add java.io.Serial annotations to serialVersionUID fields

Using the /lookup-self to retrieve information about the current token
requires less permissions than the general /lookup API and yields the
same results, if accessible.

.github/workflows/ci-it.yml

@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        jdk: [ 11, 17, 21 ]
+        jdk: [ 17, 21 ]
-        vault: [ '1.2.0', '1.18.2' ]
+        vault: [ '1.2.0', '1.20.0' ]
         include:
           - jdk: 21
-            vault: '1.18.2'
+            vault: '1.20.0'
             analysis: true
     steps:
       - name: Checkout

.github/workflows/ci.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        jdk: [ 11, 17, 21 ]
+        jdk: [ 17, 21 ]
         include:
           - jdk: 21
             analysis: true

CHANGELOG.md

@@ -1,3 +1,46 @@
+## unreleased
+
+### Breaking
+* Requires Java 17 or later (#100)
+
+### Dependencies
+* Updated Jackson to 2.19.1 (#101)
+
+### Test
+* Tested against Vault 1.2 to 1.20 (#102)
+
+
+## 1.5.1 (2025-06-02)
+
+### Improvements
+* Use `lookup-self` for token check instead of `lookup` (#98) (#99)
+
+### Dependencies
+* Updated Jackson to 2.19.0 (#97)
+
+
+## 1.5.0 (2025-04-13)
+
+### Deprecations
+* `read...Credentials()` methods for specific database mounts (#92)
+
+### Features
+* Support Vault transit API (#89)
+* Support PEM certificate string from `VAULT_CACERT` environment variable (#93)
+
+### Improvements
+* Replace deprecated `java.net.URL` usage with `java.net.URI` (#94)
+
+### Fix
+* Fix initialization from environment without explicit port
+
+### Dependencies
+* Updated Jackson to 2.18.3 (#90)
+
+### Test
+* Tested against Vault 1.2 to 1.19
+
+
 ## 1.4.0 (2024-12-07)
 
 ### Removal

README.md

@@ -28,10 +28,11 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
     * Delete secrets
     * Renew/revoke leases
     * Raw secret content or JSON decoding
-    * SQL secret handling
     * KV v1 and v2 support
+    * Database secret handling
+* Transit API support
 * Connector Factory with builder pattern
-* Tested against Vault 1.2 to 1.18
+* Tested against Vault 1.2 to 1.20
 
 
 ## Maven Artifact
@@ -39,7 +40,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
 <dependency>
     <groupId>de.stklcode.jvault</groupId>
     <artifactId>jvault-connector</artifactId>
-    <version>1.4.0</version>
+    <version>1.5.1</version>
 </dependency>
 ```
 

pom.xml

@@ -4,7 +4,7 @@
 
     <groupId>de.stklcode.jvault</groupId>
     <artifactId>jvault-connector</artifactId>
-    <version>1.4.0</version>
+    <version>2.0.0-SNAPSHOT</version>
 
     <packaging>jar</packaging>
 
@@ -33,6 +33,7 @@
         <connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
         <developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
         <url>https://github.com/stklcode/jvaultconnector</url>
+        <tag>HEAD</tag>
     </scm>
 
     <issueManagement>
@@ -42,31 +43,31 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <argLine></argLine>
+        <argLine />
     </properties>
 
     <dependencies>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-             <version>2.18.2</version>
+             <version>2.19.1</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>
             <artifactId>jackson-datatype-jsr310</artifactId>
-            <version>2.18.2</version>
+            <version>2.19.1</version>
         </dependency>
 
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>5.11.3</version>
+            <version>5.13.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>5.14.2</version>
+            <version>5.18.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -78,25 +79,25 @@
         <dependency>
             <groupId>org.wiremock</groupId>
             <artifactId>wiremock</artifactId>
-            <version>3.10.0</version>
+            <version>3.13.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.18.0</version>
+            <version>2.19.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>nl.jqno.equalsverifier</groupId>
             <artifactId>equalsverifier</artifactId>
-            <version>3.17.5</version>
+            <version>4.0.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.awaitility</groupId>
             <artifactId>awaitility</artifactId>
-            <version>4.2.2</version>
+            <version>4.3.0</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -107,25 +108,25 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-compiler-plugin</artifactId>
-                    <version>3.13.0</version>
+                    <version>3.14.0</version>
                     <configuration>
-                        <release>11</release>
+                        <release>17</release>
                     </configuration>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-clean-plugin</artifactId>
-                    <version>3.4.0</version>
+                    <version>3.5.0</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-deploy-plugin</artifactId>
-                    <version>3.1.3</version>
+                    <version>3.1.4</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-failsafe-plugin</artifactId>
-                    <version>3.5.2</version>
+                    <version>3.5.3</version>
                     <configuration>
                         <argLine>
                             @{argLine}
@@ -136,7 +137,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-install-plugin</artifactId>
-                    <version>3.1.3</version>
+                    <version>3.1.4</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
@@ -156,7 +157,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.5.2</version>
+                    <version>3.5.3</version>
                     <configuration>
                         <argLine>
                             @{argLine}
@@ -179,15 +180,41 @@
                 <plugin>
                     <groupId>org.jacoco</groupId>
                     <artifactId>jacoco-maven-plugin</artifactId>
-                    <version>0.8.12</version>
+                    <version>0.8.13</version>
                 </plugin>
                 <plugin>
                     <groupId>org.sonarsource.scanner.maven</groupId>
                     <artifactId>sonar-maven-plugin</artifactId>
-                    <version>5.0.0.4389</version>
+                    <version>5.1.0.4751</version>
                 </plugin>
             </plugins>
         </pluginManagement>
+
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <version>3.5.0</version>
+                <executions>
+                    <execution>
+                        <id>enforce-versions</id>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <configuration>
+                            <rules>
+                                <requireMavenVersion>
+                                    <version>[3.6.3,)</version>
+                                </requireMavenVersion>
+                                <requireJavaVersion>
+                                    <version>[17,)</version>
+                                </requireJavaVersion>
+                            </rules>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
     </build>
 
     <profiles>
@@ -224,9 +251,9 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.11.1</version>
+                        <version>3.11.2</version>
                         <configuration>
-                            <source>11</source>
+                            <source>17</source>
                         </configuration>
                         <executions>
                             <execution>
@@ -342,7 +369,7 @@
                     <plugin>
                         <groupId>org.owasp</groupId>
                         <artifactId>dependency-check-maven</artifactId>
-                        <version>11.1.1</version>
+                        <version>12.1.3</version>
                         <configuration>
                             <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
                             <nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
@@ -366,7 +393,7 @@
                     <plugin>
                         <groupId>org.sonatype.central</groupId>
                         <artifactId>central-publishing-maven-plugin</artifactId>
-                        <version>0.6.0</version>
+                        <version>0.8.0</version>
                         <extensions>true</extensions>
                         <configuration>
                             <publishingServerId>central</publishingServerId>

src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -54,6 +54,7 @@ public class HTTPVaultConnector implements VaultConnector {
     private static final String PATH_AUTH = "auth";
     private static final String PATH_AUTH_TOKEN = PATH_AUTH + "/token";
     private static final String PATH_LOOKUP = "/lookup";
+    private static final String PATH_LOOKUP_SELF = "/lookup-self";
     private static final String PATH_CREATE = "/create";
     private static final String PATH_ROLES = "/roles";
     private static final String PATH_CREATE_ORPHAN = "/create-orphan";
@@ -68,6 +69,11 @@ public class HTTPVaultConnector implements VaultConnector {
     private static final String PATH_UNDELETE = "/undelete/";
     private static final String PATH_DESTROY = "/destroy/";
 
+    private static final String PATH_TRANSIT = "transit";
+    private static final String PATH_TRANSIT_ENCRYPT = PATH_TRANSIT + "/encrypt/";
+    private static final String PATH_TRANSIT_DECRYPT = PATH_TRANSIT + "/decrypt/";
+    private static final String PATH_TRANSIT_HASH = PATH_TRANSIT + "/hash/";
+
     private final RequestHelper request;
 
     private boolean authorized = false;     // Authorization status.
