Vault | Java SDK
List
getBulk(GetBulkRequest request)Retrieve a list of secrets, keys and folders.
final var filter = new HashMap<String, String>();
filter.put("folder", "/tmp");
final var response = client.getBulk(GetBulkRequest.builder().filter(filter).build());State change
stateChange(String id, ItemVersionState state, int version, String destroyPeriod)Change the state of a specific version of a secret or key.
final var stateChangeResponse = client.stateChange("id", ItemVersionState.DEACTIVATED);Delete
delete(String id)Delete a secret or key.
DeleteResponse deleteResponse = client.delele("id");Retrieve
get(GetRequest request)Retrieve a secret or key, and any associated information.
GetResponse getResponse = client.get(
new GetRequest.GetRequestBuilder("id").build()
);List
list(ListRequest request)Retrieve a list of secrets, keys and folders, and their associated information.
ListResponse listResponse = client.list(
new ListRequest.ListRequestBuilder().build()
);Update
update(UpdateRequest request)Update information associated with a secret or key.
UpdateResponse updateResponse = client.update(
new UpdateRequest.UpdateRequestBuilder("id")
.setFolder("updated")
.build()
);Store a secret
secretStore(SecretStoreRequest request)Store a secret in vault service.
SecretStoreResponse storeResponse =
client.secretStore(new SecretStoreRequest.SecretStoreRequestBuilder("mysecret", "mysecretname").build());Store a Pangea Token
pangeaTokenStore(PangeaTokenStoreRequest request)Store a pangea token in vault service.
SecretStoreResponse storeResponse =
client.pangeaTokenStore(new PangeaTokenStoreRequest.PangeaTokenStoreRequestBuilder("mytoken", "mytokenname").build());Rotate a secret
secretRotate(SecretRotateRequest request)Rotate a secret in vault service.
SecretRotateResponse rotateResponse = client.secretRotate(
new SecretRotateRequest.SecretRotateRequestBuilder("secretid", "mynewsecret")
.setRotationState(ItemVersionState.SUSPENDED)
.build()
);Rotate a Pangea Token
pangeaTokenRotate(PangeaTokenRotateRequest request)Rotate a Pangea Token in vault service.
SecretRotateResponse rotateResponse = client.pangeaTokenRotate(
new PangeaTokenStoreRequest.PangeaTokenRotateRequestBuilder("tokenid", "3m")
.build()
);Symmetric generate
symmetricGenerate(SymmetricGenerateRequest request)Generate a symmetric key.
SymmetricGenerateRequest generateRequest = new SymmetricGenerateRequest.SymmetricGenerateRequestBuilder(
SymmetricAlgorithm.AES128_CFB,
KeyPurpose.ENCRYPTION,
"keyname"
).build();
SymmetricGenerateResponse generateResp = client.symmetricGenerate(generateRequest);Asymmetric generate
asymmetricGenerate(AsymmetricGenerateRequest request)Generate an asymmetric key.
AsymmetricGenerateRequest generateRequest = new AsymmetricGenerateRequest.AsymmetricGenerateRequestBuilder(
AsymmetricAlgorithm.ED25519,
KeyPurpose.SIGNING,
"keyname"
).build();
AsymmetricGenerateResponse generateResp = client.asymmetricGenerate(generateRequest);Asymmetric store
asymmetricStore(AsymmetricStoreRequest request)Import an asymmetric key.
AsymmetricStoreRequest storeRequest = new AsymmetricStoreRequest.AsymmetricStoreRequestBuilder(
"encodedprivatekey",
"encodedpublickey",
AsymmetricAlgorithm.ED25519,
KeyPurpose.SIGNING,
"keyname"
).build();
AsymmetricStoreResponse storeResp = client.asymmetricStore(storeRequest);Symmetric store
symmetricStore(SymmetricStoreRequest request)Import a symmetric key.
SymmetricStoreRequest storeRequest = new SymmetricStoreRequest.SymmetricStoreRequestBuilder(
"encodedkey"
SymmetricAlgorithm.AES,
KeyPurpose.ENCRYPTION,
"keyname"
).build();
SymmetricStoreResponse storeResp = client.symmetricStore(storeRequest);Key rotate
keyRotate(KeyRotateRequest request)Manually rotate a symmetric or asymmetric key.
