Package org.forgerock.openig.secrets
Class FileSystemSecretStoreHeaplet
- java.lang.Object
-
- org.forgerock.openig.heap.GenericHeaplet
-
- org.forgerock.openig.secrets.FileSystemSecretStoreHeaplet
-
- All Implemented Interfaces:
Heaplet
public class FileSystemSecretStoreHeaplet extends GenericHeaplet
This heaplet represents an instance of aPropertyResolverSecretStoreresolving properties from files in a directory. TheFlatFileResolverresolves each property stored in its own file in some directory.{ "type": "FileSystemSecretStore", "config": { "directory": expression [REQUIRED - path to the directory containing the files (one file per password).] "format": expression(enum) [OPTIONAL - PLAIN or BASE64, default is BASE64], "suffix": expression [OPTIONAL - the suffix such as ".secret", default: empty.] "mappings":[ array [OPTIONAL - secrets mappings.] { object "secretId": expression [REQUIRED - the label of the secret to map.] "format": reference [REQUIRED - a reference to a {@link SecretPropertyFormat} object.] } ] "leaseExpiry": expression<duration> [OPTIONAL - defaults to 5 minutes.] "autoRefresh": { object [OPTIONAL - indicate if this FileSystemSecretStore should be refreshed on filesystem change (edit and delete).] "enabled": expression<boolean> [OPTIONAL - Configure with boolean value or expression with 'true' to enable, or 'false' to disable. Default is enabled.] "executor": executor [OPTIONAL - Executor to use in monitoring the filesystem, defaults to heap-configured {@literal SCHEDULED_EXECUTOR_SERVICE_HEAP_KEY}.] } } }Example:
Example showing "autoRefresh" config, supporting filesystem monitoring and refresh:{ "type": "FileSystemSecretStore", "config": { "directory": "/path/to/openig/basedir/secrets" "format": "PLAIN" } }{ "type": "FileSystemSecretStore", "config": { "directory": "/path/to/openig/basedir/secrets" "format": "PLAIN", "autoRefresh": { "enabled": "${my.boolean.property}", "executor": "#refreshExecutor" } } }- See Also:
FlatFileResolver
-
-
Constructor Summary
Constructors Constructor Description FileSystemSecretStoreHeaplet()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Objectcreate()Called to request the heaplet create an object.voiddestroy()Called to indicate that the object created by the heaplet is going to be dereferenced.-
Methods inherited from class org.forgerock.openig.heap.GenericHeaplet
create, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getSecretsProvider, getType, initialBindings, meterRegistryHolder, start
-
-
-
-
Method Detail
-
destroy
public void destroy()
Description copied from interface:HeapletCalled to indicate that the object created by the heaplet is going to be dereferenced. This gives the heaplet an opportunity to free any resources that are being held prior to its dereference.- Specified by:
destroyin interfaceHeaplet- Overrides:
destroyin classGenericHeaplet
-
create
public Object create() throws HeapException
Description copied from class:GenericHeapletCalled to request the heaplet create an object. Called byHeaplet.create(Name, JsonValue, Heap)after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by theGenericHeaplet.start()method.- Specified by:
createin classGenericHeaplet- Returns:
- The created object.
- Throws:
HeapException- if an exception occurred during creation of the heap object or any of its dependencies.
-
-