stklcode/jvaultconnector

Fork 0

Go to file

Stefan Kalscheuer 7a45af8856 Update dependencies

2019-06-01 20:05:08 +02:00

assets

Minor logo modifications

2018-03-25 17:11:16 +02:00

src

Test against 1.1.2

2019-06-01 16:39:41 +02:00

.drone.yml

Test against 1.1.2

2019-06-01 16:39:41 +02:00

.gitignore

.gitignore in repo

2017-03-19 12:40:13 +01:00

.travis.yml

Test against 1.1.2

2019-06-01 16:39:41 +02:00

CHANGELOG.md

Update dependencies

2019-06-01 20:05:08 +02:00

LICENSE.txt

Initial Import

2016-03-29 15:52:31 +02:00

pom.xml

Update dependencies

2019-06-01 20:05:08 +02:00

README.md

Test against 1.1.2

2019-06-01 16:39:41 +02:00

README.md

Java Vault Connector

Java Vault Connector is a connector library for Vault by Hashicorp written in Java. The connector allows simple usage of Vault's secret store in own applications.

Features:

HTTP(S) backend connector
- Ability to provide or enforce custom CA certificate
- Optional initialization from environment variables
Authorization methods
- Token
- Username/Password
- AppRole (register and authenticate)
- AppID (register and authenticate) [deprecated]
Tokens
- Creation and lookup of tokens
- TokenBuilder for speaking creation of complex configuraitons
Secrets
- Read secrets
- Write secrets
- List secrets
- Delete secrets
- Renew/revoke leases
- Raw secret content or JSON decoding
- SQL secret handling
- KV v1 and v2 support
Connector Factory with builder pattern
Tested against Vault 1.1.2

Maven Artifact

<dependency>
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>jvault-connector</artifactId>
    <version>0.8.0</version>
</dependency>

Usage Examples

Initialization

// Instantiate using builder pattern style factory (TLS enabled by default)
VaultConnector vault = VaultConnectorBuilder.http()
 .withHost("127.0.0.1")
 .withPort(8200)
 .withTLS()
 .build();

// Instantiate with custom SSL context
VaultConnector vault = VaultConnectorBuilder.http()
 .withHost("example.com")
 .withPort(8200)
 .withTrustedCA(Paths.get("/path/to/CA.pem"))
 .build();

// Initialization from environment variables 
VaultConnector vault = VaultConnectorBuilder.http()
 .fromEnv()
 .build();

Authentication

// Authenticate with token.
vault.authToken("01234567-89ab-cdef-0123-456789abcdef");

// Authenticate with username and password.
vault.authUserPass("username", "p4ssw0rd");

// Authenticate with AppRole (secret - 2nd argument - is optional).
vault.authAppRole("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");

Secret read & write

// Retrieve secret (prefix "secret/" assumed, use read() to read arbitrary paths)
String secret = vault.readSecret("some/secret/key").get("value", String.class);

// Complex secret.
Map<String, Object> secretData = vault.readSecret("another/secret/key").getData();

// Write simple secret.
vault.writeSecret("new/secret/key", "secret value");

// Write complex data to arbitraty path.
Map<String, Object> map = ...;
vault.write("any/path/to/write", map);

// Delete secret.
vault.delete("any/path/to/write");

Token and role creation

// Create token using TokenBuilder
Token token = Token.builder()
                   .withId("token id")
                   .withDisplayName("new test token")
                   .withPolicies("pol1", "pol2")
                   .build();
vault.createToken(token);

// Create AppRole credentials
vault.createAppRole("testrole", policyList);
AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");

Links

Project Page

JavaDoc API

License

The project is licensed under Apache License 2.0.