The Delinea Secret Server Java SDK contains classes that interact with Secret Server via the REST API.
The SDK contains an API based the Spring Framework RestTemplate, and a simple application based on Spring Boot, that calls the API.
You can use this SDk in your application by adding the following dependency:
<dependency>
<groupId>com.delinea.secrets</groupId>
<artifactId>tss-sdk-java</artifactId>
<version>1.0.2</version>
</dependency>
The SDK builds and runs on Java 8 or later.
Apache Maven is also required to build the SDK.
Maven runs unit and integration tests during the build so the settings in
src/main/resources/application.properties
must be configured before the build
will succeed.
The API authenticates to Secret Server as an Application User. The SDK application gets a secret from Secret Server by it's id.
Either secret_server.tenant
or both secret_server.api_root_url
and secret_server.oauth2.token_url
must be set.
secret_server.tenant
simplifies the configuration when accessing Secret Server Cloud by using template URLs that
assume the default folder structure and parameterize the tenant.
secret_server.tenant = mytenant
# or
# secret_server.api_root_url = https://mysecretserver/SecretServer/api/v1
# secret_server.oauth2.token_url = https://mysecretserver/SecretServer/oauth2/token
secret_server.oauth2.username = app_user
secret_server.oauth2.password = app_user_password
When the tenant
is set, the API assumes a the top-level domain (TLD) of com
but it can be overridden:
secret_server.tld = com
After the SDK application settings are configured the jar can be built:
mvn package
However, the build runs the SDK application which requires a secret.id
property:
secret.id = 1
The build also produces an executable jar capable of accepting properties via the command-line. For example:
java -jar target/tss-sdk-java-1.0-SNAPSHOT-exec.jar --secret.id=1
Configure the SecretServerFactoryBean
in the Spring
ApplicationContext
then inject SecretServer
where required.
This simple example assumes that the SecretServerFactoryBean
was configured
externally thus allowing a SecretServer
instance to be injected automatically.
@Autowired
private SecretServer secretServer;
public static void main(final String[] args) {
final Secret secret = secretServer.getSecret(1);
secret.getItems().forEach(item -> {
if (item.getFieldName().equals("password")) {
System.out.println(String.format("The password is %s", item.getValue()));
}
});
}
This one creates an AnnotationConfigApplicationContext then configures
the SecretServerFactoryBean
from an in-place properties map then registers it
and finally uses it to get a SecretServer
instance to fetch the Secret
.
It could be used to adapt the API to a non-Spring Java application or to integrate
with an application environment that provides a configuration store.
final AnnotationConfigApplicationContext applicationContext = new AnnotationConfigApplicationContext();
// create a new Spring ApplicationContext using a Map as the PropertySource
properties.put("example.property", computedValue());
// ...
applicationContext.getEnvironment().getPropertySources()
.addLast(new MapPropertySource("properties", properties));
// Register the factoryBean
applicationContext.registerBean(SecretServerFactoryBean.class);
applicationContext.refresh();
// Fetch the secret
final Secret secret = applicationContext.getBean(SecretServer.class).getSecret(serverSecret.getId());