // Now test the methods expecting a 204.
        assertThrows(
                InvalidResponseException.class,
                () -> connector.registerAppId("appID", "policy", "displayName"),
                "registerAppId() with 200 response succeeded"
        );
        assertThrows(
                InvalidResponseException.class,
                () -> connector.registerUserId("appID", "userID"),
                "registerUserId() with 200 response succeeded"
        );
        assertThrows(
            InvalidResponseException.class,
            () -> connector.createAppRole("appID", Collections.singletonList("policy")),
@@ -322,7 +305,7 @@ class HTTPVaultConnectorTest {
    }
    private void mockHttpResponse(int status, String body, String contentType) {
-        wireMock.stubFor(
+        stubFor(
            WireMock.any(anyUrl()).willReturn(
                aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
            )
--- a/src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/model/AbstractModelTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AbstractModelTest.java
@@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import nl.jqno.equalsverifier.EqualsVerifier;
 import org.junit.jupiter.api.Test;
@@ -29,10 +30,11 @@ public abstract class AbstractModelTest<T> {
     */
    protected AbstractModelTest(Class<T> modelClass) {
        this.modelClass = modelClass;
-        this.objectMapper = new ObjectMapper()
+        this.objectMapper = JsonMapper.builder()
-                .registerModule(new JavaTimeModule())
+            .addModule(new JavaTimeModule())
            .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+            .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
            .build();
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -39,6 +39,7 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        "number", 1337
    );
    private static final List<String> TEST_CIDR = List.of("203.0.113.0/24", "198.51.100.0/24");
    private static final List<String> TEST_TOKEN_CIDR = List.of("192.0.2.0/24", "198.51.100.0/24");
    AppRoleSecretTest() {
        super(AppRoleSecret.class);
@@ -61,6 +62,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        assertNull(secret.getMetadata());
        assertNull(secret.getCidrList());
        assertEquals("", secret.getCidrListString());
        assertNull(secret.getTokenBoundCidrs());
        assertEquals("", secret.getTokenBoundCidrsString());
        assertNull(secret.getCreationTime());
        assertNull(secret.getExpirationTime());
        assertNull(secret.getLastUpdatedTime());
@@ -74,6 +77,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        assertNull(secret.getMetadata());
        assertNull(secret.getCidrList());
        assertEquals("", secret.getCidrListString());
        assertNull(secret.getTokenBoundCidrs());
        assertEquals("", secret.getTokenBoundCidrsString());
        assertNull(secret.getCreationTime());
        assertNull(secret.getExpirationTime());
        assertNull(secret.getLastUpdatedTime());
@@ -87,6 +92,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        assertEquals(TEST_META, secret.getMetadata());
        assertEquals(TEST_CIDR, secret.getCidrList());
        assertEquals(String.join(",", TEST_CIDR), secret.getCidrListString());
        assertNull(secret.getTokenBoundCidrs());
        assertEquals("", secret.getTokenBoundCidrsString());
        assertNull(secret.getCreationTime());
        assertNull(secret.getExpirationTime());
        assertNull(secret.getLastUpdatedTime());
@@ -108,6 +115,15 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        secret.setCidrList(null);
        assertNull(secret.getCidrList());
        assertEquals("", secret.getCidrListString());
        assertNull(secret.getTokenBoundCidrs());
        assertEquals("", secret.getTokenBoundCidrsString());
        secret.setTokenBoundCidrs(TEST_TOKEN_CIDR);
        assertEquals(TEST_TOKEN_CIDR, secret.getTokenBoundCidrs());
        assertEquals(String.join(",", TEST_TOKEN_CIDR), secret.getTokenBoundCidrsString());
        secret.setTokenBoundCidrs(null);
        assertNull(secret.getTokenBoundCidrs());
        assertEquals("", secret.getTokenBoundCidrsString());
    }
    /**
@@ -159,7 +175,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        // Those fields should be deserialized from JSON though.
