Package com.mimecast.robin.util

Class VaultClient

java.lang.Object
com.mimecast.robin.util.VaultClient
public class VaultClient extends Object
HashiCorp Vault client utility for secrets management.

This utility provides methods to interact with HashiCorp Vault to fetch secrets securely. It supports both KV v1 and KV v2 secret engines.

Example usage: 

 VaultClient client = new VaultClient.Builder()
     .withAddress("https://vault.example.com:8200")
     .withToken("s.abc123xyz")
     .build();

 String secret = client.getSecret("secret/data/myapp/config", "password");

  • Field Details

    • log

      private static final org.apache.logging.log4j.Logger log

    • JSON

      private static final okhttp3.MediaType JSON

    • DEFAULT_TIMEOUT

      private static final int DEFAULT_TIMEOUT
      See Also:

    • vaultAddress

      private final String vaultAddress

    • vaultToken

      private final String vaultToken

    • namespace

      private final String namespace

    • httpClient

      private final okhttp3.OkHttpClient httpClient

    • gson

      private final com.google.gson.Gson gson

    • enabled

      private final boolean enabled

  • Constructor Details

    • VaultClient

      private VaultClient(VaultClient.Builder builder)
      Constructs a new VaultClient instance.
      Parameters:
      builder - Builder instance with configuration.

  • Method Details

    • configureTrustAllCerts

      private void configureTrustAllCerts(okhttp3.OkHttpClient.Builder builder)
      Configure the HTTP client to trust all certificates. WARNING: This should only be used in development environments.
      Parameters:
      builder - OkHttpClient.Builder to configure.

    • isEnabled

      public boolean isEnabled()
      Checks if Vault integration is enabled.
      Returns:
      true if enabled, false otherwise.

    • getSecret

      public String getSecret(String path, String key) throws VaultClient.VaultException
      Fetches a secret from Vault.
      Parameters:
      path - Path to the secret (e.g., "secret/data/myapp/config" for KV v2).
      key - Key within the secret to retrieve.
      Returns:
      Secret value as string, or null if not found.
      Throws:
      VaultClient.VaultException - if the request fails.

    • getAllSecrets

      public Map<String,String> getAllSecrets(String path) throws VaultClient.VaultException
      Fetches all secrets from a given path.
      Parameters:
      path - Path to the secret.
      Returns:
      Map of all key-value pairs in the secret, or empty map if not found.
      Throws:
      VaultClient.VaultException - if the request fails.

    • writeSecret

      public void writeSecret(String path, Map<String,String> secrets) throws VaultClient.VaultException
      Writes a secret to Vault.
      Parameters:
      path - Path where the secret will be stored.
      secrets - Map of key-value pairs to store.
      Throws:
      VaultClient.VaultException - if the request fails.