Uses of Class
org.forgerock.secrets.Secret

Packages that use Secret

Package	Description
org.forgerock.openig.secrets	Provides the Common Secrets API for accessing secrets of various kinds.
org.forgerock.openig.types	Contains everything commonly used to work with TypeDefinition.
org.forgerock.openig.util	Miscellaneous utility classes.
org.forgerock.secrets	Provides a unified API for accessing secrets of various kinds.
org.forgerock.secrets.credentials	Contains secret credential related API objects.
org.forgerock.secrets.keys	Contains cryptographic key related API objects.
org.forgerock.secrets.keystore	Implementations of SecretStore for accessing keys stored in Java KeyStores, such as PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores.
org.forgerock.secrets.propertyresolver	Provides a SecretStore implementation that loads secrets from a Common Configuration PropertyResolver and then decodes it with a SecretPropertyFormat.

Uses of Secret in org.forgerock.openig.secrets

Methods in org.forgerock.openig.secrets that return types with arguments of type Secret

Modifier and Type	Method	Description
static SecretStore<Secret>	SystemAndEnvSecretStoreHeaplet.newBase64SysEnvSecretStore()	Returns a new instance of a SecretStore that reads base64-encoded secrets (passwords or symmetric keys) from system properties and environment variables.

Uses of Secret in org.forgerock.openig.types

Methods in org.forgerock.openig.types with type parameters of type Secret

Modifier and Type	Method	Description
static <T extends Secret> org.forgerock.openig.model.type.StringTypeDefinition<Purpose<T>>	TypeDefinitions.purposeOf(Class<T> type)	Represents a runtime Purpose of secret's type T, which is a String with a specific Syntax.

Uses of Secret in org.forgerock.openig.util

Methods in org.forgerock.openig.util with type parameters of type Secret

Modifier and Type	Method	Description
static <S extends Secret> Function<JsonValue,Purpose<S>,JsonValueException>	JsonValues.purposeOf(Class<S> type)	Returns a function returning a Purpose from the given String value representing the purpose label.
static <S extends Secret> Function<JsonValue,SecretReference<S>,JsonValueException>	JsonValues.secretReferenceOf(Function<JsonValue,Purpose<S>,JsonValueException> purposeTransformer, SecretsProvider secretsProvider)	Returns a function that returns a SecretReference for the Purpose represented by the given String value label and known to the supplied SecretsProvider.

Uses of Secret in org.forgerock.secrets

Classes in org.forgerock.secrets with type parameters of type Secret

Modifier and Type	Class	Description
final class	Purpose<T extends Secret>	A purpose encapsulates both a name for a function that requires access to secrets, together with a hint as to the intended usage of those secrets.
static final record	SecretBuilder.SecretAndExpirer<T extends Secret>	A simple holder of a secret and its expirer.
interface	SecretConstraint<T extends Secret>	Interface for constraints on a secret that must be satisfied for a given Purpose.
final class	SecretReference<T extends Secret>	A long-lived reference to an active or named secret.
interface	SecretStore<T extends Secret>	A backend storage mechanism for certain kinds of secrets.
final class	ThreadPoolSecretStore<T extends Secret>	A secret store that wraps another secret store and performs all query operations in a background thread using a thread pool.
final class	ValidSecretsReference<S extends Secret,E extends Exception>	A long-lived reference to a number of secrets.

Subclasses of Secret in org.forgerock.secrets

Modifier and Type	Class	Description
final class	GenericSecret	A generic secret represented as an opaque blob of bytes, such as a password or API key.