        String secretJson4 = "{\"secret_id\":\"abc123\",\"metadata\":{\"number\":1337,\"foo\":\"bar\"}," +
-                "\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
+            "\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"cidr_list\":[\"192.0.2.0/24\",\"198.51.100.0/24\"]," +
            "\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
            "\"creation_time\":\"TEST_CREATION\",\"expiration_time\":\"TEST_EXPIRATION\"," +
            "\"last_updated_time\":\"TEST_LASTUPDATE\",\"secret_id_num_uses\":678,\"secret_id_ttl\":12345}";
        secret2 = assertDoesNotThrow(() -> objectMapper.readValue(secretJson4, AppRoleSecret.class), "Deserialization failed");
@@ -181,6 +198,7 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
    private static String commaSeparatedToList(String json) {
        return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":[$1]")
            .replaceAll("\"token_bound_cidrs\":\"([^\"]*)\"", "\"token_bound_cidrs\":[$1]")
            .replaceAll("(\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+)", "\"$1\"");
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -42,11 +42,11 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
    private static final String POLICY = "policy";
    private static final String POLICY_2 = "policy2";
    private static final Integer SECRET_ID_NUM_USES = 10;
-    private static final Integer SECRET_ID_TTL = 7200;
+    private static final Long SECRET_ID_TTL = 7200L;
    private static final Boolean LOCAL_SECRET_IDS = false;
-    private static final Integer TOKEN_TTL = 4800;
+    private static final Long TOKEN_TTL = 4800L;
-    private static final Integer TOKEN_MAX_TTL = 9600;
+    private static final Long TOKEN_MAX_TTL = 9600L;
-    private static final Integer TOKEN_EXPLICIT_MAX_TTL = 14400;
+    private static final Long TOKEN_EXPLICIT_MAX_TTL = 14400L;
    private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
    private static final Integer TOKEN_NUM_USES = 42;
    private static final Integer TOKEN_PERIOD = 1234;
--- a/src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -33,10 +33,8 @@ class AuthBackendTest {
     * Test forType() method.
     */
    @Test
    @SuppressWarnings("deprecation")
    void forTypeTest() {
        assertEquals(AuthBackend.TOKEN, AuthBackend.forType("token"));
        assertEquals(AuthBackend.APPID, AuthBackend.forType("app-id"));
        assertEquals(AuthBackend.USERPASS, AuthBackend.forType("userpass"));
        assertEquals(AuthBackend.GITHUB, AuthBackend.forType("github"));
        assertEquals(AuthBackend.UNKNOWN, AuthBackend.forType(""));
--- a/src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -59,7 +59,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
    private static final String TOKEN_BOUND_CIDR_2 = "198.51.100.0/24";
    private static final String TOKEN_BOUND_CIDR_3 = "203.0.113.0/24";
    private static final List<String> TOKEN_BOUND_CIDRS = Arrays.asList(TOKEN_BOUND_CIDR_2, TOKEN_BOUND_CIDR_1);
-    private static final Integer TOKEN_EXPLICIT_MAX_TTL = 1234;
+    private static final Long TOKEN_EXPLICIT_MAX_TTL = 1234L;
    private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
    private static final Integer TOKEN_NUM_USES = 5;
    private static final Integer TOKEN_PERIOD = 2345;
@@ -173,7 +173,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
        assertNull(role.getTokenType());
        // Empty builder should be equal to no-arg construction.
-        assertEquals(role, new TokenRole());
+        assertEquals(new TokenRole(), role);
        // Optional fields should be ignored, so JSON string should be empty.
        assertEquals("{}", objectMapper.writeValueAsString(role));
--- a/src/test/java/de/stklcode/jvault/connector/model/TokenTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/TokenTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -35,8 +35,8 @@ class TokenTest extends AbstractModelTest<Token> {
    private static final String DISPLAY_NAME = "display-name";
    private static final Boolean NO_PARENT = false;
    private static final Boolean NO_DEFAULT_POLICY = false;
-    private static final Integer TTL = 123;
+    private static final Long TTL = 123L;
-    private static final Integer EXPLICIT_MAX_TTL = 456;
+    private static final Long EXPLICIT_MAX_TTL = 456L;
    private static final Integer NUM_USES = 4;
    private static final List<String> POLICIES = new ArrayList<>();
    private static final String POLICY = "policy";
@@ -105,7 +105,7 @@ class TokenTest extends AbstractModelTest<Token> {
        assertEquals("{}", objectMapper.writeValueAsString(token));
        // Empty builder should be equal to no-arg construction.
