Over the past year, two privileged access management leaders—Centrify and Thycotic— combined to bring to market a comprehensive platform uniquely built to enable, empower, and secure the modern, hybrid enterprise.
All Thycotic integrations have now been rebranded and will be developed and maintained on the new Delinea GitHub. You can find the latest version of this repo here.
The Delinea DevOps Secrets Vault (DSV) Java SDK contains classes that interact with the DSV via the REST API.
The SDK contains an API based the Spring Framework RestTemplate, and a simple application based on Spring Boot, that calls the API.
You can use this SDk in your application by adding the following dependency:
<dependency>
<groupId>com.thycotic.secrets</groupId>
<artifactId>dsv-sdk-java</artifactId>
<version>1.0</version>
</dependency>
The SDK builds and runs on Java 8 or later.
Apache Maven is also required to build the SDK.
Maven runs unit and integration tests during the build so the settings in
src/main/resources/application.properties
must be configured before the build
will succeed.
The API needs a tenant
to create request URLs that refer to it.
secrets_vault.tenant = mytenant
It authenticates to DSV using a client_id
and client_secret
.
secrets_vault.client_id = 359f8c9f-d555-40ff-a036-ce95432e708b
secrets_vault.client_secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The API assumes a the top-level domain (TLD) of com but it can be overridden:
secrets_vault.tld = eu
The base URL template itself can also be explicitly set:
secrets_vault.base_url_template = https://%s.secretsvaultcloud.%s/v1
Note that the template must contain two conversion specifiers for .tenant
and
.base_url_tld
respectively.
The SDK example application gets a secret from DSV by it's path
. The path can
be set as a proper
secret.path = path/to/secret
After the SDK application settings are configured the jar can be built:
mvn package
The build runs the SDK application, however, the it also produces an executable jar capable of accepting properties set via the command-line.
For example:
java -jar target/dsv-sdk-java-1.0-SNAPSHOT-exec.jar --secret.path=/path/to/a/secret
Configure the SecretsVaultFactoryBean
in the Spring
ApplicationContext
then inject a SecretsVault
where required.
@Autowired
private SecretsVault secretsVault;
public static void main(final String[] args) {
final Secret secret = secretsVault.getSecret("/path/to/secret");
System.out.println(String.format("The password is %s", secret.getData().get("password")));
}