public class DefaultSecretsService extends Object implements SecretsService
Modifier and Type | Class and Description |
---|---|
static class |
DefaultSecretsService.Builder
DefaultSecretsService 's builder. |
Constructor and Description |
---|
DefaultSecretsService(SecretsProvider provider,
Clock clock)
Constructs a new
DefaultSecretsService with a given provider. |
Modifier and Type | Method and Description |
---|---|
static DefaultSecretsService.Builder |
builder(JsonValue node,
Clock clock)
Returns a
DefaultSecretsService 's builder. |
<S extends Secret> |
createReference(Purpose<S> purpose)
Create a
SecretReference for the given Purpose . |
<S extends Secret> |
getActiveSecret(Purpose<S> purpose)
Gets the currently active secret for the given purpose.
|
<S extends Secret> |
getNamedSecret(Purpose<S> purpose,
String id)
Gets the secret for the given purpose with the given stable secret id.
|
<S extends Secret> |
getValidSecrets(Purpose<S> purpose)
Returns all secrets for the given purpose which have not yet expired.
|
public DefaultSecretsService(SecretsProvider provider, Clock clock)
DefaultSecretsService
with a given provider.provider
- The SecretsProvider
to use.clock
- The Clock
to use within this service.public <S extends Secret> Promise<S,NoSuchSecretException> getActiveSecret(Purpose<S> purpose)
SecretsService
NoSuchSecretException
is thrown instead.
The active secret is found by first consulting the currently active store for the purpose label. If no active stores exist for the purpose, all default stores are consulted, and the first matching secret is used.
This method is usually used for encryption and signature operations, where you need to use the active (not rotated) crypto material.
getActiveSecret
in interface SecretsService
S
- the type of secret to return.purpose
- the purpose for which the secret is intended to be used.NoSuchSecretException
if
one cannot be found.public <S extends Secret> Promise<S,NoSuchSecretException> getNamedSecret(Purpose<S> purpose, String id)
SecretsService
This method is usually used for decryption and signature verification operations, where you may have a hint for selecting the crypto material to use for the operation. Because the verified signature may have been generated with a rotated secret (at time of verification), #getActiveSecret cannot be used.
getNamedSecret
in interface SecretsService
S
- the type of secret to returnpurpose
- the purpose for which the secret is intended to be used.id
- the stable id of the particular secret to get.Secret.getStableId()
public <S extends Secret> Promise<Stream<S>,NeverThrowsException> getValidSecrets(Purpose<S> purpose)
SecretsService
getValidSecrets
in interface SecretsService
S
- the type of secret to return.purpose
- the purpose for which the secrets are intended for.public <S extends Secret> SecretReference<S> createReference(Purpose<S> purpose)
SecretsService
SecretReference
for the given Purpose
.createReference
in interface SecretsService
S
- The type of the SecretReference to return.purpose
- The Purpose
for the SecretReference
.public static DefaultSecretsService.Builder builder(JsonValue node, Clock clock)
DefaultSecretsService
's builder.node
- secrets node configurationclock
- system's clockDefaultSecretsService
's builder.Copyright 2011-2017 ForgeRock AS.