Package com.hazelcast.config
Class VaultSecureStoreConfig
java.lang.Object
com.hazelcast.config.SecureStoreConfig
com.hazelcast.config.VaultSecureStoreConfig
HashiCorp Vault Secure Store configuration.
The Vault Secure Store uses the Vault REST API to communicate with Vault. The relevant configuration properties are the Vault REST server address; the secret path; the authentication token; and, optionally, the SSL/TLS configuration for HTTPS support.
Only the KV secrets engine (see https://www.vaultproject.io/docs/secrets/kv/index.html) is supported.
The encryption key is expected to be stored at the specified secret path and represented as a single key/value pair in the following format:
name=Base64-encoded-datawhere
name can be an arbitrary string. Multiple key/value pairs under the same
secret path are not supported.
If KV secrets engine V2 is used, the Vault Secure Store is able to retrieve the available previous versions of the encryption keys.
Changes to the encryption key can be detected automatically if polling
(see setPollingInterval(int)) is enabled.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final intDefault interval (in seconds) for polling for changes to the encryption key: 0 (polling disabled). -
Constructor Summary
ConstructorsConstructorDescriptionVaultSecureStoreConfig(String address, String secretPath, String token) Creates a new Vault Secure Store configuration. -
Method Summary
Modifier and TypeMethodDescriptionfinal booleanReturns the Vault server address.intReturns the Vault polling interval (in seconds).Returns the Vault secret path.Returns the SSL/TLS configuration.getToken()Returns the Vault access token.final inthashCode()setAddress(String address) Sets the Vault server address.setPollingInterval(int pollingInterval) Sets the polling interval (in seconds) for checking for changes in Vault.setSecretPath(String secretPath) Sets the Vault secret path where the encryption keys is expected to be stored.setSSLConfig(SSLConfig sslConfig) Sets the SSL/TLS configuration.Sets the Vault access token.toString()
-
Field Details
-
DEFAULT_POLLING_INTERVAL
public static final int DEFAULT_POLLING_INTERVALDefault interval (in seconds) for polling for changes to the encryption key: 0 (polling disabled).- See Also:
-
-
Constructor Details
-
VaultSecureStoreConfig
Creates a new Vault Secure Store configuration.- Parameters:
address- the Vault server addresssecretPath- the secret pathtoken- the access token
-
-
Method Details
-
getAddress
Returns the Vault server address.- Returns:
- the Vault server address
-
setAddress
Sets the Vault server address.- Parameters:
address- the Vault server address
-
getToken
Returns the Vault access token.- Returns:
- the Vault access token
-
setToken
Sets the Vault access token.- Parameters:
token- the access token- Returns:
- the updated
VaultSecureStoreConfiginstance - Throws:
IllegalArgumentException- if token is {code null}
-
getSecretPath
Returns the Vault secret path.- Returns:
- the Vault secret path
- See Also:
-
setSecretPath
Sets the Vault secret path where the encryption keys is expected to be stored.- Parameters:
secretPath- the secret path- Returns:
- the updated
VaultSecureStoreConfiginstance - Throws:
IllegalArgumentException- if secretPath is {code null}
-
getPollingInterval
public int getPollingInterval()Returns the Vault polling interval (in seconds).- Returns:
- the polling interval
-
setPollingInterval
Sets the polling interval (in seconds) for checking for changes in Vault. The value 0 (default) disables polling.- Parameters:
pollingInterval- the polling interval- Returns:
- the updated
VaultSecureStoreConfiginstance - Throws:
IllegalArgumentException- if pollingInterval is less than zero
-
getSSLConfig
Returns the SSL/TLS configuration.- Returns:
- the SSL/TLS configuration
-
setSSLConfig
Sets the SSL/TLS configuration.- Parameters:
sslConfig- the SSL/TLS configuration- Returns:
- the updated
VaultSecureStoreConfiginstance
-
toString
-
equals
-
hashCode
public final int hashCode()
-