Interface GoogleSecretManagerSecretStoreProvider
-
- All Superinterfaces:
BaseSecretStoreProvider
,LockedSecretStoreProvider
@EvolvingAll public interface GoogleSecretManagerSecretStoreProvider extends LockedSecretStoreProvider
Provides support for fetching secrets from Google Secret Manager.
-
-
Field Summary
Fields Modifier and Type Field Description static org.slf4j.Logger
logger
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description default long
expiryDurationSeconds()
The amount of time in seconds to allow secret values to be cached before re-fetching them from GSM.default SecretStore<? extends Secret>
getStore(SecretStoreContext context, SecretsReferenceProvider secretsReferenceProvider)
Get the commonsSecretStore
instance for this instance.String
id()
Get the sub-configuration identifier for this secret store instance.org.forgerock.openam.sm.annotations.subconfigs.Multiple<PurposeMapping>
mappings()
MapsPurpose
labels to Google SM secret names.String
project()
The Google Cloud Platform project that the instance of Secret Manager lives in.default PropertyFormat
secretFormat()
The format of the secret data to use when decoding the secret value.default String
serviceAccount()
The GCP service account to use for accessing the Secret Manager.
-
-
-
Method Detail
-
id
String id()
Get the sub-configuration identifier for this secret store instance.- Specified by:
id
in interfaceBaseSecretStoreProvider
- Returns:
- The identifier.
-
project
String project()
The Google Cloud Platform project that the instance of Secret Manager lives in.- Returns:
- the GCP project to look for the Secret Manager instance in.
-
serviceAccount
default String serviceAccount()
The GCP service account to use for accessing the Secret Manager. Alternative service accounts can be configured in the globalGoogleCloudServiceAccountService
.- Returns:
- the name of the service account to use.
-
secretFormat
default PropertyFormat secretFormat()
The format of the secret data to use when decoding the secret value.- Returns:
- the property format to use.
-
expiryDurationSeconds
default long expiryDurationSeconds()
The amount of time in seconds to allow secret values to be cached before re-fetching them from GSM.- Returns:
- the amount of time in seconds before a secret value expires.
-
mappings
org.forgerock.openam.sm.annotations.subconfigs.Multiple<PurposeMapping> mappings()
MapsPurpose
labels to Google SM secret names. The mapping may include a{{realm}}
placeholder, which will be replaced with the path of the current realm. This allows the same mapping to be used to map different secrets in different realms.- Returns:
- the purpose mapping.
-
getStore
default SecretStore<? extends Secret> getStore(SecretStoreContext context, SecretsReferenceProvider secretsReferenceProvider) throws SecretException
Description copied from interface:LockedSecretStoreProvider
Get the commonsSecretStore
instance for this instance.- Specified by:
getStore
in interfaceLockedSecretStoreProvider
- Parameters:
context
- The context in which the store is being created.secretsReferenceProvider
- A provider of secret references that can be used to obtain secrets that are needed to unlock theSecretStore
.- Returns:
- The instance.
- Throws:
SecretException
- If the store cannot be constructed for some reason.
-
-