org.apache.nifi.vault.hashicorp

Class StandardHashiCorpVaultCommunicationService

java.lang.Object

org.apache.nifi.vault.hashicorp.StandardHashiCorpVaultCommunicationService

All Implemented Interfaces:

HashiCorpVaultCommunicationService

public class StandardHashiCorpVaultCommunicationService
extends Object
implements HashiCorpVaultCommunicationService

Implements the VaultCommunicationService using Spring Vault

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private static class	StandardHashiCorpVaultCommunicationService.SecretData

Field Summary

Fields

Modifier and Type	Field and Description
private Map<String,org.springframework.vault.core.VaultKeyValueOperations>	keyValueOperationsMap
private org.springframework.vault.core.VaultTransitOperations	transitOperations
private org.springframework.vault.core.VaultTemplate	vaultTemplate

Constructor Summary

Constructors

Constructor and Description
StandardHashiCorpVaultCommunicationService(HashiCorpVaultProperties vaultProperties) Creates a VaultCommunicationService that uses Spring Vault.
StandardHashiCorpVaultCommunicationService(org.springframework.core.env.PropertySource<?>... propertySources) Creates a VaultCommunicationService that uses Spring Vault.

Method Summary

Modifier and Type	Method and Description
byte[]	decrypt(String transitPath, String cipherText) Decrypts the given cipher text using Vault's Transit Secrets Engine.
String	encrypt(String transitPath, byte[] plainText) Encrypts the given plaintext using Vault's Transit Secrets Engine.
Optional<String>	readKeyValueSecret(String keyValuePath, String secretKey) Returns the value of the "value" secretKey from the secret at the path [keyValuePath]/[secretKey].
Map<String,String>	readKeyValueSecretMap(String keyValuePath, String key) Reads a secret with multiple key/value pairs from Vault's unversioned Key/Value Secrets Engine.
void	writeKeyValueSecret(String keyValuePath, String secretKey, String value) Writes the value to the "value" secretKey of the secret with the path [keyValuePath]/[secretKey].
void	writeKeyValueSecretMap(String keyValuePath, String secretKey, Map<String,String> keyValues) Writes a secret with multiple key/value pairs using Vault's unversioned Key/Value Secrets Engine.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

vaultTemplate

private final org.springframework.vault.core.VaultTemplate vaultTemplate

transitOperations

private final org.springframework.vault.core.VaultTransitOperations transitOperations

keyValueOperationsMap

private final Map<String,org.springframework.vault.core.VaultKeyValueOperations> keyValueOperationsMap

Constructor Detail

StandardHashiCorpVaultCommunicationService

public StandardHashiCorpVaultCommunicationService(org.springframework.core.env.PropertySource<?>... propertySources)
                                           throws HashiCorpVaultConfigurationException

Creates a VaultCommunicationService that uses Spring Vault.

Parameters:

propertySources - Property sources to configure the service

Throws:

HashiCorpVaultConfigurationException - If the configuration was invalid

StandardHashiCorpVaultCommunicationService

public StandardHashiCorpVaultCommunicationService(HashiCorpVaultProperties vaultProperties)
                                           throws HashiCorpVaultConfigurationException

Creates a VaultCommunicationService that uses Spring Vault.

Parameters:

vaultProperties - Properties to configure the service

Throws:

HashiCorpVaultConfigurationException - If the configuration was invalid

Method Detail

encrypt

public String encrypt(String transitPath,
                      byte[] plainText)

Description copied from interface: HashiCorpVaultCommunicationService

Encrypts the given plaintext using Vault's Transit Secrets Engine.

Specified by:

encrypt in interface HashiCorpVaultCommunicationService

Parameters:

transitPath - The Vault path to use for the configured Transit Secrets Engine

plainText - The plaintext to encrypt

Returns:

The cipher text

See Also:

https://www.vaultproject.io/api-docs/secret/transit

decrypt

public byte[] decrypt(String transitPath,
                      String cipherText)

Description copied from interface: HashiCorpVaultCommunicationService

Decrypts the given cipher text using Vault's Transit Secrets Engine.

Specified by:

decrypt in interface HashiCorpVaultCommunicationService

Parameters:

transitPath - The Vault path to use for the configured Transit Secrets Engine

cipherText - The cipher text to decrypt

Returns:

The decrypted plaintext

See Also:

https://www.vaultproject.io/api-docs/secret/transit

writeKeyValueSecret

public void writeKeyValueSecret(String keyValuePath,
                                String secretKey,
                                String value)

Writes the value to the "value" secretKey of the secret with the path [keyValuePath]/[secretKey].

Specified by:

writeKeyValueSecret in interface HashiCorpVaultCommunicationService

Parameters:

keyValuePath - The Vault path to use for the configured Key/Value v1 Secrets Engine

secretKey - The secret secretKey

value - The secret value

See Also:

https://www.vaultproject.io/api-docs/secret/kv/kv-v1

readKeyValueSecret

public Optional<String> readKeyValueSecret(String keyValuePath,
                                           String secretKey)

Returns the value of the "value" secretKey from the secret at the path [keyValuePath]/[secretKey].

Specified by:

readKeyValueSecret in interface HashiCorpVaultCommunicationService

Parameters:

keyValuePath - The Vault path to use for the configured Key/Value v1 Secrets Engine

secretKey - The secret secretKey

Returns:

The value of the secret

See Also:

https://www.vaultproject.io/api-docs/secret/kv/kv-v1

writeKeyValueSecretMap

public void writeKeyValueSecretMap(String keyValuePath,
                                   String secretKey,
                                   Map<String,String> keyValues)

Description copied from interface: HashiCorpVaultCommunicationService

Writes a secret with multiple key/value pairs using Vault's unversioned Key/Value Secrets Engine.

Specified by:

writeKeyValueSecretMap in interface HashiCorpVaultCommunicationService

Parameters:

keyValuePath - The Vault path to use for the configured Key/Value v1 Secrets Engine

keyValues - A map from key to value for keys/values that should be stored in the secret

See Also:

https://www.vaultproject.io/api-docs/secret/kv/kv-v1

readKeyValueSecretMap

public Map<String,String> readKeyValueSecretMap(String keyValuePath,
                                                String key)

Description copied from interface: HashiCorpVaultCommunicationService

Reads a secret with multiple key/value pairs from Vault's unversioned Key/Value Secrets Engine.

Specified by:

readKeyValueSecretMap in interface HashiCorpVaultCommunicationService

Parameters:

keyValuePath - The Vault path to use for the configured Key/Value v1 Secrets Engine

key - The secret key

Returns:

A map from key to value from the secret key/values, or an empty map if not found

See Also:

https://www.vaultproject.io/api-docs/secret/kv/kv-v1