public class VaultConfig
extends java.lang.Object
A container for the configuration settings needed to initialize a Vault
driver instance.
There are two ways to create and setup a VaultConfig
instance. The full-featured approach
uses a builder pattern, calling setter methods for each value and then terminating with a call to build()
:
final VaultConfig config = new VaultConfig() .address("http://127.0.0.1:8200") .token("eace6676-4d78-c687-4e54-03cad00e3abf") .sslVerify(true) .timeout(30) .build();
If the only values that you need to set are address
and token
, then as a
shortcut there is also a constructor method taking those two values:
final VaultConfig config = new VaultConfig("http://127.0.0.1:8200", "eace6676-4d78-c687-4e54-03cad00e3abf");
Note that when using the shorthand convenience constructor, you should NOT set additional properties on the same instance afterward.
Modifier | Constructor and Description |
---|---|
|
VaultConfig()
Default constructor.
|
|
VaultConfig(java.lang.String address)
A convenience constructor, for quickly creating a
VaultConfig instance with its
address field populated. |
|
VaultConfig(java.lang.String address,
java.lang.String token)
A convenience constructor, for quickly creating a
VaultConfig instance with its
address and token fields populated. |
protected |
VaultConfig(java.lang.String address,
java.lang.String token,
com.bettercloud.vault.VaultConfig.EnvironmentLoader environmentLoader)
An overloaded version of the normal convenience constructor, used by unit tests to inject a mock environment
variable loader and validate that loading logic.
|
protected |
VaultConfig(java.lang.String address,
com.bettercloud.vault.VaultConfig.EnvironmentLoader environmentLoader)
An overloaded version of the normal convenience constructor, used by unit tests to inject a mock environment
variable loader and validate that loading logic.
|
Modifier and Type | Method and Description |
---|---|
VaultConfig |
address(java.lang.String address)
Sets the address (URL) of the Vault server instance to which API calls should be sent.
|
VaultConfig |
build()
This is the terminating method in the builder pattern.
|
java.lang.String |
getAddress() |
int |
getMaxRetries() |
java.lang.Integer |
getOpenTimeout() |
java.lang.Integer |
getReadTimeout() |
int |
getRetryIntervalMilliseconds() |
java.lang.String |
getSslPemUTF8() |
java.lang.String |
getToken() |
java.lang.Boolean |
isSslVerify() |
VaultConfig |
openTimeout(java.lang.Integer openTimeout)
The number of seconds to wait before giving up on establishing an HTTP(S) connection to the Vault server.
|
VaultConfig |
readTimeout(java.lang.Integer readTimeout)
After an HTTP(S) connection has already been established, this is the number of seconds to wait for all
data to finish downloading.
|
protected void |
setMaxRetries(int maxRetries)
Sets the maximum number of times that an API operation will retry upon failure.
|
protected void |
setRetryIntervalMilliseconds(int retryIntervalMilliseconds)
Sets the period of time (in milliseconds) that the driver will wait in between retry attempts for a
failing API operation.
|
VaultConfig |
sslPemFile(java.io.File sslPemFile)
An X.509 certificate, to use when communicating with Vault over HTTPS.
|
VaultConfig |
sslPemResource(java.lang.String classpathResource)
An X.509 certificate, to use when communicating with Vault over HTTPS.
|
VaultConfig |
sslPemUTF8(java.lang.String sslPemUTF8)
An X.509 certificate, to use when communicating with Vault over HTTPS.
|
VaultConfig |
sslVerify(java.lang.Boolean sslVerify)
Whether or not HTTPS connections to the Vault server should verify that a valid SSL certificate is being
used.
|
VaultConfig |
token(java.lang.String token)
Sets the token used to access Vault.
|
public VaultConfig()
Default constructor. Should be used in conjunction with the builder pattern, calling additional
property setter methods and ultimately finishing with a call to build()
.
Note that when using this builder pattern approach, you must either set address
and token
explicitly, or else have them available as runtime environment variables.
public VaultConfig(java.lang.String address, java.lang.String token) throws VaultException
A convenience constructor, for quickly creating a VaultConfig
instance with its
address
and token
fields populated.