-        assertEquals(token, new Token());
+        assertEquals(new Token(), token);
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.AppRole;
 import org.junit.jupiter.api.Test;
@@ -32,9 +31,9 @@ import static org.junit.jupiter.api.Assertions.*;
 * @since 0.6.2
 */
 class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
-    private static final Integer ROLE_TOKEN_TTL = 1200;
+    private static final Long ROLE_TOKEN_TTL = 1200L;
-    private static final Integer ROLE_TOKEN_MAX_TTL = 1800;
+    private static final Long ROLE_TOKEN_MAX_TTL = 1800L;
-    private static final Integer ROLE_SECRET_TTL = 600;
+    private static final Long ROLE_SECRET_TTL = 600L;
    private static final Integer ROLE_SECRET_NUM_USES = 40;
    private static final String ROLE_POLICY = "default";
    private static final Integer ROLE_PERIOD = 0;
@@ -67,12 +66,10 @@ class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
    @Override
    protected AppRoleResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, AppRoleResponse.class);
+            () -> objectMapper.readValue(RES_JSON, AppRoleResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.AuthBackend;
 import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
@@ -45,9 +44,9 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
    private static final String TK_UUID = "32ea9681-6bd6-6cec-eec3-d11260ba9741";
    private static final String TK_ACCESSOR = "auth_token_ac0dd95a";
    private static final String TK_DESCR = "token based credentials";
-    private static final Integer TK_LEASE_TTL = 0;
+    private static final Long TK_LEASE_TTL = 0L;
    private static final Boolean TK_FORCE_NO_CACHE = false;
-    private static final Integer TK_MAX_LEASE_TTL = 0;
+    private static final Long TK_MAX_LEASE_TTL = 0L;
    private static final String TK_TOKEN_TYPE = "default-service";
    private static final String TK_RUNNING_PLUGIN_VERSION = "v1.15.3+builtin.vault";
@@ -90,12 +89,10 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
    @Override
    protected AuthMethodsResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, AuthMethodsResponse.class);
+            () -> objectMapper.readValue(RES_JSON, AuthMethodsResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.response.embedded.AuthData;
 import de.stklcode.jvault.connector.model.response.embedded.MfaConstraintAny;
@@ -101,12 +100,10 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
    @Override
    protected AuthResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, AuthResponse.class);
+            () -> objectMapper.readValue(RES_JSON, AuthResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    @Test
--- a/src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -49,12 +48,10 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
    @Override
    protected CredentialsResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(JSON, CredentialsResponse.class);
+            () -> objectMapper.readValue(JSON, CredentialsResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/ErrorResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/ErrorResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -42,12 +41,10 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
    @Override
    protected ErrorResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(JSON, ErrorResponse.class);
+            () -> objectMapper.readValue(JSON, ErrorResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -67,12 +66,10 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
    @Override
    protected HealthResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, HealthResponse.class);
+            () -> objectMapper.readValue(RES_JSON, HealthResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/HelpResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/HelpResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -38,12 +37,10 @@ class HelpResponseTest extends AbstractModelTest<HelpResponse> {
    @Override
    protected HelpResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(JSON, HelpResponse.class);
+            () -> objectMapper.readValue(JSON, HelpResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -95,12 +94,10 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
    @Override
    protected MetaSecretResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class);
