stklcode/jvaultconnector
stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 33 Wiki Activity
Page: Usage Secrets
Pages
Home Installation Usage Authorization Usage Connection Usage Secrets Usage Tokens Usage
Clone
4
Usage Secrets
Stefan Kalscheuer edited this page 2021-04-05 19:59:37 +02:00
Table of Contents

Java Vault Connector

Usage Examples

Secrets

The connector supports reading and writing of secrets to any exposed location inside Vault. Several common features have been abstracted to reduce overhead code.

Basic read and write operations

 VaultConnector connector = ...;
 // Read arbitrary location.
 SecretResponse secret = connector.read("secret/to/read");
 // Get attribute from secret.
 Object value = secret.get("value");
 // Parse attribute (JSON) into custom class.
 MyClass customValue = secret.get("custom_value", MyClass.class);
 
 // Write data to Vault.
 Map<String, Object> data = new HashMap<>();
 data.put("attr1", "value1");
 data.put("attr2", 42);
 connector.write("secret/to/write", data);
 
 // Delete a secret.
 connector.delete("secret/to/delete");

Read and write to default secret/ mount

 // Read from "secret/to/read".
 SecretResponse secret = connector.read("secret/to/read");
 
 // Write to "secret/to/write".
 connector.write("secret/to/write", data);
 
 // Delete a secret "secret/to/delete.
 connector.delete("secret/to/delete");

Read and write data/metadata with KV v2 backend

 // Read current data version, expands to "mount/data/to/read".
 SecretResponse secret = connector.readSecretData("mount", "to/read");
 
 // Read a specific version of this secret.
 secret = connector.readSecretVersion("mount", "to/read", 5);
 
 // Read metadata, expands to "mount/metadata/to/read".
 MetadataResponse meta = connector.readSecretMetadata("mount", "to/read");
 
 // Write a KV v2 secret, expands to "mount/data/to/write".
 SecretVersionResponse newVersion = connector.writeSecretData("mount", "to/write", data);
 
 // Write to KV v2 with Check-And-Set for specific version.
 newVersion = connector.writeSecretData("mount", "to/write", data, 3);
 
 // Update metadata to maximum Versions 10 and enforce CAS.
 connector.updateSecretMetadata("mount", "to/write", 10, true);
 
 // Delete specific secret version(s). undelete...() and destroy...() also available.
 connector.deleteSecretVersions("mount", "to/delete", 1, 2, 4);

Read database credentials

 // For arbitrary mount point.
 CredentialsResponse cred = connector.readDbCredentials("role", "mount");
 String username = cred.getUsername();
 String password = cred.getPassword();
 
 // Convenience for default MySQL, PostgreSQL and MongoDB backends.
 cred = connector.readMySqlCredentials("role");
 cred = connector.readPostgreSqlCredentials("role");
 cred = connector.readMongoDbCredentials("role");

Home

Installation

Usage Examples

Licensed under Apache License 2.0Project PageJavaDoc API