Package org.keycloak.vault

Class AbstractVaultProvider

java.lang.Object

org.keycloak.vault.AbstractVaultProvider

All Implemented Interfaces:

org.keycloak.provider.Provider, org.keycloak.vault.VaultProvider

Direct Known Subclasses:

FilesPlainTextVaultProvider

public abstract class AbstractVaultProvider
extends Object
implements org.keycloak.vault.VaultProvider

Abstract class that is meant to be extended by implementations of VaultProvider that want to have support for key resolvers.

This class implements the obtainSecret(String) method by iterating through the configured resolvers in order and, using the final key name provided by each resolver, calls the obtainSecretInternal(String) method that must be implemented by sub-classes. If obtainSecretInternal(String) returns a non-empty secret, it is immediately returned; otherwise the implementation tries again using the next configured resolver until a non-empty secret is obtained or all resolvers have been tried, in which case an empty VaultRawSecret is returned.

Concrete implementations must, in addition to implementing the obtainSecretInternal(String) method, ensure that each constructor calls the AbstractVaultProvider(String, List) constructor from this class so that the realm and list of key resolvers are properly initialized.

Author:

Stefan Guilhen

Field Summary

Fields

Modifier and Type	Field	Description
protected String	realm
protected List<org.keycloak.vault.VaultKeyResolver>	resolvers

Constructor Summary

Constructors

Constructor	Description
AbstractVaultProvider(String realm, List<org.keycloak.vault.VaultKeyResolver> configuredResolvers)	Creates an instance of AbstractVaultProvider with the specified realm and list of key resolvers.

Method Summary

Modifier and Type	Method	Description
org.keycloak.vault.VaultRawSecret	obtainSecret(String vaultSecretId)
protected abstract org.keycloak.vault.VaultRawSecret	obtainSecretInternal(String vaultKey)	Subclasses of AbstractVaultProvider must implement this method.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.Provider

close

Field Detail

realm

protected final String realm

resolvers

protected final List<org.keycloak.vault.VaultKeyResolver> resolvers

Constructor Detail

AbstractVaultProvider

public AbstractVaultProvider(String realm,
                             List<org.keycloak.vault.VaultKeyResolver> configuredResolvers)

Creates an instance of AbstractVaultProvider with the specified realm and list of key resolvers.

Parameters:

realm - the name of the keycloak realm.

configuredResolvers - a List containing the configured key resolvers.

Method Detail

obtainSecret

public org.keycloak.vault.VaultRawSecret obtainSecret(String vaultSecretId)

Specified by:

obtainSecret in interface org.keycloak.vault.VaultProvider

obtainSecretInternal

protected abstract org.keycloak.vault.VaultRawSecret obtainSecretInternal(String vaultKey)

Subclasses of AbstractVaultProvider must implement this method. It is meant to be implemented in the same way as the obtainSecret(String) method from the VaultProvider interface, but the specified vault key must be used as is - i.e. implementations should refrain from processing the key again as the format was already defined by one of the configured key resolvers.

Parameters:

vaultKey - a String representing the name of the entry that is being fetched from the vault.

Returns:

a VaultRawSecret representing the obtained secret. It can be a empty secret if no secret could be obtained using the specified vault key.