{
    "name": "SecretsApiExample",
    "condition": "${find(request.uri.path, '/secrets')}",
    "heap": [
        {
            "type": "SecretsProvider",
            "name": "LocalSecretsProvider",
            "config": {
                "stores": [
                    {
                        "name": "SecretsPasswords",
                        "type": "Base64EncodedSecretStore",
                        "_comment": "Base64-encoded 'password'",
                        "config": {
                            "secrets": {
                                "secret.password": "cGFzc3dvcmQ="
                            }
                        }
                    }
                ]
            }
        }
    ],
    "handler": {
        "name": "AccessPasswordAsGenericSecret",
        "type": "ScriptableHandler",
        "config": {
            "type": "application/x-groovy",
            "args": {
                "mySecretsProvider": "${heap['LocalSecretsProvider']}"
            },
            "source": [
                "import org.forgerock.secrets.GenericSecret",
                "import org.forgerock.secrets.Purpose",
                "Purpose<GenericSecret> purpose = Purpose.purpose('secret.password', GenericSecret.class)",
                "mySecretsProvider",
                "    .getActiveSecret(purpose)",
                "    .then(password -> password.revealAsUtf8(String::new))",
                "    .then(password -> new Response(Status.OK).setEntity('Secret password: ' + password))"
            ]
        }
    }
}