Package org.springframework.vault.core
Class VaultTemplate
java.lang.Object
org.springframework.vault.core.VaultTemplate
- All Implemented Interfaces:
DisposableBean,InitializingBean,VaultOperations
public class VaultTemplate
extends Object
implements InitializingBean, VaultOperations, DisposableBean
This class encapsulates main Vault interaction.
VaultTemplate will log into
Vault on initialization and use the token throughout the whole lifetime. This is the
main entry point to interact with Vault in an authenticated and unauthenticated
context.
VaultTemplate allows execution of callback methods. Callbacks can execute
requests within a session context and
the without a session.
Paths used in this interface (and interfaces accessible from here) are considered
relative to the VaultEndpoint. Paths that are fully-qualified URI's can be used
to access Vault cluster members in an authenticated context. To prevent unwanted full
URI access, make sure to sanitize paths before passing them to this interface.
- Author:
- Mark Paluch
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionVaultTemplate(RestClientBuilder restClientBuilder) Create a newVaultTemplatethrough aRestClientBuilder.VaultTemplate(RestClientBuilder restClientBuilder, SessionManager sessionManager) VaultTemplate(RestTemplateBuilder restTemplateBuilder) Create a newVaultTemplatethrough aRestTemplateBuilder.VaultTemplate(RestTemplateBuilder restTemplateBuilder, SessionManager sessionManager) VaultTemplate(VaultEndpoint vaultEndpoint) Create a newVaultTemplatewith aVaultEndpoint.VaultTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create a newVaultTemplatewith aVaultEndpointProvider,ClientHttpRequestFactoryandSessionManager.VaultTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory, SessionManager sessionManager) Create a newVaultTemplatewith aVaultEndpointProvider,ClientHttpRequestFactoryandSessionManager.VaultTemplate(VaultEndpoint vaultEndpoint, ClientHttpRequestFactory clientHttpRequestFactory) VaultTemplate(VaultEndpoint vaultEndpoint, ClientHttpRequestFactory clientHttpRequestFactory, SessionManager sessionManager) VaultTemplate(VaultEndpoint vaultEndpoint, ClientAuthentication clientAuthentication) -
Method Summary
Modifier and TypeMethodDescriptionvoidvoidDelete a path.voiddestroy()protected RestClientdoCreateRestClient(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create aRestClientto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactory.protected RestTemplatedoCreateRestTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create aRestTemplateto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactory.protected RestClientdoCreateSessionClient(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create a session-boundRestClientto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactoryfor calls that require an authenticated context.protected RestTemplatedoCreateSessionTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create a session-boundRestTemplateto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactoryfor calls that require an authenticated context.<T extends @Nullable Object>
TdoWithSession(RestOperationsCallback<T> sessionCallback) Executes a VaultRestOperationsCallback.<T extends @Nullable Object>
TdoWithVault(RestOperationsCallback<T> clientCallback) Executes a VaultRestOperationsCallback.Enumerate keys from a Vault path.opsForKeyValue(String path, VaultKeyValueOperationsSupport.KeyValueBackend apiVersion) ReturnVaultKeyValueOperations.ReturnVaultPkiOperationsif the PKI backend is mounted on a different path thanpki.opsForTransform(String path) ReturnVaultTransformOperationsif the transit backend is mounted on a different path thantransform.opsForTransit(String path) ReturnVaultTransitOperationsif the transit backend is mounted on a different path thantransit.ReturnVaultVersionedKeyValueOperations.@Nullable VaultResponseRead (GET)from a Vault path.<T> @Nullable VaultResponseSupport<T>Read (GET)from a secret backend.voidsetSessionManager(SessionManager sessionManager) Set theSessionManager.@Nullable VaultResponseWrite (POST)to a Vault path.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.vault.core.VaultOperations
invoke, readRequired, readRequired, write
-
Constructor Details
-
VaultTemplate
Create a newVaultTemplatewith aVaultEndpoint. This constructor does not use aClientAuthenticationmechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using theauthentication token header.- Parameters:
vaultEndpoint- must not be null.- Since:
- 2.2.1
-
VaultTemplate
- Parameters:
vaultEndpoint- must not be null.clientAuthentication- must not be null.
