Go to file

Stefan Kalscheuer af7b99587f Model classes and various method parameters declared final.

As the model classes are not designed for inheritance, they are now explicitly declared final.
Same for various input parameters, as thes should be immutable in most methods.

2017-08-02 17:46:55 +02:00

assets

PNG logo

2017-03-18 14:35:00 +01:00

src

Model classes and various method parameters declared final.

2017-08-02 17:46:55 +02:00

.gitignore

.gitignore in repo

2017-03-19 12:40:13 +01:00

.travis.yml

Fix token creation test for compatibiltiy with Vault 0.8.0 (#10 )

2017-07-31 20:38:54 +02:00

CHANGELOG.md

Preparations for 0.6.0 release

2017-05-12 12:15:35 +02:00

LICENSE.txt

Initial Import

2016-03-29 15:52:31 +02:00

pom.xml

Bump Jackson to 2.9.0

2017-07-31 20:46:15 +02:00

README.md

Test against 0.7.3

2017-06-08 21:18:50 +02:00

README.md

Java Vault Connector

Java Vault Connector is a connector library for Vault by Hashicorp written in Java. The connector allows simple usage of Vault's secret store in own applications.

Features:

HTTP(S) backend connector
- Ability to provide or enforce custom CA certificate
- Optional initialization from environment variables
Authorization methods
- Token
- Username/Password
- AppID (register and authenticate) [deprecated]
- AppRole (register and authenticate)
Tokens
- Creation and lookup of tokens
- TokenBuilder for speaking creation of complex configuraitons
Secrets
- Read secrets
- Write secrets
- List secrets
- Delete secrets
- Renew/revoke leases
- Raw secret content or JSON decoding
- SQL secret handling
Connector Factory with builder pattern
Tested against Vault 0.7.3

Maven Artifact

<dependency>
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>connector</artifactId>
    <version>0.6.0</version>
</dependency>

Usage Examples

Initialization

// Instantiate using builder pattern style factory (TLS enabled by default)
VaultConnector vault = VaultConnectorFactory.httpFactory()
 .withHost("127.0.0.1")
 .withPort(8200)
 .withTLS()
 .build();

// Instantiate with custom SSL context
VaultConnector vault = VaultConnectorFactory.httpFactory()
 .withHost("example.com")
 .withPort(8200)
 .withTrustedCA(Paths.get("/path/to/CA.pem"))
 .build();

// Initialization from environment variables 
VaultConnector vault = VaultConnectorFactory.httpFactory()
 .fromEnv()
 .build();

Authentication

// Authenticate with token
vault.authToken("01234567-89ab-cdef-0123-456789abcdef");

// Authenticate with username and password
vault.authUserPass("username", "p4ssw0rd");

// Authenticate with AppID (secret - 2nd argument - is optional)
vault.authAppId("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");

Secret read & write

// Retrieve secret (prefix "secret/" assumed, use read() to read arbitrary paths)
String secret = vault.readSecret("some/secret/key").getValue();

// Complex secret
Map<String, Object> secretData = vault.readSecret("another/secret/key").getData();

// Write simple secret
vault.writeSecret("new/secret/key", "secret value");

// Write complex data to arbitraty path
Map<String, Object> map = [...]
vault.write("any/path/to/write", map);

// Delete secret
vault.delete("any/path/to/write");

Token and role creation

// Create token using TokenBuilder
Token token = new TokenBuilder().withId("token id")
                                .withDisplayName("new test token")
                                .withPolicies("pol1", "pol2")
                                .build();
vault.createToken(token);

// Create AppRole credentials
vault.createAppRole("testrole", policyList);
AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");

Links

Project Page

JavaDoc API

Planned features

Creation and modification of policies
Implement more authentication methods

License

The project is licensed under Apache License 2.0.