@@ -186,7 +192,7 @@ public class HTTPVaultConnector implements VaultConnector {
         /* set token */
         this.token = token;
         this.tokenTTL = 0;
-        TokenResponse res = request.post(PATH_AUTH_TOKEN + PATH_LOOKUP, emptyMap(), token, TokenResponse.class);
+        TokenResponse res = request.get(PATH_AUTH_TOKEN + PATH_LOOKUP_SELF, emptyMap(), token, TokenResponse.class);
         authorized = true;
 
         return res;
@@ -646,6 +652,47 @@ public class HTTPVaultConnector implements VaultConnector {
         return true;
     }
 
+    @Override
+    public final TransitResponse transitEncrypt(final String keyName, final String plaintext)
+        throws VaultConnectorException {
+        requireAuth();
+
+        Map<String, Object> payload = mapOf(
+            "plaintext", plaintext
+        );
+
+        return request.post(PATH_TRANSIT_ENCRYPT + keyName, payload, token, TransitResponse.class);
+    }
+
+    @Override
+    public final TransitResponse transitDecrypt(final String keyName, final String ciphertext)
+        throws VaultConnectorException {
+        requireAuth();
+
+        Map<String, Object> payload = mapOf(
+            "ciphertext", ciphertext
+        );
+
+        return request.post(PATH_TRANSIT_DECRYPT + keyName, payload, token, TransitResponse.class);
+    }
+
+    @Override
+    public final TransitResponse transitHash(final String algorithm, final String input, final String format)
+        throws VaultConnectorException {
+        if (format != null && !"hex".equals(format) && !"base64".equals(format)) {
+            throw new IllegalArgumentException("Unsupported format " + format);
+        }
+
+        requireAuth();
+
+        Map<String, Object> payload = mapOf(
+            "input", input,
+            "format", format
+        );
+
+        return request.post(PATH_TRANSIT_HASH + algorithm, payload, token, TransitResponse.class);
+    }
+
     /**
      * Check for required authorization.
      *

src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,18 +20,17 @@ import de.stklcode.jvault.connector.exception.ConnectionException;
 import de.stklcode.jvault.connector.exception.TlsException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
-import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URL;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import java.util.Objects;
 
 /**
  * Vault Connector Builder implementation for HTTP Vault connectors.
@@ -96,10 +95,14 @@ public final class HTTPVaultConnectorBuilder {
      * @since 1.0
      */
     public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) {
-        return withTLS(!("http".equalsIgnoreCase(Objects.requireNonNullElse(baseURL.getScheme(), ""))))
+        String path = baseURL.getPath();
+        if (path == null || path.isBlank()) {
+            path = DEFAULT_PREFIX;
+        }
+        return withTLS(!("http".equalsIgnoreCase(baseURL.getScheme())))
             .withHost(baseURL.getHost())
             .withPort(baseURL.getPort())
-                .withPrefix(baseURL.getPath());
+            .withPrefix(path);
     }
 
     /**
@@ -301,13 +304,10 @@ public final class HTTPVaultConnectorBuilder {
      */
     public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
         /* Parse URL from environment variable */
-        if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) {
+        if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).isBlank()) {
             try {
-                var url = new URL(System.getenv(ENV_VAULT_ADDR));
+                withBaseURL(System.getenv(ENV_VAULT_ADDR));
-                this.host = url.getHost();
+            } catch (URISyntaxException e) {
-                this.port = url.getPort();
-                this.tls = url.getProtocol().equals("https");
-            } catch (MalformedURLException e) {
                 throw new ConnectionException("URL provided in environment variable malformed", e);
             }
         }
@@ -315,7 +315,7 @@ public final class HTTPVaultConnectorBuilder {
         /* Read number of retries */
         if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
             try {
-                numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES));
+                withNumberOfRetries(Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES)));
             } catch (NumberFormatException ignored) {
                 /* Ignore malformed values. */
             }
@@ -325,8 +325,12 @@ public final class HTTPVaultConnectorBuilder {
         token = System.getenv(ENV_VAULT_TOKEN);
 
         /* Parse certificate, if set */
-        if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) {
+        if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).isBlank()) {
-            return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT)));
+            X509Certificate cert = certificateFromString(System.getenv(ENV_VAULT_CACERT));
+            if (cert == null) {
+                cert = certificateFromFile(Paths.get(System.getenv(ENV_VAULT_CACERT)));
+            }
+            return withTrustedCA(cert);
         }
         return this;
     }
@@ -398,6 +402,28 @@ public final class HTTPVaultConnectorBuilder {
         return con;
     }
 
+    /**
+     * Read given certificate file to X.509 certificate.
+     *
+     * @param cert Certificate string (optionally PEM)
+     * @return X.509 Certificate object if parseable, else {@code null}
+     * @throws TlsException on error
+     * @since 1.5.0
+     */
+    private X509Certificate certificateFromString(final String cert) throws TlsException {
+        // Check if PEM header is present in given string
+        if (cert.contains("-BEGIN ") && cert.contains("-END")) {
+            try (var is = new ByteArrayInputStream(cert.getBytes(StandardCharsets.UTF_8))) {
+                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
+            } catch (IOException | CertificateException e) {
+                throw new TlsException("Unable to read certificate.", e);
+            }
+        }
+
+        // Not am PEM string, skip
+        return null;
+    }
+
     /**
      * Read given certificate file to X.509 certificate.
