Package org.forgerock.openam.secrets.config

Interface GoogleSecretManagerSecretStoreProvider

All Superinterfaces:
BaseSecretStoreProvider, LockedSecretStoreProvider, org.forgerock.openam.secrets.SecretStoreWithMappings
@EvolvingAll public interface GoogleSecretManagerSecretStoreProvider extends LockedSecretStoreProvider, org.forgerock.openam.secrets.SecretStoreWithMappings
Provides support for fetching secrets from Google Secret Manager.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final org.slf4j.Logger
    logger
     

  • Method Summary

    Modifier and Type
    Method
    Description
    default long
    expiryDurationSeconds()
    The amount of time in seconds to allow secret values to be cached before re-fetching them from GSM.
    default SecretStore<? extends Secret>
    getStore(SecretStoreContext context, SecretsReferenceProvider secretsReferenceProvider)
    Get the commons SecretStore instance for this instance.
    String
    id()
    Get the sub-configuration identifier for this secret store instance.
    org.forgerock.openam.sm.annotations.subconfigs.Multiple<PurposeMapping>
    mappings()
    Maps Purpose labels to Google SM secret names.
    String
    project()
    The Google Cloud Platform project that the instance of Secret Manager lives in.
    default PropertyFormat
    secretFormat()
    The format of the secret data to use when decoding the secret value.
    default String
    serviceAccount()
    The GCP service account to use for accessing the Secret Manager.

  • Field Details

    • logger

      static final org.slf4j.Logger logger

  • Method Details

    • id

      String id()
      Get the sub-configuration identifier for this secret store instance.
      Specified by:
      id in interface BaseSecretStoreProvider
      Returns:
      The identifier.

    • project

      String project()
      The Google Cloud Platform project that the instance of Secret Manager lives in.
      Returns:
      the GCP project to look for the Secret Manager instance in.

    • serviceAccount

      default String serviceAccount()
      The GCP service account to use for accessing the Secret Manager. Alternative service accounts can be configured in the global GoogleCloudServiceAccountService.
      Returns:
      the name of the service account to use.

    • secretFormat

      default PropertyFormat secretFormat()
      The format of the secret data to use when decoding the secret value.
      Returns:
      the property format to use.

    • expiryDurationSeconds

      default long expiryDurationSeconds()
      The amount of time in seconds to allow secret values to be cached before re-fetching them from GSM.
      Returns:
      the amount of time in seconds before a secret value expires.

    • mappings

      org.forgerock.openam.sm.annotations.subconfigs.Multiple<PurposeMapping> mappings()
      Maps Purpose labels to Google SM secret names. The mapping may include a {{realm}} placeholder, which will be replaced with the path of the current realm. This allows the same mapping to be used to map different secrets in different realms.
      Returns:
      the purpose mapping.

    • getStore

      default SecretStore<? extends Secret> getStore(SecretStoreContext context, SecretsReferenceProvider secretsReferenceProvider) throws SecretException
      Description copied from interface: LockedSecretStoreProvider
      Get the commons SecretStore instance for this instance.
      Specified by:
      getStore in interface LockedSecretStoreProvider
      Parameters:
      context - The context in which the store is being created.
      secretsReferenceProvider - A provider of secret references that can be used to obtain secrets that are needed to unlock the SecretStore.
      Returns:
      The instance.
      Throws:
      SecretException - If the store cannot be constructed for some reason.