Package com.google.gerrit.server.securestore

Class SecureStore

  • Direct Known Subclasses:
    DefaultSecureStore
    public abstract class SecureStore
extends Object
    Abstract class for providing new SecureStore implementation for Gerrit.

    SecureStore is responsible for storing sensitive data like passwords in a secure manner.

    It is implementator's responsibility to encrypt and store values.

    To deploy new SecureStore one needs to provide a jar file with explicitly one class that extends SecureStore and put it in Gerrit server. Then run:

    `java -jar gerrit.war SwitchSecureStore -d $gerrit_site --new-secure-store-lib $path_to_new_secure_store.jar`

    on stopped Gerrit instance.

    • Constructor Detail

      • SecureStore

        public SecureStore()

    • Method Detail

      • get

        public final String get​(String section,
                        String subsection,
                        String name)
        Extract decrypted value of stored property from SecureStore or null when property was not found.
        Returns:
        decrypted String value or null if not found

      • getForPlugin

        public final String getForPlugin​(String pluginName,
                                 String section,
                                 String subsection,
                                 String name)
        Extract decrypted value of stored plugin config property from SecureStore or null when property was not found.
        Returns:
        decrypted String value or null if not found

      • getListForPlugin

        public abstract String[] getListForPlugin​(String pluginName,
                                          String section,
                                          String subsection,
                                          String name)
        Extract list of plugin config values from SecureStore and decrypt every value in that list, or null when property was not found.
        Returns:
        decrypted list of string values or null

      • getList

        public abstract String[] getList​(String section,
                                 String subsection,
                                 String name)
        Extract list of values from SecureStore and decrypt every value in that list or null when property was not found.
        Returns:
        decrypted list of string values or null

      • set

        public final void set​(String section,
                      String subsection,
                      String name,
                      String value)
        Store single value in SecureStore.

        This method is responsible for encrypting value and storing it.

        Parameters:
        value - plain text value

      • setList

        public abstract void setList​(String section,
                             String subsection,
                             String name,
                             List<String> values)
        Store list of values in SecureStore.

        This method is responsible for encrypting all values in the list and storing them.

        Parameters:
        values - list of plain text values

      • unset

        public abstract void unset​(String section,
                           String subsection,
                           String name)
        Remove value for given section, subsection and name from SecureStore.

      • isOutdated

        public abstract boolean isOutdated()
        Returns true if currently loaded values are outdated

      • reload

        public abstract void reload()
        Reload the values