      *

src/main/java/de/stklcode/jvault/connector/VaultConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,10 +21,7 @@ import de.stklcode.jvault.connector.model.*;
 import de.stklcode.jvault.connector.model.response.*;
 
 import java.io.Serializable;
-import java.util.ArrayList;
+import java.util.*;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
 
 /**
  * Vault Connector interface.
@@ -674,6 +671,82 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      */
     boolean deleteTokenRole(final String name) throws VaultConnectorException;
 
+    /**
+     * Encrypt plaintext via transit engine from Vault.
+     *
+     * @param keyName   Transit key name
+     * @param plaintext Text to encrypt (Base64 encoded)
+     * @return Transit response
+     * @throws VaultConnectorException on error
+     * @since 1.5.0
+     */
+    TransitResponse transitEncrypt(final String keyName, final String plaintext) throws VaultConnectorException;
+
+    /**
+     * Encrypt plaintext via transit engine from Vault.
+     *
+     * @param keyName   Transit key name
+     * @param plaintext Binary data to encrypt
+     * @return Transit response
+     * @throws VaultConnectorException on error
+     * @since 1.5.0
+     */
+    default TransitResponse transitEncrypt(final String keyName, final byte[] plaintext)
+        throws VaultConnectorException {
+        return transitEncrypt(keyName, Base64.getEncoder().encodeToString(plaintext));
+    }
+
+    /**
+     * Decrypt ciphertext via transit engine from Vault.
+     *
+     * @param keyName    Transit key name
+     * @param ciphertext Text to decrypt
+     * @return Transit response
+     * @throws VaultConnectorException on error
+     * @since 1.5.0
+     */
+    TransitResponse transitDecrypt(final String keyName, final String ciphertext) throws VaultConnectorException;
+
+    /**
+     * Hash data in hex format via transit engine from Vault.
+     *
+     * @param algorithm Specifies the hash algorithm to use
+     * @param input     Data to hash
+     * @return Transit response
+     * @throws VaultConnectorException on error
+     * @since 1.5.0
+     */
+    default TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException {
+        return transitHash(algorithm, input, "hex");
+    }
+
+    /**
+     * Hash data via transit engine from Vault.
+     *
+     * @param algorithm Specifies the hash algorithm to use
+     * @param input     Data to hash (Base64 encoded)
+     * @param format    Specifies the output encoding (hex/base64)
+     * @return Transit response
+     * @throws VaultConnectorException on error
+     * @since 1.5.0
+     */
+    TransitResponse transitHash(final String algorithm, final String input, final String format)
+        throws VaultConnectorException;
+
+    /**
+     * Hash data via transit engine from Vault.
+     *
+     * @param algorithm Specifies the hash algorithm to use
+     * @param input     Data to hash
+     * @return Transit response
+     * @throws VaultConnectorException on error
+     * @since 1.5.0
+     */
+    default TransitResponse transitHash(final String algorithm, final byte[] input, final String format)
+        throws VaultConnectorException {
+        return transitHash(algorithm, Base64.getEncoder().encodeToString(input), format);
+    }
+
     /**
      * Read credentials for MySQL backend at default mount point.
      *
@@ -681,7 +754,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @return the credentials response
      * @throws VaultConnectorException on error
      * @since 0.5.0
+     * @deprecated use {@link #readDbCredentials(String, String)} your MySQL mountpoint
      */
+    @Deprecated(since = "1.5.0", forRemoval = true)
     default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
         return readDbCredentials(role, "mysql");
     }
@@ -693,7 +768,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @return the credentials response
      * @throws VaultConnectorException on error
      * @since 0.5.0
+     * @deprecated use {@link #readDbCredentials(String, String)} your PostgreSQL mountpoint
      */
+    @Deprecated(since = "1.5.0", forRemoval = true)
     default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
         return readDbCredentials(role, "postgresql");
     }
@@ -705,28 +782,32 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @return the credentials response
      * @throws VaultConnectorException on error
      * @since 0.5.0
+     * @deprecated use {@link #readDbCredentials(String, String)} your MSSQL mountpoint
      */
+    @Deprecated(since = "1.5.0", forRemoval = true)
     default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
         return readDbCredentials(role, "mssql");
     }
 
     /**
-     * Read credentials for MSSQL backend at default mount point.
+     * Read credentials for MongoDB backend at default mount point.
      *
      * @param role the role name
      * @return the credentials response
      * @throws VaultConnectorException on error
      * @since 0.5.0
+     * @deprecated use {@link #readDbCredentials(String, String)} your MongoDB mountpoint
      */
+    @Deprecated(since = "1.5.0", forRemoval = true)
     default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
         return readDbCredentials(role, "mongodb");
     }
 
     /**
-     * Read credentials for SQL backends.
+     * Read credentials for database backends.
      *
      * @param role  the role name
-     * @param mount mount point of the SQL backend
+     * @param mount mount point of the database backend
      * @return the credentials response
      * @throws VaultConnectorException on error
      * @since 0.5.0

src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package de.stklcode.jvault.connector.exception;
 
+import java.io.Serial;
+
 /**
  * Exception thrown trying to do a request without any authorization handles.
  *
@@ -23,5 +25,6 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public class AuthorizationRequiredException extends VaultConnectorException {
+    @Serial
     private static final long serialVersionUID = 2629577936657393880L;
 }

src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package de.stklcode.jvault.connector.exception;
 
+import java.io.Serial;
+
 /**
  * Exception thrown on problems with connection to Vault backend.
  *
@@ -23,6 +25,7 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public class ConnectionException extends VaultConnectorException {
+    @Serial
     private static final long serialVersionUID = 3005430116002990418L;
 
     /**

src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package de.stklcode.jvault.connector.exception;
 
+import java.io.Serial;
+
 /**
  * Exception thrown when trying to send malformed request.
  *
@@ -23,6 +25,7 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public class InvalidRequestException extends VaultConnectorException {
+    @Serial
     private static final long serialVersionUID = -6712239648281809159L;
 
     /**

src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package de.stklcode.jvault.connector.exception;
 
+import java.io.Serial;
+
 /**
  * Exception thrown when response from vault returned with erroneous status code or payload could not be parsed
  * to entity class.
@@ -24,6 +26,7 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public final class InvalidResponseException extends VaultConnectorException {
+    @Serial
     private static final long serialVersionUID = 2003151038614163479L;
 
     private final Integer statusCode;

src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package de.stklcode.jvault.connector.exception;
 
+import java.io.Serial;
+
 /**
  * Exception thrown when trying to access a path the current user/token does not have permission to access.
