Class Secrets


  • @EvolvingAll
    @Singleton
    public class Secrets
    extends Object
    The top-level API to obtain secrets in AM. This class will provide secrets from all secret stores that are defined in SMS configuration, and any other sources that are applicable to the AM runtime.
    Since:
    AM 6.5.0
    • Constructor Detail

      • Secrets

        @Inject
        public Secrets​(AnnotatedServiceRegistry serviceRegistry,
                       DirectoryWatcher directoryWatcher,
                       org.forgerock.openam.secrets.SecretsProviderFacadeFactory secretsProviderFacadeFactory,
                       org.forgerock.openam.secrets.ActiveSecretsProviderFacadeFactory activeSecretsProviderFacadeFactory)
        DI constructor for the Secrets class.
        Parameters:
        serviceRegistry - The service registry for annotated services, which all configuration-based secret stores are expected to be.
        directoryWatcher - The directory watcher to use to watch for filesystem changes when using filesystem secret stores.
    • Method Detail

      • registerSecretStore

        public void registerSecretStore​(Class<? extends BaseSecretStoreProvider> storeType)
        Register a secret store type. This method is only expected to be called from the plugin tools.
        Parameters:
        storeType - The type of the secrets store.
      • start

        public void start()
        Start the secrets service.
      • getGlobalSecrets

        public SecretsProviderFacade getGlobalSecrets()
                                               throws SecretException
        Get the global secrets provider for the realm.
        Returns:
        A secrets provider for all the secret stores that are configured globally.
        Throws:
        SecretException - In the case of failure to read configuration.
      • getActiveGlobalSecrets

        public SecretsProviderFacade getActiveGlobalSecrets()
                                                     throws SecretException
        Get the global active secrets provider for the realm.
        Returns:
        An active secrets provider for all the secret stores that are configured globally.
        Throws:
        SecretException - In the case of failure to read configuration.
      • getRealmSecrets

        public SecretsProviderFacade getRealmSecrets​(Realm realm)
                                              throws SecretException
        Get a secrets provider for the realm.
        Parameters:
        realm - The realm.
        Returns:
        A secrets provider for all the secret stores that are configured.
        Throws:
        SecretException - In the case of failure to read configuration.
      • getActiveRealmSecrets

        public SecretsProviderFacade getActiveRealmSecrets​(Realm realm)
                                                    throws SecretException
        Get an active secrets provider for the realm.
        Parameters:
        realm - The realm.
        Returns:
        An active secrets provider for all the secret stores that are configured.
        Throws:
        SecretException - In the case of failure to read configuration.
      • isSecretService

        public boolean isSecretService​(String serviceName)
        Check to see if a service is a Secret API service.
        Parameters:
        serviceName - The name of the service to check.
      • isGlobalSecretsService

        public boolean isGlobalSecretsService​(String serviceName)
        Check to see if this is a purpose.
        Parameters:
        serviceName - The name of the service to check.