org.springframework.vault.core

Class VaultTemplate

java.lang.Object

org.springframework.vault.core.VaultTemplate

All Implemented Interfaces:

DisposableBean, InitializingBean, VaultOperations

public class VaultTemplate
extends Object
implements InitializingBean, VaultOperations, DisposableBean

This class encapsulates main Vault interaction. VaultTemplate will log into Vault on initialization and use the token throughout the whole lifetime.

Author:

Mark Paluch

See Also:

VaultClientFactory, SessionManager

Nested Class Summary

Nested classes/interfaces inherited from interface org.springframework.vault.core.VaultOperations

VaultOperations.ClientCallback<T>, VaultOperations.SessionCallback<T>, VaultOperations.VaultSession

Constructor Summary

Constructors

Constructor and Description
VaultTemplate() Creates a new VaultTemplate without setting VaultClientFactory and SessionManager.
VaultTemplate(VaultClient vaultClient, ClientAuthentication clientAuthentication) Creates a new VaultTemplate with a VaultClient and ClientAuthentication.
VaultTemplate(VaultClientFactory vaultClientFactory, SessionManager sessionManager) Creates a new VaultTemplate with a VaultClientFactory and SessionManager.

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
void	delete(String path) Delete a path in the secret backend.
void	destroy()
<T> T	doWithRestTemplate(String pathTemplate, Map<String,?> uriVariables, VaultAccessor.RestTemplateCallback<T> callback) Executes VaultAccessor.RestTemplateCallback.
<T> T	doWithVault(VaultOperations.ClientCallback<T> clientCallback) Executes a Vault VaultOperations.ClientCallback.
<T> T	doWithVault(VaultOperations.SessionCallback<T> sessionCallback) Executes a Vault VaultOperations.SessionCallback.
List<String>	list(String path) Enumerate keys from a secret backend.
VaultPkiOperations	opsForPki()
VaultPkiOperations	opsForPki(String path) Returns VaultPkiOperations if the PKI backend is mounted on a different path than pki.
VaultSysOperations	opsForSys()
VaultTokenOperations	opsForToken()
VaultTransitOperations	opsForTransit()
VaultTransitOperations	opsForTransit(String path) Returns VaultTransitOperations if the transit backend is mounted on a different path than transit.
VaultResponse	read(String path) Read from a secret backend.
<T> VaultResponseSupport<T>	read(String path, Class<T> responseType) Read from a secret backend.
void	setSessionManager(SessionManager sessionManager) Set the SessionManager.
void	setVaultClientFactory(VaultClientFactory vaultClientFactory) Set the VaultClientFactory.
VaultResponse	write(String path, Object body) Write to a secret backend.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

VaultTemplate

public VaultTemplate()

Creates a new VaultTemplate without setting VaultClientFactory and SessionManager.

VaultTemplate

public VaultTemplate(VaultClient vaultClient,
                     ClientAuthentication clientAuthentication)

Creates a new VaultTemplate with a VaultClient and ClientAuthentication.

Parameters:

vaultClient - must not be null.

clientAuthentication - must not be null.

VaultTemplate

public VaultTemplate(VaultClientFactory vaultClientFactory,
                     SessionManager sessionManager)

Creates a new VaultTemplate with a VaultClientFactory and SessionManager.

Parameters:

vaultClientFactory - must not be null.

sessionManager - must not be null.

Method Detail

setVaultClientFactory

public void setVaultClientFactory(VaultClientFactory vaultClientFactory)

Set the VaultClientFactory.

Parameters:

vaultClientFactory - must not be null.

setSessionManager

public void setSessionManager(SessionManager sessionManager)

Set the SessionManager.