  *
@@ -23,6 +25,7 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public class PermissionDeniedException extends VaultConnectorException {
+    @Serial
     private static final long serialVersionUID = -7149134015090750776L;
 
     /**

src/main/java/de/stklcode/jvault/connector/exception/TlsException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package de.stklcode.jvault.connector.exception;
 
+import java.io.Serial;
+
 /**
  * Exception thrown on errors with TLS connection.
  *
@@ -23,6 +25,7 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.4.0
  */
 public class TlsException extends VaultConnectorException {
+    @Serial
     private static final long serialVersionUID = -5139276834988258086L;
 
     /**

src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package de.stklcode.jvault.connector.exception;
 
+import java.io.Serial;
+
 /**
  * Abstract Exception class for Vault Connector internal exceptions.
  *
@@ -23,6 +25,7 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public abstract class VaultConnectorException extends Exception {
+    @Serial
     private static final long serialVersionUID = -2612477894310906036L;
 
     /**

src/main/java/de/stklcode/jvault/connector/exception/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/internal/Error.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java

@@ -2,8 +2,8 @@ package de.stklcode.jvault.connector.internal;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.*;
 import de.stklcode.jvault.connector.model.response.ErrorResponse;
@@ -44,7 +44,7 @@ public final class RequestHelper implements Serializable {
     private final int retries;                      // Number of retries on 5xx errors.
     private final String tlsVersion;                // TLS version (#22).
     private final X509Certificate trustedCaCert;    // Trusted CA certificate.
-    private final ObjectMapper jsonMapper;
+    private final JsonMapper jsonMapper;
 
     /**
      * Constructor of the request helper.
@@ -65,10 +65,11 @@ public final class RequestHelper implements Serializable {
         this.timeout = timeout;
         this.tlsVersion = tlsVersion;
         this.trustedCaCert = trustedCaCert;
-        this.jsonMapper = new ObjectMapper()
+        this.jsonMapper = JsonMapper.builder()
-                .registerModule(new JavaTimeModule())
+            .addModule(new JavaTimeModule())
             .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+            .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
+            .build();
     }
 
     /**

src/main/java/de/stklcode/jvault/connector/model/AppRole.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ package de.stklcode.jvault.connector.model;
 
 import com.fasterxml.jackson.annotation.*;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
@@ -32,6 +33,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AppRole implements Serializable {
+    @Serial
     private static final long serialVersionUID = 693228837510483448L;
 
     @JsonProperty("role_name")

src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ package de.stklcode.jvault.connector.model;
 
 import com.fasterxml.jackson.annotation.*;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.List;
 import java.util.Map;
@@ -32,6 +33,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AppRoleSecret implements Serializable {
+    @Serial
     private static final long serialVersionUID = -3401074170145792641L;
 
     @JsonProperty("secret_id")

src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/Token.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.*;
 
@@ -32,6 +33,7 @@ import java.util.*;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class Token implements Serializable {
+    @Serial
     private static final long serialVersionUID = 5208508683665365287L;
 
     @JsonProperty("id")

src/main/java/de/stklcode/jvault/connector/model/TokenRole.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
@@ -34,6 +35,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenRole implements Serializable {
+    @Serial
     private static final long serialVersionUID = -3505215215838576321L;
 
     @JsonProperty("name")

src/main/java/de/stklcode/jvault/connector/model/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.AppRole;
 
+import java.io.Serial;
 import java.util.Objects;
 
 /**
@@ -30,6 +31,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AppRoleResponse extends VaultDataResponse {
+    @Serial
     private static final long serialVersionUID = -6536422219633829177L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.AppRoleSecret;
 
+import java.io.Serial;
 import java.util.Objects;
 
 /**
@@ -30,6 +31,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AppRoleSecretResponse extends VaultDataResponse {
+    @Serial
     private static final long serialVersionUID = -2484103304072370585L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
 
+import java.io.Serial;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
@@ -32,6 +33,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthMethodsResponse extends VaultDataResponse {
+    @Serial
     private static final long serialVersionUID = -1802724129533405375L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,8 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import de.stklcode.jvault.connector.model.response.embedded.AuthData;
 
+import java.io.Serial;
+
 /**
  * Vault response for authentication providing auth info in {@link AuthData} field.
  *
@@ -27,5 +29,6 @@ import de.stklcode.jvault.connector.model.response.embedded.AuthData;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthResponse extends VaultDataResponse {
+    @Serial
     private static final long serialVersionUID = 1628851361067456715L;
 }

src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,8 @@ package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 
+import java.io.Serial;
+
 /**
  * Vault response from credentials lookup. Simple wrapper for data objects containing username and password fields.
  *
@@ -26,6 +28,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class CredentialsResponse extends PlainSecretResponse {
+    @Serial
     private static final long serialVersionUID = -1439692963299045425L;
 
     /**

src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.util.List;
 import java.util.Objects;
 
@@ -30,6 +31,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class ErrorResponse implements VaultResponse {
+    @Serial
     private static final long serialVersionUID = -6227368087842549149L;
 
     @JsonProperty("errors")

src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.util.Objects;
 
 /**
@@ -29,6 +30,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class HealthResponse implements VaultResponse {
+    @Serial
     private static final long serialVersionUID = 8675155916902904516L;
 
     @JsonProperty("cluster_id")

src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.util.Objects;
 
 /**
@@ -29,6 +30,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class HelpResponse implements VaultResponse {
+    @Serial
     private static final long serialVersionUID = -1152070966642848490L;
 
     @JsonProperty("help")

src/main/java/de/stklcode/jvault/connector/model/response/MetaSecretResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.SecretWrapper;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Collections;
 import java.util.Map;
@@ -34,6 +35,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class MetaSecretResponse extends SecretResponse {
+    @Serial
     private static final long serialVersionUID = -1076542846391240162L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.SecretMetadata;
 
+import java.io.Serial;
 import java.util.Objects;
 
 
@@ -31,6 +32,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class MetadataResponse extends VaultDataResponse {
+    @Serial
     private static final long serialVersionUID = -3679762333630984679L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/PlainSecretResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Collections;
 import java.util.Map;
@@ -33,6 +34,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class PlainSecretResponse extends SecretResponse {
+    @Serial