Methods in org.forgerock.secrets with type parameters of type Secret

Modifier and Type	Method	Description
static <T extends Secret> SecretReference<T>	SecretReference.active(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock)	Creates a reference to the active secret for the given purpose using the given secrets provider.
<T extends Secret> T	SecretBuilder.build(Class<T> secretType)	Deprecated. Use SecretBuilder.build(Purpose) instead.
<T extends Secret> T	SecretBuilder.build(Purpose<T> purpose)	Builds a secret of the given type, enforcing any constraints attached to the purpose.
<T extends Secret> SecretBuilder.SecretAndExpirer<T>	SecretBuilder.buildWithExpirer(Purpose<T> purpose)	Builds a secret of the given type, enforcing any constraints attached to the purpose.
static <T extends Secret> SecretReference<T>	SecretReference.constant(T secret)	Create a constant SecretReference for the given secret, that will never expire.
<S extends Secret> SecretReference<S>	SecretsProvider.createActiveReference(Purpose<S> purpose)	Creates the secret reference from the given purpose.
<S extends Secret> SecretReference<S>	SecretsProvider.createNamedReference(Purpose<S> purpose, String name)	Creates a reference to a secret with the given name (stable id) for the given purpose.
<S extends Secret> ValidSecretsReference<S,NeverThrowsException>	SecretsProvider.createValidOrNamedReference(Purpose<S> purpose, String name)	Creates the valid secrets reference from the given purpose.
<S extends Secret> ValidSecretsReference<S,NeverThrowsException>	SecretsProvider.createValidReference(Purpose<S> purpose)	Creates the valid secrets reference from the given purpose.
<S extends Secret> Promise<S,NoSuchSecretException>	SecretsProvider.getActiveSecret(Purpose<S> purpose)	Gets the currently active secret for the given purpose.
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	SecretsProvider.getNamedOrValidSecrets(Purpose<S> purpose, String id)	If the given id is not null, then this returns the single named secret that corresponds to that stable id (or a stream of valid secrets for the given purpose if no such secret exists), otherwise it returns all valid secrets for the given purpose.
<S extends Secret> Promise<S,NoSuchSecretException>	SecretsProvider.getNamedSecret(Purpose<S> purpose, String id)	Gets the secret for the given purpose with the given stable secret id.
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	SecretsProvider.getValidSecrets(Purpose<S> purpose)	Returns all secrets for the given purpose which have not yet expired.
static <T extends Secret> SecretReference<T>	SecretReference.named(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock)	Creates a reference to a named secret using the given secrets provider.
static <T extends Secret> Purpose<T>	Purpose.purpose(String label, Class<T> type)	Constructs a purpose object.
static <T extends Secret> Purpose<T>	Purpose.purpose(String label, Class<T> type, SecretConstraint<? super T>... constraints)	Constructs a purpose object.
protected <T extends Secret> void	SecretsProvider.setActiveStore(SecretStore<? super T> store, Purpose<? extends T> purpose)	Sets the active store to use for the given purpose.
final <T extends Secret> SecretsProvider	SecretsProvider.setActiveStore(SecretStore<? super T> store, Purpose<? extends T>... purposes)	Sets the active store to use for the given purpose.
<S extends Secret> SecretsProvider	SecretsProvider.useSpecificSecretForPurpose(Purpose<S> purpose, S secret)	Configures this SecretsProvider to always return the specific given secret for the given purpose.
<S extends Secret> SecretsProvider	SecretsProvider.useSpecificSecretsForPurpose(Purpose<S> purpose, List<S> secrets)	Configures this SecretsProvider to always return the specific given secrets for the given purpose.
static <T extends Secret> ValidSecretsReference<T,NeverThrowsException>	ValidSecretsReference.valid(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock)	Creates a reference to the valid secrets for the given purpose using the given secrets provider.
static <T extends Secret> ValidSecretsReference<T,NeverThrowsException>	ValidSecretsReference.validOrNamed(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock)	This creates a reference to either the named secret or all valid secrets for the purpose.
static <S extends Secret> ThreadPoolSecretStore<S>	ThreadPoolSecretStore.wrap(SecretStore<S> store)	Wraps the given store in an asynchronous thread-pool executor using the system ForkJoinPool.commonPool().
static <S extends Secret> ThreadPoolSecretStore<S>	ThreadPoolSecretStore.wrap(SecretStore<S> store, ExecutorService executor)	Wraps the given store in an asynchronous thread-pool executor using the given thread pool.

Uses of Secret in org.forgerock.secrets.credentials

Classes in org.forgerock.secrets.credentials with type parameters of type Secret

Modifier and Type	Class	Description
final class	CredentialPair<T extends Secret>	Credential pair implementation.
final record	PrincipalAndSecret<T extends Secret>	Container for a principal and secret.
final class	ValidCredentialPairs<S extends Secret,E extends Exception>	A set of credential pairs built from a ValidSecretsReference.