Although address
and token
are the only two properties explicitly passed, the
constructor will still look to the runtime environment variables to populate any other fields when values
are present.
When using this approach to creating a VaultConfig
instance, you should NOT make additional
setter method calls after construction. If you need other properties set explicitly, then use the builder
pattern approach.
address
- The URL of the target Vault servertoken
- The access token to enable Vault accessVaultException
- If any error occurs while loading and parsing config valuespublic VaultConfig(java.lang.String address) throws VaultException
A convenience constructor, for quickly creating a VaultConfig
instance with its
address
field populated.
While the other convenience constructor requires root token parameter, this constructor version does not.
So it IS possible to construct a VaultConfig
object with no root token present. However, such
an object will be of no use with most actual Vault API calls. This constructor is therefore meant to be used
when you plan to programmatically retrieve a token (e.g. from the "userpass" backend) and populate it prior
to making other API calls.
When using this approach to creating a VaultConfig
instance, you should NOT make additional
setter method calls after construction... other than the token scenario described immediately above. If you
need any other properties set explicitly, then use the builder pattern approach.
address
- The URL of the target Vault serverVaultException
- If any error occurs while loading and parsing config valuesprotected VaultConfig(java.lang.String address, java.lang.String token, com.bettercloud.vault.VaultConfig.EnvironmentLoader environmentLoader) throws VaultException
address
- The URL of the target Vault servertoken
- The access token to enable Vault accessenvironmentLoader
- A (mock) environment loader implementationVaultException
- If any error occurs while loading and parsing config valuesprotected VaultConfig(java.lang.String address, com.bettercloud.vault.VaultConfig.EnvironmentLoader environmentLoader) throws VaultException
address
- The URL of the target Vault serverenvironmentLoader
- A (mock) environment loader implementationVaultException
- If any error occurs while loading and parsing config valuespublic VaultConfig address(java.lang.String address)
Sets the address (URL) of the Vault server instance to which API calls should be sent.
E.g. http://127.0.0.1:8200
.
If no address is explicitly set, either by this method in a builder pattern approach or else by one of the
convenience constructors, then VaultConfig
will look to the VAULT_ADDR
environment
variable.
address
is required for the Vault driver to function. If you do not supply it explicitly AND no
environment variable value is found, then initialization of the VaultConfig
object will fail.
address
- The Vault server base URLpublic VaultConfig token(java.lang.String token)
Sets the token used to access Vault.
If no token is explicitly set, either by this method in a builder pattern approach or else by one of the
convenience constructors, then VaultConfig
will look to the VAULT_TOKEN
environment
variable.
There are some cases where you might want to instantiate a VaultConfig
object without a token
(e.g. you plan to retrieve a token programmatically, with a call to the "userpass" auth backend, and populate
it prior to making any other API calls). In such use cases, you can still use either the builder pattern
approach or the single-argument convenience constructor.
token
- The token to use for accessing Vaultpublic VaultConfig sslPemUTF8(java.lang.String sslPemUTF8)
An X.509 certificate, to use when communicating with Vault over HTTPS. This method accepts a string containing the certificate data. This string should meet the following requirements:
If no certificate data is provided, either by this method or sslPemFile()
or sslPemResource()
, then VaultConfig
will look to the
VAULT_SSL_CERT
environment variable.
sslPemUTF8
- An X.509 certificate, in unencrypted PEM format with UTF-8 encoding.public VaultConfig sslPemFile(java.io.File sslPemFile) throws VaultException
An X.509 certificate, to use when communicating with Vault over HTTPS. This method accepts the path of a file containing the certificate data. This file's contents should meet the following requirements:
If no certificate data is provided, either by this method or sslPemResource()
or sslPemUTF8()
, then VaultConfig
will look to the
VAULT_SSL_CERT
environment variable.