     private static final long serialVersionUID = 3010138542437913023L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Map;
 import java.util.Objects;
@@ -31,6 +32,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class RawDataResponse extends VaultDataResponse {
+    @Serial
     private static final long serialVersionUID = -319727427792124071L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.time.ZonedDateTime;
 import java.util.Objects;
 
@@ -30,6 +31,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class SealResponse implements VaultResponse {
+    @Serial
     private static final long serialVersionUID = -6000309255473305787L;
 
     @JsonProperty("type")

src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.SecretListWrapper;
 
+import java.io.Serial;
 import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
@@ -32,8 +33,9 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class SecretListResponse extends VaultDataResponse {
-
+    @Serial
     private static final long serialVersionUID = 8597121175002967213L;
+
     @JsonProperty("data")
     private SecretListWrapper data;
 

src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,13 +18,14 @@ package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
 
 import java.io.IOException;
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Map;
 
@@ -37,6 +38,7 @@ import java.util.Map;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public abstract class SecretResponse extends VaultDataResponse {
+    @Serial
     private static final long serialVersionUID = 5198088815871692951L;
 
     /**
@@ -85,10 +87,11 @@ public abstract class SecretResponse extends VaultDataResponse {
             } else if (type.isInstance(rawValue)) {
                 return type.cast(rawValue);
             } else {
-                var om = new ObjectMapper()
+                var om = JsonMapper.builder()
-                        .registerModule(new JavaTimeModule())
+                    .addModule(new JavaTimeModule())
                     .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-                        .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+                    .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
+                    .build();
 
                 if (rawValue instanceof String) {
                     return om.readValue((String) rawValue, type);

src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
 
+import java.io.Serial;
 import java.util.Objects;
 
 /**
@@ -30,6 +31,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class SecretVersionResponse extends VaultDataResponse {
+    @Serial
     private static final long serialVersionUID = 2748635005258576174L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.TokenData;
 
+import java.io.Serial;
 import java.util.Objects;
 
 /**
@@ -30,6 +31,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenResponse extends VaultDataResponse {
+    @Serial
     private static final long serialVersionUID = -4341114947980033457L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.TokenRole;
 import de.stklcode.jvault.connector.model.response.embedded.TokenData;
 
+import java.io.Serial;
 import java.util.Objects;
 
 /**
@@ -31,6 +32,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenRoleResponse extends VaultDataResponse {
+    @Serial
     private static final long serialVersionUID = 5265363857731948626L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java

@@ -0,0 +1,94 @@
+/*
+ * Copyright 2016-2025 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model.response;
+
+import com.fasterxml.jackson.annotation.JsonSetter;
+
+import java.io.Serial;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Response entity for transit operations.
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.5.0
+ */
+public class TransitResponse extends VaultDataResponse {
+
+    @Serial
+    private static final long serialVersionUID = 6873804240772242771L;
+
+    private String ciphertext;
+    private String plaintext;
+    private String sum;
+
+    @JsonSetter("data")
+    private void setData(Map<String, String> data) {
+        ciphertext = data.get("ciphertext");
+        plaintext = data.get("plaintext");
+        sum = data.get("sum");
+    }
+
+    /**
+     * Get ciphertext.
+     * Populated after encryption.
+     *
+     * @return Ciphertext
+     */
+    public String getCiphertext() {
+        return ciphertext;
+    }
+
+    /**
+     * Get plaintext.
+     * Base64 encoded, populated after decryption.
+     *
+     * @return Plaintext
+     */
+    public String getPlaintext() {
+        return plaintext;
+    }
+
+    /**
+     * Get hash sum.
+     * Hex or Base64 string. Populated after hashing.
+     *
+     * @return Hash sum
+     */
+    public String getSum() {
+        return sum;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        } else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
+            return false;
+        }
+        TransitResponse that = (TransitResponse) o;
+        return Objects.equals(ciphertext, that.ciphertext) &&
+            Objects.equals(plaintext, that.plaintext) &&
+            Objects.equals(sum, that.sum);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(super.hashCode(), ciphertext, plaintext, sum);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.AuthData;
 import de.stklcode.jvault.connector.model.response.embedded.WrapInfo;
 
+import java.io.Serial;
 import java.util.List;
 import java.util.Objects;
 
@@ -30,6 +31,7 @@ import java.util.Objects;
  * @since 0.1
  */
 public abstract class VaultDataResponse implements VaultResponse {
+    @Serial
     private static final long serialVersionUID = 4787715235558510045L;
 
     @JsonProperty("request_id")
@@ -115,6 +117,7 @@ public abstract class VaultDataResponse implements VaultResponse {
     public final String getMountType() {
         return mountType;
     }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {

src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.List;
 import java.util.Map;
@@ -33,6 +34,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthData implements Serializable {
+    @Serial
     private static final long serialVersionUID = 5969334512309655317L;
 
     @JsonProperty("client_token")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonSetter;
 import de.stklcode.jvault.connector.model.AuthBackend;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Map;
 import java.util.Objects;
@@ -34,6 +35,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthMethod implements Serializable {
+    @Serial
     private static final long serialVersionUID = -439987082190917691L;
 
     private AuthBackend type;

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaConstraintAny.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.List;
 import java.util.Objects;
@@ -31,6 +32,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class MfaConstraintAny implements Serializable {
+    @Serial
     private static final long serialVersionUID = 1226126781813149627L;
 
     @JsonProperty("any")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaMethodId.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Objects;
 
@@ -30,6 +31,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class MfaMethodId implements Serializable {
+    @Serial
     private static final long serialVersionUID = 691298070242998814L;
 
     @JsonProperty("type")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaRequirement.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Map;
 import java.util.Objects;
@@ -31,6 +32,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class MfaRequirement implements Serializable {
+    @Serial
     private static final long serialVersionUID = -2516941512455319638L;
 
     @JsonProperty("mfa_request_id")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MountConfig.java

@@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.List;
 import java.util.Objects;
@@ -15,6 +16,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class MountConfig implements Serializable {
+    @Serial
     private static final long serialVersionUID = -8653909672663717792L;
 
     @JsonProperty("default_lease_ttl")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretListWrapper.java

@@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.List;