+            () -> objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
@@ -115,9 +112,7 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
        );
        assertSecretData(res);
        assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
        assertEquals(SECRET_META_CREATED, res.getMetadata().getCreatedTimeString(), "Incorrect creation date string");
        assertNotNull(res.getMetadata().getCreatedTime(), "Creation date parsing failed");
        assertNull(res.getMetadata().getDeletionTimeString(), "Incorrect deletion date string");
        assertNull(res.getMetadata().getDeletionTime(), "Incorrect deletion date");
        assertFalse(res.getMetadata().isDestroyed(), "Secret destroyed when not expected");
        assertEquals(1, res.getMetadata().getVersion(), "Incorrect secret version");
@@ -130,9 +125,7 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
        );
        assertSecretData(res);
        assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
        assertEquals(SECRET_META_CREATED, res.getMetadata().getCreatedTimeString(), "Incorrect creation date string");
        assertNotNull(res.getMetadata().getCreatedTime(), "Creation date parsing failed");
        assertEquals(SECRET_META_DELETED, res.getMetadata().getDeletionTimeString(), "Incorrect deletion date string");
        assertNotNull(res.getMetadata().getDeletionTime(), "Incorrect deletion date");
        assertTrue(res.getMetadata().isDestroyed(), "Secret destroyed when not expected");
        assertEquals(2, res.getMetadata().getVersion(), "Incorrect secret version");
--- a/src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -80,12 +79,10 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
    @Override
    protected MetadataResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(META_JSON, MetadataResponse.class);
+            () -> objectMapper.readValue(META_JSON, MetadataResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
@@ -100,20 +97,16 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
        assertNotNull(res, "Parsed response is NULL");
        assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
        assertEquals(CAS_REQUIRED, res.getMetadata().isCasRequired(), "Incorrect CAS required flag");
        assertEquals(V1_TIME, res.getMetadata().getCreatedTimeString(), "Incorrect created time");
        assertNotNull(res.getMetadata().getCreatedTime(), "Parting created time failed");
        assertEquals(CURRENT_VERSION, res.getMetadata().getCurrentVersion(), "Incorrect current version");
        assertEquals(MAX_VERSIONS, res.getMetadata().getMaxVersions(), "Incorrect max versions");
        assertEquals(OLDEST_VERSION, res.getMetadata().getOldestVersion(), "Incorrect oldest version");
        assertEquals(Map.of(CUSTOM_META_KEY, CUSTOM_META_VAL), res.getMetadata().getCustomMetadata(), "Incorrect custom metadata");
        assertEquals(DELETE_VERSION_AFTER, res.getMetadata().getDeleteVersionAfter(), "Incorrect delete version after");
        assertEquals(V3_TIME, res.getMetadata().getUpdatedTimeString(), "Incorrect updated time");
        assertNotNull(res.getMetadata().getUpdatedTime(), "Parting updated time failed");
        assertEquals(3, res.getMetadata().getVersions().size(), "Incorrect number of versions");
        assertEquals(V2_TIME, res.getMetadata().getVersions().get(1).getDeletionTimeString(), "Incorrect version 1 delete time");
        assertNotNull(res.getMetadata().getVersions().get(1).getDeletionTime(), "Parsing version delete time failed");
        assertTrue(res.getMetadata().getVersions().get(1).isDestroyed(), "Incorrect version 1 destroyed state");
        assertEquals(V2_TIME, res.getMetadata().getVersions().get(2).getCreatedTimeString(), "Incorrect version 2 created time");
        assertNotNull(res.getMetadata().getVersions().get(2).getCreatedTime(), "Parsing version created failed");
        assertFalse(res.getMetadata().getVersions().get(3).isDestroyed(), "Incorrect version 3 destroyed state");
    }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/PlainSecretResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/PlainSecretResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -60,12 +59,10 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
    @Override
