You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
*[Java Keystore (JKS) based config](#java-keystore-jks-based-config)
@@ -81,6 +82,32 @@ driver class:
81
82
final Vault vault = new Vault(config);
82
83
```
83
84
85
+
Key Value Secret Engine Config
86
+
------------------------------
87
+
Shortly before its `1.0` release, Vault added a Version 2 of its [Key/Value Secrets Engine](https://www.vaultproject.io/docs/secrets/kv/index.html). This
88
+
supports some addition features beyond the Version 1 that was the default in earlier Vault builds (e.g. secret rotation, soft deletes, etc).
89
+
90
+
Unfortunately, K/V V2 introduces some breaking changes, in terms of both request/response payloads as well as how URL's are constructed
91
+
for Vault's REST API. Therefore, version `4.0.0` of this Vault Driver likewise had to introduce some breaking changes, to allow support
92
+
for both K/V versions.
93
+
94
+
***If you are using the new K/V V2 across the board**, then no action is needed. The Vault Driver now assumes this by default.
95
+
96
+
***If you are still using the old K/V V1 across the board**, then you can use the `Vault` class constructor:
97
+
`public Vault(final VaultConfig vaultConfig, final Integer engineVersion)`, supplying a `1` as the engine version parameter.
98
+
constructor, then you can declare whether to use Version 1 or 2 across the board.
99
+
100
+
***If you are using a mix, of some secret paths mounted with V1 and others mounted with V2**, then you have two options:
101
+
102
+
* You can explicitly specify your Vault secret paths, and which K/V version each one is using. Construct your `Vault` objects
103
+
with the constructor `public Vault(final VaultConfig vaultConfig, final Boolean useSecretsEnginePathMap, final Integer globalFallbackVersion)`.
104
+
Within the `VaultConfig` object, supply a map of Vault secret paths to their associated K/V version (`1` or `2`).
105
+
106
+
* You can rely on the Vault Driver to auto-detect your mounts and K/V versions upon instantiation. Use the same constructor as above,
107
+
but leave the map `null`. Note that this option requires your authentication credentials to have access to read Vault's `/v1/sys/mounts`
108
+
path.
109
+
110
+
84
111
SSL Config
85
112
----------
86
113
If your Vault server uses a SSL certificate, then you must supply that certificate to establish connections. Also, if
@@ -222,6 +249,11 @@ Note that changes to the major version (i.e. the first number) represent possibl
222
249
may require modifications in your code to migrate. Changes to the minor version (i.e. the second number)
223
250
should represent non-breaking changes. The third number represents any very minor bugfix patches.
224
251
252
+
***4.0.0**: This is a breaking-change release, with two primary updates:
253
+
* Adds support for Version 2 of the Key/Value Secrets Engine. The driver now assumes that your Vault instance uses Version 2 of the
254
+
Key/Value Secrets Engine across the board. To configure this, see the [Key/Value Secret Engine Config](#key-value-secret-engine-config)
255
+
section above.
256
+
* Adds support for the namespaces feature of Vault Enterprise.
225
257
***3.1.0**: Several updates.
226
258
* Adds support for seal-related operations (i.e. `/sys/seal`, `/sys/unseal`, `/sys/seal-status`).
227
259
* Adds support for the AWS auth backend.
@@ -330,7 +362,7 @@ License
330
362
-------
331
363
The MIT License (MIT)
332
364
333
-
Copyright (c) 2016-2018 BetterCloud
365
+
Copyright (c) 2016-2019 BetterCloud
334
366
335
367
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
336
368
documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
0 commit comments