Stefan Kalscheuer d329af2c67
deprecate default methods to read specific database credentials (#92)
The interface has some methods to read database credentials from
specific mountpoints like "mysql". While ann database mounts share
the same credential endpoints, the mount point itself can have any
name. Let's clean up some methods of low benefit and deprecate the
convenience methods.

Trivial replacement is `getDbCredentials()` with explicit mount point,
if it's actually mounted on that path.
2025-03-09 11:43:15 +01:00
2018-03-25 17:11:16 +02:00
2023-10-23 18:24:22 +02:00
2024-12-07 10:54:24 +01:00
2021-06-06 15:05:21 +02:00
2016-03-29 15:52:31 +02:00
2024-12-07 10:54:24 +01:00
2024-12-07 10:54:24 +01:00
2025-03-02 18:40:01 +01:00

Java Vault Connector

CI Quality Gate Status License Maven Central Version

Logo

Java Vault Connector is a connector library for Vault by Hashicorp written in Java. The connector allows simple usage of Vault's secret store in own applications.

Features:

  • HTTP(S) backend connector
    • Ability to provide or enforce custom CA certificate
    • Optional initialization from environment variables
  • Authorization methods
    • Token
    • Username/Password
    • AppRole (register and authenticate)
  • Tokens
    • Creation and lookup of tokens and token roles
    • TokenBuilder for speaking creation of complex configurations
  • Secrets
    • Read secrets
    • Write secrets
    • List secrets
    • Delete secrets
    • Renew/revoke leases
    • Raw secret content or JSON decoding
    • SQL secret handling
    • KV v1 and v2 support
  • Connector Factory with builder pattern
  • Tested against Vault 1.2 to 1.19

Maven Artifact

<dependency>
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>jvault-connector</artifactId>
    <version>1.4.0</version>
</dependency>

Usage Examples

Initialization

// Instantiate using builder pattern style factory (TLS enabled by default)
VaultConnector vault = HTTPVaultConnector.builder()
 .withHost("127.0.0.1")
 .withPort(8200)
 .withTLS()
 .build();

// Instantiate with custom SSL context
VaultConnector vault = HTTPVaultConnector.builder("https://example.com:8200/v1/")
 .withTrustedCA(Paths.get("/path/to/CA.pem"))
 .build();

// Initialization from environment variables
VaultConnector vault = HTTPVaultConnector.builder()
 .fromEnv()
 .build();

Authentication

// Authenticate with token.
vault.authToken("01234567-89ab-cdef-0123-456789abcdef");

// Authenticate with username and password.
vault.authUserPass("username", "p4ssw0rd");

// Authenticate with AppRole (secret - 2nd argument - is optional).
vault.authAppRole("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");

Secret read & write

// Retrieve secret (prefix "secret/" assumed, use read() to read arbitrary paths)
String secret = vault.read("secret/some/key").get("value", String.class);

// Complex secret.
Map<String, Object> secretData = vault.read("secret/another/key").getData();

// Write simple secret.
vault.write("secret/new/key", "secret value");

// Write complex data.
Map<String, Object> map = ...;
vault.write("path/to/write", map);

// Delete secret.
vault.delete("path/to/delete");

Token and role creation

// Create token using TokenBuilder
Token token = Token.builder()
                   .withId("token id")
                   .withDisplayName("new test token")
                   .withPolicies("pol1", "pol2")
                   .build();
vault.createToken(token);

// Create AppRole credentials
vault.createAppRole("testrole", policyList);
AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");

Project Page

JavaDoc API

License

The project is licensed under Apache License 2.0.

Description
Java Vault Connector - Connect Hashicorp's Vault with your Java application.
https://jvault.stklcode.de Readme 2.7 MiB
v1.5.0 Latest
2025-04-13 09:43:59 +00:00
Languages
Java 100%