Uses of Class
org.forgerock.secrets.Secret
Package
Description
Provides the Common Secrets API for accessing secrets of various kinds.
Contains everything commonly used to work with
TypeDefinition
.Miscellaneous utility classes.
Provides a unified API for accessing secrets of various kinds.
Contains secret credential related API objects.
Contains cryptographic key related API objects.
Implementations of
SecretStore
for accessing keys stored in Java KeyStores, such as
PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores.Provides a
SecretStore
implementation that loads secrets from a Common Configuration
PropertyResolver
and then decodes it with a
SecretPropertyFormat
.-
Uses of Secret in org.forgerock.openig.secrets
Modifier and TypeMethodDescription<S extends Secret>
SecretReference<S>SecretsService.createActiveReference
(Purpose<S> purpose) Create aSecretReference
for the givenPurpose
.<S extends Secret>
SecretReference<S>SecretsService.createNamedReference
(Purpose<S> purpose, String name) Creates a reference to a secret with the given name (stable id) for the given purpose.<S extends Secret>
Promise<S,NoSuchSecretException> SecretsService.getActiveSecret
(Purpose<S> purpose) Gets the currently active secret for the given purpose.<S extends Secret>
Promise<Stream<S>,NeverThrowsException> SecretsService.getNamedOrValidSecrets
(Purpose<S> purpose, String id) If the given id is not null, then this returns the single named secret that corresponds to that stable id (or a stream of valid secrets for the givenpurpose
if no such secret exists), otherwise it returns all valid secrets for the given purpose.<S extends Secret>
Promise<S,NoSuchSecretException> SecretsService.getNamedSecret
(Purpose<S> purpose, String id) Gets the secret for the given purpose with the given stable secret id.<S extends Secret>
Promise<Stream<S>,NeverThrowsException> SecretsService.getValidSecrets
(Purpose<S> purpose) Returns all secrets for the given purpose which have not yet expired.<S extends Secret>
SecretsProviderSecretsService.useSpecificSecretForPurpose
(Purpose<S> purpose, S secret) Configures this SecretsProvider to always return the specific given secret for the given purpose.Modifier and TypeMethodDescriptionstatic SecretStore<Secret>
SystemAndEnvSecretStoreHeaplet.newBase64SysEnvSecretStore()
Returns a new instance of a SecretStore that reads base64-encoded secrets (passwords or symmetric keys) from system properties and environment variables. -
Uses of Secret in org.forgerock.openig.types
-
Uses of Secret in org.forgerock.openig.util
Modifier and TypeMethodDescriptionstatic <S extends Secret>
Function<JsonValue,Purpose<S>, JsonValueException> static <S extends Secret>
Function<JsonValue,SecretReference<S>, JsonValueException> JsonValues.secretReferenceOf
(Function<JsonValue, Purpose<S>, JsonValueException> purposeTransformer, SecretsProvider secretsProvider) Returns a function that returns aSecretReference
for thePurpose
represented by the givenString
value label and known to the suppliedSecretsProvider
. -
Uses of Secret in org.forgerock.secrets
Modifier and TypeClassDescriptionfinal class
A purpose encapsulates both a name for a function that requires access to secrets, together with a hint as to the intended usage of those secrets.interface
SecretConstraint<T extends Secret>
Interface for constraints on a secret that must be satisfied for a givenPurpose
.final class
SecretReference<T extends Secret>
A long-lived reference to an active or named secret.interface
SecretStore<T extends Secret>
A backend storage mechanism for certain kinds of secrets.final class
ThreadPoolSecretStore<T extends Secret>
A secret store that wraps another secret store and performs all query operations in a background thread using a thread pool.final class
ValidSecretsReference<S extends Secret,
E extends Exception> A long-lived reference to a number of secrets.Modifier and TypeClassDescriptionfinal class
A generic secret represented as an opaque blob of bytes, such as a password or API key.Modifier and TypeMethodDescriptionstatic <T extends Secret>
SecretReference<T>SecretReference.active
(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock) Creates a reference to the active secret for the given purpose using the given secrets provider.<T extends Secret>
