java.lang.Object
- org.forgerock.openig.secrets.Base64EncodedSecretStore

All Implemented Interfaces:: SecretStore<GenericSecret>

public class Base64EncodedSecretStore
extends Object
implements SecretStore<GenericSecret>

A Base64EncodedSecretStore stores secret values (such as password or simple shared secrets) in a base64-encoded form in memory.

It only stores GenericSecret and all returned secrets have "infinite" expiry time.

This class is NOT suitable for safely storing secret values in PRODUCTION systems.

 {
       "type": "Base64EncodedSecretStore",
       "config": {
         "secrets": {
             "<secret-id>": string
         }
       }
    }

Example:

 {
       "type": "Base64EncodedSecretStore",
       "config": {
         "secrets": {
             "agent.password": "d2VsY29tZQ==",
             "crypto.header.key": "Y2hhbmdlaXQ="
         }
       }
    }

Nested Class Summary

Nested Classes
Modifier and Type Class Description

static class Base64EncodedSecretStore.Heaplet
Creates and initializes a Base64EncodedSecretStore in a heap environment.

Field Summary
- Fields inherited from interface org.forgerock.secrets.SecretStore
  CLOCK, LEASE_EXPIRY_DURATION

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`<S extends GenericSecret> Promise<S,NoSuchSecretException>`	`getActive(Purpose<S> purpose)`	Returns the active secret for the given purpose.
`<S extends GenericSecret> Promise<S,NoSuchSecretException>`	`getNamed(Purpose<S> purpose, String name)`	Returns the named secret from this store.
`Class<GenericSecret>`	`getStoredType()`	The top-level class that this store is capable of storing.
`<S extends GenericSecret> Promise<Stream<S>,NeverThrowsException>`	`getValid(Purpose<S> purpose)`	Returns all valid secrets for the given purpose from this store.
`void`	`refresh()`	Indicates that the store should refresh its secrets from the backing storage mechanism.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.secrets.SecretStore
retire, revoke, rotate

- Method Detail
  - getStoredType
```
public Class<GenericSecret> getStoredType()
```
    Description copied from interface: SecretStore
    
    The top-level class that this store is capable of storing. This is a reification of the type parameter and can be used to lookup stores for a given type.
    
    Specified by:
    
    getStoredType in interface SecretStore<GenericSecret>
    
    Returns:
    
    the top-most type that this store is capable of storing, typically either CryptoKey for key-stores, GenericSecret for password stores, or Secret if the store is capable of storing any type of secret.
  - getValid
```
public <S extends GenericSecret> Promise<Stream<S>,NeverThrowsException> getValid(Purpose<S> purpose)
```
    Description copied from interface: SecretStore
    
    Returns all valid secrets for the given purpose from this store.
    
    Specified by:
    
    getValid in interface SecretStore<GenericSecret>
    
    Type Parameters:
    
    S - the type of secret.
    
    Parameters:
    
    purpose - the purpose.
    
    Returns:
    
    a stream of all valid secrets of the given type from this store, or an empty stream if none exist.
  - getActive
```
public <S extends GenericSecret> Promise<S,NoSuchSecretException> getActive(Purpose<S> purpose)
```
    Description copied from interface: SecretStore
    
    Returns the active secret for the given purpose.
    
    Specified by:
    
    getActive in interface SecretStore<GenericSecret>
    
    Type Parameters:
    
    S - the type of secret.
    
    Parameters:
    
    purpose - the purpose for which a secret is required.
    
    Returns:
    
    the active secret from this store.
  - getNamed
```
public <S extends GenericSecret> Promise<S,NoSuchSecretException> getNamed(Purpose<S> purpose,
                                                                                 String name)
```
    Description copied from interface: SecretStore
    
    Returns the named secret from this store. The default implementation calls SecretStore.getValid(Purpose) and then returns the first valid key with a matching stable ID.
    
    Specified by:
    
    getNamed in interface SecretStore<GenericSecret>
    
    Type Parameters:
    
    S - the type of secret.
    
    Parameters:
    
    purpose - the secret purpose.
    
    name - the name (stable id) of the secret.
    
    Returns:
    
    a promise for the named secret, or a NoSuchSecretException promise if no such secret exists.
  - refresh
```
public void refresh()
```
    Description copied from interface: SecretStore
    
    Indicates that the store should refresh its secrets from the backing storage mechanism. This can be used to cause reload of a store after a secret rotation if the backend does not automatically detect such changes. Refresh may be an asynchronous operation and no guarantees are made about when clients of this secret store may see updated secrets after a call to refresh.
    
    Specified by:
    
    refresh in interface SecretStore<GenericSecret>

Class Base64EncodedSecretStore

Nested Class Summary

Field Summary

Fields inherited from interface org.forgerock.secrets.SecretStore

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface org.forgerock.secrets.SecretStore

Method Detail

getStoredType

getValid

getActive

getNamed

refresh