org.springframework.vault.core

Interface VaultPkiOperations

All Known Implementing Classes:

VaultPkiTemplate

public interface VaultPkiOperations

Interface that specifies PKI backend-related operations.

The PKI secret backend for Vault generates X.509 certificates dynamically based on configured roles. This means services can get certificates needed for both client and server authentication without going through the usual manual process of generating a private key and CSR, submitting to a CA, and waiting for a verification and signing process to complete. Vault's built-in authentication and authorization mechanisms provide the verification functionality.

Author:

Mark Paluch

See Also:

https://www.vaultproject.io/docs/secrets/pki/index.html

Method Summary

Modifier and Type	Method and Description
VaultCertificateResponse	issueCertificate(String roleName, VaultCertificateRequest certificateRequest) Requests a certificate bundle (private key and certificate) from Vault's PKI backend given a roleName and VaultCertificateRequest.

Method Detail

issueCertificate

VaultCertificateResponse issueCertificate(String roleName,
                                          VaultCertificateRequest certificateRequest)
                                   throws VaultException

Requests a certificate bundle (private key and certificate) from Vault's PKI backend given a roleName and VaultCertificateRequest. The issuing CA certificate is returned as well, so that only the root CA need be in a client's trust store. Certificates use DER format and are base64 encoded.

Parameters:

roleName - must not be empty or null.

certificateRequest - must not be null.

Returns:

the VaultCertificateResponse containing a CertificateBundle .

Throws:

VaultException

See Also:

POST /pki/issue/[role name]