public class VaultSecureStoreConfig extends SecureStoreConfig
The Vault Secure Store uses the Vault REST API to communicate with Vault. The relevant configuration properties are the Vault REST server address; the secret path; the authentication token; and, optionally, the SSL/TLS configuration for HTTPS support.
Only the KV secrets engine (see https://www.vaultproject.io/docs/secrets/kv/index.html) is supported.
The encryption key is expected to be stored at the specified secret path and represented as a single key/value pair in the following format:
name=Base64-encoded-datawhere
name
can be an arbitrary string. Multiple key/value pairs under the same
secret path are not supported.
If KV secrets engine V2 is used, the Vault Secure Store is able to retrieve the available previous versions of the encryption keys.
Changes to the encryption key can be detected automatically if polling
(see setPollingInterval(int)
) is enabled.
Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_POLLING_INTERVAL
Default interval (in seconds) for polling for changes to the encryption key: 0
(polling disabled).
|
Constructor and Description |
---|
VaultSecureStoreConfig(String address,
String secretPath,
String token)
Creates a new Vault Secure Store configuration.
|
Modifier and Type | Method and Description |
---|---|
boolean |
equals(Object o) |
String |
getAddress()
Returns the Vault server address.
|
int |
getPollingInterval()
Returns the Vault polling interval (in seconds).
|
String |
getSecretPath()
Returns the Vault secret path.
|
SSLConfig |
getSSLConfig()
Returns the SSL/TLS configuration.
|
String |
getToken()
Returns the Vault access token.
|
int |
hashCode() |
VaultSecureStoreConfig |
setAddress(String address)
Sets the Vault server address.
|
VaultSecureStoreConfig |
setPollingInterval(int pollingInterval)
Sets the polling interval (in seconds) for checking for changes in Vault.
|
VaultSecureStoreConfig |
setSecretPath(String secretPath)
Sets the Vault secret path where the encryption keys is expected to be stored.
|
VaultSecureStoreConfig |
setSSLConfig(SSLConfig sslConfig)
Sets the SSL/TLS configuration.
|
VaultSecureStoreConfig |
setToken(String token)
Sets the Vault access token.
|
String |
toString() |
public static final int DEFAULT_POLLING_INTERVAL
public String getAddress()
public VaultSecureStoreConfig setAddress(String address)
address
- the Vault server addresspublic String getToken()
public VaultSecureStoreConfig setToken(String token)
token
- the access tokenVaultSecureStoreConfig
instanceIllegalArgumentException
- if token is {code null}public String getSecretPath()
setSecretPath(String)
public VaultSecureStoreConfig setSecretPath(String secretPath)
secretPath
- the secret pathVaultSecureStoreConfig
instanceIllegalArgumentException
- if secretPath is {code null}public int getPollingInterval()
public VaultSecureStoreConfig setPollingInterval(int pollingInterval)
pollingInterval
- the polling intervalVaultSecureStoreConfig
instanceIllegalArgumentException
- if pollingInterval is less than zeropublic SSLConfig getSSLConfig()
public VaultSecureStoreConfig setSSLConfig(SSLConfig sslConfig)
sslConfig
- the SSL/TLS configurationVaultSecureStoreConfig
instanceCopyright © 2022 Hazelcast, Inc.. All rights reserved.