VaultAwsCredentialsProvider is a package that allows you to pass refreshable or static credentials to the AWS v2 SDK.
We currently only support the following classes and libraries:
If you would like support for another library, please submit a PR or open an issue here
- Add the package to your dependencies. See here for instructions specific to your build system.
The argument credentialsRequestData
may be null if you do not need to pass a request body. If you are unsure if this is needed,
please refer to the Vault HTTP API documentation.
- Have an available
VaultTemplate
object from Spring Vault - Create the credentials provider using the example code below:
import dev.popaxe.aws.credentials.VaultAwsCredentialsProvider;
import org.springframework.vault.core.VaultTemplate;
import java.util.Map;
class ExampleClass {
@Autowired
private final VaultTemplate vaultTemplate;
public static void main(String[] args) {
VaultAwsCredentialsProvider credentialsProvider =
VaultAwsCredentialsProvider.withVaultTemplate(
vaultTemplate,
"/path/to/creds", // The path to credentials in Vault
Map.of("key1", "value") // Map of request data to pass to request, if applicable
);
}
}
- Have an available
VaultTemplate
object from Spring Vault - Create the credentials provider using the example code below:
import dev.popaxe.aws.credentials.VaultAwsCredentialsProvider;
import io.github.jopenlibs.vault.Vault;
import java.util.Map;
class ExampleClass {
@Autowired
private final Vault vault;
public static void main(String[] args) {
VaultAwsCredentialsProvider credentialsProvider =
VaultAwsCredentialsProvider.withJOpenLibsVault(
vault,
"/path/to/creds", // The path to credentials in Vault
Map.of("key1", "value") // Map of request data to pass to request, if applicable
);
}
}
This library uses a number of things to standardize development across developers:
- Spotless - This is used to ensure consistent, readable code formatting. We use Google's AOSP settings.
- Spotbugs - This is used to ensure that there are no obvious bugs in the code.
- Jacoco - We use this to make sure that code coverage in our tests remains at 95% or greater.
These packages help development and ensure proper build procedure before a new version is released.
A new version of this library is only pushed when a new release is created. Only the build automation system should be used for publishing a new version, however if a manual publish must be done, use the following instructions:
- Create a GPG key (the easiest way to do this is with this tool)
- Export this to a file:
gpg --export-secret-keys > $HOME/secring.gpg
- Create a
gradle.properties
file in your$HOME/.gradle
folder with the following contents:
signing.keyId=<YOUR_KEY_ID_HERE>
signing.password=<YOUR_KEY_PASSWORD_HERE>
signing.secretKeyRingFile=$HOME/secring.gpg
- Set your credential variables:
export MAVEN_USERNAME=<USERNAME_HERE>
export MAVEN_PASSWORD=<PASSWORD_HERE>
- Ensure you've bumped the version in
build.gradle
to a non-conflicting version - Run
gradle publishToSonatype closeAndReleaseSonatypeStagingRepository