 import java.util.Objects;
@@ -16,7 +17,9 @@ import java.util.Objects;
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class SecretListWrapper implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = -8777605197063766125L;
+
     @JsonProperty("keys")
     private List<String> keys;
 

src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.util.HashMap;
@@ -34,6 +35,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class SecretMetadata implements Serializable {
+    @Serial
     private static final long serialVersionUID = -905059942871916214L;
 
     @JsonProperty("created_time")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretWrapper.java

@@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Map;
 import java.util.Objects;
@@ -15,6 +16,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class SecretWrapper implements Serializable {
+    @Serial
     private static final long serialVersionUID = 8600413181758893378L;
 
     @JsonProperty("data")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.util.List;
@@ -34,6 +35,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenData implements Serializable {
+    @Serial
     private static final long serialVersionUID = -5749716740973138916L;
 
     @JsonProperty("accessor")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/UserLockoutConfig.java

@@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Objects;
 
@@ -14,6 +15,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class UserLockoutConfig implements Serializable {
+    @Serial
     private static final long serialVersionUID = -8051060041593140550L;
 
     @JsonProperty("lockout_threshold")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.util.HashMap;
@@ -34,6 +35,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class VersionMetadata implements Serializable {
+    @Serial
     private static final long serialVersionUID = 8495687554714216478L;
 
     @JsonProperty("created_time")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/WrapInfo.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.util.Objects;
@@ -29,6 +30,7 @@ import java.util.Objects;
  * @since 1.1
  */
 public class WrapInfo implements Serializable {
+    @Serial
     private static final long serialVersionUID = 4864973237090355607L;
 
     @JsonProperty("token")

src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/module-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,7 +25,10 @@ import org.junit.jupiter.api.io.TempDir;
 import java.io.File;
 import java.lang.reflect.Field;
 import java.net.URISyntaxException;
+import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
+import java.nio.file.Paths;
+import java.util.concurrent.atomic.AtomicReference;
 
 import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable;
 import static org.junit.jupiter.api.Assertions.*;
@@ -38,6 +41,8 @@ import static org.junit.jupiter.api.Assertions.*;
  */
 class HTTPVaultConnectorBuilderTest {
     private static final String VAULT_ADDR = "https://localhost:8201";
+    private static final String VAULT_ADDR_2 = "http://localhost";
+    private static final String VAULT_ADDR_3 = "https://localhost/vault/";
     private static final Integer VAULT_MAX_RETRIES = 13;
     private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
 
@@ -112,6 +117,22 @@ class HTTPVaultConnectorBuilderTest {
 
             return null;
         });
+        withVaultEnv(VAULT_ADDR_2, null, null, null).execute(() -> {
+            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
+                    () -> HTTPVaultConnector.builder().fromEnv(),
+                    "Factory creation from minimal environment failed"
+            );
+            assertEquals(VAULT_ADDR_2 + "/v1/", getRequestHelperPrivate(builder.build(), "baseURL"), "URL without port not set correctly");
+            return null;
+        });
+        withVaultEnv(VAULT_ADDR_3, null, null, null).execute(() -> {
+            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
+                    () -> HTTPVaultConnector.builder().fromEnv(),
+                    "Factory creation from minimal environment failed"
+            );
+            assertEquals(VAULT_ADDR_3, getRequestHelperPrivate(builder.build(), "baseURL"), "URL with custom path not set correctly");
+            return null;
+        });
 
         // Provide address and number of retries.
         withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
@@ -128,19 +149,6 @@ class HTTPVaultConnectorBuilderTest {
             return null;
         });
 
-        // Provide CA certificate.
-        String vaultCacert = tempDir.toString() + "/doesnotexist";
-        withVaultEnv(VAULT_ADDR, vaultCacert, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
-            TlsException e = assertThrows(
-                    TlsException.class,
-                    () -> HTTPVaultConnector.builder().fromEnv(),
-                    "Creation with unknown cert path failed"
-            );
-            assertEquals(vaultCacert, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
-
-            return null;
-        });
-
         // Automatic authentication.
         withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
             HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
@@ -164,6 +172,59 @@ class HTTPVaultConnectorBuilderTest {
         });
     }
 
+    /**
+     * Test CA certificate handling from environment variables
+     */
+    @Test
+    void testCertificateFromEnv() throws Exception {
+        // From direct PEM content
+        String pem = Files.readString(Paths.get(getClass().getResource("/tls/ca.pem").toURI()));
+        AtomicReference<Object> certFromPem = new AtomicReference<>();
+        withVaultEnv(VAULT_ADDR, pem, null, null).execute(() -> {
+            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
+                    () -> HTTPVaultConnector.builder().fromEnv(),
+                    "Builder with PEM certificate from environment failed"
+            );
+            HTTPVaultConnector connector = builder.build();
+
+            certFromPem.set(getRequestHelperPrivate(connector, "trustedCaCert"));
+            assertNotNull(certFromPem.get(), "Trusted CA cert from PEM not set");
+
+            return null;
+        });
+
+        // From file path
+        String file = Paths.get(getClass().getResource("/tls/ca.pem").toURI()).toString();
+        AtomicReference<Object> certFromFile = new AtomicReference<>();
+        withVaultEnv(VAULT_ADDR, file, null, null).execute(() -> {
+            HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
+                    () -> HTTPVaultConnector.builder().fromEnv(),
+                    "Builder with certificate path from environment failed"
+            );
+            HTTPVaultConnector connector = builder.build();
+
+            certFromFile.set(getRequestHelperPrivate(connector, "trustedCaCert"));
+            assertNotNull(certFromFile.get(), "Trusted CA cert from file not set");
+
+            return null;
+        });
+
+        assertEquals(certFromPem.get(), certFromFile.get(), "Certificates from PEM and file should be equal");
+
+        // Non-existing path CA certificate path
+        String doesNotExist = tempDir.toString() + "/doesnotexist";
+        withVaultEnv(VAULT_ADDR, doesNotExist, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
+            TlsException e = assertThrows(
+                    TlsException.class,
+                    () -> HTTPVaultConnector.builder().fromEnv(),
+                    "Creation with unknown cert path failed"
+            );
+            assertEquals(doesNotExist, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
+
+            return null;
+        });
+    }
+
     private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) {
         return withEnvironmentVariable("VAULT_ADDR", vaultAddr)
                 .and("VAULT_CACERT", vaultCacert)

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -52,7 +52,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
  * @since 0.1
  */
 class HTTPVaultConnectorIT {
-    private static String VAULT_VERSION = "1.18.2";  // The vault version this test is supposed to run against.
+    private static String VAULT_VERSION = "1.20.0";  // The vault version this test is supposed to run against.
