Package org.springframework.vault.core

Interface VaultOperations

All Known Implementing Classes:
VaultTemplate
public interface VaultOperations
Interface that specifies a basic set of Vault operations, implemented by VaultTemplate. This is the main entry point to interact with Vault in an authenticated and unauthenticated context.

VaultOperations allows execution of callback methods. Callbacks can execute requests within a session context and the without a session.

Paths used in this interface (and interfaces accessible from here) are considered relative to the VaultEndpoint. Paths that are fully-qualified URI's can be used to access Vault cluster members in an authenticated context. To prevent unwanted full URI access, make sure to sanitize paths before passing them to this interface.

Author:
Mark Paluch, Lauren Voswinkel
See Also:

  • Method Details

    • opsForKeyValue

      VaultKeyValueOperations opsForKeyValue(String path, VaultKeyValueOperationsSupport.KeyValueBackend apiVersion)
      Return VaultKeyValueOperations.
      Parameters:
      path - the mount path, must not be empty or null.
      apiVersion - API version to use, must not be null.
      Returns:
      the operations interface to interact with the Vault Key/Value secrets engine.
      Since:
      2.1

    • opsForVersionedKeyValue

      VaultVersionedKeyValueOperations opsForVersionedKeyValue(String path)
      Return VaultVersionedKeyValueOperations.
      Parameters:
      path - the mount path
      Returns:
      the operations interface to interact with the versioned Vault Key/Value (version 2) secrets engine.
      Since:
      2.1

    • opsForPki

      VaultPkiOperations opsForPki()
      Returns:
      the operations interface to interact with the Vault PKI secrets engine.

    • opsForPki

      VaultPkiOperations opsForPki(String path)
      Return VaultPkiOperations if the PKI secrets engine is mounted on a different path than pki.
      Parameters:
      path - the mount path
      Returns:
      the operations interface to interact with the Vault PKI secrets engine.

    • opsForSys

      VaultSysOperations opsForSys()
      Returns:
      the operations interface administrative Vault access.

    • opsForToken

      VaultTokenOperations opsForToken()
      Returns:
      the operations interface to interact with Vault token.

    • opsForTransform

      VaultTransformOperations opsForTransform()
      Returns:
      the operations interface to interact with the Vault transform secrets engine.
      Since:
      2.3

    • opsForTransform

      VaultTransformOperations opsForTransform(String path)
      Return VaultTransformOperations if the transit secrets engine is mounted on a different path than transform.
      Parameters:
      path - the mount path
      Returns:
      the operations interface to interact with the Vault transform secrets engine.
      Since:
      2.3

    • opsForTransit

      VaultTransitOperations opsForTransit()
      Returns:
      the operations interface to interact with the Vault transit secrets engine.

    • opsForTransit

      VaultTransitOperations opsForTransit(String path)
      Return VaultTransitOperations if the transit secrets engine is mounted on a different path than transit.
      Parameters:
      path - the mount path
      Returns:
      the operations interface to interact with the Vault transit secrets engine.

    • opsForWrapping

      VaultWrappingOperations opsForWrapping()
      Returns:
      the operations interface to interact with the Vault system/wrapping endpoints.
      Since:
      2.1

    • read

      @Nullable VaultResponse read(String path)
      Read (GET) from a Vault path. Reading data using this method is suitable for API calls/secrets engines that do not require a request body.
      Parameters:
      path - must not be null.
      Returns:
      the data. May be null if the path does not exist.

    • readRequired

      default VaultResponse readRequired(String path) throws SecretNotFoundException
      Read (GET) from a Vault path. Reading data using this method is suitable for API calls/secrets engines that do not require a request body.
      Parameters:
      path - must not be null.
      Returns:
      the data.
      Throws:
      SecretNotFoundException - if the path does not exist.
      Since:
      4.0

    • read

      <T extends @Nullable Object> VaultResponseSupport<T> read(String path, Class<T> responseType)
      Read (GET) from a secrets engine. Reading data using this method is suitable for secrets engines that do not require a request body.
      Parameters:
      path - must not be null.
      responseType - must not be null.
      Returns:
      the data. May be null if the path does not exist.

    • readRequired

      default <T> VaultResponseSupport<T> readRequired(String path, Class<T> responseType)
      Read (GET) from a secrets engine. Reading data using this method is suitable for secrets engines that do not require a request body.
      Parameters:
      path - must not be null.
      responseType - must not be null.
      Returns:
      the data.
      Throws:
      SecretNotFoundException - if the path does not exist.
      Since:
      4.0

    • list

      @Nullable List<String> list(String path)
      Enumerate keys from a Vault path.
      Parameters:
      path - must not be null.
      Returns:
      the data. May be null if the path does not exist.

    • write

      default @Nullable VaultResponse write(String path)
      Write (POST) to a Vault path.
      Parameters:
      path - must not be null.
      Returns:
      the response, may be null.
      Since:
      2.0

    • write

      @Nullable VaultResponse write(String path, @Nullable Object body)
      Write (POST) to a Vault path.
      Parameters:
      path - must not be null.
      body - the body, may be null if absent.
      Returns:
      the response, may be null.

    • invoke

      default VaultResponse invoke(String path, @Nullable Object body)
      Invoke an operation on a Vault path, typically a POST request along with an optional request body expecting a response.
      Parameters:
      path - must not be null.
      body - the body, may be null if absent.
      Returns:
      the response.
      Throws:
      IllegalStateException - if the operation returns without returning a response.
      Since:
      4.0

    • delete

      void delete(String path)
      Delete a path.
      Parameters:
      path - must not be null.

    • doWithVault

      <T extends @Nullable Object> T doWithVault(RestOperationsCallback<T> clientCallback) throws VaultException, RestClientException
      Executes a Vault RestOperationsCallback. Allows to interact with Vault using RestOperations without requiring a session.
      Parameters:
      clientCallback - the request.
      Returns:
      the RestOperationsCallback return value.
      Throws:
      VaultException - when a HttpStatusCodeException occurs.
      RestClientException - exceptions from RestOperations.

    • doWithSession

      <T extends @Nullable Object> T doWithSession(RestOperationsCallback<T> sessionCallback) throws VaultException, RestClientException
      Executes a Vault RestOperationsCallback. Allows to interact with Vault in an authenticated session.
      Parameters:
      sessionCallback - the request.
      Returns:
      the RestOperationsCallback return value.
      Throws:
      VaultException - when a HttpStatusCodeException occurs.
      RestClientException - exceptions from RestOperations.