Class VaultSecureStoreConfig

java.lang.Object
com.hazelcast.config.SecureStoreConfig
com.hazelcast.config.VaultSecureStoreConfig

public class VaultSecureStoreConfig
extends SecureStoreConfig
HashiCorp Vault Secure Store configuration.

The Vault Secure Store uses the Vault REST API to communicate with Vault. The relevant configuration properties are the Vault REST server address; the secret path; the authentication token; and, optionally, the SSL/TLS configuration for HTTPS support.

Only the KV secrets engine (see https://www.vaultproject.io/docs/secrets/kv/index.html) is supported.

The encryption key is expected to be stored at the specified secret path and represented as a single key/value pair in the following format:

 name=Base64-encoded-data
 
where name can be an arbitrary string. Multiple key/value pairs under the same secret path are not supported.

If KV secrets engine V2 is used, the Vault Secure Store is able to retrieve the available previous versions of the encryption keys.

Changes to the encryption key can be detected automatically if polling (see setPollingInterval(int)) is enabled.