KeyRotateResponse rotateResponse = client.keyRotate(
new KeyRotateRequest.KeyRotateRequestBuilder("keyid", ItemVersionState.SUSPENDED).build()
);Encrypt
encrypt(EncryptRequest request)Encrypt a message using a key.
EncryptResponse encryptResponse = client.encrypt(
new EncryptRequest.EncryptRequestBuilder("keyid", "base64message").setVersion(2).build()
);Decrypt
decrypt(DecryptRequest request)Decrypt a message using a key.
DecryptResponse decryptResponse = client.decrypt(
new DecryptRequest.DecryptRequestBuilder("keyid", "validciphertext")
.setVersion(2)
.build()
);Sign
sign(String id, String message)Sign a message using a key.
SignResponse signResponse = client.sign("keyid", "base64data2sign");Sign
sign(String id, String message, int version)sign a message
SignResponse signResponse = client.sign("keyid", "base64data2sign", 2);JWT Sign
jwtSign(String id, String payload)Sign a JSON Web Token (JWT) using a key.
String payload = """
{'message': 'message to sign', 'data': 'Some extra data'}
""";
JWTSignResponse signResponse1 = client.jwtSign("keyid", payload);Verify
verify(String id, String message, String signature)Verify a signature using a key.
VerifyResponse verifyResponse = client.verify("keyid", "data2verify", "signature");Verify
verify(String id, String message, String signature, Integer version)Verify a signature using a key.
VerifyResponse verifyResponse = client.verify("keyid", "data2verify", "signature", 1);JWT Verify
jwtVerify(String jws)Verify the signature of a JSON Web Token (JWT).
JWTVerifyResponse verifyResponse = client.jwtVerify(signResponse.getResult().getJws());JWT Retrieve
jwkGet(String id)Retrieve a key in JWK format.
JWKGetResponse getResponse = client.jwkGet("jwkid");JWT Retrieve
jwkGet(String id, String version)Retrieve a key in JWK format.
JWKGetResponse getResponse = client.jwkGet("jwkid", 2);Create
folderCreate(FolderCreateRequest request)Creates a folder.
FolderCreateResponse createParentResp = client.folderCreate(
new FolderCreateRequest.Builder("folder_name", "parent/folder/name").build()
);Encrypt structured
encryptStructured(EncryptStructuredRequest request)Encrypt parts of a JSON object.
var request = new EncryptStructuredRequest.Builder<SomeModel>(
key,
data,
"$.field1[2:4]"
).build();
var encrypted = client.encryptStructured(request);Decrypt structured
decryptStructured(EncryptStructuredRequest request)Decrypt parts of a JSON object.
var request = new EncryptStructuredRequest.Builder<SomeModel>(
key,
data,
"$.field1[2:4]"
).build();
var encrypted = client.decryptStructured(request);Encrypt transform
encryptTransform(EncryptTransformRequest request)Encrypt using a format preserving algorithm (FPE).
var encrypted = client.encryptTransform(
new EncryptTransformRequest.Builder(
"pvi_[...]",
"123-4567-8901",
TransformAlphabet.ALPHANUMERIC
).tweak("MTIzMTIzMT==").build()
);Decrypt transform
decryptTransform(DecryptTransformRequest request)Decrypt using a format preserving algorithm (FPE).
var decrypted = client.decryptTransform(
new DecryptTransformRequest.Builder(
"pvi_[...]",
"tZB-UKVP-MzTM",
"MTIzMTIzMT==",
TransformAlphabet.ALPHANUMERIC
).build()
);Export
export(ExportRequest request)Export a symmetric or asymmetric key.
// Generate an exportable key.
final var generateRequest = new AsymmetricGenerateRequest.Builder(
AsymmetricAlgorithm.RSA4096_OAEP_SHA512,
KeyPurpose.ENCRYPTION,
"a-name-for-the-key"
)
.exportable(true)
.build();
final var generated = client.asymmetricGenerate(generateRequest);
final var key = generated.getResult().getId();
// Then it can be exported whenever needed.
final var request = ExportRequest.builder(key).build();
final var exported = client.export(request);