-
VaultTemplate
public VaultTemplate(VaultEndpoint vaultEndpoint, ClientHttpRequestFactory clientHttpRequestFactory) Create a newVaultTemplatewith aVaultEndpoint, andClientHttpRequestFactory. This constructor does not use aClientAuthenticationmechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using theauthentication token header.- Parameters:
vaultEndpoint- must not be null.clientHttpRequestFactory- must not be null.- Since:
- 2.2.1
-
VaultTemplate
public VaultTemplate(VaultEndpoint vaultEndpoint, ClientHttpRequestFactory clientHttpRequestFactory, SessionManager sessionManager) - Parameters:
vaultEndpoint- must not be null.clientHttpRequestFactory- must not be null.sessionManager- must not be null.
-
VaultTemplate
public VaultTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create a newVaultTemplatewith aVaultEndpointProvider,ClientHttpRequestFactoryandSessionManager. This constructor does not use aClientAuthenticationmechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using theauthentication token header.- Parameters:
endpointProvider- must not be null.requestFactory- must not be null.- Since:
- 2.2.1
-
VaultTemplate
public VaultTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory, SessionManager sessionManager) Create a newVaultTemplatewith aVaultEndpointProvider,ClientHttpRequestFactoryandSessionManager.- Parameters:
endpointProvider- must not be null.requestFactory- must not be null.sessionManager- must not be null.- Since:
- 1.1
-
VaultTemplate
Create a newVaultTemplatethrough aRestTemplateBuilder. This constructor does not use aClientAuthenticationmechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using theauthentication token header.- Parameters:
restTemplateBuilder- must not be null.- Since:
- 2.2.1
-
VaultTemplate
Create a newVaultTemplatethrough aRestClientBuilder. This constructor does not use aClientAuthenticationmechanism. It is intended for usage with Vault Agent to inherit Vault Agent's authentication without using theauthentication token header.- Parameters:
restClientBuilder- must not be null.- Since:
- 4.0
-
VaultTemplate
- Parameters:
restTemplateBuilder- must not be null.sessionManager- must not be null.- Since:
- 2.2
-
VaultTemplate
- Parameters:
restClientBuilder- must not be null.sessionManager- must not be null.- Since:
- 4.0
-
-
Method Details
-
doCreateRestTemplate
protected RestTemplate doCreateRestTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create aRestTemplateto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactory.VaultEndpointProvideris used to contribute host and port details for relative URLs typically used by the Template API. Subclasses may override this method to customize theRestTemplate.- Parameters:
endpointProvider- must not be null.requestFactory- must not be null.- Returns:
- the
RestTemplateused for Vault communication. - Since:
- 2.1
-
doCreateRestClient
protected RestClient doCreateRestClient(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create aRestClientto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactory.VaultEndpointProvideris used to contribute host and port details for relative URLs typically used by the client API. Subclasses may override this method to customize theRestClient.- Parameters:
endpointProvider- must not be null.requestFactory- must not be null.- Returns:
- the
RestClientused for Vault communication. - Since:
- 4.0
-
doCreateSessionTemplate
protected RestTemplate doCreateSessionTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create a session-boundRestTemplateto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactoryfor calls that require an authenticated context.VaultEndpointProvideris used to contribute host and port details for relative URLs typically used by the Template API. Subclasses may override this method to customize theRestTemplate.- Parameters:
endpointProvider- must not be null.requestFactory- must not be null.- Returns:
- the
RestTemplateused for Vault communication. - Since:
- 2.1
-
doCreateSessionClient
protected RestClient doCreateSessionClient(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory) Create a session-boundRestClientto be used byVaultTemplatefor Vault communication givenVaultEndpointProviderandClientHttpRequestFactoryfor calls that require an authenticated context.VaultEndpointProvideris used to contribute host and port details for relative URLs typically used by the Template API. Subclasses may override this method to customize theRestClient.- Parameters:
endpointProvider- must not be null.requestFactory- must not be null.- Returns:
- the
RestClientused for Vault communication. - Since:
- 4.0
-
setSessionManager
Set theSessionManager.- Parameters:
sessionManager- must not be null.
