Package org.forgerock.secrets.gcpkms
Class GoogleKmsEncryptedPropertyFormat
- java.lang.Object
-
- org.forgerock.secrets.gcpkms.GoogleKmsEncryptedPropertyFormat
-
- All Implemented Interfaces:
SecretPropertyFormat
,SecretDecoder
public class GoogleKmsEncryptedPropertyFormat extends Object implements SecretPropertyFormat
ASecretPropertyFormat
for thePropertyResolverSecretStore
that can decrypt secrets using a Google KMS decryption key. Supports either symmetric or asymmetric decryption algorithms.Note: the output of
gcloud kms encrypt
is a binary file. As Commons Config properties must be strings, this property format class assumes that the data is base64-encoded. To create a compatible file you should therefore use a two step process:gcloud kms encrypt --plaintext-file=plaintext.txt --ciphertext-file=ciphertext.enc base64 < ciphertext.enc > ciphertext.txt
-
-
Field Summary
-
Fields inherited from interface org.forgerock.secrets.SecretDecoder
RAW
-
Fields inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat
PLAIN
-
-
Constructor Summary
Constructors Constructor Description GoogleKmsEncryptedPropertyFormat(GoogleKmsSecretStore secretStore, Purpose<DataDecryptionKey> purpose)
Initializes the property format with the given secret store and purpose.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description SecretBuilder
decode(String propertyValue)
Decodes the input property value, setting relevant properties on aSecretBuilder
object.Promise<SecretBuilder,NoSuchSecretException>
decodeToPromise(String propertyValue)
Decodes the input property value, setting relevant properties on aSecretBuilder
object.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat
decodeToPromise
-
-
-
-
Constructor Detail
-
GoogleKmsEncryptedPropertyFormat
public GoogleKmsEncryptedPropertyFormat(GoogleKmsSecretStore secretStore, Purpose<DataDecryptionKey> purpose)
Initializes the property format with the given secret store and purpose. All valid keys for the given purpose will be tried for decryption.- Parameters:
secretStore
- the secret store.purpose
- the purpose for decryption.
-
-
Method Detail
-
decode
public SecretBuilder decode(String propertyValue) throws NoSuchSecretException
Description copied from interface:SecretPropertyFormat
Decodes the input property value, setting relevant properties on aSecretBuilder
object.- Specified by:
decode
in interfaceSecretPropertyFormat
- Parameters:
propertyValue
- the value of the secret property.- Returns:
- the decoded secret information.
- Throws:
NoSuchSecretException
- If the property value does not contain a value that can be decoded.
-
decodeToPromise
public Promise<SecretBuilder,NoSuchSecretException> decodeToPromise(String propertyValue)
Description copied from interface:SecretPropertyFormat
Decodes the input property value, setting relevant properties on aSecretBuilder
object.- Specified by:
decodeToPromise
in interfaceSecretPropertyFormat
- Parameters:
propertyValue
- the value of the secret property.- Returns:
- a promise of the decoded secret information.
-
-