Uses of Class
org.forgerock.secrets.Purpose

Packages that use Purpose

Package	Description
org.forgerock.secrets	Provides a unified API for accessing secrets of various kinds.
org.forgerock.secrets.propertyresolver	Provides a SecretStore implementation that loads secrets from a Common Configuration PropertyResolver and then decodes it with a SecretPropertyFormat.

Uses of Purpose in org.forgerock.secrets

Fields in org.forgerock.secrets declared as Purpose

Modifier and Type	Field	Description
static Purpose<DataDecryptionKey>	Purpose.DATA_DECRYPTION	Indicates a key intended for decrypting data.
static Purpose<DataEncryptionKey>	Purpose.DATA_ENCRYPTION	Indicates a key intended for encrypting data.
static Purpose<KeyAgreementKey>	Purpose.KEY_AGREEMENT	Indicates a key intended for an interactive key agreement protocol, such as Diffie-Hellman (DH) or the elliptic curve equivalent (ECDH).
static Purpose<KeyDecryptionKey>	Purpose.KEY_DECRYPTION	Indicates a key intended for decrypting ("unwrapping") other keys.
static Purpose<KeyEncryptionKey>	Purpose.KEY_ENCRYPTION	Indicates a key intended for encrypting ("wrapping") other keys.
static Purpose<GenericSecret>	Purpose.PASSWORD	Indicates a secret intended to be used as a password for authentication to some service.
static Purpose<SigningKey>	Purpose.SIGN	Indicates a key intended for creating digital signatures or message authentication codes (MACs).
static Purpose<VerificationKey>	Purpose.VERIFY	Indicates a key intended for verifying digital signatures or message authentication codes.
static Purpose<CertificateVerificationKey>	Purpose.VERIFY_CERTIFICATE	Indicates a key intended for verifying certificate signatures.

Methods in org.forgerock.secrets that return Purpose

Modifier and Type	Method	Description
Purpose<?>	NoSuchSecretException.getPurpose()	Returns the purpose for which no secret was found.
static <T extends Secret> Purpose<T>	Purpose.purpose(String label, Class<T> type)	Constructs a purpose object.
static <T extends Secret> Purpose<T>	Purpose.purpose(String label, Class<T> type, SecretConstraint<? super T>... constraints)	Constructs a purpose object.
Purpose<T>	Purpose.withConstraints(SecretConstraint<? super T>... constraints)	Constructs a new purpose that is identical to this purpose but which imposes additional constraints on the secrets that can satisfy it.

