All Classes and Interfaces
Class
Description
Base class for Spring Vault configuration using JavaConfig for a reactive
infrastructure.
Supporting class for computation results allowing introspection of the result value.
Base class for Spring Vault configuration using JavaConfig.
Wrapper for
ClientHttpRequestFactory
to not expose the bean globally.Wrapper to keep
ThreadPoolTaskScheduler
local to Spring Vault and to not
expose the bean globally.Base class for
VaultConverter
implementations.Event published after logging into Vault.
Event published after renewing a
login token
.Event published after revoking a
login token
.Event published after renewing a
Lease
for a RequestedSecret
.Event published after revoking a
Lease
for a RequestedSecret
.Deprecated, for removal: This API element is subject to removal in a future version.
since 2.2.
Deprecated, for removal: This API element is subject to removal in a future version.
since 2.2.
Builder for
AppIdAuthenticationOptions
.Deprecated, for removal: This API element is subject to removal in a future version.
since 2.2.
AppRole implementation of
ClientAuthentication
.Authentication options for
AppRoleAuthentication
.Builder for
AppRoleAuthenticationOptions
.RoleId type encapsulating how the roleId is actually obtained.
SecretId type encapsulating how the secretId is actually obtained.
Generic event class for authentication error events.
Listener for Vault exceptional
AuthenticationEvent
s.Abstract base class for authentication events.
Publisher for
AuthenticationEvent
s.Listener for Vault
AuthenticationEvent
s.Authentication DSL allowing flow composition to create a
VaultToken
.Value object representing a HTTP request.
Builder for
AuthenticationSteps.HttpRequest
.Intermediate authentication step with authentication flow operators represented as
node.
A tuple of two things.
Synchronous executor for
AuthenticationSteps
using RestOperations
to
login using authentication flows.Factory interface for components that create
AuthenticationSteps
.AWS-EC2 login implementation.
Authentication options for
AwsEc2Authentication
.Value object for an authentication nonce.
AWS IAM authentication using signed HTTP requests to query the current identity.
Authentication options for
AwsIamAuthentication
.Builder for
AwsIamAuthenticationOptions
.Azure MSI (Managed Service Identity) authentication using Azure as trusted third party.
Authentication options for
AzureMsiAuthentication
.Builder for
AzureMsiAuthenticationOptions
.Value object representing a VM environment consisting of the subscription Id, the
resource group name and the VM name.
VaultPersistentEntity
implementation.Event published before renewing a
login token
.Event published before revoking a
login token
.Event published before revoking a
Lease
for a RequestedSecret
.Default implementation of
VaultTokenSupplier
caching the VaultToken
from a delegate VaultTokenSupplier
.Value object representing a certificate consisting of the certificate and the issuer
certificate.
Value object representing a certificate bundle consisting of a private key, the
certificate and the issuer certificate.
Value object representing cipher text with an optional
VaultTransitContext
.ClientAuthentication
provides VaultToken
to be used for authenticated
Vault access.TLS Client Certificate
ClientAuthentication
.Authentication options for
ClientCertificateAuthentication
.Builder for
ClientCertificateAuthenticationOptions
.Factory for
ClientHttpConnector
that supports
ReactorClientHttpConnector
and JettyClientHttpConnector
.Utility methods to create
ClientHttpRequestFactory
using Apache Http
Components.ClientHttpRequestFactory
using the JDK's HttpClient.Utility methods to create
ClientHttpRequestFactory
using the Jetty Client.ClientHttpConnector
for Reactor Netty.Factory for
ClientHttpRequestFactory
that supports Apache HTTP Components,
OkHttp, Netty and the JDK HTTP client (in that order).Utilities to create a
ClientHttpRequestFactory
for Apache Http Components.Utilities to create a
ClientHttpRequestFactory
for the
OkHttpClient
.Client options for Vault.
Interface to obtain an arbitrary credential that is uses in
ClientAuthentication
or AuthenticationSteps
methods.Cubbyhole
ClientAuthentication
implementation.Authentication options for
CubbyholeAuthentication
.Builder for
CubbyholeAuthenticationOptions
.Default implementation of
VaultTypeMapper
allowing configuration of the key to
lookup and store type information in SecretDocument
.Utility to parse a Go format duration into
Duration
.Annotation to activate Vault repositories.
