Class AbstractVaultProvider

    • Constructor Detail

      • AbstractVaultProvider

        public AbstractVaultProvider​(String realm,
                                     List<VaultKeyResolver> configuredResolvers)
        Creates an instance of AbstractVaultProvider with the specified realm and list of key resolvers.
        Parameters:
        realm - the name of the keycloak realm.
        configuredResolvers - a List containing the configured key resolvers.
    • Method Detail

      • obtainSecret

        public VaultRawSecret obtainSecret​(String vaultSecretId)
        Description copied from interface: VaultProvider
        Retrieves a secret from vault. The implementation should respect at least the realm ID to separate the secrets within the vault. If the secret is retrieved successfully, it is returned; otherwise this method results into an empty VaultRawSecret.get(). This method is intended to be used within a try-with-resources block so that the secret is destroyed immediately after use. Note that it is responsibility of the implementor to provide a way to destroy the secret in the returned VaultRawSecret.close() method.
        Specified by:
        obtainSecret in interface VaultProvider
        Parameters:
        vaultSecretId - Identifier of the secret. It corresponds to the value entered by user in the respective configuration, which in turn is obtained from the vault when storing the secret.
        Returns:
        Always a non-null value with the raw secret. Within the returned value, the secret or null is stored in the VaultRawSecret.get() return value if the secret was successfully resolved, or an empty Optional if the secret has not been found in the vault.
      • obtainSecretInternal

        protected abstract VaultRawSecret obtainSecretInternal​(String vaultKey)
        Subclasses of AbstractVaultProvider must implement this method. It is meant to be implemented in the same way as the obtainSecret(String) method from the VaultProvider interface, but the specified vault key must be used as is - i.e. implementations should refrain from processing the key again as the format was already defined by one of the configured key resolvers.
        Parameters:
        vaultKey - a String representing the name of the entry that is being fetched from the vault.
        Returns:
        a VaultRawSecret representing the obtained secret. It can be a empty secret if no secret could be obtained using the specified vault key.