Java Vault Connector is a connector library for Vault by Hashicorp written in Java. The connector allows simple usage of Vault's secret store in own applications.
- HTTP(S) backend connector
- Ability to provide or enforce custom CA certificate
- Optional initialization from environment variables
- Authorization methods
- Token
- Username/Password
- AppRole (register and authenticate)
- Tokens
- Creation and lookup of tokens and token roles
- TokenBuilder for speaking creation of complex configurations
- Secrets
- Read secrets
- Write secrets
- List secrets
- Delete secrets
- Renew/revoke leases
- Raw secret content or JSON decoding
- SQL secret handling
- KV v1 and v2 support
- Connector Factory with builder pattern
- Tested against Vault 1.2 to 1.18
<dependency>
<groupId>de.stklcode.jvault</groupId>
<artifactId>jvault-connector</artifactId>
<version>1.4.0</version>
</dependency>
// Instantiate using builder pattern style factory (TLS enabled by default)
VaultConnector vault = HTTPVaultConnector.builder()
.withHost("127.0.0.1")
.withPort(8200)
.withTLS()
.build();
// Instantiate with custom SSL context
VaultConnector vault = HTTPVaultConnector.builder("https://example.com:8200/v1/")
.withTrustedCA(Paths.get("/path/to/CA.pem"))
.build();
// Initialization from environment variables
VaultConnector vault = HTTPVaultConnector.builder()
.fromEnv()
.build();
// Authenticate with token.
vault.authToken("01234567-89ab-cdef-0123-456789abcdef");
// Authenticate with username and password.
vault.authUserPass("username", "p4ssw0rd");
// Authenticate with AppRole (secret - 2nd argument - is optional).
vault.authAppRole("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");
// Retrieve secret (prefix "secret/" assumed, use read() to read arbitrary paths)
String secret = vault.read("secret/some/key").get("value", String.class);
// Complex secret.
Map<String, Object> secretData = vault.read("secret/another/key").getData();
// Write simple secret.
vault.write("secret/new/key", "secret value");
// Write complex data.
Map<String, Object> map = ...;
vault.write("path/to/write", map);
// Delete secret.
vault.delete("path/to/delete");
// Create token using TokenBuilder
Token token = Token.builder()
.withId("token id")
.withDisplayName("new test token")
.withPolicies("pol1", "pol2")
.build();
vault.createToken(token);
// Create AppRole credentials
vault.createAppRole("testrole", policyList);
AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");
The project is licensed under Apache License 2.0.