     private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
     private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
     private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
@@ -989,6 +989,75 @@ class HTTPVaultConnectorIT {
         }
     }
 
+    @Nested
+    @DisplayName("Transit Tests")
+    class TransitTests {
+
+        @Test
+        @DisplayName("Transit encryption")
+        void transitEncryptTest() {
+            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
+            assumeTrue(connector.isAuthorized());
+
+            TransitResponse transitResponse = assertDoesNotThrow(
+                () -> connector.transitEncrypt("my-key", "dGVzdCBtZQ=="),
+                "Failed to encrypt via transit"
+            );
+            assertNotNull(transitResponse.getCiphertext());
+            assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
+
+            transitResponse = assertDoesNotThrow(
+                () -> connector.transitEncrypt("my-key", "test me".getBytes(UTF_8)),
+                "Failed to encrypt binary data via transit"
+            );
+            assertNotNull(transitResponse.getCiphertext());
+            assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
+
+        }
+
+        @Test
+        @DisplayName("Transit decryption")
+        void transitDecryptTest() {
+            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
+            assumeTrue(connector.isAuthorized());
+
+            TransitResponse transitResponse = assertDoesNotThrow(
+                () -> connector.transitDecrypt("my-key", "vault:v1:1mhLVkBAR2nrFtIkJF/qg57DWfRj0FWgR6tvkGO8XOnL6sw="),
+                "Failed to decrypt via transit"
+            );
+
+            assertEquals("dGVzdCBtZQ==", transitResponse.getPlaintext());
+        }
+
+        @Test
+        @DisplayName("Transit hash")
+        void transitHashText() {
+            assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
+            assumeTrue(connector.isAuthorized());
+
+            TransitResponse transitResponse = assertDoesNotThrow(
+                () -> connector.transitHash("sha2-512", "dGVzdCBtZQ=="),
+                "Failed to hash via transit"
+            );
+
+            assertEquals("7677af0ee4effaa9f35e9b1e82d182f79516ab8321786baa23002de7c06851059492dd37d5fc3791f17d81d4b58198d24a6fd8bbd62c42c1c30b371da500f193", transitResponse.getSum());
+
+            TransitResponse transitResponseBase64 = assertDoesNotThrow(
+                () -> connector.transitHash("sha2-256", "dGVzdCBtZQ==", "base64"),
+                "Failed to hash via transit with base64 output"
+            );
+
+            assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
+
+            transitResponseBase64 = assertDoesNotThrow(
+                () -> connector.transitHash("sha2-256", "test me".getBytes(UTF_8), "base64"),
+                "Failed to hash binary data via transit"
+            );
+
+            assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
+        }
+    }
+
     @Nested
     @DisplayName("Misc Tests")
     class MiscTests {

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,13 +17,13 @@
 package de.stklcode.jvault.connector;
 
 import com.github.tomakehurst.wiremock.client.WireMock;
-import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
+import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
+import com.github.tomakehurst.wiremock.junit5.WireMockTest;
 import de.stklcode.jvault.connector.exception.ConnectionException;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.exception.PermissionDeniedException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 import org.junit.jupiter.api.function.Executable;
 
 import java.io.IOException;
@@ -36,9 +36,7 @@ import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.*;
-import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
-import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
 import static org.junit.jupiter.api.Assertions.*;
 
 /**
@@ -48,18 +46,15 @@ import static org.junit.jupiter.api.Assertions.*;
  * @author Stefan Kalscheuer
  * @since 0.7.0
  */
+@WireMockTest
 class HTTPVaultConnectorTest {
-    @RegisterExtension
-    static WireMockExtension wireMock = WireMockExtension.newInstance()
-            .options(wireMockConfig().dynamicPort())
-            .build();
 
     /**
      * Test exceptions thrown during request.
      */
     @Test
-    void requestExceptionTest() throws IOException, URISyntaxException {
+    void requestExceptionTest(WireMockRuntimeInfo wireMock) throws IOException, URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
 
         // Test invalid response code.
         final int responseCode = 400;
@@ -94,9 +89,9 @@ class HTTPVaultConnectorTest {
         assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
 
         // Now simulate a failing request that succeeds on second try.
-        connector = HTTPVaultConnector.builder(wireMock.url("/")).withNumberOfRetries(1).withTimeout(250).build();
+        connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withNumberOfRetries(1).withTimeout(250).build();
 
-        wireMock.stubFor(
+        stubFor(
             WireMock.any(anyUrl())
                 .willReturn(aResponse().withStatus(500))
                 .willReturn(aResponse().withStatus(500))
@@ -193,8 +188,8 @@ class HTTPVaultConnectorTest {
      * Test behavior on unparsable responses.
      */
     @Test
-    void parseExceptionTest() throws URISyntaxException {
+    void parseExceptionTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
         // Mock authorization.
         setPrivate(connector, "authorized", true);
         // Mock response.
@@ -227,8 +222,8 @@ class HTTPVaultConnectorTest {
      * Test requests that expect an empty response with code 204, but receive a 200 body.
      */
     @Test
-    void nonEmpty204ResponseTest() throws URISyntaxException {
+    void nonEmpty204ResponseTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
-        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
+        HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
         // Mock authorization.
         setPrivate(connector, "authorized", true);
         // Mock response.
@@ -310,7 +305,7 @@ class HTTPVaultConnectorTest {
     }
 
     private void mockHttpResponse(int status, String body, String contentType) {
-        wireMock.stubFor(
+        stubFor(
             WireMock.any(anyUrl()).willReturn(
                 aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
             )

src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/AbstractModelTest.java

@@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import nl.jqno.equalsverifier.EqualsVerifier;
 import org.junit.jupiter.api.Test;
@@ -29,10 +30,11 @@ public abstract class AbstractModelTest<T> {
      */
     protected AbstractModelTest(Class<T> modelClass) {
         this.modelClass = modelClass;
-        this.objectMapper = new ObjectMapper()
+        this.objectMapper = JsonMapper.builder()
-                .registerModule(new JavaTimeModule())
+            .addModule(new JavaTimeModule())
             .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
-                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+            .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
+            .build();
     }
 
     /**

src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -173,7 +173,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
         assertNull(role.getTokenType());
 
         // Empty builder should be equal to no-arg construction.
-        assertEquals(role, new TokenRole());
+        assertEquals(new TokenRole(), role);
 
         // Optional fields should be ignored, so JSON string should be empty.
         assertEquals("{}", objectMapper.writeValueAsString(role));

src/test/java/de/stklcode/jvault/connector/model/TokenTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -105,7 +105,7 @@ class TokenTest extends AbstractModelTest<Token> {
         assertEquals("{}", objectMapper.writeValueAsString(token));
 
         // Empty builder should be equal to no-arg construction.
-        assertEquals(token, new Token());
+        assertEquals(new Token(), token);
     }
 
     /**

src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/ErrorResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/HelpResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/PlainSecretResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/TransitResponseTest.java

@@ -0,0 +1,137 @@
+/*
+ * Copyright 2016-2025 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model.response;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import de.stklcode.jvault.connector.model.AbstractModelTest;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+/**
+ * JUnit Test for {@link TransitResponse} model.
