Module iu.util.client
Package edu.iu.client

Interface IuVault

public interface IuVault
Provides access to a HashiCorp Vault K/V secrets engine.

Properties for use with RUNTIME or of(Properties, Function) are listed below.

iu.vault.secrets (IU_VAULT_SECRETS)
Comma-separated list of secrets to read from the Vault K/V store
iu.vault.endpoint (IU_VAULT_ENDPOINT)
Base URL for a Vault K/V V2 engine API
iu.vault.token (IU_VAULT_TOKEN)
Access token for use with Vault, i.e., in development. If not set, iu.vault.loginEndpoint, iu.vault.roleId, and iu.vault.secretId must be provided, i.e., for use by a CI/CD environment. If iu.vault.token is set, the approle properties will be ignored.
iu.vault.loginEndpoint (IU_VAULT_LOGIN_ENDPOINT)
URL for the Vault approle login endpoint, for use when iu.vault.token is not set.
iu.vault.roleId (IU_VAULT_ROLE_ID)
Vault approle Role ID, for use when iu.vault.token is not set.
iu.vault.secretId (IU_VAULT_SECRET_ID)
Vault approle Secret ID, for use when iu.vault.token is not set.
iu.vault.cacheTtl (IU_VAULT_CACHE_TTL)
Secrets cache time to live; by default, secrets are not cached.

  • Field Details

    • RUNTIME

      static final IuVault RUNTIME
      Singleton instance configured at class initialization time.

      Expects system properties (or System.getenv(String)) variables if missing.

      Will be null if vault.secrets is not populated.

      iu.vault.secrets (IU_VAULT_SECRETS)
      Comma-separated list of secrets to read from the Vault K/V store
      iu.vault.endpoint (IU_VAULT_ENDPOINT)
      Base URL for a Vault K/V store
      iu.vault.token (IU_VAULT_TOKEN)
      Access token for use with Vault, i.e., in development. If not set, vault.loginEndpoint, vault.roleId, and vault.secretId must be provided, i.e., for use by a CI/CD environment. If vault.token is set, the approle properties will be ignored.
      iu.vault.loginEndpoint (IU_VAULT_LOGIN_ENDPOINT)
      URL for the Vault approle login endpoint, for use when vault.token is not set.
      iu.vault.roleId (IU_VAULT_ROLE_ID)
      Vault approle Role ID, for use when vault.token is not set.
      iu.vault.secretId (IU_VAULT_SECRET_ID)
      Vault approle Secret ID, for use when vault.token is not set.

      If the system property vault.token or environment variable VAULT_TOKEN are populated, then approle properties will be skipped

  • Method Details

    • isConfigured

      static boolean isConfigured()
      Determines whether or not the RUNTIME Vault is configured.

      May be used to selectively disable unit tests. For example: 

       @EnabledIf("edu.iu.client.IuVault#isConfigured")
      Returns:
      true if Vault is configured; else false

    • of

      static IuVault of(Properties properties, Function<Type,IuJsonAdapter<?>> valueAdapter)
      Gets an IuVault instance for a specific application scenario.
      Parameters:
      properties - Properties
      valueAdapter - IuJsonAdapter type mapping function
      Returns:
      IuVault

    • list

      Iterable<IuVaultKeyedValue<?>> list()
      Lists all available property names.
      Returns:
      property names

    • get

      IuVaultKeyedValue<String> get(String name)
      Reads a property value.
      Parameters:
      name - property name
      Returns:
      property value

    • get

      <T> IuVaultKeyedValue<T> get(String name, Class<T> type)
      Reads a property value.
      Type Parameters:
      T - value type
      Parameters:
      name - property name
      type - value class
      Returns:
      property value

    • getSecret

      IuVaultSecret getSecret(String secret)
      Gets a full K/V secret.
      Parameters:
      secret - secret name
      Returns:
      JsonObject