Package com.scivicslab.turingworkflow.plugins.vault

Class VaultClient

java.lang.Object
com.scivicslab.turingworkflow.plugins.vault.VaultClient
public class VaultClient extends Object
Client for HashiCorp Vault API communication. Supports reading secrets from Vault KV v2 engine.
Since:
1.0.0
Author:
devteam@scivicslab.com

  • Constructor Details

    • VaultClient

      public VaultClient(VaultConfig config)
      Creates a new VaultClient with the given configuration.
      Parameters:
      config - Vault configuration

  • Method Details

    • readField

      public String readField(String kvPath, String fieldName) throws VaultClient.VaultException
      Reads a named field from a Vault KV v2 secret. The path uses CLI-style notation (mount/key); data/ is inserted automatically between the mount and the key. For example, "keycloak-local-llm/test-users" becomes the API path /v1/keycloak-local-llm/data/test-users.
      Parameters:
      kvPath - KV path in CLI notation (e.g., "keycloak-local-llm/test-users")
      fieldName - name of the field inside the secret's data map
      Returns:
      field value as String
      Throws:
      VaultClient.VaultException - if Vault communication fails, secret not found, or field missing

    • readSecret

      public String readSecret(String path) throws VaultClient.VaultException
      Reads a secret from Vault using the full API path (legacy; reads the value field).
      Parameters:
      path - full KV v2 API path (e.g., "secret/data/ssh/iacuser/private_key")
      Returns:
      value of the value field
      Throws:
      VaultClient.VaultException - if Vault communication fails or secret not found