-
afterPropertiesSet
public void afterPropertiesSet()- Specified by:
afterPropertiesSetin interfaceInitializingBean
-
destroy
- Specified by:
destroyin interfaceDisposableBean- Throws:
Exception
-
opsForKeyValue
public VaultKeyValueOperations opsForKeyValue(String path, VaultKeyValueOperationsSupport.KeyValueBackend apiVersion) Description copied from interface:VaultOperationsReturnVaultKeyValueOperations.- Specified by:
opsForKeyValuein interfaceVaultOperations- Parameters:
path- the mount path, must not be empty or null.apiVersion- API version to use, must not be null.- Returns:
- the operations interface to interact with the Vault Key/Value backend.
-
opsForVersionedKeyValue
Description copied from interface:VaultOperationsReturnVaultVersionedKeyValueOperations.- Specified by:
opsForVersionedKeyValuein interfaceVaultOperations- Parameters:
path- the mount path- Returns:
- the operations interface to interact with the versioned Vault Key/Value (version 2) backend.
-
opsForPki
- Specified by:
opsForPkiin interfaceVaultOperations- Returns:
- the operations interface to interact with the Vault PKI backend.
-
opsForPki
Description copied from interface:VaultOperationsReturnVaultPkiOperationsif the PKI backend is mounted on a different path thanpki.- Specified by:
opsForPkiin interfaceVaultOperations- Parameters:
path- the mount path- Returns:
- the operations interface to interact with the Vault PKI backend.
-
opsForSys
- Specified by:
opsForSysin interfaceVaultOperations- Returns:
- the operations interface administrative Vault access.
-
opsForToken
- Specified by:
opsForTokenin interfaceVaultOperations- Returns:
- the operations interface to interact with Vault token.
-
opsForTransform
- Specified by:
opsForTransformin interfaceVaultOperations- Returns:
- the operations interface to interact with the Vault transform backend.
-
opsForTransform
Description copied from interface:VaultOperationsReturnVaultTransformOperationsif the transit backend is mounted on a different path thantransform.- Specified by:
opsForTransformin interfaceVaultOperations- Parameters:
path- the mount path- Returns:
- the operations interface to interact with the Vault transform backend.
-
opsForTransit
- Specified by:
opsForTransitin interfaceVaultOperations- Returns:
- the operations interface to interact with the Vault transit backend.
-
opsForTransit
Description copied from interface:VaultOperationsReturnVaultTransitOperationsif the transit backend is mounted on a different path thantransit.- Specified by:
opsForTransitin interfaceVaultOperations- Parameters:
path- the mount path- Returns:
- the operations interface to interact with the Vault transit backend.
-
opsForWrapping
- Specified by:
opsForWrappingin interfaceVaultOperations- Returns:
- the operations interface to interact with the Vault system/wrapping endpoints.
-
read
Description copied from interface:VaultOperationsRead (GET)from a Vault path. Reading data using this method is suitable for API calls/secret backends that do not require a request body.- Specified by:
readin interfaceVaultOperations- Parameters:
path- must not be null.- Returns:
- the data. May be null if the path does not exist.
-
read
Description copied from interface:VaultOperationsRead (GET)from a secret backend. Reading data using this method is suitable for secret backends that do not require a request body.- Specified by:
readin interfaceVaultOperations- Parameters:
path- must not be null.responseType- must not be null.- Returns:
- the data. May be null if the path does not exist.
-
list
Description copied from interface:VaultOperationsEnumerate keys from a Vault path.- Specified by:
listin interfaceVaultOperations- Parameters:
path- must not be null.- Returns:
- the data. May be null if the path does not exist.
-
write
Description copied from interface:VaultOperationsWrite (POST)to a Vault path.- Specified by:
writein interfaceVaultOperations- Parameters:
path- must not be null.body- the body, may be null if absent.- Returns:
- the response, may be null.
-
delete
Description copied from interface:VaultOperationsDelete a path.- Specified by:
deletein interfaceVaultOperations- Parameters:
path- must not be null.
-
doWithVault
Description copied from interface:VaultOperationsExecutes a VaultRestOperationsCallback. Allows to interact with Vault usingRestOperationswithout requiring a session.- Specified by:
doWithVaultin interfaceVaultOperations- Parameters:
clientCallback- the request.- Returns:
- the
RestOperationsCallbackreturn value.
-
doWithSession
Description copied from interface:VaultOperationsExecutes a VaultRestOperationsCallback. Allows to interact with Vault in an authenticated session.- Specified by:
doWithSessionin interfaceVaultOperations- Parameters:
sessionCallback- the request.- Returns:
- the
RestOperationsCallbackreturn value.
-