Package com.mimecast.robin.util

Class VaultMagicProvider

java.lang.Object

com.mimecast.robin.util.VaultMagicProvider

public class VaultMagicProvider
extends Object

Vault magic provider for integrating HashiCorp Vault secrets with Magic variables.

This utility bridges Vault secrets with the Magic variable system, allowing secrets to be referenced using the standard magic variable syntax: {$vaultSecretName}

Secrets are cached in memory after first retrieval to improve performance. The cache can be cleared to force re-fetching of secrets.

Example usage:

 // Initialize with VaultClient
 VaultMagicProvider.initialize(vaultClient);

 // Register Vault paths for secrets
 VaultMagicProvider.registerSecretPath("secret/data/robin/passwords");

 // Use in magic variables
 String config = "password={$vault.keystore.password}";
 String replaced = Magic.magicReplace(config, session);
 

Field Summary

Fields

Modifier and Type	Field	Description
private static boolean	initialized
private static final org.apache.logging.log4j.Logger	log
private static final Map<String,String>	secretsCache
private static VaultClient	vaultClient

Constructor Summary

Constructors

Modifier	Constructor	Description
private	VaultMagicProvider()	Private constructor to prevent instantiation.

Method Summary

Modifier and Type	Method	Description
private static String	autoResolveAndFetch(String magicVariableName)	Auto-resolves Vault path from magic variable name and fetches the secret.
static void	clearCache()	Clears the secrets cache, forcing re-fetch on next access.
static String	getSecret(String magicVariableName)	Gets a secret value by magic variable name.
static void	initialize(VaultClient client)	Initializes the Vault magic provider with a VaultClient.
static boolean	isEnabled()	Checks if Vault magic provider is initialized and enabled.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

log

private static final org.apache.logging.log4j.Logger log

vaultClient

private static VaultClient vaultClient

secretsCache

private static final Map<String,String> secretsCache

initialized

private static boolean initialized

Constructor Details

VaultMagicProvider

private VaultMagicProvider()

Private constructor to prevent instantiation.

Method Details

initialize

public static void initialize(VaultClient client)

Initializes the Vault magic provider with a VaultClient.

Parameters:

client - VaultClient instance.

isEnabled

public static boolean isEnabled()

Checks if Vault magic provider is initialized and enabled.

Returns:

true if initialized and Vault is enabled.

getSecret

public static String getSecret(String magicVariableName)

Gets a secret value by magic variable name. Automatically resolves the Vault path from the magic variable name and fetches on-demand.

Parameters:

magicVariableName - Magic variable name (e.g., "vault.keystore.password").

Returns:

Secret value, or null if not found.

autoResolveAndFetch

private static String autoResolveAndFetch(String magicVariableName)

Auto-resolves Vault path from magic variable name and fetches the secret. Supports multiple path structures: - vault.keyname -> secret/data/vault with key "keyname" - vault.keystore.password -> secret/data/vault/keystore with key "password" - vault.api.key -> secret/data/vault/api with key "key"

Parameters:

magicVariableName - Magic variable name.

Returns:

Secret value, or null if not found.

clearCache

public static void clearCache()

Clears the secrets cache, forcing re-fetch on next access.