Class AwsIamAuthenticationOptions

java.lang.Object
org.springframework.vault.authentication.AwsIamAuthenticationOptions

public class AwsIamAuthenticationOptions extends Object
Authentication options for AwsIamAuthentication.

Authentication options provide the path, a AwsCredentialsProvider optional role and server name (Vault-AWS-IAM-Server-ID header). AwsIamAuthenticationOptions can be constructed using builder(). Instances of this class are immutable once constructed.

Since:
1.1
Author:
Mark Paluch
See Also:
  • Field Details

  • Method Details

    • builder

      Returns:
      a new AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder.
    • getPath

      public String getPath()
      Returns:
      the path of the aws authentication backend mount.
    • getCredentialsProvider

      public software.amazon.awssdk.auth.credentials.AwsCredentialsProvider getCredentialsProvider()
      Returns:
      the credentials provider to obtain AWS credentials.
    • getRegionProvider

      public software.amazon.awssdk.regions.providers.AwsRegionProvider getRegionProvider()
      Returns:
      the region provider to obtain the AWS region to be used for computing the signature.
      Since:
      3.0
    • getRole

      @Nullable public String getRole()
      Returns:
      the role, may be null if none.
    • getServerId

      @Nullable public String getServerId()
      Returns:
      Server name to mitigate risk of replay attacks, preferably set to Vault server's DNS name, may be null. Used for Vault-AWS-IAM-Server-ID header.
      Since:
      2.0
    • getServerName

      @Nullable @Deprecated public String getServerName()
      Deprecated.
      since 2.0, renamed to getServerId().
      Returns:
      Server name to mitigate risk of replay attacks, preferably set to Vault server's DNS name, may be null.
    • getEndpointUri

      public URI getEndpointUri()
      Returns:
      STS server URI.