sslPemFile
- The path of a file containing an X.509 certificate, in unencrypted PEM format with UTF-8 encoding.VaultException
- If any error occurs while loading and parsing the PEM filepublic VaultConfig sslPemResource(java.lang.String classpathResource) throws VaultException
An X.509 certificate, to use when communicating with Vault over HTTPS. This method accepts the path of a classpath resource containing the certificate data (e.g. you've bundled the cert into your library or application's JAR/WAR/EAR file). This resource's contents should meet the following requirements:
If no certificate data is provided, either by this method or sslPemFile()
or sslPemUTF8()
, then VaultConfig
will look to the
VAULT_SSL_CERT
environment variable.
classpathResource
- The path of a classpath resource containing an X.509 certificate, in unencrypted PEM format with UTF-8 encoding.VaultException
- If any error occurs while loading and parsing the PEM filepublic VaultConfig sslVerify(java.lang.Boolean sslVerify)
Whether or not HTTPS connections to the Vault server should verify that a valid SSL certificate is being
used. Unless this is set to false
, the default behavior is to always verify SSL certificates.
SSL CERTIFICATE VERIFICATION SHOULD NOT BE DISABLED IN PRODUCTION! This feature is made available to
facilitate development or testing environments, where you might be using a self-signed cert that will not
pass verification. However, even if you are using a self-signed cert on your Vault server, you can still leave
SSL verification enabled and have your application supply the cert using sslPemFile()
,
sslPemResource()
, or sslPemUTF8()
.
If no sslVerify is explicitly set, either by this method in a builder pattern approach or else by one of the
convenience constructors, then VaultConfig
will look to the VAULT_SSL_VERIFY
environment variable.
sslVerify
- Whether or not to verify the SSL certificate used by Vault with HTTPS connections. Default is true
.public VaultConfig openTimeout(java.lang.Integer openTimeout)
The number of seconds to wait before giving up on establishing an HTTP(S) connection to the Vault server.
If no openTimeout is explicitly set, either by this method in a builder pattern approach or else by one of
the convenience constructors, then VaultConfig
will look to the VAULT_OPEN_TIMEOUT
environment variable.
openTimeout
- Number of seconds to wait for an HTTP(S) connection to successfully establishpublic VaultConfig readTimeout(java.lang.Integer readTimeout)
After an HTTP(S) connection has already been established, this is the number of seconds to wait for all data to finish downloading.
If no readTimeout is explicitly set, either by this method in a builder pattern approach or else by one of
the convenience constructors, then VaultConfig
will look to the VAULT_READ_TIMEOUT
environment variable.
readTimeout
- Number of seconds to wait for all data to be retrieved from an established HTTP(S) connectionprotected void setMaxRetries(int maxRetries)
Sets the maximum number of times that an API operation will retry upon failure.
This method is not meant to be called from application-level code outside of this package (hence
the protected
access level. It is meant to be invoked via Vault.withRetries()
in a builder pattern DSL-style.
maxRetries
- The number of times that API operations will be retried when a failure occurs.protected void setRetryIntervalMilliseconds(int retryIntervalMilliseconds)
Sets the period of time (in milliseconds) that the driver will wait in between retry attempts for a failing API operation.
This method is not meant to be called from application-level code outside of this package (hence
the protected
access level. It is meant to be invoked via Vault.withRetries()
in a builder pattern DSL-style.
retryIntervalMilliseconds
- The number of milliseconds that the driver will wait in between retries.public VaultConfig build() throws VaultException
This is the terminating method in the builder pattern. The method that validates all of the fields that
has been set already, uses environment variables when available to populate any unset fields, and returns
a VaultConfig
object that is ready for use.
VaultException
- If the address
field was left unset, and there is no VAULT_ADDR
environment variable value with which to populate it.public java.lang.String getAddress()
public java.lang.String getToken()
public java.lang.String getSslPemUTF8()
public java.lang.Boolean isSslVerify()
public java.lang.Integer getOpenTimeout()
public java.lang.Integer getReadTimeout()
public int getMaxRetries()
public int getRetryIntervalMilliseconds()