FilesPlainTextVaultProvider (Keycloak Docs Distribution 14.0.0 API)

Skip navigation links

Keycloak Docs Distribution 14.0.0

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.keycloak.vault.AbstractVaultProvider
- - org.keycloak.vault.FilesPlainTextVaultProvider

All Implemented Interfaces:

Provider, VaultProvider
```
public class FilesPlainTextVaultProvider
extends AbstractVaultProvider
```
A text-based vault provider, which stores each secret in a separate file. The file name needs to match a vault secret id (or a key for short) and follows the format provided by the configured VaultKeyResolver. A typical vault directory layout looks like this:
```
     ${VAULT}/realma__key1 (contains secret for key 1)
     ${VAULT}/realma__key2 (contains secret for key 2)
     etc...
 
```
Note, that in this case each key is prefixed by realm name. This particular kind of layout is used by Kubernetes by default (when mounting a volume into the pod) and can be used by selecting the REALM_UNDERSCORE_KEY resolver (which is the default resolver when none is defined). Other layouts are available through different resolvers. See https://kubernetes.io/docs/concepts/configuration/secret/ See https://github.com/keycloak/keycloak-community/blob/master/design/secure-credentials-store.md#plain-text-file-per-secret-kubernetes--openshift
Author:

Sebastian Łaskawiec

Field Summary
- Fields inherited from class org.keycloak.vault.AbstractVaultProvider
  realm, resolvers

Constructor Summary

Constructors
Constructor and Description
`FilesPlainTextVaultProvider(Path path, String realmName, List<VaultKeyResolver> resolvers)` Creates a new `FilesPlainTextVaultProvider`.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`close()`
`protected VaultRawSecret`	`obtainSecretInternal(String vaultSecretId)` Subclasses of `AbstractVaultProvider` must implement this method.

Methods inherited from class org.keycloak.vault.AbstractVaultProvider
obtainSecret

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - FilesPlainTextVaultProvider
```
public FilesPlainTextVaultProvider(Path path,
                                   String realmName,
                                   List<VaultKeyResolver> resolvers)
```
    Creates a new FilesPlainTextVaultProvider.
    
    Parameters:
    
    path - A path to a vault. Can not be null.
    
    realmName - A realm name. Can not be null.
- Method Detail
  - obtainSecretInternal
```
protected VaultRawSecret obtainSecretInternal(String vaultSecretId)
```
    Description copied from class: AbstractVaultProvider
    
    Subclasses of AbstractVaultProvider must implement this method. It is meant to be implemented in the same way as the AbstractVaultProvider.obtainSecret(String) method from the VaultProvider interface, but the specified vault key must be used as is - i.e. implementations should refrain from processing the key again as the format was already defined by one of the configured key resolvers.
    
    Specified by:
    
    obtainSecretInternal in class AbstractVaultProvider
    
    Parameters:
    
    vaultSecretId - a String representing the name of the entry that is being fetched from the vault.
    
    Returns:
    
    a VaultRawSecret representing the obtained secret. It can be a empty secret if no secret could be obtained using the specified vault key.
  - close
```
public void close()
```

Skip navigation links

Keycloak Docs Distribution 14.0.0

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2021 JBoss by Red Hat. All rights reserved.