Interface ClientAuthentication
- All Known Implementing Classes:
AppRoleAuthentication,AuthenticationStepsExecutor,AwsEc2Authentication,AwsIamAuthentication,AzureMsiAuthentication,ClientCertificateAuthentication,CubbyholeAuthentication,GcpComputeAuthentication,GcpIamCredentialsAuthentication,GitHubAuthentication,JwtAuthentication,KubernetesAuthentication,LoginTokenAdapter,PcfAuthentication,TokenAuthentication,UsernamePasswordAuthentication
- Functional Interface:
- This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
Strategy interface representing an authentication mechanism to obtain a
VaultToken for authenticated Vault access.
Implementations typically use authentication methods (e.g., AppRole, AWS)
to obtain a token from Vault by providing authentication-specific credential.
The returned token may be renewable or non-renewable. Implementations can
return a LoginToken to provide additional metadata such as accessor,
renewability, and time-to-live for session management purposes. Token
rotation (after token expiry or reaching the max time to live) uses the same
ClientAuthentication to obtain a new token.
Authentication mechanisms may additionally implement
AuthenticationStepsFactory to expose authentication steps for
reactive/non-blocking usage.
- Since:
- 1.0
- Author:
- Mark Paluch
- See Also:
-
Method Summary
-
Method Details
-
login
Obtain aVaultTokenfor authenticated Vault access.This method may perform an authentication request to Vault or return a cached or pre-configured token.
- Returns:
- the Vault token for subsequent authenticated requests
- Throws:
VaultLoginException- if authentication fails.VaultException- See Also:
-