Package org.springframework.vault.core

Interface VaultOperations

All Known Implementing Classes:
VaultTemplate
public interface VaultOperations
Interface that specifies a basic set of Vault operations, implemented by VaultTemplate. This is the main entry point to interact with Vault in an authenticated and unauthenticated context.

VaultOperations allows execution of callback methods. Callbacks can execute requests within a session context and the without a session.

Paths used in this interface (and interfaces accessible from here) are considered relative to the VaultEndpoint. Paths that are fully-qualified URI's can be used to access Vault cluster members in an authenticated context. To prevent unwanted full URI access, make sure to sanitize paths before passing them to this interface.

Author:
Mark Paluch, Lauren Voswinkel
See Also:

  • Method Details

    • opsForKeyValue

      VaultKeyValueOperations opsForKeyValue(String path, VaultKeyValueOperationsSupport.KeyValueBackend apiVersion)
      Return VaultKeyValueOperations.
      Parameters:
      path - the mount path, must not be empty or null.
      apiVersion - API version to use, must not be null.
      Returns:
      the operations interface to interact with the Vault Key/Value backend.
      Since:
      2.1

    • opsForVersionedKeyValue

      VaultVersionedKeyValueOperations opsForVersionedKeyValue(String path)
      Return VaultVersionedKeyValueOperations.
      Parameters:
      path - the mount path
      Returns:
      the operations interface to interact with the versioned Vault Key/Value (version 2) backend.
      Since:
      2.1

    • opsForPki

      VaultPkiOperations opsForPki()
      Returns:
      the operations interface to interact with the Vault PKI backend.

    • opsForPki

      VaultPkiOperations opsForPki(String path)
      Return VaultPkiOperations if the PKI backend is mounted on a different path than pki.
      Parameters:
      path - the mount path
      Returns:
      the operations interface to interact with the Vault PKI backend.

    • opsForSys

      VaultSysOperations opsForSys()
      Returns:
      the operations interface administrative Vault access.

    • opsForToken

      VaultTokenOperations opsForToken()
      Returns:
      the operations interface to interact with Vault token.

    • opsForTransform

      VaultTransformOperations opsForTransform()
      Returns:
      the operations interface to interact with the Vault transform backend.
      Since:
      2.3

    • opsForTransform

      VaultTransformOperations opsForTransform(String path)
      Return VaultTransformOperations if the transit backend is mounted on a different path than transform.
      Parameters:
      path - the mount path
      Returns:
      the operations interface to interact with the Vault transform backend.
      Since:
      2.3

    • opsForTransit

      VaultTransitOperations opsForTransit()
      Returns:
      the operations interface to interact with the Vault transit backend.

    • opsForTransit

      VaultTransitOperations opsForTransit(String path)
      Return VaultTransitOperations if the transit backend is mounted on a different path than transit.
      Parameters:
      path - the mount path
      Returns:
      the operations interface to interact with the Vault transit backend.

    • opsForWrapping

      VaultWrappingOperations opsForWrapping()
      Returns:
      the operations interface to interact with the Vault system/wrapping endpoints.
      Since:
      2.1

    • read

      @Nullable VaultResponse read(String path)
      Read (GET) from a Vault path. Reading data using this method is suitable for API calls/secret backends that do not require a request body.
      Parameters:
      path - must not be null.
      Returns:
      the data. May be null if the path does not exist.

    • readRequired

      default VaultResponse readRequired(String path) throws SecretNotFoundException
      Read (GET) from a Vault path. Reading data using this method is suitable for API calls/secret backends that do not require a request body.
      Parameters:
      path - must not be null.
      Returns:
      the data.
      Throws:
      SecretNotFoundException - if the path does not exist.
      Since:
      4.0

    • read

      <T extends @Nullable Object> VaultResponseSupport<T> read(String path, Class<T> responseType)
      Read (GET) from a secret backend. Reading data using this method is suitable for secret backends that do not require a request body.
      Parameters:
      path - must not be null.
      responseType - must not be null.
      Returns:
      the data. May be null if the path does not exist.

    • readRequired

      default <T> VaultResponseSupport<T> readRequired(String path, Class<T> responseType)
      Read (GET) from a secret backend. Reading data using this method is suitable for secret backends that do not require a request body.
      Parameters:
      path - must not be null.
      responseType - must not be null.
      Returns:
      the data.
      Throws:
      SecretNotFoundException - if the path does not exist.
      Since:
      4.0

    • list

      @Nullable List<String> list(String path)
      Enumerate keys from a Vault path.
      Parameters:
      path - must not be null.
      Returns:
      the data. May be null if the path does not exist.

    • write

      default @Nullable VaultResponse write(String path)
      Write (POST) to a Vault path.
      Parameters:
      path - must not be null.
      Returns:
      the response, may be null.
      Since:
      2.0

    • write

      @Nullable VaultResponse write(String path, @Nullable Object body)
      Write (POST) to a Vault path.
      Parameters:
      path - must not be null.
      body - the body, may be null if absent.
      Returns:
      the response, may be null.

    • invoke

      default VaultResponse invoke(String path, @Nullable Object body)
      Invoke an operation on a Vault path, typically a POST request along with an optional request body expecing a response.
      Parameters:
      path - must not be null.
      body - the body, may be null if absent.
      Returns:
      the response.
      Throws:
      IllegalStateException - if the operation returns without returning a response.
      Since:
      4.0

    • delete

      void delete(String path)
      Delete a path.
      Parameters:
      path - must not be null.

    • doWithVault

      <T extends @Nullable Object> T doWithVault(RestOperationsCallback<T> clientCallback) throws VaultException, RestClientException
      Executes a Vault RestOperationsCallback. Allows to interact with Vault using RestOperations without requiring a session.
      Parameters:
      clientCallback - the request.
      Returns:
      the RestOperationsCallback return value.
      Throws:
      VaultException - when a HttpStatusCodeException occurs.
      RestClientException - exceptions from RestOperations.

    • doWithSession

      <T extends @Nullable Object> T doWithSession(RestOperationsCallback<T> sessionCallback) throws VaultException, RestClientException
      Executes a Vault RestOperationsCallback. Allows to interact with Vault in an authenticated session.
      Parameters:
      sessionCallback - the request.
      Returns:
      the RestOperationsCallback return value.
      Throws:
      VaultException - when a HttpStatusCodeException occurs.
      RestClientException - exceptions from RestOperations.