    protected PlainSecretResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class);
+            () -> objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -83,12 +82,10 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
    @Override
    protected SealResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_UNSEALED, SealResponse.class);
+            () -> objectMapper.readValue(RES_UNSEALED, SealResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,13 +16,13 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 import java.util.List;
-import static org.junit.jupiter.api.Assertions.*;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 /**
 * JUnit Test for {@link SecretListResponse} model.
@@ -52,12 +52,10 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
    @Override
    protected SecretListResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(JSON, SecretListResponse.class);
+            () -> objectMapper.readValue(JSON, SecretListResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -48,12 +47,10 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
    @Override
    protected SecretVersionResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(META_JSON, SecretVersionResponse.class);
+            () -> objectMapper.readValue(META_JSON, SecretVersionResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
@@ -67,8 +64,6 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
        );
        assertNotNull(res, "Parsed response is NULL");
        assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
        assertEquals(CREATION_TIME, res.getMetadata().getCreatedTimeString(), "Incorrect created time");
        assertEquals(DELETION_TIME, res.getMetadata().getDeletionTimeString(), "Incorrect deletion time");
        assertFalse(res.getMetadata().isDestroyed(), "Incorrect destroyed state");
        assertEquals(VERSION, res.getMetadata().getVersion(), "Incorrect version");
    }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.response.embedded.TokenData;
 import org.junit.jupiter.api.Test;
@@ -35,8 +34,8 @@ import static org.junit.jupiter.api.Assertions.*;
 */
 class TokenResponseTest extends AbstractModelTest<TokenResponse> {
    private static final Integer TOKEN_CREATION_TIME = 1457533232;
-    private static final Integer TOKEN_TTL = 2764800;
+    private static final Long TOKEN_TTL = 2764800L;
-    private static final Integer TOKEN_EXPLICIT_MAX_TTL = 0;
+    private static final Long TOKEN_EXPLICIT_MAX_TTL = 0L;
    private static final String TOKEN_DISPLAY_NAME = "token";
    private static final String TOKEN_META_KEY = "foo";
    private static final String TOKEN_META_VALUE = "bar";
@@ -47,7 +46,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
    private static final String TOKEN_POLICY_1 = "default";
    private static final String TOKEN_POLICY_2 = "web";
    private static final Boolean RES_RENEWABLE = false;
-    private static final Integer RES_TTL = 2591976;
+    private static final Long RES_TTL = 2591976L;
    private static final Integer RES_LEASE_DURATION = 0;
    private static final String TOKEN_ACCESSOR = "VKvzT2fKHFsZFUus9LyoXCvu";
    private static final String TOKEN_ENTITY_ID = "7d2e3179-f69b-450c-7179-ac8ee8bd8ca9";
@@ -96,12 +95,10 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
    @Override
    protected TokenResponse createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, TokenResponse.class);
+            () -> objectMapper.readValue(RES_JSON, TokenResponse.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
@@ -136,11 +133,9 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
        assertEquals(TOKEN_TTL, data.getCreationTtl(), "Incorrect token creation TTL");
        assertEquals(TOKEN_DISPLAY_NAME, data.getName(), "Incorrect token display name");
        assertEquals(TOKEN_ENTITY_ID, data.getEntityId(), "Incorrect token entity ID");
        assertEquals(TOKEN_EXPIRE_TIME, data.getExpireTimeString(), "Incorrect token expire time");
        assertEquals(ZonedDateTime.parse(TOKEN_EXPIRE_TIME), data.getExpireTime(), "Incorrect parsed token expire time");
        assertEquals(TOKEN_EXPLICIT_MAX_TTL, data.getExplicitMaxTtl(), "Incorrect token explicit max TTL");
        assertEquals(TOKEN_ID, data.getId(), "Incorrect token ID");
        assertEquals(TOKEN_ISSUE_TIME, data.getIssueTimeString(), "Incorrect token issue time");
