org.springframework.vault.core

Class VaultTemplate

java.lang.Object

org.springframework.vault.core.VaultTemplate

All Implemented Interfaces:

org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, VaultOperations

public class VaultTemplate
extends Object
implements org.springframework.beans.factory.InitializingBean, VaultOperations, org.springframework.beans.factory.DisposableBean

This class encapsulates main Vault interaction. VaultTemplate will log into Vault on initialization and use the token throughout the whole lifetime.

Author:

Mark Paluch

See Also:

SessionManager

Constructor Summary

Constructors

Constructor and Description
VaultTemplate(RestTemplateBuilder restTemplateBuilder) Create a new VaultTemplate through a RestTemplateBuilder and SessionManager.
VaultTemplate(RestTemplateBuilder restTemplateBuilder, SessionManager sessionManager) Create a new VaultTemplate through a RestTemplateBuilder and SessionManager.
VaultTemplate(VaultEndpoint vaultEndpoint) Create a new VaultTemplate with a VaultEndpoint.
VaultTemplate(VaultEndpoint vaultEndpoint, ClientAuthentication clientAuthentication) Create a new VaultTemplate with a VaultEndpoint and ClientAuthentication.
VaultTemplate(VaultEndpoint vaultEndpoint, org.springframework.http.client.ClientHttpRequestFactory clientHttpRequestFactory) Create a new VaultTemplate with a VaultEndpoint, and ClientHttpRequestFactory.
VaultTemplate(VaultEndpoint vaultEndpoint, org.springframework.http.client.ClientHttpRequestFactory clientHttpRequestFactory, SessionManager sessionManager) Create a new VaultTemplate with a VaultEndpoint, ClientHttpRequestFactory and SessionManager.
VaultTemplate(VaultEndpointProvider endpointProvider, org.springframework.http.client.ClientHttpRequestFactory requestFactory) Create a new VaultTemplate with a VaultEndpointProvider, ClientHttpRequestFactory and SessionManager.
VaultTemplate(VaultEndpointProvider endpointProvider, org.springframework.http.client.ClientHttpRequestFactory requestFactory, SessionManager sessionManager) Create a new VaultTemplate with a VaultEndpointProvider, ClientHttpRequestFactory and SessionManager.

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
void	delete(String path) Delete a path.
void	destroy()
protected org.springframework.web.client.RestTemplate	doCreateRestTemplate(VaultEndpointProvider endpointProvider, org.springframework.http.client.ClientHttpRequestFactory requestFactory) Create a RestTemplate to be used by VaultTemplate for Vault communication given VaultEndpointProvider and ClientHttpRequestFactory.
protected org.springframework.web.client.RestTemplate	doCreateSessionTemplate(VaultEndpointProvider endpointProvider, org.springframework.http.client.ClientHttpRequestFactory requestFactory) Create a session-bound RestTemplate to be used by VaultTemplate for Vault communication given VaultEndpointProvider and ClientHttpRequestFactory for calls that require an authenticated context.
<T> T	doWithSession(RestOperationsCallback<T> sessionCallback) Executes a Vault RestOperationsCallback.
<T> T	doWithVault(RestOperationsCallback<T> clientCallback) Executes a Vault RestOperationsCallback.
List<String>	list(String path) Enumerate keys from a Vault path.
VaultKeyValueOperations	opsForKeyValue(String path, VaultKeyValueOperationsSupport.KeyValueBackend apiVersion) Return VaultKeyValueOperations.
VaultPkiOperations	opsForPki()
VaultPkiOperations	opsForPki(String path) Return VaultPkiOperations if the PKI backend is mounted on a different path than pki.
VaultSysOperations	opsForSys()
VaultTokenOperations	opsForToken()
VaultTransformOperations	opsForTransform()
VaultTransformOperations	opsForTransform(String path) Return VaultTransformOperations if the transit backend is mounted on a different path than transform.
VaultTransitOperations	opsForTransit()
VaultTransitOperations	opsForTransit(String path) Return VaultTransitOperations if the transit backend is mounted on a different path than transit.
VaultVersionedKeyValueOperations	opsForVersionedKeyValue(String path) Return VaultVersionedKeyValueOperations.
VaultWrappingOperations	opsForWrapping()
VaultResponse	read(String path) Read from a Vault path.
<T> VaultResponseSupport<T>	read(String path, Class<T> responseType) Read from a secret backend.
void	setSessionManager(SessionManager sessionManager) Set the SessionManager.
VaultResponse	write(String path, Object body) Write to a Vault path.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.vault.core.VaultOperations

write

Constructor Detail

VaultTemplate

public VaultTemplate(VaultEndpoint vaultEndpoint)

Create a new VaultTemplate with a VaultEndpoint. This constructor does not use a ClientAuthentication mechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using the authentication token header.

Parameters:

vaultEndpoint - must not be null.

Since:

2.2.1

VaultTemplate

public VaultTemplate(VaultEndpoint vaultEndpoint,
                     ClientAuthentication clientAuthentication)

Create a new VaultTemplate with a VaultEndpoint and ClientAuthentication.

Parameters:

vaultEndpoint - must not be null.

clientAuthentication - must not be null.

VaultTemplate

public VaultTemplate(VaultEndpoint vaultEndpoint,
                     org.springframework.http.client.ClientHttpRequestFactory clientHttpRequestFactory)

Create a new VaultTemplate with a VaultEndpoint, and ClientHttpRequestFactory. This constructor does not use a ClientAuthentication mechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using the authentication token header.

Parameters:

vaultEndpoint - must not be null.

clientHttpRequestFactory - must not be null.

Since:

2.2.1

VaultTemplate

public VaultTemplate(VaultEndpoint vaultEndpoint,
                     org.springframework.http.client.ClientHttpRequestFactory clientHttpRequestFactory,
                     SessionManager sessionManager)

Create a new VaultTemplate with a VaultEndpoint, ClientHttpRequestFactory and SessionManager.

Parameters:

vaultEndpoint - must not be null.

clientHttpRequestFactory - must not be null.

sessionManager - must not be null.

VaultTemplate

public VaultTemplate(VaultEndpointProvider endpointProvider,
                     org.springframework.http.client.ClientHttpRequestFactory requestFactory)

Create a new VaultTemplate with a VaultEndpointProvider, ClientHttpRequestFactory and SessionManager. This constructor does not use a ClientAuthentication mechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using the authentication token header.

Parameters:

endpointProvider - must not be null.

requestFactory - must not be null.

Since:

2.2.1

VaultTemplate

public VaultTemplate(VaultEndpointProvider endpointProvider,
                     org.springframework.http.client.ClientHttpRequestFactory requestFactory,
                     SessionManager sessionManager)

Create a new VaultTemplate with a VaultEndpointProvider, ClientHttpRequestFactory and SessionManager.

Parameters:

endpointProvider - must not be null.

requestFactory - must not be null.

sessionManager - must not be null.

Since:

1.1

VaultTemplate

public VaultTemplate(RestTemplateBuilder restTemplateBuilder)

Create a new VaultTemplate through a RestTemplateBuilder and SessionManager. This constructor does not use a ClientAuthentication mechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using the authentication token header.

Parameters:

restTemplateBuilder - must not be null.

Since:

2.2.1

VaultTemplate

public VaultTemplate(RestTemplateBuilder restTemplateBuilder,
                     SessionManager sessionManager)

Create a new VaultTemplate through a RestTemplateBuilder and SessionManager.

Parameters:

restTemplateBuilder - must not be null.

sessionManager - must not be null.

Since:

2.2

Method Detail

doCreateRestTemplate

protected org.springframework.web.client.RestTemplate doCreateRestTemplate(VaultEndpointProvider endpointProvider,
                                                                           org.springframework.http.client.ClientHttpRequestFactory requestFactory)

Create a RestTemplate to be used by VaultTemplate for Vault communication given VaultEndpointProvider and ClientHttpRequestFactory. VaultEndpointProvider is used to contribute host and port details for relative URLs typically used by the Template API. Subclasses may override this method to customize the RestTemplate.

Parameters:

endpointProvider - must not be null.

requestFactory - must not be null.

Returns:

the RestTemplate used for Vault communication.

Since:

2.1

doCreateSessionTemplate

protected org.springframework.web.client.RestTemplate doCreateSessionTemplate(VaultEndpointProvider endpointProvider,
                                                                              org.springframework.http.client.ClientHttpRequestFactory requestFactory)

Create a session-bound RestTemplate to be used by VaultTemplate for Vault communication given VaultEndpointProvider and ClientHttpRequestFactory for calls that require an authenticated context. VaultEndpointProvider is used to contribute host and port details for relative URLs typically used by the Template API. Subclasses may override this method to customize the RestTemplate.

Parameters:

endpointProvider - must not be null.

requestFactory - must not be null.

Returns:

the RestTemplate used for Vault communication.

Since:

2.1

setSessionManager

public void setSessionManager(SessionManager sessionManager)

Set the SessionManager.

Parameters:

sessionManager - must not be null.

afterPropertiesSet

public void afterPropertiesSet()

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

destroy

public void destroy()
             throws Exception

Specified by:

destroy in interface org.springframework.beans.factory.DisposableBean

Throws:

Exception

opsForKeyValue

public VaultKeyValueOperations opsForKeyValue(String path,
                                              VaultKeyValueOperationsSupport.KeyValueBackend apiVersion)

Description copied from interface: VaultOperations

Return VaultKeyValueOperations.

