Uses of Class
org.forgerock.secrets.SecretReference

Packages that use SecretReference

Package	Description
org.forgerock.http.filter	Core Filter implementations.
org.forgerock.http.oauth2	This package provides APIs for OAuth 2.0 services implementations.
org.forgerock.json.jose.jws	Classes and interfaces for JWT signing and JWS'.
org.forgerock.oauth.clients.oauth2	OAuth 2.0 ForgeRock Client Implementation.
org.forgerock.openam.secrets	The AM supporting classes for centrally configuring secrets.
org.forgerock.secrets	Provides a unified API for accessing secrets of various kinds.
org.forgerock.secrets.credentials	Contains secret credential related API objects.
org.forgerock.secrets.gcpkms	A secret store implementation that can retrieve keys from a Google Cloud Platform Key Management Service.
org.forgerock.secrets.keystore	Implementations of SecretStore for accessing keys stored in Java KeyStores, such as PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores.
org.forgerock.secrets.oauth2	A Secrets API backend that can obtain OAuth 2 access tokens from a token endpoint, along with a collection of grant type handlers.
org.forgerock.secrets.vault	Secrets backend that reads secrets from a remote Hashicorp Vault server.

Uses of SecretReference in org.forgerock.http.filter

Methods in org.forgerock.http.filter with parameters of type SecretReference

Modifier and Type	Method	Description
static Filter	Filters.newBearerTokenAuthFilter(SecretReference<GenericSecret> tokenReference)	Creates an authentication Filter that puts a Bearer Authorization header in the request.
static Filter	Filters.newBearerTokenAuthFilterWithoutRetry(SecretReference<GenericSecret> tokenReference)	Creates an authentication Filter that puts a Bearer Authorization header in the request.
static Filter	Filters.newHttpBasicAuthenticationFilter(String username, SecretReference<GenericSecret> password)	Deprecated, for removal: This API element is subject to removal in a future version. use Filters.newHttpBasicAuthenticationFilter(CredentialPair) instead
static Filter	Filters.newHttpBasicAuthenticationFilter(String username, SecretReference<GenericSecret> password, Charset charset)	Deprecated, for removal: This API element is subject to removal in a future version. use Filters.newHttpBasicAuthenticationFilter(CredentialPair, Charset) instead
static Filter	Filters.newUrlEncodedHttpBasicAuthFilter(String username, SecretReference<GenericSecret> password)	Deprecated, for removal: This API element is subject to removal in a future version. use Filters.newUrlEncodedHttpBasicAuthFilter(CredentialPair) instead

Uses of SecretReference in org.forgerock.http.oauth2

Methods in org.forgerock.http.oauth2 with parameters of type SecretReference

Modifier and Type	Method	Description
EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder	EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionSecretReference(SecretReference<DataEncryptionKey> secretReference)	Sets SecretReference to use as the encryption key.
T	PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningSecretReference(SecretReference<SigningKey> secretReference)	Sets SecretReference to use as the signing key.

Constructors in org.forgerock.http.oauth2 with parameters of type SecretReference

Modifier	Constructor	Description
	ClientSecretBasicAuthenticationFilter(String clientId, SecretReference<GenericSecret> secretReference)	Deprecated. Creates and instance of ClientSecretBasicAuthenticationFilter.
	ClientSecretPostAuthenticationFilter(String clientId, SecretReference<GenericSecret> secretReference)	Creates an instance of this class.

Uses of SecretReference in org.forgerock.json.jose.jws

Methods in org.forgerock.json.jose.jws with parameters of type SecretReference

Modifier and Type	Method	Description
Promise<SigningHandler,NoSuchSecretException>	SigningManager.newSigningHandler(SecretReference<SigningKey> secretReference)	Constructs a new SigningHandler configured for signing with the provided secret reference.