Configuration using Spring's
Environment
to
configure Spring Vault endpoint, SSL options and authentication options.GCP GCE (Google Compute Engine)-based login implementation using GCE's metadata service
to create signed JSON Web Token.
Authentication options for
GcpComputeAuthentication
.Builder for
GcpComputeAuthenticationOptions
.Interface to obtain a
GoogleCredential
for GCP IAM authentication.Deprecated, for removal: This API element is subject to removal in a future version.
since 2.3.2, use
GcpIamCredentialsAuthentication
instead.Deprecated, for removal: This API element is subject to removal in a future version.
since 2.3.2
Builder for
GcpIamAuthenticationOptions
.Support class for Google Cloud IAM-based Authentication options.
Google Cloud IAM credentials login implementation using GCP IAM service accounts to
legitimate its authenticity via JSON Web Token using the IAM Credentials
projects.serviceAccounts.signJwt
method.Authentication options for
GcpIamCredentialsAuthentication
.Builder for
GcpIamCredentialsAuthenticationOptions
.Base class for GCP JWT-based authentication.
Interface to obtain a GCP project id for GCP IAM authentication.
Interface to obtain a service account id for GCP IAM authentication.
Interface to obtain a service account id for GCP IAM credentials authentication.
Interface to obtain a
ServiceAccountCredentials
for GCP IAM credentials
authentication.Value object representing Hmac digest.
Mechanism to generate a SHA-256 hashed and hex-encoded representation of the IP
address.
Key-Value utility to retrieve secrets from a versioned key-value backend.
Kubernetes implementation of
ClientAuthentication
.Authentication options for
KubernetesAuthentication
.Builder for
KubernetesAuthenticationOptions
.Interface to obtain a Kubernetes Service Account Token for Kubernetes authentication.
Mechanism to retrieve a Kubernetes service account token.
A lease abstracting the lease Id, duration and its renewability.
PropertySource
that requests renewable secrets from
SecretLeaseContainer
.Version-specific endpoint implementations that use either legacy or sys/leases
endpoints.
Listener for Vault exceptional
SecretLeaseEvent
s.Listener for Vault
SecretLeaseEvent
s.Empty listener adapter implementing
LeaseListener
and
LeaseErrorListener
.Strategy interface to control whether to retain or drop a
Lease
after a failure.Lifecycle-aware
Session Manager
.Wraps a
VaultToken
and specifies whether the token is revocable on factory
shutdown.Support class to build Lifecycle-aware Session Manager implementations, defining common
properties such as the
TaskScheduler
and LifecycleAwareSessionManagerSupport.RefreshTrigger
.LifecycleAwareSessionManagerSupport.RefreshTrigger
implementation using a fixed timeout to schedule renewal
before a LoginToken
expires.This one-shot trigger creates only one execution time to trigger an execution only
once.
Common interface for trigger objects that determine the next execution time of a
refresh task.
Event published before renewing a
login token
.Value object for a Vault token obtained by a login method.
Builder for
LoginToken
.Adapts tokens created by a
ClientAuthentication
to a LoginToken
.Event published when dropping an expired
login token
.Generic event class for authentication error events.
Generic event class for authentication error events.
Mechanism to generate a UserId based on the Mac address.
VaultConverter
that uses a MappingContext
to do sophisticated mapping
of domain objects to SecretDocument
.VaultEntityInformation
implementation using a VaultPersistentEntity
instance to lookup the necessary information.PCF implementation of
ClientAuthentication
.Authentication options for
PcfAuthentication
.Builder for
PcfAuthenticationOptions
.Represents a PEM object that is internally decoded to a DER object.
Value object representing plain text with an optional
VaultTransitContext
.Converts Plaintext to Base64 encoded string for use with
ObjectMapper
Value object representing a Vault policy associated with
Policy.Rule
s.Built-in Vault capabilities.
Capability interface representing capability literals.
Value object representing a rule for a certain path.
Builder for a
Policy.Rule
.Strategy interface to transform properties to a new key-value
Map
in a
functional style.Implementations of
PropertyTransformer
that provide various useful property
transformation operations, prefixing, etc.PropertyTransformer
that adds a prefix to each key name.PropertyTransformer
that passes the given properties through without
returning changed properties.A exported raw key inside Vault's
transit
backend.Reactive implementation of Lifecycle-aware
session
manager
.Wraps a
VaultToken
and specifies whether the token is revocable on factory
shutdown.Strategy interface that encapsulates the creation and management of Vault sessions
based on
VaultToken
used by reactive components.Vault Client factory to create
WebClient
configured to the needs of accessing
Vault.Component that provides reactively a
VaultEndpoint
.Interface that specifies a basic set of Vault operations executed on a reactive
infrastructure, implemented by
ReactiveVaultTemplate
.Interface that specifies a basic set of administrative Vault operations using reactive
infrastructure.
Default implementation of
ReactiveVaultSysOperations
.This class encapsulates main Vault interaction.
* Interface that specifies operations using the
transit
backend.Default implementation of
ReactiveVaultTransitOperations
.Represents a requested secret from a specific Vault path associated with a lease
RequestedSecret.Mode
.Mechanism to retrieve a credential from a
Resource
.A callback for executing arbitrary operations on
RestOperations
.Builder that can be used to configure and create a
RestTemplate
.Callback interface that can be used to customize a
RestTemplate
.Factory interface that produces a
RestTemplate
object.Callback interface that can be used to customize the
ClientHttpRequest
sent
from a RestTemplate
.Secret
marks objects as aggregate roots to be stored in Vault.Vault database exchange object containing data before/after it's exchanged with Vault.
Event-based container to request secrets from Vault and renew the associated
Lease
.Event published after obtaining secrets potentially associated with a
Lease
.Event published when caught an
Exception
during secret retrieval and lease
interaction.Abstract base class for
Lease
based events associated with
RequestedSecret
.Publisher for
SecretLeaseEvent
s.Simple
LeaseErrorListener
implementation to log errors.Event published after an expired
Lease
for a RequestedSecret
was
observed.Event published after rotating secrets.
Event published after secrets could not be found for a
RequestedSecret
.An exception which is used in case that no secret is found from Vault server.
Strategy interface that encapsulates the creation and management of Vault sessions
based on
VaultToken
.Value object representing a Signature.
Value object representing the result of a
Signature
validation.Default implementation of
SessionManager
.VaultEndpointProvider
returning a static VaultEndpoint
.SSL configuration.
Configuration for a key in a keystore.
Configuration for a key store/trust store.
A static UserId.
Static Token-based
ClientAuthentication
method.Value object representing cipher text with an optional
VaultTransformContext
.Value object representing plain text with an optional
VaultTransformContext
.Enumeration to specify the type of the transit key.
Version-specific endpoint implementations for response unwrapping.
Username and password implementation of
ClientAuthentication
.Authentication options for
UsernamePasswordAuthentication
.Builder for
UsernamePasswordAuthenticationOptions
.Vault-based
BytesEncryptor
using Vault's transit backend.Random byte generator using Vault's
transit
backend to generate high-quality
random bytes of the configured length.Request for a Certificate.
Value object to bind Vault HTTP PKI issue certificate API responses.
Vault Client factory to create
RestTemplate
configured to the needs of
accessing Vault.Central Vault-specific converter interface.
Value object to capture custom conversion.
Holds the response from decryption operation and provides methods to access the result.
Holds the response from encryption operation and provides methods to access the result.
Value object that defines Vault connection coordinates.
Component that provides a
VaultEndpoint
.Vault-specific
EntityInformation
.The Spring Vault specific
NestedRuntimeException
implementation.Vault health state.
Request for a HMAC Digest.
Builder to build a
VaultHmacRequest
.Class providing utility methods to create Vault HTTP headers.
Value object to bind Vault HTTP Initialization API requests.
Vault initialization response.
Vault-specific
KeyValueAdapter
.Interface that specifies kv metadata related operations.