        assertEquals(ZonedDateTime.parse(TOKEN_ISSUE_TIME), data.getIssueTime(), "Incorrect parsed token issue time");
        assertEquals(Map.of(TOKEN_META_KEY, TOKEN_META_VALUE), data.getMeta(), "Incorrect token metadata");
        assertEquals(TOKEN_NUM_USES, data.getNumUses(), "Incorrect token number of uses");
--- a/src/test/java/de/stklcode/jvault/connector/model/response/TransitResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/TransitResponseTest.java
@@ -0,0 +1,134 @@
 /*
 * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 import static org.junit.jupiter.api.Assertions.*;
 /**
 * JUnit Test for {@link TransitResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 1.5.0
 */
 class TransitResponseTest extends AbstractModelTest<TransitResponse> {
    private static final String CIPHERTEXT = "vault:v1:XjsPWPjqPrBi1N2Ms2s1QM798YyFWnO4TR4lsFA=";
    private static final String PLAINTEXT = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
    private static final String SUM = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
    TransitResponseTest() {
        super(TransitResponse.class);
    }
    @Override
    protected TransitResponse createFull() {
        return assertDoesNotThrow(
            () -> objectMapper.readValue(
                json(
                    "\"ciphertext\": \"" + CIPHERTEXT + "\", " +
                        "\"plaintext\": \"" + PLAINTEXT + "\", " +
                        "\"sum\": \"" + SUM + "\""
                ),
                TransitResponse.class
            ),
            "Creation of full model failed"
        );
    }
    @Test
    void encryptionTest() {
        TransitResponse res = assertDoesNotThrow(
            () -> objectMapper.readValue(
                json("\"ciphertext\": \"" + CIPHERTEXT + "\""),
                TransitResponse.class
            ),
            "TransitResponse deserialization failed"
        );
        assertNotNull(res, "Parsed response is NULL");
        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
        assertEquals("", res.getLeaseId(), "Unexpected lease id");
        assertFalse(res.isRenewable(), "Unexpected renewable flag");
        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
        assertEquals(CIPHERTEXT, res.getCiphertext(), "Incorrect ciphertext");
        assertNull(res.getPlaintext(), "Unexpected plaintext");
        assertNull(res.getSum(), "Unexpected sum");
        assertNull(res.getWrapInfo(), "Unexpected wrap info");
        assertNull(res.getWarnings(), "Unexpected warnings");
        assertNull(res.getAuth(), "Unexpected auth");
    }
    @Test
    void decryptionTest() {
        TransitResponse res = assertDoesNotThrow(
            () -> objectMapper.readValue(
                json("\"plaintext\": \"" + PLAINTEXT + "\""),
                TransitResponse.class
            ),
            "TransitResponse deserialization failed"
        );
        assertNotNull(res, "Parsed response is NULL");
        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
        assertEquals("", res.getLeaseId(), "Unexpected lease id");
        assertFalse(res.isRenewable(), "Unexpected renewable flag");
        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
        assertNull(res.getCiphertext(), "Unexpected ciphertext");
        assertEquals(PLAINTEXT, res.getPlaintext(), "Incorrect plaintext");
        assertNull(res.getSum(), "Unexpected sum");
        assertNull(res.getWrapInfo(), "Unexpected wrap info");
        assertNull(res.getWarnings(), "Unexpected warnings");
        assertNull(res.getAuth(), "Unexpected auth");
    }
    @Test
    void hashTest() {
        TransitResponse res = assertDoesNotThrow(
            () -> objectMapper.readValue(
                json("\"sum\": \"" + SUM + "\""),
                TransitResponse.class
            ),
            "TransitResponse deserialization failed"
        );
        assertNotNull(res, "Parsed response is NULL");
        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
        assertEquals("", res.getLeaseId(), "Unexpected lease id");
        assertFalse(res.isRenewable(), "Unexpected renewable flag");
        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
        assertNull(res.getCiphertext(), "Unexpected ciphertext");
