public class HcVaultKmsClient extends Object implements com.google.crypto.tink.KmsClient
KmsClient for Vault Transit Secrets Engine..| Constructor and Description |
|---|
HcVaultKmsClient() |
HcVaultKmsClient(String uri)
Constructs a specific HcVaultKmsClient that is bound to a single key identified by
uri. |
| Modifier and Type | Method and Description |
|---|---|
boolean |
doesSupport(String uri) |
com.google.crypto.tink.Aead |
getAead(String uri) |
io.github.jopenlibs.vault.VaultConfig |
getVaultConfig() |
com.google.crypto.tink.KmsClient |
withConfig(io.github.jopenlibs.vault.VaultConfig config)
Loads Vault credentials from a config.
|
com.google.crypto.tink.KmsClient |
withCredentials(io.github.jopenlibs.vault.SslConfig sslConfig,
String token,
Optional<String> namespace) |
com.google.crypto.tink.KmsClient |
withCredentials(String token)
Loads Vault config with the provided
token. |
com.google.crypto.tink.KmsClient |
withCredentials(String token,
Optional<String> namespace) |
com.google.crypto.tink.KmsClient |
withDefaultCredentials()
Loads default Vault config.
|
com.google.crypto.tink.KmsClient |
withVault(io.github.jopenlibs.vault.api.Logical vault)
Specifies the
Logical object to be used. |
public static final String PREFIX
public HcVaultKmsClient()
public HcVaultKmsClient(String uri)
uri.public boolean doesSupport(String uri)
doesSupport in interface com.google.crypto.tink.KmsClientPREFIX, or the client is a specific one that is bound to the key
identified by uri.public com.google.crypto.tink.KmsClient withCredentials(String token) throws GeneralSecurityException
token.
If token is null, loads token from "VAULT_TOKEN" environment variables.
All other configuration elements will also be read from environment variables.
withCredentials in interface com.google.crypto.tink.KmsClientGeneralSecurityExceptionpublic com.google.crypto.tink.KmsClient withCredentials(String token, Optional<String> namespace) throws GeneralSecurityException
GeneralSecurityExceptionpublic com.google.crypto.tink.KmsClient withCredentials(io.github.jopenlibs.vault.SslConfig sslConfig,
String token,
Optional<String> namespace)
throws GeneralSecurityException
GeneralSecurityExceptionpublic com.google.crypto.tink.KmsClient withDefaultCredentials()
throws GeneralSecurityException
Token and timeouts can be loaded from environment variables.
withDefaultCredentials in interface com.google.crypto.tink.KmsClientGeneralSecurityExceptionpublic com.google.crypto.tink.KmsClient withConfig(io.github.jopenlibs.vault.VaultConfig config)
throws GeneralSecurityException
GeneralSecurityExceptionpublic com.google.crypto.tink.KmsClient withVault(io.github.jopenlibs.vault.api.Logical vault)
Logical object to be used. Only used for testing.public io.github.jopenlibs.vault.VaultConfig getVaultConfig()
public com.google.crypto.tink.Aead getAead(String uri) throws GeneralSecurityException
getAead in interface com.google.crypto.tink.KmsClientGeneralSecurityExceptionCopyright © 2026 Confluent, Inc.. All rights reserved.