Uses of SecretReference in org.forgerock.oauth.clients.oauth2

Methods in org.forgerock.oauth.clients.oauth2 that return SecretReference

Modifier and Type	Method	Description
SecretReference<GenericSecret>	OAuth2ClientConfiguration.getClientSecretReference()	Returns a reference to the client secret.

Methods in org.forgerock.oauth.clients.oauth2 with parameters of type SecretReference

Modifier and Type	Method	Description
T	OAuth2ClientConfiguration.Builder.withClientSecret(SecretReference<GenericSecret> clientSecret)	Set the clientSecret.

Uses of SecretReference in org.forgerock.openam.secrets

Methods in org.forgerock.openam.secrets that return SecretReference

Modifier and Type	Method	Description
<T extends Secret> SecretReference<T>	SecretsReferenceProvider.get(Purpose<T> purpose)	Get the reference for the secrets that fulfil the purpose.

Uses of SecretReference in org.forgerock.secrets

Methods in org.forgerock.secrets that return SecretReference

Modifier and Type	Method	Description
static <T extends Secret> SecretReference<T>	SecretReference.active(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock)	Creates a reference to the active secret for the given purpose using the given secrets provider.
static <T extends Secret> SecretReference<T>	SecretReference.constant(T secret)	Create a constant SecretReference for the given secret, that will never expire.
<S extends Secret> SecretReference<S>	SecretsProvider.createActiveReference(Purpose<S> purpose)	Creates the secret reference from the given purpose.
<S extends Secret> SecretReference<S>	SecretsProvider.createNamedReference(Purpose<S> purpose, String name)	Creates a reference to a secret with the given name (stable id) for the given purpose.
static <T extends Secret> SecretReference<T>	SecretReference.named(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock)	Creates a reference to a named secret using the given secrets provider.

Uses of SecretReference in org.forgerock.secrets.credentials

Methods in org.forgerock.secrets.credentials with parameters of type SecretReference

Modifier and Type	Method	Description
static <T extends Secret> CredentialPair<T>	CredentialPair.credentialPair(SecretReference<T> secretReference, Function<T,PrincipalAndSecret<T>,NoSuchSecretException> mapper)	Factory method to create a new instance of CredentialPair from a reference to a secret containing both the principal and secret.
static <T extends Secret> CredentialPair<T>	CredentialPair.fixedPrincipalCredentialPair(String principal, SecretReference<T> secretReference)	Factory method to create a new instance of CredentialPair with a static principal and a dynamic principal secret.

Uses of SecretReference in org.forgerock.secrets.gcpkms

Constructors in org.forgerock.secrets.gcpkms with parameters of type SecretReference

Modifier	Constructor	Description
	SecretsApiBearerTokenCredentials(SecretReference<GenericSecret> bearerToken)	Initialises the credentials with a single bearer token to use for all URIs.

Constructor parameters in org.forgerock.secrets.gcpkms with type arguments of type SecretReference

Modifier	Constructor	Description
	SecretsApiBearerTokenCredentials(Function<URI,SecretReference<GenericSecret>> bearerTokenLookup)	Initialises the credentials with the given mapping from URIs to bearer token references.

Uses of SecretReference in org.forgerock.secrets.keystore

Constructors in org.forgerock.secrets.keystore with parameters of type SecretReference

Modifier	Constructor	Description
	KeyStoreSecretStore(Function<char[],KeyStore,KeyStoreException> keyStoreLoader, SecretReference<GenericSecret> keyStorePassword)	Initialises the keystore using the same password for the keystore and all keys and default configuration options.
	KeyStoreSecretStore(Function<char[],KeyStore,KeyStoreException> keyStoreLoader, SecretReference<GenericSecret> keyStorePassword, SecretReference<GenericSecret> keyEntryPassword, Options options, KeyStoreSecretStore.StableIdProvider stableIdProvider)	Initialises the key store.
	KeyStoreSecretStore(Function<char[],KeyStore,KeyStoreException> keyStoreLoader, SecretReference<GenericSecret> keyStorePassword, Options options)	Initialises the keystore using the same password for the keystore and all keys.

