Go to file

Stefan Kalscheuer 3f47da6134 Do not reuse surefire forks for testing

The offline test messes up with the online test if executed in advance
because of the static HTTP mock. With no guaranteed execution order
all online tests may be skipped. To prevent this, run each test in its
own fork.

2019-03-22 19:10:19 +01:00

assets

Minor logo modifications

2018-03-25 17:11:16 +02:00

src

Add some messages to test assumptions

2019-03-22 18:01:50 +01:00

.drone.yml

Default test against Vault 1.1.0

2019-03-21 20:22:38 +01:00

.gitignore

.gitignore in repo

2017-03-19 12:40:13 +01:00

.travis.yml

Default test against Vault 1.1.0

2019-03-21 20:22:38 +01:00

CHANGELOG.md

KV v2 and mount points in changelog

2019-03-17 15:15:35 +01:00

LICENSE.txt

Initial Import

2016-03-29 15:52:31 +02:00

pom.xml

Do not reuse surefire forks for testing

2019-03-22 19:10:19 +01:00

README.md

Default test against Vault 1.1.0

2019-03-21 20:22:38 +01:00

README.md

Java Vault Connector

Java Vault Connector is a connector library for Vault by Hashicorp written in Java. The connector allows simple usage of Vault's secret store in own applications.

Features:

HTTP(S) backend connector
- Ability to provide or enforce custom CA certificate
- Optional initialization from environment variables
Authorization methods
- Token
- Username/Password
- AppID (register and authenticate) [deprecated]
- AppRole (register and authenticate)
Tokens
- Creation and lookup of tokens
- TokenBuilder for speaking creation of complex configuraitons
Secrets
- Read secrets
- Write secrets
- List secrets
- Delete secrets
- Renew/revoke leases
- Raw secret content or JSON decoding
- SQL secret handling
Connector Factory with builder pattern
Tested against Vault 1.1.0

Maven Artifact

<dependency>
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>connector</artifactId>
    <version>0.7.1</version>
</dependency>

Usage Examples

Initialization

// Instantiate using builder pattern style factory (TLS enabled by default)
VaultConnector vault = VaultConnectorFactory.httpFactory()
 .withHost("127.0.0.1")
 .withPort(8200)
 .withTLS()
 .build();

// Instantiate with custom SSL context
VaultConnector vault = VaultConnectorFactory.httpFactory()
 .withHost("example.com")
 .withPort(8200)
 .withTrustedCA(Paths.get("/path/to/CA.pem"))
 .build();

// Initialization from environment variables 
VaultConnector vault = VaultConnectorFactory.httpFactory()
 .fromEnv()
 .build();

Authentication

// Authenticate with token.
vault.authToken("01234567-89ab-cdef-0123-456789abcdef");

// Authenticate with username and password.
vault.authUserPass("username", "p4ssw0rd");

// Authenticate with AppRole (secret - 2nd argument - is optional).
vault.authAppId("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");

Secret read & write

// Retrieve secret (prefix "secret/" assumed, use read() to read arbitrary paths)
String secret = vault.readSecret("some/secret/key").getValue();

// Complex secret.
Map<String, Object> secretData = vault.readSecret("another/secret/key").getData();

// Write simple secret.
vault.writeSecret("new/secret/key", "secret value");

// Write complex data to arbitraty path.
Map<String, Object> map = [...]
vault.write("any/path/to/write", map);

// Delete secret.
vault.delete("any/path/to/write");

Token and role creation

// Create token using TokenBuilder
Token token = new TokenBuilder().withId("token id")
                                .withDisplayName("new test token")
                                .withPolicies("pol1", "pol2")
                                .build();
vault.createToken(token);

// Create AppRole credentials
vault.createAppRole("testrole", policyList);
AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");

Links

Project Page

JavaDoc API

Planned features

Creation and modification of policies
Implement more authentication methods

License

The project is licensed under Apache License 2.0.