@NonNullApi @NonNullFields

Package org.springframework.vault.authentication

Support for authentication and session management.

See: Description

Interface Summary

Interface	Description
AppIdUserIdMechanism	Deprecated since 2.2.
AppRoleAuthenticationOptions.RoleId	RoleId type encapsulating how the roleId is actually obtained.
AppRoleAuthenticationOptions.SecretId	SecretId type encapsulating how the secretId is actually obtained.
AuthenticationStepsFactory	Factory interface for components that create AuthenticationSteps.
ClientAuthentication	ClientAuthentication provides VaultToken to be used for authenticated Vault access.
CredentialSupplier	Interface to obtain an arbitrary credential that is uses in ClientAuthentication or AuthenticationSteps methods.
GcpCredentialSupplier	Interface to obtain a GoogleCredential for GCP IAM authentication.
GcpProjectIdAccessor	Interface to obtain a GCP project id for GCP IAM authentication.
GcpServiceAccountIdAccessor	Interface to obtain a service account id for GCP IAM authentication.
GoogleCredentialsAccountIdAccessor	Interface to obtain a service account id for GCP IAM credentials authentication.
GoogleCredentialsSupplier	Interface to obtain a ServiceAccountCredentials for GCP IAM credentials authentication.
KubernetesJwtSupplier	Interface to obtain a Kubernetes Service Account Token for Kubernetes authentication.
LifecycleAwareSessionManagerSupport.RefreshTrigger	Common interface for trigger objects that determine the next execution time of a refresh task.
ReactiveSessionManager	Strategy interface that encapsulates the creation and management of Vault sessions based on VaultToken used by reactive components.
SessionManager	Strategy interface that encapsulates the creation and management of Vault sessions based on VaultToken.
VaultTokenSupplier	VaultTokenSupplier provides a VaultToken to be used for authenticated Vault access.