        assertNull(res.getPlaintext(), "Unexpected plaintext");
        assertEquals(SUM, res.getSum(), "Incorrect sum");
        assertNull(res.getWrapInfo(), "Unexpected wrap info");
        assertNull(res.getWarnings(), "Unexpected warnings");
        assertNull(res.getAuth(), "Unexpected auth");
    }
    private static String json(String data) {
        return "{\n" +
            "  \"request_id\" : \"987c6daf-b0e2-4142-a970-1e61fdb249d7\",\n" +
            "  \"lease_id\" : \"\",\n" +
            "  \"renewable\" : false,\n" +
            "  \"lease_duration\" : 0,\n" +
            "  \"data\" : {\n" +
            "    " + data + "\n" +
            "  },\n" +
            "  \"wrap_info\" : null,\n" +
            "  \"warnings\" : null,\n" +
            "  \"auth\" : null\n" +
            "}";
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/embedded/MountConfigTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/embedded/MountConfigTest.java
@@ -1,6 +1,5 @@
 package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
@@ -14,8 +13,8 @@ import static org.junit.jupiter.api.Assertions.*;
 * @author Stefan Kalscheuer
 */
 class MountConfigTest extends AbstractModelTest<MountConfig> {
-    private static final Integer DEFAULT_LEASE_TTL = 1800;
+    private static final Long DEFAULT_LEASE_TTL = 1800L;
-    private static final Integer MAX_LEASE_TTL = 3600;
+    private static final Long MAX_LEASE_TTL = 3600L;
    private static final Boolean FORCE_NO_CACHE = false;
    private static final String TOKEN_TYPE = "default-service";
    private static final String AUDIT_NON_HMAC_REQ_KEYS_1 = "req1";
@@ -62,12 +61,10 @@ class MountConfigTest extends AbstractModelTest<MountConfig> {
    @Override
    protected MountConfig createFull() {
-        try {
+        return assertDoesNotThrow(
-            return objectMapper.readValue(RES_JSON, MountConfig.class);
+            () -> objectMapper.readValue(RES_JSON, MountConfig.class),
-        } catch (JsonProcessingException e) {
+            "Creation of full model instance failed"
-            fail("Creation of full model instance failed", e);
+        );
            return null;
        }
    }
    /**
--- a/src/test/java/de/stklcode/jvault/connector/test/Credentials.java
+++ b/src/test/java/de/stklcode/jvault/connector/test/Credentials.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java
+++ b/src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/resources/data_dir/core/_mounts
+++ b/src/test/resources/data_dir/core/_mounts
@@ -1 +1 @@
-{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="}
+{"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}
--- a/src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/archive/_my-key
+++ b/src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/archive/_my-key
@@ -0,0 +1 @@
 {"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}
--- a/src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/policy/_my-key
+++ b/src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/policy/_my-key
@@ -0,0 +1 @@
 {"Value":"AAAAAQKfotDJ0SihB+f5i4PxZ6lq1kxtH4QMprGI7Hj8HimEwXsW0Gbj/1B7YM4DQt4t5JFD4gKwFVOwlJDyusaJj92ar0QLSreCWyJTKUadqZplMFyB/bAdK42QdH+ZS8Z9KHUNchbRpNhnvOFIahoDG8dZ+nbCIXblJONCaey4/ri3H+GQbk/jfre1VByh7zVIN0ISew5PzZRCTkbO1CvcQZhrRGoUGiPmLywKVbHEMsvimVuZY5py6OfL+70QmElBmN9O45bTgX9XPbfSmyQIcGrElO1foi0WwZLPsb/fZcAIgrhC768jOnzeimChoX4zc0DPxuyV1YPvsD1yAlsnsFuJW6CP7TGkszbJU+rwDpg0TgqKtvFr1Lgkxyfcxg0h++1BSiEgoJU7b2IgIWP7reJVjc1tbAsoR1tOBCSAAhvqWZVpn2oht5rfe9aN370bV3Jcu17hFWyhB+VhzbCCPRcofPXX3f2U2dcQ0X7bU4nMiq1v6NQP6u/D5GAPj4Jc0519tPW4KQrd9SNqR20ct6OvqxjMFWV4GZXVcsL4+3xup87Yib6EDb0+hhe6XEpC6isYgD3D5OTTOWphHlsglGkGFi9lUc+h8zNPM4FHwha6uVTLmaqaLGbLziwT9WXF1ATacwtNW0t3kZlFUBvMwSwWzoPqO1+jxs+id4ie/VI6ZTOeowi4ceK2eWJ1/t9MB/gjvadpgE+FYt5QG6dFav4ujQN5Ne/yY78PGF5tp0CT4koox0rMUuxyD1xOIXkm0NBpJm1y9/J06yqLpMKqS40/jGcSQaycRngXDb+6H9rj7mheiO4qxcFGqViqECCUjDG3PnLP/fy9py5kFq7mf0pq7L0Jq/lLWC+iKJF9UaZmCaz8DwlQ9zC03XOFqABPNe8gMFlb8zU09VKBbY+g5gukOonjcBeoFOTRqQxuaWwwwB2lj8XnZScOyIcVJGkH"}
--- a/src/test/resources/data_dir_legacy/auth/243a5842-b58f-24d5-d3b0-24304c57b7cc/user/_validuser
+++ b/src/test/resources/data_dir_legacy/auth/243a5842-b58f-24d5-d3b0-24304c57b7cc/user/_validuser
@@ -1 +0,0 @@
