org.springframework.vault.core

Interface VaultOperations

All Known Implementing Classes:

VaultTemplate

public interface VaultOperations

Interface that specifies a basic set of Vault operations, implemented by VaultTemplate. This is the main entry point to interact with Vault in an authenticated and unauthenticated context with configured VaultClient instances.

VaultOperations resolves VaultClient instances and allows execution of callback methods on various levels. Callbacks can execute requests within a session, the client (without requiring a session) and a low-level RestTemplate level.

Author:

Mark Paluch

See Also:

doWithVault(ClientCallback), doWithVault(SessionCallback), VaultOperations#doWithRestTemplate(String, Map, RestTemplateCallback), VaultClient, VaultTemplate, VaultTokenOperations, SessionManager

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static interface	VaultOperations.ClientCallback<T> A callback for executing arbitrary operations on the VaultClient.
static interface	VaultOperations.SessionCallback<T> A callback for executing arbitrary operations on the VaultOperations.VaultSession.
static interface	VaultOperations.VaultSession An authenticated Vault session.

Method Summary

Modifier and Type	Method and Description
void	delete(String path) Delete a path in the secret backend.
<T> T	doWithRestTemplate(String pathTemplate, Map<String,?> variables, VaultAccessor.RestTemplateCallback<T> callback) Executes VaultAccessor.RestTemplateCallback.
<T> T	doWithVault(VaultOperations.ClientCallback<T> clientCallback) Executes a Vault VaultOperations.ClientCallback.
<T> T	doWithVault(VaultOperations.SessionCallback<T> sessionCallback) Executes a Vault VaultOperations.SessionCallback.
List<String>	list(String path) Enumerate keys from a secret backend.
VaultPkiOperations	opsForPki()
VaultPkiOperations	opsForPki(String path) Returns VaultPkiOperations if the PKI backend is mounted on a different path than pki.
VaultSysOperations	opsForSys()
VaultTokenOperations	opsForToken()
VaultTransitOperations	opsForTransit()
VaultTransitOperations	opsForTransit(String path) Returns VaultTransitOperations if the transit backend is mounted on a different path than transit.
VaultResponse	read(String path) Read from a secret backend.
<T> VaultResponseSupport<T>	read(String path, Class<T> responseType) Read from a secret backend.
VaultResponse	write(String path, Object body) Write to a secret backend.

Method Detail

opsForSys

VaultSysOperations opsForSys()

Returns:

the operations interface administrative Vault access.

opsForToken

VaultTokenOperations opsForToken()

Returns:

the operations interface to interact with Vault token.

opsForTransit

VaultTransitOperations opsForTransit()

Returns:

the operations interface to interact with the Vault transit backend.

opsForTransit

VaultTransitOperations opsForTransit(String path)

Returns VaultTransitOperations if the transit backend is mounted on a different path than transit.

Parameters:

path - the mount path

Returns:

the operations interface to interact with the Vault transit backend.

opsForPki

VaultPkiOperations opsForPki()

Returns:

the operations interface to interact with the Vault PKI backend.

opsForPki

VaultPkiOperations opsForPki(String path)

Returns VaultPkiOperations if the PKI backend is mounted on a different path than pki.

Parameters:

path - the mount path

Returns:

the operations interface to interact with the Vault PKI backend.

read

VaultResponse read(String path)

Read from a secret backend. Reading data using this method is suitable for secret backends that do not require a request body.

Parameters:

path - must not be null.

Returns:

the data. May be null if the path does not exist.

read

<T> VaultResponseSupport<T> read(String path,
                                 Class<T> responseType)

Read from a secret backend. Reading data using this method is suitable for secret backends that do not require a request body.

Parameters:

path - must not be null.

responseType - must not be null.

Returns:

the data. May be null if the path does not exist.

list

List<String> list(String path)

Enumerate keys from a secret backend.

Parameters:

path - must not be null.

Returns:

the data. May be null if the path does not exist.

write

VaultResponse write(String path,
                    Object body)

Write to a secret backend.

Parameters:

path - must not be null.

body - the body, may be null if absent.

Returns:

the configuration data. May be empty but never null.

delete

void delete(String path)

Delete a path in the secret backend.

Parameters:

path - must not be null.

doWithVault

<T> T doWithVault(VaultOperations.ClientCallback<T> clientCallback)

Executes a Vault VaultOperations.ClientCallback. Allows to interact with Vault using VaultClient without requiring a session.

Parameters:

clientCallback - the request.

Returns:

the VaultOperations.ClientCallback return value.

doWithVault

<T> T doWithVault(VaultOperations.SessionCallback<T> sessionCallback)

Executes a Vault VaultOperations.SessionCallback. Allows to interact with Vault in an authenticated session.

Parameters:

sessionCallback - the request.

Returns:

the VaultOperations.SessionCallback return value.

doWithRestTemplate

<T> T doWithRestTemplate(String pathTemplate,
                         Map<String,?> variables,
                         VaultAccessor.RestTemplateCallback<T> callback)

Executes VaultAccessor.RestTemplateCallback. Expands the pathTemplate to an URI and allows low-level interaction with the underlying RestTemplate.

Parameters:

pathTemplate - the path of the resource, e.g. transit/ key/foo}, must not be empty or null.

variables - the variables for expansion of the pathTemplate, must not be null.

callback - the request callback.

Returns:

the VaultAccessor.RestTemplateCallback return value.