Package org.forgerock.openam.secrets

Class Secrets

java.lang.Object
org.forgerock.openam.secrets.Secrets
@EvolvingAll @Singleton public class Secrets extends Object
The top-level API to obtain secrets in AM. This class will provide secrets from all secret stores that are defined in SMS configuration, and any other sources that are applicable to the AM runtime.
Since:
AM 6.5.0

  • Constructor Details

    • Secrets

      @Inject public Secrets(AnnotatedServiceRegistry serviceRegistry, DirectoryWatcher directoryWatcher, org.forgerock.openam.secrets.SecretsProviderFacadeFactory secretsProviderFacadeFactory, org.forgerock.openam.secrets.ActiveSecretsProviderFacadeFactory activeSecretsProviderFacadeFactory)
      DI constructor for the Secrets class.
      Parameters:
      serviceRegistry - The service registry for annotated services, which all configuration-based secret stores are expected to be.
      directoryWatcher - The directory watcher to use to watch for filesystem changes when using filesystem secret stores.

  • Method Details

    • registerSecretStore

      public void registerSecretStore(Class<? extends BaseSecretStoreProvider> storeType)
      Register a secret store type. This method is only expected to be called from the plugin tools.
      Parameters:
      storeType - The type of the secrets store.

    • start

      public void start()
      Start the secrets service.

    • getGlobalSecrets

      public SecretsProviderFacade getGlobalSecrets() throws SecretException
      Get the global secrets provider for the realm.
      Returns:
      A secrets provider for all the secret stores that are configured globally.
      Throws:
      SecretException - In the case of failure to read configuration.

    • getActiveGlobalSecrets

      public SecretsProviderFacade getActiveGlobalSecrets() throws SecretException
      Get the global active secrets provider for the realm.
      Returns:
      An active secrets provider for all the secret stores that are configured globally.
      Throws:
      SecretException - In the case of failure to read configuration.

    • getRealmSecrets

      public SecretsProviderFacade getRealmSecrets(Realm realm) throws SecretException
      Get a secrets provider for the realm.
      Parameters:
      realm - The realm.
      Returns:
      A secrets provider for all the secret stores that are configured.
      Throws:
      SecretException - In the case of failure to read configuration.

    • getActiveRealmSecrets

      public SecretsProviderFacade getActiveRealmSecrets(Realm realm) throws SecretException
      Get an active secrets provider for the realm.
      Parameters:
      realm - The realm.
      Returns:
      An active secrets provider for all the secret stores that are configured.
      Throws:
      SecretException - In the case of failure to read configuration.

    • isSecretService

      public boolean isSecretService(String serviceName)
      Check to see if a service is a Secret API service.
      Parameters:
      serviceName - The name of the service to check.

    • isGlobalSecretsService

      public boolean isGlobalSecretsService(String serviceName)
      Check to see if this is a purpose.
      Parameters:
      serviceName - The name of the service to check.

    • getSecretsReferenceProvider

      protected SecretsReferenceProvider getSecretsReferenceProvider(List<SecretStore> allStores)