java.lang.Object

java.lang.Enum<PropertyFormat>

org.forgerock.openam.secrets.config.PropertyFormat

All Implemented Interfaces:: Serializable, Comparable<PropertyFormat>, java.lang.constant.Constable, SecretPropertyFormat, SecretDecoder

@EvolvingAll public enum PropertyFormat extends Enum<PropertyFormat> implements SecretPropertyFormat

Supported property formats for file-based and system/environment variable properties.

Since:: AM 6.5.0

Nested Class Summary

Nested classes/interfaces inherited from class java.lang.Enum
Enum.EnumDesc<E extends Enum<E>>
Enum Constant Summary

Enum Constants

Enum Constant

Description

BASE64

A base64-encoded binary value.

BASE64_HMAC_KEY

Deprecated, for removal: This API element is subject to removal in a future version.
Prefer PEM for keys.

ENCRYPTED_BASE64

A base64-encoded binary value encrypted with AM's server key.

ENCRYPTED_HMAC_KEY

Deprecated, for removal: This API element is subject to removal in a future version.
Prefer ENCRYPTED_PEM for keys.

ENCRYPTED_PEM

Certificates, keys, and passwords in Privacy Enhanced Mail (PEM) format that have then been encrypted with AM's password-based encryption.

ENCRYPTED_PLAIN

A text value encrypted with AM's server encryption key.

GOOGLE_KMS_ENCRYPTED

A base64-encoded value that has been encrypted with Google Cloud Platform Key Management Service.

GOOGLE_KMS_ENCRYPTED_HMAC_KEY

Deprecated, for removal: This API element is subject to removal in a future version.
Prefer GOOGLE_KMS_ENCRYPTED_PEM for keys.

GOOGLE_KMS_ENCRYPTED_PEM

Certificates, keys, and passwords in Privacy Enhanced Mail (PEM) format that have then been encrypted with Google KMS.

JWK

Decodes a JSON Web Key (JWK) as a secret.

PEM

Certificates, keys, and passwords in Privacy Enhanced Mail (PEM) format.

PLAIN

A plain text value.
Field Summary

Fields inherited from interface org.forgerock.secrets.SecretDecoder
RAW

Fields inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat
PLAIN
Method Summary

Modifier and Type

Method

Description

static PropertyFormat

valueOf(String name)

Returns the enum constant of this class with the specified name.

static PropertyFormat[]

values()

Returns an array containing the constants of this enum class, in the order they are declared.

Methods inherited from class java.lang.Enum
clone, compareTo, describeConstable, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat
decode, decodeToPromise, decodeToPromise

Enum Constant Details
- PLAIN
  
  public static final PropertyFormat PLAIN
  
  A plain text value. The UTF-8 bytes of the value are used as the secret.
- BASE64
  
  public static final PropertyFormat BASE64
  
  A base64-encoded binary value.
- ENCRYPTED_PLAIN
  
  public static final PropertyFormat ENCRYPTED_PLAIN
  
  A text value encrypted with AM's server encryption key. The value will be decrypted with DecodeAction and the UTF-8 bytes used as the secret.
- ENCRYPTED_BASE64
  
  public static final PropertyFormat ENCRYPTED_BASE64
  
  A base64-encoded binary value encrypted with AM's server key. The value is decrypted with DecodeAction and then base64-decoded.
- ENCRYPTED_HMAC_KEY
  
  @Deprecated(since="8.0.0", forRemoval=true) public static final PropertyFormat ENCRYPTED_HMAC_KEY
  
  Deprecated, for removal: This API element is subject to removal in a future version.
  Prefer ENCRYPTED_PEM for keys.
  
  A base64-encoded binary secret HMAC key encrypted with AM's server key. The values is decrypted with DecodeAction then base64-decoded and passed to SecretKeyPropertyFormat.
- BASE64_HMAC_KEY
  
  @Deprecated(since="8.0.0", forRemoval=true) public static final PropertyFormat BASE64_HMAC_KEY
  
  Deprecated, for removal: This API element is subject to removal in a future version.
  Prefer PEM for keys.
  
