Package com.hazelcast.config

Class VaultSecureStoreConfig

java.lang.Object
com.hazelcast.config.SecureStoreConfig
com.hazelcast.config.VaultSecureStoreConfig
public class VaultSecureStoreConfig
extends SecureStoreConfig
HashiCorp Vault Secure Store configuration.

The Vault Secure Store uses the Vault REST API to communicate with Vault. The relevant configuration properties are the Vault REST server address; the secret path; the authentication token; and, optionally, the SSL/TLS configuration for HTTPS support.

Only the KV secrets engine (see https://www.vaultproject.io/docs/secrets/kv/index.html) is supported.

The encryption key is expected to be stored at the specified secret path and represented as a single key/value pair in the following format: 

 name=Base64-encoded-data
where name can be an arbitrary string. Multiple key/value pairs under the same secret path are not supported.

If KV secrets engine V2 is used, the Vault Secure Store is able to retrieve the available previous versions of the encryption keys.

Changes to the encryption key can be detected automatically if polling (see setPollingInterval(int)) is enabled.

  • Field Details

    • DEFAULT_POLLING_INTERVAL

      public static final int DEFAULT_POLLING_INTERVAL
      Default interval (in seconds) for polling for changes to the encryption key: 0 (polling disabled).
      See Also:
      Constant Field Values

  • Constructor Details

    • VaultSecureStoreConfig

      public VaultSecureStoreConfig​(String address, String secretPath, String token)
      Creates a new Vault Secure Store configuration.
      Parameters:
      address - the Vault server address
      secretPath - the secret path
      token - the access token

  • Method Details

    • getAddress

      public String getAddress()
      Returns the Vault server address.
      Returns:
      the Vault server address

    • setAddress

      public VaultSecureStoreConfig setAddress​(String address)
      Sets the Vault server address.
      Parameters:
      address - the Vault server address

    • getToken

      public String getToken()
      Returns the Vault access token.
      Returns:
      the Vault access token

    • setToken

      public VaultSecureStoreConfig setToken​(String token)
      Sets the Vault access token.
      Parameters:
      token - the access token
      Returns:
      the updated VaultSecureStoreConfig instance
      Throws:
      IllegalArgumentException - if token is {code null}

    • getSecretPath

      public String getSecretPath()
      Returns the Vault secret path.
      Returns:
      the Vault secret path
      See Also:
      setSecretPath(String)

    • setSecretPath

      public VaultSecureStoreConfig setSecretPath​(String secretPath)
      Sets the Vault secret path where the encryption keys is expected to be stored.
      Parameters:
      secretPath - the secret path
      Returns:
      the updated VaultSecureStoreConfig instance
      Throws:
      IllegalArgumentException - if secretPath is {code null}

    • getPollingInterval

      public int getPollingInterval()
      Returns the Vault polling interval (in seconds).
      Returns:
      the polling interval

    • setPollingInterval

      public VaultSecureStoreConfig setPollingInterval​(int pollingInterval)
      Sets the polling interval (in seconds) for checking for changes in Vault. The value 0 (default) disables polling.
      Parameters:
      pollingInterval - the polling interval
      Returns:
      the updated VaultSecureStoreConfig instance
      Throws:
      IllegalArgumentException - if pollingInterval is less than zero

    • getSSLConfig

      public SSLConfig getSSLConfig()
      Returns the SSL/TLS configuration.
      Returns:
      the SSL/TLS configuration

    • setSSLConfig

      public VaultSecureStoreConfig setSSLConfig​(SSLConfig sslConfig)
      Sets the SSL/TLS configuration.
      Parameters:
      sslConfig - the SSL/TLS configuration
      Returns:
      the updated VaultSecureStoreConfig instance

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • equals

      public final boolean equals​(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object