Class SecretLeaseContainer

java.lang.Object
org.springframework.vault.core.lease.SecretLeaseEventPublisher
org.springframework.vault.core.lease.SecretLeaseContainer
All Implemented Interfaces:
DisposableBean, InitializingBean, Lifecycle, Phased, SmartLifecycle

public class SecretLeaseContainer extends SecretLeaseEventPublisher implements InitializingBean, DisposableBean, SmartLifecycle
Event-based container to request secrets from Vault and renew the associated Lease. Secrets can be rotated, depending on the requested RequestedSecret.getMode(). Usage example:
 
 SecretLeaseContainer container = new SecretLeaseContainer(vaultOperations,
                taskScheduler);
 RequestedSecret requestedSecret = container
                .requestRotatingSecret("mysql/creds/my-role");
 container.addLeaseListener(new LeaseListenerAdapter() {
        @Override
        public void onLeaseEvent(SecretLeaseEvent secretLeaseEvent) {
                if (requestedSecret == secretLeaseEvent.getSource()) {
                        if (secretLeaseEvent instanceof SecretLeaseCreatedEvent) {
            }
                        if (secretLeaseEvent instanceof SecretLeaseExpiredEvent) {
            }
        }
    }
 });
 container.afterPropertiesSet();
 container.start(); // events are triggered after starting the container
  

This container keeps track over RequestedSecrets and requests secrets upon start(). Leases qualified for renewal are renewed by this container applying minRenewalSeconds/expiryThresholdSeconds on a background thread.

Requests for secrets can define either renewal or rotation. The container renews leases until expiry. Rotating secrets renew their associated lease until expiry and request new secrets after expiry. Vault requires active interaction from a caller side to determine a secret is expired. Vault does not send any events. Expired secrets events can dispatch later than the actual expiry.

The container dispatches lease events to LeaseListener and LeaseErrorListener. Event notifications are dispatched either on the starting Thread or worker threads used for background renewal.

Instances are thread-safe once initialized.

Author:
Mark Paluch, Steven Swor, Erik Lindblom
See Also: