com.bettercloud.vault.api

Class Auth

java.lang.Object

com.bettercloud.vault.api.Auth

public class Auth
extends java.lang.Object

The implementing class for operations on Vault's /v1/auth/* REST endpoints.

This class is not intended to be constructed directly. Rather, it is meant to used by way of Vault in a DSL-style builder pattern. See the Javadoc comments of each public method for usage examples.

See Also:

Vault.auth()

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Auth.TokenRequest A container for all of the options that can be passed to the createToken(TokenRequest) method, to avoid that method having an excessive number of parameters (with null typically passed to most of them).

Constructor Summary

Constructors

Constructor and Description
Auth(VaultConfig config)

Method Summary

Modifier and Type	Method and Description
AuthResponse	createToken(Auth.TokenRequest tokenRequest) Operation to create an authentication token.
AuthResponse	loginByAppID(java.lang.String path, java.lang.String appId, java.lang.String userId) Deprecated.
AuthResponse	loginByAppRole(java.lang.String path, java.lang.String roleId, java.lang.String secretId) Basic login operation to authenticate to an app-role backend.
AuthResponse	loginByCert() Basic login operation to authenticate using Vault's TLS Certificate auth backend.
AuthResponse	loginByGithub(java.lang.String githubToken) Basic login operation to authenticate to an github backend.
AuthResponse	loginByUserPass(java.lang.String username, java.lang.String password) Basic login operation to authenticate to a Username & Password backend.
LookupResponse	lookupSelf() Returns information about the current client token.
AuthResponse	renewSelf() Renews the lease associated with the calling token.
AuthResponse	renewSelf(long increment) Renews the lease associated with the calling token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Auth

public Auth(VaultConfig config)

Method Detail

createToken

public AuthResponse createToken(Auth.TokenRequest tokenRequest)
                         throws VaultException

Operation to create an authentication token. Relies on another token already being present in the VaultConfig instance. Example usage:

 final VaultConfig config = new VaultConfig().address(...).token(...).build();
 final Vault vault = new Vault(config);
 final AuthResponse response = vault.auth().createToken(new TokenRequest().withTtl("1h"));

 final String token = response.getAuthClientToken();
 

Parameters:

tokenRequest - A container of optional configuration parameters

Returns:

The auth token, with additional response metadata

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

loginByAppID

@Deprecated
public AuthResponse loginByAppID(java.lang.String path,
                                             java.lang.String appId,
                                             java.lang.String userId)
                                      throws VaultException

Deprecated.

Basic login operation to authenticate to an app-id backend. Example usage:

 final AuthResponse response = vault.auth().loginByAppID("app-id/login", "app_id", "user_id");

 final String token = response.getAuthClientToken();
 

NOTE: As of Vault 0.6.1, Hashicorp has deprecated the App ID authentication backend in favor of AppRole. This method will be removed at some point after this backend has been eliminated from Vault.

Parameters:

path - The path on which the authentication is performed (e.g. auth/app-id/login)

appId - The app-id used for authentication

userId - The user-id used for authentication

Returns:

The auth token, with additional response metadata

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

loginByAppRole

public AuthResponse loginByAppRole(java.lang.String path,
                                   java.lang.String roleId,
                                   java.lang.String secretId)
                            throws VaultException

Basic login operation to authenticate to an app-role backend. Example usage:

 final AuthResponse response = vault.auth().loginByAppRole("approle", "9e1aede8-dcc6-a293-8223-f0d824a467ed", "9ff4b26e-6460-834c-b925-a940eddb6880");

 final String token = response.getAuthClientToken();
 

Parameters:

path - The path on which the authentication is performed (e.g. auth/approle/login)

roleId - The role-id used for authentication

secretId - The secret-id used for authentication

Returns:

The auth token, with additional response metadata

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

loginByUserPass

public AuthResponse loginByUserPass(java.lang.String username,
                                    java.lang.String password)
                             throws VaultException

Basic login operation to authenticate to a Username & Password backend. Example usage:

 final AuthResponse response = vault.auth().loginByUserPass("test", "password");

 final String token = response.getAuthClientToken();
 

Parameters:

username - The username used for authentication

password - The password used for authentication

Returns:

The auth token, with additional response metadata

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

loginByGithub

public AuthResponse loginByGithub(java.lang.String githubToken)
                           throws VaultException

Basic login operation to authenticate to an github backend. Example usage:

 final AuthResponse response = vault.auth().loginByGithub("githubToken");

 final String token = response.getAuthClientToken();
 

Parameters:

githubToken - The app-id used for authentication

Returns:

The auth token, with additional response metadata

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

loginByCert

public AuthResponse loginByCert()
                         throws VaultException

Basic login operation to authenticate using Vault's TLS Certificate auth backend. Example usage:

 final SslConfig sslConfig = new SslConfig()
                                  .keystore("keystore.jks")
                                  .truststore("truststore.jks")
                                  .build();
 final VaultConfig vaultConfig = new VaultConfig()
                                  .address("https://127.0.0.1:8200")
                                  .sslConfig(sslConfig)
                                  .build();
 final Vault vault = new Vault(vaultConfig);

 final AuthResponse response = vault.auth().loginByCert();
 final String token = response.getAuthClientToken();
 

Returns:

The auth token, with additional response metadata

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

renewSelf

public AuthResponse renewSelf()
                       throws VaultException

Renews the lease associated with the calling token. This version of the method tells Vault to use the default lifespan for the new lease.

Returns:

The response information returned from Vault

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

renewSelf

public AuthResponse renewSelf(long increment)
                       throws VaultException

Renews the lease associated with the calling token. This version of the method accepts a parameter to explicitly declare how long the new lease period should be (in seconds). The Vault documentation suggests that this value may be ignored, however.

Parameters:

increment - The number of seconds requested for the new lease lifespan

Returns:

The response information returned from Vault

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

lookupSelf

public LookupResponse lookupSelf()
                          throws VaultException

Returns information about the current client token.

Returns:

The response information returned from Vault

Throws:

VaultException - If any error occurs, or unexpected response received from Vault