Methods in org.forgerock.secrets with parameters of type Purpose

Modifier and Type	Method	Description
static <T extends Secret> SecretReference<T>	SecretReference.active(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock)	Creates a reference to the active secret for the given purpose using the given secrets provider.
<T extends CryptoKey> KeyStore	SecretsProvider.asKeyStore(Purpose<T> purpose)	Returns a view of this secrets provider as a keystore for the given purpose.
<T extends Secret> T	SecretBuilder.build(Purpose<T> purpose)	Builds a secret of the given type, enforcing any constraints attached to the purpose.
<S extends Secret> SecretReference<S>	SecretsProvider.createActiveReference(Purpose<S> purpose)	Creates the secret reference from the given purpose.
<S extends Secret> SecretReference<S>	SecretsProvider.createNamedReference(Purpose<S> purpose, String name)	Creates a reference to a secret with the given name (stable id) for the given purpose.
default <S extends T> Promise<S,NoSuchSecretException>	SecretStore.getActive(Purpose<S> purpose)	Returns the active secret for the given purpose.
<S extends T> Promise<S,NoSuchSecretException>	ThreadPoolSecretStore.getActive(Purpose<S> purpose)
<S extends Secret> Promise<S,NoSuchSecretException>	SecretsProvider.getActiveSecret(Purpose<S> purpose)	Gets the currently active secret for the given purpose.
X509ExtendedKeyManager	SecretsProvider.getKeyManager(Purpose<? extends CryptoKey> purpose)	Returns a KeyManager that can be used to initialize an SSLContext, allowing certificates and private keys to be retrieved from this secrets provider.
X509ExtendedKeyManager	SecretsProvider.getKeyManager(Purpose<? extends CryptoKey> purpose, Options options)	Returns a KeyManager that can be used to initialize an SSLContext, allowing certificates and private keys to be retrieved from this secrets provider.
default <S extends T> Promise<S,NoSuchSecretException>	SecretStore.getNamed(Purpose<S> purpose, String name)	Returns the named secret from this store.
<S extends T> Promise<S,NoSuchSecretException>	ThreadPoolSecretStore.getNamed(Purpose<S> purpose, String name)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	SecretsProvider.getNamedOrValidSecrets(Purpose<S> purpose, String id)	If the given id is not null, then this returns the single named secret that corresponds to that stable id (or a stream of valid secrets for the given purpose if no such secret exists), otherwise it returns all valid secrets for the given purpose.
<S extends Secret> Promise<S,NoSuchSecretException>	SecretsProvider.getNamedSecret(Purpose<S> purpose, String id)	Gets the secret for the given purpose with the given stable secret id.
SecretsTrustManager	SecretsProvider.getTrustManager(Purpose<? extends CryptoKey> purpose)	Constructs an X509ExtendedTrustManager that will retrieve certificates from this secrets provider for the provided purpose.
SecretsTrustManager	SecretsProvider.getTrustManager(Purpose<? extends CryptoKey> purpose, Options options)	Constructs an X509ExtendedTrustManager that will retrieve certificates from this secrets provider for the provided purpose.
<S extends T> Promise<Stream<S>,NeverThrowsException>	SecretStore.getValid(Purpose<S> purpose)	Returns all valid secrets for the given purpose from this store.
<S extends T> Promise<Stream<S>,NeverThrowsException>	ThreadPoolSecretStore.getValid(Purpose<S> purpose)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	SecretsProvider.getValidSecrets(Purpose<S> purpose)	Returns all secrets for the given purpose which have not yet expired.
static <T extends Secret> SecretReference<T>	SecretReference.named(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock)	Creates a reference to a named secret using the given secrets provider.
default void	SecretStore.retire(Purpose<? extends T> purpose, String secretIdToRetire)	Retires the given secret for the given purpose.
void	ThreadPoolSecretStore.retire(Purpose<? extends T> purpose, String secretIdToRetire)
default void	SecretStore.rotate(Purpose<? extends T> purpose, String newActiveSecretId)	Rotates the active secret for the given purpose.
void	ThreadPoolSecretStore.rotate(Purpose<? extends T> purpose, String newActiveSecretId)
protected <T extends Secret> void	SecretsProvider.setActiveStore(SecretStore<? super T> store, Purpose<? extends T> purpose)	Sets the active store to use for the given purpose.
<T extends Secret> SecretsProvider	SecretsProvider.setActiveStore(SecretStore<? super T> store, Purpose<? extends T>... purposes)	Sets the active store to use for the given purpose.
<S extends Secret> SecretsProvider	SecretsProvider.useSpecificSecretForPurpose(Purpose<S> purpose, S secret)	Configures this SecretsProvider to always return the specific given secret for the given purpose.

Constructors in org.forgerock.secrets with parameters of type Purpose

Constructor	Description
NoSuchSecretException(Purpose<?> purpose)	Constructs the exception for the given purpose.
NoSuchSecretException(Purpose<?> purpose, String id)	Constructs the exception for the given purpose and secret stable id.
SecretReference(SecretsProvider provider, Purpose<T> purpose)	Deprecated. Use SecretsProvider.createActiveReference(Purpose) or SecretReference.active(SecretsProvider, Purpose, Clock) instead.
SecretReference(SecretsProvider provider, Purpose<T> purpose, Clock clock)	Deprecated. Use SecretsProvider.createActiveReference(Purpose) or SecretReference.active(SecretsProvider, Purpose, Clock) instead.
SecretsLoadStoreParameter(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose, Clock clock)	Initialises the keystore with the given secrets API objects.

Uses of Purpose in org.forgerock.secrets.propertyresolver

Methods in org.forgerock.secrets.propertyresolver with parameters of type Purpose

Modifier and Type	Method	Description
<S extends Secret> Promise<S,NoSuchSecretException>	PropertyResolverSecretStore.getActive(Purpose<S> purpose)
<S extends Secret> Promise<S,NoSuchSecretException>	PropertyResolverSecretStore.getNamed(Purpose<S> purpose, String name)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	PropertyResolverSecretStore.getValid(Purpose<S> purpose)	Returns a stream of the active secret for the given purpose.

Constructors in org.forgerock.secrets.propertyresolver with parameters of type Purpose

Constructor	Description
PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose)	Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.
PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose, Supplier<SecretBuilder> secretBuilderSupplier)	Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.