Package org.springframework.vault.core.lease

Class ManagedSecret

java.lang.Object
org.springframework.vault.core.lease.ManagedSecret
All Implemented Interfaces:
SecretRegistrar
public class ManagedSecret extends Object implements SecretRegistrar
Value object to simplify management of a secret obtained from Vault using functional callbacks. A managed secret registers with SecretsRegistry and subscribes to lease events, typically used for secrets that can be rotated and propagation to a consumer.

The SecretsAccessor interface provides typed access to secrets and extension points to simplify access to well-known secret structures such as username/password pairs, for example: 

 ManagedSecret managed = ManagedSecret.rotating("databases/creds/mysql", secrets -> {
   secrets.as(UsernamePassword::from).applyTo((username, password) -> {
     connectionPool.setUsername(username);
     connectionPool.setPassword(password);
   });
 });

A ManagedSecret object is activated through registration with a running SecretsRegistry and can be subject to container lifecycle management.

Since:
4.1
Author:
Mark Paluch
See Also:

  • Method Details

    • rotating

      public static ManagedSecret rotating(String path, Consumer<ManagedSecret.SecretAccessor> secretsConsumer)
      Create a rotating ManagedSecret at path. The secretsConsumer is invoked with the new secrets are obtained from Vault upon initial request and each time the secret is rotated.
      Parameters:
      path - secret path.
      secretsConsumer - consumer for secrets access.
      Returns:
      the managed secret object.

    • rotating

      public static ManagedSecret rotating(String path, Consumer<ManagedSecret.SecretAccessor> secretsConsumer, Consumer<Throwable> errorConsumer)
      Create a rotating ManagedSecret at path. The secretsConsumer is invoked with the new secrets are obtained from Vault upon initial request and each time the secret is rotated.
      Parameters:
      path - secret path.
      secretsConsumer - consumer for secrets access.
      errorConsumer - consumer for errors.
      Returns:
      the managed secret object.

    • from

      public static ManagedSecret from(RequestedSecret secret, Consumer<ManagedSecret.SecretAccessor> secretsConsumer, Consumer<Throwable> errorConsumer)
      Create a ManagedSecret from RequestedSecret. The secretsConsumer is invoked with the new secrets are obtained from Vault upon initial request and each time the secret is rotated.
      Parameters:
      secret - the requested secret.
      secretsConsumer - consumer for secrets access.
      errorConsumer - consumer for errors.
      Returns:
      the managed secret object.

    • registerSecret

      public void registerSecret(SecretsRegistry registry)
      Description copied from interface: SecretRegistrar
      Callback method for registering this registrar with an SecretsRegistry.
      Specified by:
      registerSecret in interface SecretRegistrar
      Parameters:
      registry - the registry that accepts RequestedSecrets.

    • toString

      public String toString()
      Overrides:
      toString in class Object