Specified by:

opsForKeyValue in interface VaultOperations

Parameters:

path - the mount path, must not be empty or null.

apiVersion - API version to use, must not be null.

Returns:

the operations interface to interact with the Vault Key/Value backend.

opsForVersionedKeyValue

public VaultVersionedKeyValueOperations opsForVersionedKeyValue(String path)

Description copied from interface: VaultOperations

Return VaultVersionedKeyValueOperations.

Specified by:

opsForVersionedKeyValue in interface VaultOperations

Parameters:

path - the mount path

Returns:

the operations interface to interact with the versioned Vault Key/Value (version 2) backend.

opsForPki

public VaultPkiOperations opsForPki()

Specified by:

opsForPki in interface VaultOperations

Returns:

the operations interface to interact with the Vault PKI backend.

opsForPki

public VaultPkiOperations opsForPki(String path)

Description copied from interface: VaultOperations

Return VaultPkiOperations if the PKI backend is mounted on a different path than pki.

Specified by:

opsForPki in interface VaultOperations

Parameters:

path - the mount path

Returns:

the operations interface to interact with the Vault PKI backend.

opsForSys

public VaultSysOperations opsForSys()

Specified by:

opsForSys in interface VaultOperations

Returns:

the operations interface administrative Vault access.

opsForToken

public VaultTokenOperations opsForToken()

Specified by:

opsForToken in interface VaultOperations

Returns:

the operations interface to interact with Vault token.

opsForTransform

public VaultTransformOperations opsForTransform()

Specified by:

opsForTransform in interface VaultOperations

Returns:

the operations interface to interact with the Vault transform backend.

opsForTransform

public VaultTransformOperations opsForTransform(String path)

Description copied from interface: VaultOperations

Return VaultTransformOperations if the transit backend is mounted on a different path than transform.

Specified by:

opsForTransform in interface VaultOperations

Parameters:

path - the mount path

Returns:

the operations interface to interact with the Vault transform backend.

opsForTransit

public VaultTransitOperations opsForTransit()

Specified by:

opsForTransit in interface VaultOperations

Returns:

the operations interface to interact with the Vault transit backend.

opsForTransit

public VaultTransitOperations opsForTransit(String path)

Description copied from interface: VaultOperations

Return VaultTransitOperations if the transit backend is mounted on a different path than transit.

Specified by:

opsForTransit in interface VaultOperations

Parameters:

path - the mount path

Returns:

the operations interface to interact with the Vault transit backend.

opsForWrapping

public VaultWrappingOperations opsForWrapping()

Specified by:

opsForWrapping in interface VaultOperations

Returns:

the operations interface to interact with the Vault system/wrapping endpoints.

read

public VaultResponse read(String path)

Description copied from interface: VaultOperations

Read from a Vault path. Reading data using this method is suitable for API calls/secret backends that do not require a request body.

Specified by:

read in interface VaultOperations

Parameters:

path - must not be null.

Returns:

the data. May be null if the path does not exist.

read

@Nullable
public <T> VaultResponseSupport<T> read(String path,
                                                  Class<T> responseType)

Description copied from interface: VaultOperations

Read from a secret backend. Reading data using this method is suitable for secret backends that do not require a request body.

Specified by:

read in interface VaultOperations

Parameters:

path - must not be null.

responseType - must not be null.

Returns:

the data. May be null if the path does not exist.

list

@Nullable
public List<String> list(String path)

Description copied from interface: VaultOperations

Enumerate keys from a Vault path.

Specified by:

list in interface VaultOperations

Parameters:

path - must not be null.

Returns:

the data. May be null if the path does not exist.

write

@Nullable
public VaultResponse write(String path,
                                     @Nullable
                                     Object body)

Description copied from interface: VaultOperations

Write to a Vault path.

Specified by:

write in interface VaultOperations

Parameters:

path - must not be null.

body - the body, may be null if absent.

Returns:

the response, may be null.

delete

public void delete(String path)

Description copied from interface: VaultOperations

Delete a path.

Specified by:

delete in interface VaultOperations

Parameters:

path - must not be null.

doWithVault

public <T> T doWithVault(RestOperationsCallback<T> clientCallback)

Description copied from interface: VaultOperations

Executes a Vault RestOperationsCallback. Allows to interact with Vault using RestOperations without requiring a session.

Specified by:

doWithVault in interface VaultOperations

Parameters:

clientCallback - the request.

Returns:

the RestOperationsCallback return value.

doWithSession

public <T> T doWithSession(RestOperationsCallback<T> sessionCallback)

Description copied from interface: VaultOperations

Executes a Vault RestOperationsCallback. Allows to interact with Vault in an authenticated session.

Specified by:

doWithSession in interface VaultOperations

Parameters:

sessionCallback - the request.

Returns:

the RestOperationsCallback return value.