Package org.springframework.vault.core
Class VaultTemplate
java.lang.Object
org.springframework.vault.core.VaultTemplate
- All Implemented Interfaces:
DisposableBean,InitializingBean,VaultOperations
public class VaultTemplate
extends Object
implements InitializingBean, VaultOperations, DisposableBean
This class encapsulates main Vault interaction.
VaultTemplate will log into
Vault on initialization and use the token throughout the whole lifetime.- Author:
- Mark Paluch
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionVaultTemplate(RestTemplateBuilder restTemplateBuilder) VaultTemplate(RestTemplateBuilder restTemplateBuilder, SessionManager sessionManager) VaultTemplate(VaultEndpoint vaultEndpoint) Create a newVaultTemplatewith aVaultEndpoint.VaultTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create a newVaultTemplatewith aVaultEndpointProvider,ClientHttpRequestFactoryandSessionManager.VaultTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory, SessionManager sessionManager) Create a newVaultTemplatewith aVaultEndpointProvider,ClientHttpRequestFactoryandSessionManager.VaultTemplate(VaultEndpoint vaultEndpoint, ClientHttpRequestFactory clientHttpRequestFactory) VaultTemplate(VaultEndpoint vaultEndpoint, ClientHttpRequestFactory clientHttpRequestFactory, SessionManager sessionManager) VaultTemplate(VaultEndpoint vaultEndpoint, ClientAuthentication clientAuthentication) -
Method Summary
Modifier and TypeMethodDescriptionvoidvoidDelete a path.voiddestroy()protected RestTemplatedoCreateRestTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create aRestTemplateto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactory.protected RestTemplatedoCreateSessionTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create a session-boundRestTemplateto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactoryfor calls that require an authenticated context.<T> TdoWithSession(RestOperationsCallback<T> sessionCallback) Executes a VaultRestOperationsCallback.<T> TdoWithVault(RestOperationsCallback<T> clientCallback) Executes a VaultRestOperationsCallback.Enumerate keys from a Vault path.opsForKeyValue(String path, VaultKeyValueOperationsSupport.KeyValueBackend apiVersion) ReturnVaultKeyValueOperations.ReturnVaultPkiOperationsif the PKI backend is mounted on a different path thanpki.opsForTransform(String path) ReturnVaultTransformOperationsif the transit backend is mounted on a different path thantransform.opsForTransit(String path) ReturnVaultTransitOperationsif the transit backend is mounted on a different path thantransit.ReturnVaultVersionedKeyValueOperations.Read from a Vault path.<T> VaultResponseSupport<T>Read from a secret backend.voidsetSessionManager(SessionManager sessionManager) Set theSessionManager.Write to a Vault path.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.vault.core.VaultOperations
write
-
Constructor Details
-
VaultTemplate
Create a newVaultTemplatewith aVaultEndpoint. This constructor does not use aClientAuthenticationmechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using theauthentication token header.- Parameters:
vaultEndpoint- must not be null.- Since:
- 2.2.1
-
VaultTemplate
- Parameters:
vaultEndpoint- must not be null.clientAuthentication- must not be null.
-
VaultTemplate
public VaultTemplate(VaultEndpoint vaultEndpoint, ClientHttpRequestFactory clientHttpRequestFactory) Create a newVaultTemplatewith aVaultEndpoint, andClientHttpRequestFactory. This constructor does not use aClientAuthenticationmechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using theauthentication token header.- Parameters:
vaultEndpoint- must not be null.clientHttpRequestFactory- must not be null.- Since:
- 2.2.1
-
VaultTemplate
public VaultTemplate(VaultEndpoint vaultEndpoint, ClientHttpRequestFactory clientHttpRequestFactory, SessionManager sessionManager) - Parameters:
vaultEndpoint- must not be null.clientHttpRequestFactory- must not be null.sessionManager- must not be null.
-
VaultTemplate
public VaultTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create a newVaultTemplatewith aVaultEndpointProvider,ClientHttpRequestFactoryandSessionManager. This constructor does not use aClientAuthenticationmechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using theauthentication token header.- Parameters:
endpointProvider- must not be null.requestFactory- must not be null.- Since:
- 2.2.1
-
VaultTemplate
public VaultTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory, SessionManager sessionManager) Create a newVaultTemplatewith aVaultEndpointProvider,ClientHttpRequestFactoryandSessionManager.- Parameters:
endpointProvider- must not be null.requestFactory- must not be null.sessionManager- must not be null.- Since:
- 1.1
-
VaultTemplate
Create a newVaultTemplatethrough aRestTemplateBuilderandSessionManager. This constructor does not use aClientAuthenticationmechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using theauthentication token header.- Parameters:
restTemplateBuilder- must not be null.- Since:
- 2.2.1
-
VaultTemplate
- Parameters:
restTemplateBuilder- must not be null.sessionManager- must not be null.- Since:
- 2.2
-
-
Method Details
-
doCreateRestTemplate
protected RestTemplate doCreateRestTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create aRestTemplateto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactory.VaultEndpointProvideris used to contribute host and port details for relative URLs typically used by the Template API. Subclasses may override this method to customize theRestTemplate.- Parameters:
endpointProvider- must not be null.requestFactory- must not be null.- Returns:
- the
RestTemplateused for Vault communication. - Since:
- 2.1
-
doCreateSessionTemplate
protected RestTemplate doCreateSessionTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create a session-boundRestTemplateto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactoryfor calls that require an authenticated context.VaultEndpointProvideris used to contribute host and port details for relative URLs typically used by the Template API. Subclasses may override this method to customize theRestTemplate.- Parameters:
endpointProvider- must not be null.requestFactory- must not be null.- Returns:
- the
RestTemplateused for Vault communication. - Since:
- 2.1
-
setSessionManager
Set theSessionManager.- Parameters:
sessionManager- must not be null.
