Package org.springframework.vault.authentication
@NonNullApi
@NonNullFields
package org.springframework.vault.authentication
Support for authentication and session management.
-
ClassDescriptionDeprecated.since 2.2.Deprecated.since 2.2.Builder for
AppIdAuthenticationOptions
.Deprecated.since 2.2.AppRole implementation ofClientAuthentication
.Authentication options forAppRoleAuthentication
.Builder forAppRoleAuthenticationOptions
.RoleId type encapsulating how the roleId is actually obtained.SecretId type encapsulating how the secretId is actually obtained.Publisher forAuthenticationEvent
s.Authentication DSL allowing flow composition to create aVaultToken
.Value object representing a HTTP request.Builder forAuthenticationSteps.HttpRequest
.Intermediate authentication step with authentication flow operators represented as node.A tuple of two things.Synchronous executor forAuthenticationSteps
usingRestOperations
to login using authentication flows.Factory interface for components that createAuthenticationSteps
.AWS-EC2 login implementation.Authentication options forAwsEc2Authentication
.Value object for an authentication nonce.AWS IAM authentication using signed HTTP requests to query the current identity.Authentication options forAwsIamAuthentication
.Builder forAwsIamAuthenticationOptions
.Azure MSI (Managed Service Identity) authentication using Azure as trusted third party.Authentication options forAzureMsiAuthentication
.Builder forAzureMsiAuthenticationOptions
.Value object representing a VM environment consisting of the subscription Id, the resource group name and the VM name.Default implementation ofVaultTokenSupplier
caching theVaultToken
from a delegateVaultTokenSupplier
.ClientAuthentication
providesVaultToken
to be used for authenticated Vault access.TLS Client CertificateClientAuthentication
.Authentication options forClientCertificateAuthentication
.Builder forClientCertificateAuthenticationOptions
.Interface to obtain an arbitrary credential that is uses inClientAuthentication
orAuthenticationSteps
methods.CubbyholeClientAuthentication
implementation.Authentication options forCubbyholeAuthentication
.Builder forCubbyholeAuthenticationOptions
.GCP GCE (Google Compute Engine)-based login implementation using GCE's metadata service to create signed JSON Web Token.Authentication options forGcpComputeAuthentication
.Builder forGcpComputeAuthenticationOptions
.Interface to obtain aGoogleCredential
for GCP IAM authentication.Deprecated.since 2.3.2, useGcpIamCredentialsAuthentication
instead.Deprecated.since 2.3.2Builder forGcpIamAuthenticationOptions
.Support class for Google Cloud IAM-based Authentication options.Google Cloud IAM credentials login implementation using GCP IAM service accounts to legitimate its authenticity via JSON Web Token using the IAM Credentialsprojects.serviceAccounts.signJwt
method.Authentication options forGcpIamCredentialsAuthentication
.Builder forGcpIamCredentialsAuthenticationOptions
.Base class for GCP JWT-based authentication.Interface to obtain a GCP project id for GCP IAM authentication.Interface to obtain a service account id for GCP IAM authentication.Interface to obtain a service account id for GCP IAM credentials authentication.Interface to obtain aServiceAccountCredentials
for GCP IAM credentials authentication.Mechanism to generate a SHA-256 hashed and hex-encoded representation of the IP address.Kubernetes implementation ofClientAuthentication
.Authentication options forKubernetesAuthentication
.Builder forKubernetesAuthenticationOptions
.Interface to obtain a Kubernetes Service Account Token for Kubernetes authentication.Mechanism to retrieve a Kubernetes service account token.Lifecycle-awareSession Manager
.Wraps aVaultToken
and specifies whether the token is revocable on factory shutdown.Support class to build Lifecycle-aware Session Manager implementations, defining common properties such as theTaskScheduler
andLifecycleAwareSessionManagerSupport.RefreshTrigger
.LifecycleAwareSessionManagerSupport.RefreshTrigger
implementation using a fixed timeout to schedule renewal before aLoginToken
expires.This one-shot trigger creates only one execution time to trigger an execution only once.Common interface for trigger objects that determine the next execution time of a refresh task.Value object for a Vault token obtained by a login method.Adapts tokens created by aClientAuthentication
to aLoginToken
.Mechanism to generate a UserId based on the Mac address.PCF implementation ofClientAuthentication
.Authentication options forPcfAuthentication
.Builder forPcfAuthenticationOptions
.Reactive implementation of Lifecycle-awaresession manager
.Wraps aVaultToken
and specifies whether the token is revocable on factory shutdown.Strategy interface that encapsulates the creation and management of Vault sessions based onVaultToken
used by reactive components.Mechanism to retrieve a credential from aResource
.Strategy interface that encapsulates the creation and management of Vault sessions based onVaultToken
.Default implementation ofSessionManager
.A static UserId.Static Token-basedClientAuthentication
method.Version-specific endpoint implementations for response unwrapping.Username and password implementation ofClientAuthentication
.Authentication options forUsernamePasswordAuthentication
.Builder forUsernamePasswordAuthenticationOptions
.Exception thrown if Vault login fails.Abstract superclass for all exceptions thrown in the session manager implementationsException thrown if a token self-lookup fails viaauth/token/lookup-self
.Exception thrown when a Vault token renewal fails.VaultTokenSupplier
provides aVaultToken
to be used for authenticated Vault access.