Class Summary

Class	Description
AppIdAuthentication	Deprecated since 2.2.
AppIdAuthenticationOptions	Deprecated since 2.2.
AppIdAuthenticationOptions.AppIdAuthenticationOptionsBuilder	Builder for AppIdAuthenticationOptions.
AppRoleAuthentication	AppRole implementation of ClientAuthentication.
AppRoleAuthenticationOptions	Authentication options for AppRoleAuthentication.
AppRoleAuthenticationOptions.AppRoleAuthenticationOptionsBuilder	Builder for AppRoleAuthenticationOptions.
AuthenticationEventPublisher	Publisher for AuthenticationEvents.
AuthenticationSteps	Authentication DSL allowing flow composition to create a VaultToken.
AuthenticationSteps.HttpRequest<T>	Value object representing a HTTP request.
AuthenticationSteps.HttpRequestBuilder	Builder for AuthenticationSteps.HttpRequest.
AuthenticationSteps.Node<T>	Intermediate authentication step with authentication flow operators represented as node.
AuthenticationSteps.Pair<L,R>	A tuple of two things.
AuthenticationStepsExecutor	Synchronous executor for AuthenticationSteps using RestOperations to login using authentication flows.
AuthenticationStepsOperator	VaultTokenSupplier using AuthenticationSteps to create an authentication flow emitting VaultToken.
AwsEc2Authentication	AWS-EC2 login implementation.
AwsEc2AuthenticationOptions	Authentication options for AwsEc2Authentication.
AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder	Builder for AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder.
AwsEc2AuthenticationOptions.Nonce	Value object for an authentication nonce.
AwsIamAuthentication	AWS IAM authentication using signed HTTP requests to query the current identity.
AwsIamAuthenticationOptions	Authentication options for AwsIamAuthentication.
AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder	Builder for AwsIamAuthenticationOptions.
AzureMsiAuthentication	Azure MSI (Managed Service Identity) authentication using Azure as trusted third party.
AzureMsiAuthenticationOptions	Authentication options for AzureMsiAuthentication.
AzureMsiAuthenticationOptions.AzureMsiAuthenticationOptionsBuilder	Builder for AzureMsiAuthenticationOptions.
AzureVmEnvironment	Value object representing a VM environment consisting of the subscription Id, the resource group name and the VM name.
CachingVaultTokenSupplier	Default implementation of VaultTokenSupplier caching the VaultToken from a delegate VaultTokenSupplier.
ClientCertificateAuthentication	TLS Client Certificate ClientAuthentication.
ClientCertificateAuthenticationOptions	Authentication options for ClientCertificateAuthentication.
ClientCertificateAuthenticationOptions.ClientCertificateAuthenticationOptionsBuilder	Builder for ClientCertificateAuthenticationOptions.
CubbyholeAuthentication	Cubbyhole ClientAuthentication implementation.
CubbyholeAuthenticationOptions	Authentication options for CubbyholeAuthentication.
CubbyholeAuthenticationOptions.CubbyholeAuthenticationOptionsBuilder	Builder for CubbyholeAuthenticationOptions.
GcpComputeAuthentication	GCP GCE (Google Compute Engine)-based login implementation using GCE's metadata service to create signed JSON Web Token.
GcpComputeAuthenticationOptions	Authentication options for GcpComputeAuthentication.
GcpComputeAuthenticationOptions.GcpComputeAuthenticationOptionsBuilder	Builder for GcpComputeAuthenticationOptions.
GcpIamAuthentication	Deprecated since 2.3.2, use GcpIamCredentialsAuthentication instead.
GcpIamAuthenticationOptions	Deprecated since 2.3.2
GcpIamAuthenticationOptions.GcpIamAuthenticationOptionsBuilder	Builder for GcpIamAuthenticationOptions.
GcpIamAuthenticationSupport	Support class for Google Cloud IAM-based Authentication options.
GcpIamCredentialsAuthentication	Google Cloud IAM credentials login implementation using GCP IAM service accounts to legitimate its authenticity via JSON Web Token using the IAM Credentials projects.serviceAccounts.signJwt method.
GcpIamCredentialsAuthenticationOptions	Authentication options for GcpIamCredentialsAuthentication.
GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder	Builder for GcpIamCredentialsAuthenticationOptions.
GcpJwtAuthenticationSupport	Base class for GCP JWT-based authentication.
IpAddressUserId	Mechanism to generate a SHA-256 hashed and hex-encoded representation of the IP address.
KubernetesAuthentication	Kubernetes implementation of ClientAuthentication.
KubernetesAuthenticationOptions	Authentication options for KubernetesAuthentication.
KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder	Builder for KubernetesAuthenticationOptions.
KubernetesServiceAccountTokenFile	Mechanism to retrieve a Kubernetes service account token.
LifecycleAwareSessionManager	Lifecycle-aware Session Manager.
LifecycleAwareSessionManager.TokenWrapper	Wraps a VaultToken and specifies whether the token is revocable on factory shutdown.
LifecycleAwareSessionManagerSupport	Support class to build Lifecycle-aware Session Manager implementations, defining common properties such as the TaskScheduler and LifecycleAwareSessionManagerSupport.RefreshTrigger.
LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger	LifecycleAwareSessionManagerSupport.RefreshTrigger implementation using a fixed timeout to schedule renewal before a LoginToken expires.
LifecycleAwareSessionManagerSupport.OneShotTrigger	This one-shot trigger creates only one execution time to trigger an execution only once.
LoginToken	Value object for a Vault token obtained by a login method.
LoginToken.LoginTokenBuilder	Builder for LoginToken.
LoginTokenAdapter	Adapts tokens created by a ClientAuthentication to a LoginToken.
MacAddressUserId	Mechanism to generate a UserId based on the Mac address.
PcfAuthentication	PCF implementation of ClientAuthentication.
PcfAuthenticationOptions	Authentication options for PcfAuthentication.
PcfAuthenticationOptions.PcfAuthenticationOptionsBuilder	Builder for PcfAuthenticationOptions.
ReactiveLifecycleAwareSessionManager	Reactive implementation of Lifecycle-aware session manager.
ReactiveLifecycleAwareSessionManager.TokenWrapper	Wraps a VaultToken and specifies whether the token is revocable on factory shutdown.
ResourceCredentialSupplier	Mechanism to retrieve a credential from a Resource.
SimpleSessionManager	Default implementation of SessionManager.
StaticUserId	A static UserId.
TokenAuthentication	Static Token-based ClientAuthentication method.

Enum Summary

Enum	Description
UnwrappingEndpoints	Version-specific endpoint implementations for response unwrapping.

Exception Summary

Exception	Description
VaultLoginException	Exception thrown if Vault login fails.
VaultSessionManagerException	Abstract superclass for all exceptions thrown in the session manager implementations
VaultTokenLookupException	Exception thrown if a token self-lookup fails via auth/token/lookup-self.
VaultTokenRenewalException	Exception thrown when a Vault token renewal fails.

Package org.springframework.vault.authentication Description

Support for authentication and session management.