-
afterPropertiesSet
public void afterPropertiesSet()- Specified by:
afterPropertiesSetin interfaceInitializingBean
-
destroy
- Specified by:
destroyin interfaceDisposableBean- Throws:
Exception
-
opsForKeyValue
public VaultKeyValueOperations opsForKeyValue(String path, VaultKeyValueOperationsSupport.KeyValueBackend apiVersion) Description copied from interface:VaultOperationsReturnVaultKeyValueOperations.- Specified by:
opsForKeyValuein interfaceVaultOperations- Parameters:
path- the mount path, must not be empty or null.apiVersion- API version to use, must not be null.- Returns:
- the operations interface to interact with the Vault Key/Value backend.
-
opsForVersionedKeyValue
Description copied from interface:VaultOperationsReturnVaultVersionedKeyValueOperations.- Specified by:
opsForVersionedKeyValuein interfaceVaultOperations- Parameters:
path- the mount path- Returns:
- the operations interface to interact with the versioned Vault Key/Value (version 2) backend.
-
opsForPki
- Specified by:
opsForPkiin interfaceVaultOperations- Returns:
- the operations interface to interact with the Vault PKI backend.
-
opsForPki
Description copied from interface:VaultOperationsReturnVaultPkiOperationsif the PKI backend is mounted on a different path thanpki.- Specified by:
opsForPkiin interfaceVaultOperations- Parameters:
path- the mount path- Returns:
- the operations interface to interact with the Vault PKI backend.
-
opsForSys
- Specified by:
opsForSysin interfaceVaultOperations- Returns:
- the operations interface administrative Vault access.
-
opsForToken
- Specified by:
opsForTokenin interfaceVaultOperations- Returns:
- the operations interface to interact with Vault token.
-
opsForTransform
- Specified by:
opsForTransformin interfaceVaultOperations- Returns:
- the operations interface to interact with the Vault transform backend.
-
opsForTransform
Description copied from interface:VaultOperationsReturnVaultTransformOperationsif the transit backend is mounted on a different path thantransform.- Specified by:
opsForTransformin interfaceVaultOperations- Parameters:
path- the mount path- Returns:
- the operations interface to interact with the Vault transform backend.
-
opsForTransit
- Specified by:
opsForTransitin interfaceVaultOperations- Returns:
- the operations interface to interact with the Vault transit backend.
-
opsForTransit
Description copied from interface:VaultOperationsReturnVaultTransitOperationsif the transit backend is mounted on a different path thantransit.- Specified by:
opsForTransitin interfaceVaultOperations- Parameters:
path- the mount path- Returns:
- the operations interface to interact with the Vault transit backend.
-
opsForWrapping
- Specified by:
opsForWrappingin interfaceVaultOperations- Returns:
- the operations interface to interact with the Vault system/wrapping endpoints.
-
read
Description copied from interface:VaultOperationsRead from a Vault path. Reading data using this method is suitable for API calls/secret backends that do not require a request body.- Specified by:
readin interfaceVaultOperations- Parameters:
path- must not be null.- Returns:
- the data. May be null if the path does not exist.
-
read
Description copied from interface:VaultOperationsRead from a secret backend. Reading data using this method is suitable for secret backends that do not require a request body.- Specified by:
readin interfaceVaultOperations- Parameters:
path- must not be null.responseType- must not be null.- Returns:
- the data. May be null if the path does not exist.
-
list
Description copied from interface:VaultOperationsEnumerate keys from a Vault path.- Specified by:
listin interfaceVaultOperations- Parameters:
path- must not be null.- Returns:
- the data. May be null if the path does not exist.
-
write
Description copied from interface:VaultOperationsWrite to a Vault path.- Specified by:
writein interfaceVaultOperations- Parameters:
path- must not be null.body- the body, may be null if absent.- Returns:
- the response, may be null.
-
delete
Description copied from interface:VaultOperationsDelete a path.- Specified by:
deletein interfaceVaultOperations- Parameters:
path- must not be null.
-
doWithVault
Description copied from interface:VaultOperationsExecutes a VaultRestOperationsCallback. Allows to interact with Vault usingRestOperationswithout requiring a session.- Specified by:
doWithVaultin interfaceVaultOperations- Parameters:
clientCallback- the request.- Returns:
- the
RestOperationsCallbackreturn value.
-
doWithSession
Description copied from interface:VaultOperationsExecutes a VaultRestOperationsCallback. Allows to interact with Vault in an authenticated session.- Specified by:
doWithSessionin interfaceVaultOperations- Parameters:
sessionCallback- the request.- Returns:
- the
RestOperationsCallbackreturn value.
-