Interface that specifies a basic set of Vault operations using Vault's Key/Value secret
backend.
Interface that specifies a basic set of Vault operations using Vault's Key/Value secret
backend.
Enumeration of supported Key/Value backend API versions.
Vault-specific
KeyValueTemplate
.Exception thrown if Vault login fails.
Mapping context for
Vault-specific entities
.Value object to bind Vault HTTP kv metadata update API requests.
Value object to bind Vault HTTP kv read metadata API responses.
Value object to bind Vault HTTP Mount API requests/responses.
Builder to build a
VaultMount
.Interface that specifies a basic set of Vault operations, implemented by
VaultTemplate
.Vault-specific
KeyValuePartTreeQuery
.Vault specific
PersistentEntity
.Vault-specific
KeyValuePersistentProperty
.Interface that specifies PKI backend-related operations.
Default implementation of
VaultPkiOperations
.Annotation providing a convenient and declarative mechanism for adding a
VaultPropertySource
to Spring's Environment
.Exception throws when a
VaultPropertySource
could not load its properties.Container annotation that aggregates several
VaultPropertySource
annotations.Vault query consisting of a single
Predicate
.Query creator for Vault queries.
Vault specific
ImportBeanDefinitionRegistrar
.RepositoryConfigurationExtension
for Vault.RepositoryFactorySupport
specific of handing Vault
KeyValueRepository
.Adapter for Springs
FactoryBean
interface to allow easy setup of
VaultRepositoryFactory
via Spring configuration.Value object to bind generic Vault HTTP API responses.
Utility methods to unwrap Vault responses and build
VaultException
.Value object to bind generic Vault HTTP API responses.
Vault-based
RevisionRepository
providing revision metadata for versioned
secrets.Abstract superclass for all exceptions thrown in the session manager implementations
Request for a signature verification.
Builder to build a
VaultSignatureVerificationRequest
.Value object to bind Vault HTTP PKI issue certificate API responses.
Request for a signature creation request.
Builder to build a
VaultSignRequest
.Simple constant holder for a
SimpleTypeHolder
enriched with Vault-specific
simple (JSON) types.Interface that specifies a basic set of administrative Vault operations.
Default implementation of
VaultSysOperations
.This class encapsulates main Vault interaction.
Value object for a Vault token.
Exception thrown if a token self-lookup fails via
auth/token/lookup-self
.Interface that specifies token-related operations.
Exception thrown when a Vault token renewal fails.
Value object to bind Vault HTTP Token API requests.
Builder to build a
VaultTokenRequest
.Value object to bind Vault HTTP Token API responses.
VaultTokenSupplier
provides a VaultToken
to be used for authenticated
Vault access.Default implementation of
VaultTokenOperations
.Transform backend encode/decode context object.
Builder for
VaultTransformContext
.Holds the response from decryption operation and provides methods to access the result.
Holds the response from encryption operation and provides methods to access the result.
Interface that specifies operations using the
transform
backend.Default implementation of
VaultTransformOperations
.Transit backend encryption/decryption/rewrapping context.
Builder for
VaultTransitContext
.A key inside Vault's
transit
backend.Value object to bind Vault HTTP Transit Key Config API requests.
Builder for
VaultTransitKeyConfiguration
.Transit backend key creation request options.
Builder for
VaultTransitKeyCreationRequest
.Interface that specifies operations using the
transit
backend.Default implementation of
VaultTransitOperations
.Vault-specific
TypeMapper
exposing that SecretDocument
s might contain a
type key.Vault unseal status.
Interface that specifies a basic set of Vault operations using Vault's versioned
Key/Value (kv version 2) secret backend.
Default implementation of
VaultVersionedKeyValueOperations
.Interface that specifies wrapping-related operations.
Value object representing versioned secrets along
Versioned.Version
metadata.Value object representing version metadata such as creation/deletion time.
Builder for
Versioned.Metadata
objects.Value object representing a Vault version.
Builder that can be used to configure and create a
WebClient
.Callback interface that can be used to customize a
WebClient.Builder
.Factory interface that produces a
WebClient
object.Value object representing wrapped secret metadata.