Parameters:

sessionManager - must not be null.

afterPropertiesSet

public void afterPropertiesSet()

Specified by:

afterPropertiesSet in interface InitializingBean

destroy

public void destroy()
             throws Exception

Specified by:

destroy in interface DisposableBean

Throws:

Exception

opsForSys

public VaultSysOperations opsForSys()

Specified by:

opsForSys in interface VaultOperations

Returns:

the operations interface administrative Vault access.

opsForToken

public VaultTokenOperations opsForToken()

Specified by:

opsForToken in interface VaultOperations

Returns:

the operations interface to interact with Vault token.

opsForTransit

public VaultTransitOperations opsForTransit()

Specified by:

opsForTransit in interface VaultOperations

Returns:

the operations interface to interact with the Vault transit backend.

opsForTransit

public VaultTransitOperations opsForTransit(String path)

Description copied from interface: VaultOperations

Returns VaultTransitOperations if the transit backend is mounted on a different path than transit.

Specified by:

opsForTransit in interface VaultOperations

Parameters:

path - the mount path

Returns:

the operations interface to interact with the Vault transit backend.

opsForPki

public VaultPkiOperations opsForPki()

Specified by:

opsForPki in interface VaultOperations

Returns:

the operations interface to interact with the Vault PKI backend.

opsForPki

public VaultPkiOperations opsForPki(String path)

Description copied from interface: VaultOperations

Returns VaultPkiOperations if the PKI backend is mounted on a different path than pki.

Specified by:

opsForPki in interface VaultOperations

Parameters:

path - the mount path

Returns:

the operations interface to interact with the Vault PKI backend.

doWithVault

public <T> T doWithVault(VaultOperations.ClientCallback<T> clientCallback)

Description copied from interface: VaultOperations

Executes a Vault VaultOperations.ClientCallback. Allows to interact with Vault using VaultClient without requiring a session.

Specified by:

doWithVault in interface VaultOperations

Parameters:

clientCallback - the request.

Returns:

the VaultOperations.ClientCallback return value.

doWithVault

public <T> T doWithVault(VaultOperations.SessionCallback<T> sessionCallback)

Description copied from interface: VaultOperations

Executes a Vault VaultOperations.SessionCallback. Allows to interact with Vault in an authenticated session.

Specified by:

doWithVault in interface VaultOperations

Parameters:

sessionCallback - the request.

Returns:

the VaultOperations.SessionCallback return value.

doWithRestTemplate

public <T> T doWithRestTemplate(String pathTemplate,
                                Map<String,?> uriVariables,
                                VaultAccessor.RestTemplateCallback<T> callback)

Description copied from interface: VaultOperations

Executes VaultAccessor.RestTemplateCallback. Expands the pathTemplate to an URI and allows low-level interaction with the underlying RestTemplate.

Specified by:

doWithRestTemplate in interface VaultOperations

Parameters:

pathTemplate - the path of the resource, e.g. transit/ key/foo}, must not be empty or null.

uriVariables - the variables for expansion of the pathTemplate, must not be null.

callback - the request callback.

Returns:

the VaultAccessor.RestTemplateCallback return value.

read

public VaultResponse read(String path)

Description copied from interface: VaultOperations

Read from a secret backend. Reading data using this method is suitable for secret backends that do not require a request body.

Specified by:

read in interface VaultOperations

Parameters:

path - must not be null.

Returns:

the data. May be null if the path does not exist.

read

public <T> VaultResponseSupport<T> read(String path,
                                        Class<T> responseType)

Description copied from interface: VaultOperations

Read from a secret backend. Reading data using this method is suitable for secret backends that do not require a request body.

Specified by:

read in interface VaultOperations

Parameters:

path - must not be null.

responseType - must not be null.

Returns:

the data. May be null if the path does not exist.

list

public List<String> list(String path)

Description copied from interface: VaultOperations

Enumerate keys from a secret backend.

Specified by:

list in interface VaultOperations

Parameters:

path - must not be null.

Returns:

the data. May be null if the path does not exist.

write

public VaultResponse write(String path,
                           Object body)

Description copied from interface: VaultOperations

Write to a secret backend.

Specified by:

write in interface VaultOperations

Parameters:

path - must not be null.

body - the body, may be null if absent.

Returns:

the configuration data. May be empty but never null.

delete

public void delete(String path)

Description copied from interface: VaultOperations

Delete a path in the secret backend.

Specified by:

delete in interface VaultOperations

Parameters:

path - must not be null.