The connector supports reading and writing of secrets to any exposed location inside Vault.
Several common features have been abstracted to reduce overhead code.
Basic read and write operations
VaultConnectorconnector=...;// Read arbitrary location.SecretResponsesecret=connector.read("secret/to/read");// Get attribute from secret.Objectvalue=secret.get("value");// Parse attribute (JSON) into custom class.MyClasscustomValue=secret.get("custom_value",MyClass.class);// Write data to Vault.Map<String,Object>data=newHashMap<>();data.put("attr1","value1");data.put("attr2",42);connector.write("secret/to/write",data);// Delete a secret.connector.delete("secret/to/delete");
Read and write to default secret/ mount
// Read from "secret/to/read".SecretResponsesecret=connector.read("secret/to/read");// Write to "secret/to/write".connector.write("secret/to/write",data);// Delete a secret "secret/to/delete.connector.delete("secret/to/delete");
Read and write data/metadata with KV v2 backend
// Read current data version, expands to "mount/data/to/read".SecretResponsesecret=connector.readSecretData("mount","to/read");// Read a specific version of this secret.secret=connector.readSecretVersion("mount","to/read",5);// Read metadata, expands to "mount/metadata/to/read".MetadataResponsemeta=connector.readSecretMetadata("mount","to/read");// Write a KV v2 secret, expands to "mount/data/to/write".SecretVersionResponsenewVersion=connector.writeSecretData("mount","to/write",data);// Write to KV v2 with Check-And-Set for specific version.newVersion=connector.writeSecretData("mount","to/write",data,3);// Update metadata to maximum Versions 10 and enforce CAS.connector.updateSecretMetadata("mount","to/write",10,true);// Delete specific secret version(s). undelete...() and destroy...() also available.connector.deleteSecretVersions("mount","to/delete",1,2,4);
Read database credentials
// For arbitrary mount point.CredentialsResponsecred=connector.readDbCredentials("role","mount");Stringusername=cred.getUsername();Stringpassword=cred.getPassword();// Convenience for default MySQL, PostgreSQL and MongoDB backends.cred=connector.readMySqlCredentials("role");cred=connector.readPostgreSqlCredentials("role");cred=connector.readMongoDbCredentials("role");