Methods in org.forgerock.secrets.credentials with type parameters of type Secret

Modifier and Type	Method	Description
static <T extends Secret> CredentialPair<T>	CredentialPair.credentialPair(SecretReference<T> secretReference, Function<T,PrincipalAndSecret<T>> mapper)	Factory method to create a new instance of CredentialPair from a reference to a secret containing both the principal and secret.
static <S extends Secret, E extends Exception> ValidCredentialPairs<S,E>	ValidCredentialPairs.credentialPairs(ValidSecretsReference<S,E> validSecrets, Function<S,PrincipalAndSecret<S>> mapper)	Factory method to create a new instance of ValidCredentialPairs from a reference to a set of secrets that each contain a credential pair.
static <T extends Secret> CredentialPair<T>	CredentialPair.fixedPrincipalCredentialPair(String principal, SecretReference<T> secretReference)	Factory method to create a new instance of CredentialPair with a static principal and a dynamic principal secret.
static <S extends Secret, E extends Exception> ValidCredentialPairs<S,E>	ValidCredentialPairs.fixedPrincipalCredentialPairs(String principal, ValidSecretsReference<S,E> validSecrets)	Factory method to create a new instance of ValidCredentialPairs from a reference to a set of secrets.

Uses of Secret in org.forgerock.secrets.keys

Subclasses of Secret in org.forgerock.secrets.keys

Modifier and Type	Class	Description
class	CertificateVerificationKey	A key used for verifying certificate signatures.
class	CryptoKey	Base class for all secrets that are used as keys for cryptographic operations.
class	DataDecryptionKey	A key that is used for decrypting confidential data.
class	DataEncryptionKey	A key that is used for encrypting confidential data.
class	KeyAgreementKey	A key that is used in a key-agreement protocol (such as Diffie-Hellman) to agree another key.
class	KeyDecryptionKey	A key that is used to decrypt (or "unwrap") other keys that have been encrypted with a KeyEncryptionKey.
class	KeyEncryptionKey	A key that is used to encrypt ("wrap") other keys.
class	SigningKey	A key that is used for signing digital signatures.
class	VerificationKey	A key used for verifying digital signatures.

Uses of Secret in org.forgerock.secrets.keystore

Methods in org.forgerock.secrets.keystore with type parameters of type Secret

Modifier and Type	Method	Description
<S extends Secret> Promise<S,NoSuchSecretException>	KeyStoreSecretStore.getActive(Purpose<S> purpose)
<S extends Secret> Promise<S,NoSuchSecretException>	KeyStoreSecretStore.getNamed(Purpose<S> purpose, String id)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	KeyStoreSecretStore.getValid(Purpose<S> purpose)

Methods in org.forgerock.secrets.keystore that return types with arguments of type Secret

Modifier and Type	Method	Description
Class<Secret>	KeyStoreSecretStore.getStoredType()

Method parameters in org.forgerock.secrets.keystore with type arguments of type Secret

Modifier and Type	Method	Description
void	KeyStoreSecretStore.retire(Purpose<? extends Secret> purpose, String oldAlias)	Retires a key previously used for a given purpose.
void	KeyStoreSecretStore.rotate(Purpose<? extends Secret> purpose, String newAlias)	Rotates the key associated with a given purpose.
String	KeyStoreSecretStore.StableIdProvider.stableIdFor(KeyStoreSecretStore.KeyDetails keyDetails, Class<? extends Secret> secretType)	Produce the secret's stable ID.

Uses of Secret in org.forgerock.secrets.propertyresolver

Methods in org.forgerock.secrets.propertyresolver with type parameters of type Secret

Modifier and Type	Method	Description
<S extends Secret> Promise<S,NoSuchSecretException>	FileSystemSecretStore.getActive(Purpose<S> purpose)
<S extends Secret> Promise<S,NoSuchSecretException>	PropertyResolverSecretStore.getActive(Purpose<S> purpose)
<S extends Secret> Promise<S,NoSuchSecretException>	FileSystemSecretStore.getNamed(Purpose<S> purpose, String name)
<S extends Secret> Promise<S,NoSuchSecretException>	PropertyResolverSecretStore.getNamed(Purpose<S> purpose, String name)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	FileSystemSecretStore.getValid(Purpose<S> purpose)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	PropertyResolverSecretStore.getValid(Purpose<S> purpose)	Returns a stream of the active secret for the given purpose.

Methods in org.forgerock.secrets.propertyresolver that return types with arguments of type Secret

Modifier and Type	Method	Description
Class<Secret>	FileSystemSecretStore.getStoredType()
Class<Secret>	PropertyResolverSecretStore.getStoredType()