 {"Value":"AAAAAQINZKQEssY4IzHI/0k27nBtxSvnC6LkivYrqky6CblcjyAmQIg/4/cKQIBCXzmrWEv/SqMQbLw+4Lp63Xu1niF+U0NbyqDmFaPqnD2yfPs7meXvZr21+P9E/0APZMHQaSR7DIEY46zedHRjQ/pkhR2Axcjuy5gdfzBzC2XvUcNqdyR0pQwcDwGhAIdO0gxJfZCeBuvv8ceYS+aPs4gDHtIlA3szi+5qAQ8HvPBTDKQn1lHVYnzTdNbMS7v3mtzCyG8AeMkaUw=="}
--- a/src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/_salt
+++ b/src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/_salt
@@ -1 +0,0 @@
 {"Value":"AAAAAQJiN0bHxM8aNJpY7aHGZ/p3qOhJbd7JIXwFMEI4LtKmO6pP5Oa4P5z+2LK+2qzZhhX/iDeM4u+nR+lxt/GsBPKf"}
--- a/src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/accessor/_a9566f93ca05120fa8955f887ee0ca1a1422802df2ad979f2ac2951e95703089
+++ b/src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/accessor/_a9566f93ca05120fa8955f887ee0ca1a1422802df2ad979f2ac2951e95703089
@@ -1 +0,0 @@
 {"Value":"AAAAAQIZ5rvzLtBcBQvWqwwDoRADwUo6W0ECKgmcvXejbLKiYcbO0hP8fceCqB12J41wxcMViQ8vvWoIgyOX2HwcZS09GGCqQbjvyVfz/w+kyox9dJzr845f26tJjHVYlHX2YFsnxytwe5qCKdCsD5QP9kyz8J0="}
--- a/src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role/_testrole1
+++ b/src/test/resources/data_dir_legacy/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role/_testrole1
@@ -1 +0,0 @@
 {"Value":"AAAAAQJIKXgvJ2Prr92Fn7qZK/WZxb+Q+vJsXyjMo44en/+zqbbnLfs5m7uH7hEUOfDM/MjzTrhfkOWxf6qcrC4MR3ocrFJwtbJ6j+QrNLg61gVIiLBUVBkvh8ErqCFnSjNIqhaIMQhuZXWANsgGF9K2+HBGJerWGe26C1rdWRZV4J0M23HnxLBf8aYDlOfkHe24I30rHUqXIk9/BKEuekcnhETw9Tx4Fk7KxxxEdGmHPbg+4G14c27wVj8IrpWHBpyLmt55Qdb/y24i5RzFYv1FQ2kQZIO6TQiYkwAUxJ5cIdCiAsEDNt+rBJ9zX1MvkEfkVj/WvzC9pxB7ad+j5vYIJgCUD1o09t0w2ChjBojGoOAWDSvNAeY8kr5PDKwYk+gBY5M2JHDI6ELvOVu8gsW+sqk9St9V3VisShTfU3+qln7TOWw/LQ+fUzGvYrAWG6UyPVpIEYeNmN0iGCIM8rzjQYvVC3KcQMG96MwK3ZlSQzgPpvTGxNxFm2omTn3ue7QHn7Ni6+c/K6xVy0bbJ+jS4yyfl2wFBm1tF1l3BITLqw3TiP3LEw=="}
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`distributionType=only-script`
							`distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.11/apache-maven-3.9.11-bin.zip`
`@@ -1 +1 @@`
	{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="}	{"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}
		`@@ -0,0 +1 @@`
							{"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}
		`@@ -0,0 +1 @@`
							{"Value":"AAAAAQKfotDJ0SihB+f5i4PxZ6lq1kxtH4QMprGI7Hj8HimEwXsW0Gbj/1B7YM4DQt4t5JFD4gKwFVOwlJDyusaJj92ar0QLSreCWyJTKUadqZplMFyB/bAdK42QdH+ZS8Z9KHUNchbRpNhnvOFIahoDG8dZ+nbCIXblJONCaey4/ri3H+GQbk/jfre1VByh7zVIN0ISew5PzZRCTkbO1CvcQZhrRGoUGiPmLywKVbHEMsvimVuZY5py6OfL+70QmElBmN9O45bTgX9XPbfSmyQIcGrElO1foi0WwZLPsb/fZcAIgrhC768jOnzeimChoX4zc0DPxuyV1YPvsD1yAlsnsFuJW6CP7TGkszbJU+rwDpg0TgqKtvFr1Lgkxyfcxg0h++1BSiEgoJU7b2IgIWP7reJVjc1tbAsoR1tOBCSAAhvqWZVpn2oht5rfe9aN370bV3Jcu17hFWyhB+VhzbCCPRcofPXX3f2U2dcQ0X7bU4nMiq1v6NQP6u/D5GAPj4Jc0519tPW4KQrd9SNqR20ct6OvqxjMFWV4GZXVcsL4+3xup87Yib6EDb0+hhe6XEpC6isYgD3D5OTTOWphHlsglGkGFi9lUc+h8zNPM4FHwha6uVTLmaqaLGbLziwT9WXF1ATacwtNW0t3kZlFUBvMwSwWzoPqO1+jxs+id4ie/VI6ZTOeowi4ceK2eWJ1/t9MB/gjvadpgE+FYt5QG6dFav4ujQN5Ne/yY78PGF5tp0CT4koox0rMUuxyD1xOIXkm0NBpJm1y9/J06yqLpMKqS40/jGcSQaycRngXDb+6H9rj7mheiO4qxcFGqViqECCUjDG3PnLP/fy9py5kFq7mf0pq7L0Jq/lLWC+iKJF9UaZmCaz8DwlQ9zC03XOFqABPNe8gMFlb8zU09VKBbY+g5gukOonjcBeoFOTRqQxuaWwwwB2lj8XnZScOyIcVJGkH"}
		`@@ -1 +0,0 @@`
			`{"Value":"AAAAAQINZKQEssY4IzHI/0k27nBtxSvnC6LkivYrqky6CblcjyAmQIg/4/cKQIBCXzmrWEv/SqMQbLw+4Lp63Xu1niF+U0NbyqDmFaPqnD2yfPs7meXvZr21+P9E/0APZMHQaSR7DIEY46zedHRjQ/pkhR2Axcjuy5gdfzBzC2XvUcNqdyR0pQwcDwGhAIdO0gxJfZCeBuvv8ceYS+aPs4gDHtIlA3szi+5qAQ8HvPBTDKQn1lHVYnzTdNbMS7v3mtzCyG8AeMkaUw=="}`
		`@@ -1 +0,0 @@`
			`{"Value":"AAAAAQJiN0bHxM8aNJpY7aHGZ/p3qOhJbd7JIXwFMEI4LtKmO6pP5Oa4P5z+2LK+2qzZhhX/iDeM4u+nR+lxt/GsBPKf"}`
		`@@ -1 +0,0 @@`
			`{"Value":"AAAAAQIZ5rvzLtBcBQvWqwwDoRADwUo6W0ECKgmcvXejbLKiYcbO0hP8fceCqB12J41wxcMViQ8vvWoIgyOX2HwcZS09GGCqQbjvyVfz/w+kyox9dJzr845f26tJjHVYlHX2YFsnxytwe5qCKdCsD5QP9kyz8J0="}`
		`@@ -1 +0,0 @@`
			{"Value":"AAAAAQJIKXgvJ2Prr92Fn7qZK/WZxb+Q+vJsXyjMo44en/+zqbbnLfs5m7uH7hEUOfDM/MjzTrhfkOWxf6qcrC4MR3ocrFJwtbJ6j+QrNLg61gVIiLBUVBkvh8ErqCFnSjNIqhaIMQhuZXWANsgGF9K2+HBGJerWGe26C1rdWRZV4J0M23HnxLBf8aYDlOfkHe24I30rHUqXIk9/BKEuekcnhETw9Tx4Fk7KxxxEdGmHPbg+4G14c27wVj8IrpWHBpyLmt55Qdb/y24i5RzFYv1FQ2kQZIO6TQiYkwAUxJ5cIdCiAsEDNt+rBJ9zX1MvkEfkVj/WvzC9pxB7ad+j5vYIJgCUD1o09t0w2ChjBojGoOAWDSvNAeY8kr5PDKwYk+gBY5M2JHDI6ELvOVu8gsW+sqk9St9V3VisShTfU3+qln7TOWw/LQ+fUzGvYrAWG6UyPVpIEYeNmN0iGCIM8rzjQYvVC3KcQMG96MwK3ZlSQzgPpvTGxNxFm2omTn3ue7QHn7Ni6+c/K6xVy0bbJ+jS4yyfl2wFBm1tF1l3BITLqw3TiP3LEw=="}