  A base64-encoded binary secret HMAC key. The values base64-decoded and passed to SecretKeyPropertyFormat.
- GOOGLE_KMS_ENCRYPTED
  
  public static final PropertyFormat GOOGLE_KMS_ENCRYPTED
  
  A base64-encoded value that has been encrypted with Google Cloud Platform Key Management Service. The secret will be decrypted using the KMS key named by the org.forgerock.openam.secrets.googlekms.decryptionkey system property. The GCP SDK will automatically load KMS credentials from the environment.
- GOOGLE_KMS_ENCRYPTED_HMAC_KEY
  
  @Deprecated(since="8.0.0", forRemoval=true) public static final PropertyFormat GOOGLE_KMS_ENCRYPTED_HMAC_KEY
  
  Deprecated, for removal: This API element is subject to removal in a future version.
  Prefer GOOGLE_KMS_ENCRYPTED_PEM for keys.
  
  A base64-encoded value that has been encrypted with Google Cloud Platform Key Management Service. The secret will be decrypted using the KMS key named by the org.forgerock.openam.secrets.googlekms.decryptionkey system property. The GCP SDK will automatically load KMS credentials from the environment. The decrypted value will be interpreted as a HMAC key.
- PEM
  
  public static final PropertyFormat PEM
  
  Certificates, keys, and passwords in Privacy Enhanced Mail (PEM) format. This format is widely supported by tools such as OpenSSL. Encrypted private keys can be decrypted using passwords configured for the Labels.PEM_PRIVATE_KEY_DECRYPTION secret ID. This currently only supports loading passwords from global secret stores.
- ENCRYPTED_PEM
  
  public static final PropertyFormat ENCRYPTED_PEM
  
  Certificates, keys, and passwords in Privacy Enhanced Mail (PEM) format that have then been encrypted with AM's password-based encryption. The value is decrypted with ENCRYPTED_PLAIN and then passed to the PEM decoder.
- GOOGLE_KMS_ENCRYPTED_PEM
  
  public static final PropertyFormat GOOGLE_KMS_ENCRYPTED_PEM
  
  Certificates, keys, and passwords in Privacy Enhanced Mail (PEM) format that have then been encrypted with Google KMS. The value is decrypted with GOOGLE_KMS_ENCRYPTED and then passed to the PEM decoder.
- JWK
  
  public static final PropertyFormat JWK
  
  Decodes a JSON Web Key (JWK) as a secret.
Method Details
- values
  
  public static PropertyFormat[] values()
  
  Returns an array containing the constants of this enum class, in the order they are declared.
  
  Returns:
  
  an array containing the constants of this enum class, in the order they are declared
- valueOf
  
  public static PropertyFormat valueOf(String name)
  
  Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
  
  Parameters:
  
  name - the name of the enum constant to be returned.
  
  Returns:
  
  the enum constant with the specified name
  
  Throws:
  
  IllegalArgumentException - if this enum class has no constant with the specified name
  
  NullPointerException - if the argument is null

Enum Class PropertyFormat

Nested Class Summary

Nested classes/interfaces inherited from class java.lang.Enum

Enum Constant Summary

Field Summary

Fields inherited from interface org.forgerock.secrets.SecretDecoder

Fields inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat

Method Summary

Methods inherited from class java.lang.Enum

Methods inherited from class java.lang.Object

Methods inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat

Enum Constant Details

PLAIN

BASE64

ENCRYPTED_PLAIN

ENCRYPTED_BASE64

ENCRYPTED_HMAC_KEY

BASE64_HMAC_KEY

GOOGLE_KMS_ENCRYPTED

GOOGLE_KMS_ENCRYPTED_HMAC_KEY

PEM

ENCRYPTED_PEM

GOOGLE_KMS_ENCRYPTED_PEM

JWK

Method Details

values

valueOf