public class Leases
extends java.lang.Object
The implementing class for operations on REST endpoints, under the "Leases" section of the Vault HTTP API docs (https://www.vaultproject.io/docs/http/index.html).
This class is not intended to be constructed directly. Rather, it is meant to used by way of
Vault
in a DSL-style builder pattern. See the Javadoc comments of each public
method for usage examples.
Constructor and Description |
---|
Leases(VaultConfig config) |
Modifier and Type | Method and Description |
---|---|
VaultResponse |
renew(java.lang.String leaseId,
long increment)
Renews a given secret lease.
|
VaultResponse |
revoke(java.lang.String leaseId)
Immediately revokes a secret associated with a given lease.
|
VaultResponse |
revokeForce(java.lang.String prefix)
Revokes all secrets or tokens generated under a given prefix immediately.
|
VaultResponse |
revokePrefix(java.lang.String prefix)
Revokes all secrets (via a lease ID prefix) or tokens (via the tokens' path property) generated under a
given prefix immediately.
|
public Leases(VaultConfig config)
public VaultResponse revoke(java.lang.String leaseId) throws VaultException
Immediately revokes a secret associated with a given lease. E.g.:
final VaultResponse response = vault.leases().revoke("7c63da27-a56b-3e3b-377d-ef74630a6d0b"); assertEquals(204, response.getRestResponse().getStatus());
leaseId
- A lease ID associated with the secret to be revokedVaultException
- If an error occurs, or unexpected reponse received from Vaultpublic VaultResponse revokePrefix(java.lang.String prefix) throws VaultException
Revokes all secrets (via a lease ID prefix) or tokens (via the tokens' path property) generated under a given prefix immediately. This requires sudo capability and access to it should be tightly controlled as it can be used to revoke very large numbers of secrets/tokens at once. E.g.:
final VaultResponse response = vault.leases().revokePrefix("aws"); assertEquals(204, response.getRestResponse().getStatus());
prefix
- A Vault path prefix, for which all secrets beneath it should be revokedVaultException
- If an error occurs, or unexpected reponse received from Vaultpublic VaultResponse revokeForce(java.lang.String prefix) throws VaultException
Revokes all secrets or tokens generated under a given prefix immediately. Unlike revokePrefix(String), this method ignores backend errors encountered during revocation. This is potentially very dangerous and should only be used in specific emergency situations where errors in the backend or the connected backend service prevent normal revocation. By ignoring these errors, Vault abdicates responsibility for ensuring that the issued credentials or secrets are properly revoked and/or cleaned up. Access to this endpoint should be tightly controlled. E.g.:
final VaultResponse response = vault.leases().revokePrefix("aws"); assertEquals(204, response.getRestResponse().getStatus());
prefix
- A Vault path prefix, for which all secrets beneath it should be revokedVaultException
- If an error occurs, or unexpected reponse received from Vaultpublic VaultResponse renew(java.lang.String leaseId, long increment) throws VaultException
Renews a given secret lease.
final VaultResponse response = vault.leases().renew("mongodb/creds/myapp/cd7f9834-b870-9ebc-3da5-27bf9cdc42ad"); assertEquals(200, response.getRestResponse().getStatus());
leaseId
- A lease ID associated with a secretincrement
- A requested amount of time in seconds to extend the lease. This is advisory.VaultException
- The response information returned from Vault