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.5.0
+ */
+class TransitResponseTest extends AbstractModelTest<TransitResponse> {
+    private static final String CIPHERTEXT = "vault:v1:XjsPWPjqPrBi1N2Ms2s1QM798YyFWnO4TR4lsFA=";
+    private static final String PLAINTEXT = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
+    private static final String SUM = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
+
+    TransitResponseTest() {
+        super(TransitResponse.class);
+    }
+
+    @Override
+    protected TransitResponse createFull() {
+        try {
+            return objectMapper.readValue(
+                json(
+                    "\"ciphertext\": \"" + CIPHERTEXT + "\", " +
+                        "\"plaintext\": \"" + PLAINTEXT + "\", " +
+                        "\"sum\": \"" + SUM + "\""
+                ),
+                TransitResponse.class
+            );
+        } catch (JsonProcessingException e) {
+            fail("Creation of full model failed", e);
+            return null;
+        }
+    }
+
+    @Test
+    void encryptionTest() {
+        TransitResponse res = assertDoesNotThrow(
+            () -> objectMapper.readValue(
+                json("\"ciphertext\": \"" + CIPHERTEXT + "\""),
+                TransitResponse.class
+            ),
+            "TransitResponse deserialization failed"
+        );
+        assertNotNull(res, "Parsed response is NULL");
+        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
+        assertEquals("", res.getLeaseId(), "Unexpected lease id");
+        assertFalse(res.isRenewable(), "Unexpected renewable flag");
+        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
+        assertEquals(CIPHERTEXT, res.getCiphertext(), "Incorrect ciphertext");
+        assertNull(res.getPlaintext(), "Unexpected plaintext");
+        assertNull(res.getSum(), "Unexpected sum");
+        assertNull(res.getWrapInfo(), "Unexpected wrap info");
+        assertNull(res.getWarnings(), "Unexpected warnings");
+        assertNull(res.getAuth(), "Unexpected auth");
+    }
+
+    @Test
+    void decryptionTest() {
+        TransitResponse res = assertDoesNotThrow(
+            () -> objectMapper.readValue(
+                json("\"plaintext\": \"" + PLAINTEXT + "\""),
+                TransitResponse.class
+            ),
+            "TransitResponse deserialization failed"
+        );
+        assertNotNull(res, "Parsed response is NULL");
+        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
+        assertEquals("", res.getLeaseId(), "Unexpected lease id");
+        assertFalse(res.isRenewable(), "Unexpected renewable flag");
+        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
+        assertNull(res.getCiphertext(), "Unexpected ciphertext");
+        assertEquals(PLAINTEXT, res.getPlaintext(), "Incorrect plaintext");
+        assertNull(res.getSum(), "Unexpected sum");
+        assertNull(res.getWrapInfo(), "Unexpected wrap info");
+        assertNull(res.getWarnings(), "Unexpected warnings");
+        assertNull(res.getAuth(), "Unexpected auth");
+    }
+
+    @Test
+    void hashTest() {
+        TransitResponse res = assertDoesNotThrow(
+            () -> objectMapper.readValue(
+                json("\"sum\": \"" + SUM + "\""),
+                TransitResponse.class
+            ),
+            "TransitResponse deserialization failed"
+        );
+        assertNotNull(res, "Parsed response is NULL");
+        assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
+        assertEquals("", res.getLeaseId(), "Unexpected lease id");
+        assertFalse(res.isRenewable(), "Unexpected renewable flag");
+        assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
+        assertNull(res.getCiphertext(), "Unexpected ciphertext");
+        assertNull(res.getPlaintext(), "Unexpected plaintext");
+        assertEquals(SUM, res.getSum(), "Incorrect sum");
+        assertNull(res.getWrapInfo(), "Unexpected wrap info");
+        assertNull(res.getWarnings(), "Unexpected warnings");
+        assertNull(res.getAuth(), "Unexpected auth");
+    }
+
+    private static String json(String data) {
+        return "{\n" +
+            "  \"request_id\" : \"987c6daf-b0e2-4142-a970-1e61fdb249d7\",\n" +
+            "  \"lease_id\" : \"\",\n" +
+            "  \"renewable\" : false,\n" +
+            "  \"lease_duration\" : 0,\n" +
+            "  \"data\" : {\n" +
+            "    " + data + "\n" +
+            "  },\n" +
+            "  \"wrap_info\" : null,\n" +
+            "  \"warnings\" : null,\n" +
+            "  \"auth\" : null\n" +
+            "}";
+    }
+}

src/test/java/de/stklcode/jvault/connector/test/Credentials.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 Stefan Kalscheuer
+ * Copyright 2016-2025 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/resources/data_dir/core/_mounts

@@ -1 +1 @@
-{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="}
+{"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}

src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/archive/_my-key

@@ -0,0 +1 @@
+{"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}

src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/policy/_my-key

@@ -0,0 +1 @@
+{"Value":"AAAAAQKfotDJ0SihB+f5i4PxZ6lq1kxtH4QMprGI7Hj8HimEwXsW0Gbj/1B7YM4DQt4t5JFD4gKwFVOwlJDyusaJj92ar0QLSreCWyJTKUadqZplMFyB/bAdK42QdH+ZS8Z9KHUNchbRpNhnvOFIahoDG8dZ+nbCIXblJONCaey4/ri3H+GQbk/jfre1VByh7zVIN0ISew5PzZRCTkbO1CvcQZhrRGoUGiPmLywKVbHEMsvimVuZY5py6OfL+70QmElBmN9O45bTgX9XPbfSmyQIcGrElO1foi0WwZLPsb/fZcAIgrhC768jOnzeimChoX4zc0DPxuyV1YPvsD1yAlsnsFuJW6CP7TGkszbJU+rwDpg0TgqKtvFr1Lgkxyfcxg0h++1BSiEgoJU7b2IgIWP7reJVjc1tbAsoR1tOBCSAAhvqWZVpn2oht5rfe9aN370bV3Jcu17hFWyhB+VhzbCCPRcofPXX3f2U2dcQ0X7bU4nMiq1v6NQP6u/D5GAPj4Jc0519tPW4KQrd9SNqR20ct6OvqxjMFWV4GZXVcsL4+3xup87Yib6EDb0+hhe6XEpC6isYgD3D5OTTOWphHlsglGkGFi9lUc+h8zNPM4FHwha6uVTLmaqaLGbLziwT9WXF1ATacwtNW0t3kZlFUBvMwSwWzoPqO1+jxs+id4ie/VI6ZTOeowi4ceK2eWJ1/t9MB/gjvadpgE+FYt5QG6dFav4ujQN5Ne/yY78PGF5tp0CT4koox0rMUuxyD1xOIXkm0NBpJm1y9/J06yqLpMKqS40/jGcSQaycRngXDb+6H9rj7mheiO4qxcFGqViqECCUjDG3PnLP/fy9py5kFq7mf0pq7L0Jq/lLWC+iKJF9UaZmCaz8DwlQ9zC03XOFqABPNe8gMFlb8zU09VKBbY+g5gukOonjcBeoFOTRqQxuaWwwwB2lj8XnZScOyIcVJGkH"}