public abstract class AbstractVaultProvider extends Object implements VaultProvider
VaultProviderthat want to have support for key resolvers. This class implements the
obtainSecret(String)method by iterating through the configured resolvers in order and, using the final key name provided by each resolver, calls the
obtainSecretInternal(String)method that must be implemented by sub-classes. If
obtainSecretInternal(String)returns a non-empty secret, it is immediately returned; otherwise the implementation tries again using the next configured resolver until a non-empty secret is obtained or all resolvers have been tried, in which case an empty
VaultRawSecretis returned. Concrete implementations must, in addition to implementing the
obtainSecretInternal(String)method, ensure that each constructor calls the
AbstractVaultProvider(String, List)constructor from this class so that the realm and list of key resolvers are properly initialized.
|Modifier and Type||Field and Description|
|Constructor and Description|
Creates an instance of
|Modifier and Type||Method and Description|
Retrieves a secret from vault.
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
protected final String realm
public AbstractVaultProvider(String realm, List<VaultKeyResolver> configuredResolvers)
AbstractVaultProviderwith the specified realm and list of key resolvers.
realm- the name of the keycloak realm.
Listcontaining the configured key resolvers.
public VaultRawSecret obtainSecret(String vaultSecretId)
VaultRawSecret.get(). This method is intended to be used within a try-with-resources block so that the secret is destroyed immediately after use. Note that it is responsibility of the implementor to provide a way to destroy the secret in the returned
vaultSecretId- Identifier of the secret. It corresponds to the value entered by user in the respective configuration, which in turn is obtained from the vault when storing the secret.
nullvalue with the raw secret. Within the returned value, the secret or
nullis stored in the
VaultRawSecret.get()return value if the secret was successfully resolved, or an empty
Optionalif the secret has not been found in the vault.
protected abstract VaultRawSecret obtainSecretInternal(String vaultKey)
AbstractVaultProvidermust implement this method. It is meant to be implemented in the same way as the
obtainSecret(String)method from the
VaultProviderinterface, but the specified vault key must be used as is - i.e. implementations should refrain from processing the key again as the format was already defined by one of the configured key resolvers.
Copyright © 2020 JBoss by Red Hat. All rights reserved.