Usage examples for secret handling

Home.md

@@ -12,8 +12,8 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
 * Authorization methods
     * Token
     * Username/Password
-    * AppID (register and authenticate) [_deprecated_]
     * AppRole (register and authenticate)
+    * AppID (register and authenticate) [_deprecated_]
 * Tokens
     * Creation and lookup of tokens
     * TokenBuilder for speaking creation of complex configuraitons
@@ -28,89 +28,6 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
 * Connector Factory with builder pattern
 * Tested against Vault 1.1.0
 
-
-## Maven Artifact
-```xml
-<dependency>
-    <groupId>de.stklcode.jvault</groupId>
-    <artifactId>connector</artifactId>
-    <version>0.7.1</version>
-</dependency>
-```
-
-## Usage Examples
-
-### Initialization
-
-```java
-// Instantiate using builder pattern style factory (TLS enabled by default)
-VaultConnector vault = VaultConnectorFactory.httpFactory()
- .withHost("127.0.0.1")
- .withPort(8200)
- .withTLS()
- .build();
-
-// Instantiate with custom SSL context
-VaultConnector vault = VaultConnectorFactory.httpFactory()
- .withHost("example.com")
- .withPort(8200)
- .withTrustedCA(Paths.get("/path/to/CA.pem"))
- .build();
-
-// Initialization from environment variables 
-VaultConnector vault = VaultConnectorFactory.httpFactory()
- .fromEnv()
- .build();
-```
-
-### Authentication
-
-```java
-// Authenticate with token.
-vault.authToken("01234567-89ab-cdef-0123-456789abcdef");
-
-// Authenticate with username and password.
-vault.authUserPass("username", "p4ssw0rd");
-
-// Authenticate with AppRole (secret - 2nd argument - is optional).
-vault.authAppId("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");
-```
-
-### Secret read & write
-
-```java
-// Retrieve secret (prefix "secret/" assumed, use read() to read arbitrary paths)
-String secret = vault.readSecret("some/secret/key").getValue();
-
-// Complex secret.
-Map<String, Object> secretData = vault.readSecret("another/secret/key").getData();
-
-// Write simple secret.
-vault.writeSecret("new/secret/key", "secret value");
-
-// Write complex data to arbitraty path.
-Map<String, Object> map = [...]
-vault.write("any/path/to/write", map);
-
-// Delete secret.
-vault.delete("any/path/to/write");
-```
-
-### Token and role creation
-
-```java
-// Create token using TokenBuilder
-Token token = new TokenBuilder().withId("token id")
-                                .withDisplayName("new test token")
-                                .withPolicies("pol1", "pol2")
-                                .build();
-vault.createToken(token);
-
-// Create AppRole credentials
-vault.createAppRole("testrole", policyList);
-AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");
-```
-
 ## Links
 
 [Project Page](http://jvault.stklcode.de)

Usage-Secrets.md

@@ -0,0 +1,80 @@
+# Java Vault Connector 
+
+## Usage Examples
+
+### Secrets
+
+The connector supports reading and writing of secrets to any exposed location inside Vault.
+Several common features have been abstracted to reduce overhead code.
+
+#### Basic read and write operations
+ 
+```java
+ VaultConnector connector = ...;
+ // Read arbitrary location.
+ SecretResponse secret = connector.read("secret/to/read");
+ // Get attribute from secret.
+ Object value = secret.get("value");
+ // Parse attribute (JSON) into custom class.
+ MyClass customValue = secret.get("custom_value", MyClass.class);
+ 
+ // Write data to Vault.
+ Map<String, Object> data = new HashMap<>();
+ data.put("attr1", "value1");
+ data.put("attr2", 42);
+ connector.write("secret/to/write", data);
+ 
+ // Delete a secret-
+ connector.deleteSecret("secret/to/delete");
+```
+
+#### Read and write to default _secret/_ mount
+
+```java
+ // Read from "secret/to/read".
+ SecretResponse secret = connector.readSecret("to/read");
+ 
+ // Write to "secret/to/write".
+ connector.writeSecret("to/write", data);
+ 
+ // Delete a secret "secret/to/delete.
+ connector.deleteSecret("to/delete");
+```
+
+#### Read and write data/metadata with KV v2 backend
+
+```java
+ // Read current data version, expands to "mount/data/to/read".
+ SecretResponse secret = connector.readSecretData("mount", "to/read");
+ 
+ // Read a specific version of this secret.
+ secret = connector.readSecretVersion("mount", "to/read", 5);
+ 
+ // Read metadata, expands to "mount/metadata/to/read".
+ MetadataResponse meta = connector.readSecretMetadata("mount", "to/read");
+ 
+ // Write a KV v2 secret, expands to "mount/data/to/write".
+ SecretVersionResponse newVersion = connector.writeSecretData("mount", "to/write", data);
+ 
+ // Write to KV v2 with Check-And-Set for specific version.
+ newVersion = connector.writeSecretData("mount", "to/write", data, 3);
+ 
+ // Update metadata to maximum Versions 10 and enforce CAS.
+ connector.updateSecretMetadata("mount", "to/write", 10, true);
+ 
+ // Delete specifc secret version(s). undelete...() and destroy...() also available.
+ connector.deleteSecretVersions("mount", "to/delete", 1, 2, 4);
+```
+#### Read database credentials.
+
+```java
+ // For arbitrary mount point.
+ CredentialsResponse cred = connector.readDbCredentials("role", "mount");
+ String username = cred.getUsername();
+ String password = cred.getPassword();
+ 
+ // Convenience for default MySQL, PostgreSQL and MongoDB backends.
+ cred = connector.readMySqlCredentials("role");
+ cred = connector.readPostgreSqlCredentials("role");
+ cred = connector.readMongoDbCredentials("role");
+```

Usage.md

@@ -11,3 +11,4 @@ For a complete guide refer to the API docs.
 ### Topics:
 * [[Connection|Usage Connection]]
 * [[Authorization|Usage Authorization]]
+* [[Secrets|Usage Secrets]]

_Sidebar.md

@@ -5,3 +5,4 @@
 # [[Usage Examples|Usage]]
 * [[Connection|Usage Connection]]
 * [[Authorization|Usage Authorization]]
+* [[Secrets|Usage Secrets]]