Uses of SecretReference in org.forgerock.secrets.oauth2

Methods in org.forgerock.secrets.oauth2 with parameters of type SecretReference

Modifier and Type	Method	Description
AccessTokenSecretStore.Builder	AccessTokenSecretStore.Builder.withClientSecretBasicAuth(String clientId, SecretReference<GenericSecret> clientSecretRef)	Configures the token store to supply client credentials via HTTP Basic Authentication.
AccessTokenSecretStore.Builder	AccessTokenSecretStore.Builder.withClientSecretPostAuth(String clientId, SecretReference<GenericSecret> clientSecretRef)	Configures the token store to supply client credentials via client_secret_post method.

Constructors in org.forgerock.secrets.oauth2 with parameters of type SecretReference

Modifier	Constructor	Description
	JwtBearerGrantTypeHandler(SecretReference<GenericSecret> jwtReference)	Constructs the handler with the given source of JWTs.
	JwtBearerGrantTypeHandler(SecretReference<GenericSecret> jwtReference, String clientId, Collection<String> scope)	Constructs the handler with the given source of JWTs, for the given client and scope.
	JwtBearerGrantTypeHandler(SecretReference<GenericSecret> jwtReference, Collection<String> scope)	Constructs the handler with the given source of JWTs, for the given scope.
	ResourceOwnerPasswordGrantTypeHandler(String clientId, String username, SecretReference<GenericSecret> password)	Initialises the grant type handler with the given credentials and the default scope for this client.
	ResourceOwnerPasswordGrantTypeHandler(String clientId, String username, SecretReference<GenericSecret> password, Collection<String> scope)	Initialises the grant type handler with the given credentials.

Uses of SecretReference in org.forgerock.secrets.vault

Methods in org.forgerock.secrets.vault that return SecretReference

Modifier and Type	Method	Description
static SecretReference<GenericSecret>	AppRoleTokenStore.createTokenReference(String roleId, SecretReference<GenericSecret> secretReference, VaultConfig config)	Returns a SecretReference that will obtain a Vault authentication token using the AppRole login method.
static SecretReference<GenericSecret>	JwtAuthenticationTokenStore.createTokenReference(String role, SecretReference<GenericSecret> secretReference, VaultConfig config)	Returns a SecretReference that will obtain a Vault login token by logging in with the given JWT.

Methods in org.forgerock.secrets.vault with parameters of type SecretReference

Modifier and Type	Method	Description
static SecretReference<GenericSecret>	AppRoleTokenStore.createTokenReference(String roleId, SecretReference<GenericSecret> secretReference, VaultConfig config)	Returns a SecretReference that will obtain a Vault authentication token using the AppRole login method.
static SecretReference<GenericSecret>	JwtAuthenticationTokenStore.createTokenReference(String role, SecretReference<GenericSecret> secretReference, VaultConfig config)	Returns a SecretReference that will obtain a Vault login token by logging in with the given JWT.

Constructors in org.forgerock.secrets.vault with parameters of type SecretReference

Modifier	Constructor	Description
	VaultDatabaseCredentialsSecretStore(SecretReference<GenericSecret> tokenReference, VaultConfig config)	Constructs a secret store to retrieve database credentials from Vault with the given options.
	VaultKeyValueSecretStore(SecretReference<GenericSecret> tokenReference, Map<JsonPointer,? extends VaultKeyValueSecretStore.SecretFieldDecoder> fieldDecoders, VaultConfig config)	Constructs the key-value store using the given authentication token and options.
	VaultPkiSecretStore(SecretReference<GenericSecret> tokenReference, VaultConfig config, JsonValue certificateRequestPayload)	Initializes the PKI secret store using the given authentication token and configuration options.
	VaultTransitSecretStore(SecretReference<GenericSecret> tokenReference, VaultConfig config)	Initializes the transit secret store with the given Vault login token and options.