TDeprecated.<T extends Secret>
TBuilds a secret of the given type, enforcing anyconstraints
attached to the purpose.static <T extends Secret>
SecretReference<T>SecretReference.constant
(T secret) Create a constantSecretReference
for the given secret, that will never expire.<S extends Secret>
SecretReference<S>SecretsProvider.createActiveReference
(Purpose<S> purpose) Creates the secret reference from the given purpose.<S extends Secret>
SecretReference<S>SecretsProvider.createNamedReference
(Purpose<S> purpose, String name) Creates a reference to a secret with the given name (stable id) for the given purpose.<S extends Secret>
ValidSecretsReference<S,NeverThrowsException> SecretsProvider.createValidOrNamedReference
(Purpose<S> purpose, String name) Creates the valid secrets reference from the given purpose.<S extends Secret>
ValidSecretsReference<S,NeverThrowsException> SecretsProvider.createValidReference
(Purpose<S> purpose) Creates the valid secrets reference from the given purpose.<S extends Secret>
Promise<S,NoSuchSecretException> SecretsProvider.getActiveSecret
(Purpose<S> purpose) Gets the currently active secret for the given purpose.<S extends Secret>
Promise<Stream<S>,NeverThrowsException> SecretsProvider.getNamedOrValidSecrets
(Purpose<S> purpose, String id) If the given id is not null, then this returns the single named secret that corresponds to that stable id (or a stream of valid secrets for the givenpurpose
if no such secret exists), otherwise it returns all valid secrets for the given purpose.<S extends Secret>
Promise<S,NoSuchSecretException> SecretsProvider.getNamedSecret
(Purpose<S> purpose, String id) Gets the secret for the given purpose with the given stable secret id.<S extends Secret>
Promise<Stream<S>,NeverThrowsException> SecretsProvider.getValidSecrets
(Purpose<S> purpose) Returns all secrets for the given purpose which have not yet expired.static <T extends Secret>
SecretReference<T>SecretReference.named
(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock) Creates a reference to a named secret using the given secrets provider.Constructs a purpose object.Purpose.purpose
(String label, Class<T> type, SecretConstraint<? super T>... constraints) Constructs a purpose object.protected <T extends Secret>
voidSecretsProvider.setActiveStore
(SecretStore<? super T> store, Purpose<? extends T> purpose) Sets the active store to use for the given purpose.final <T extends Secret>
SecretsProviderSecretsProvider.setActiveStore
(SecretStore<? super T> store, Purpose<? extends T>... purposes) Sets the active store to use for the given purpose.<S extends Secret>
SecretsProviderSecretsProvider.useSpecificSecretForPurpose
(Purpose<S> purpose, S secret) Configures this SecretsProvider to always return the specific given secret for the given purpose.<S extends Secret>
SecretsProviderSecretsProvider.useSpecificSecretsForPurpose
(Purpose<S> purpose, List<S> secrets) Configures this SecretsProvider to always return the specific given secrets for the given purpose.static <T extends Secret>
ValidSecretsReference<T,NeverThrowsException> ValidSecretsReference.valid
(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock) Creates a reference to the valid secrets for the given purpose using the given secrets provider.static <T extends Secret>
ValidSecretsReference<T,NeverThrowsException> ValidSecretsReference.validOrNamed
(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock) This creates a reference to either the named secret or all valid secrets for the purpose.static <S extends Secret>
ThreadPoolSecretStore<S>ThreadPoolSecretStore.wrap
(SecretStore<S> store) Wraps the given store in an asynchronous thread-pool executor using the systemForkJoinPool.commonPool()
.static <S extends Secret>
ThreadPoolSecretStore<S>ThreadPoolSecretStore.wrap
(SecretStore<S> store, ExecutorService executor) Wraps the given store in an asynchronous thread-pool executor using the given thread pool. -
Uses of Secret in org.forgerock.secrets.credentials
Modifier and TypeClassDescriptionfinal class
CredentialPair<T extends Secret>
Credential pair implementation.final record
PrincipalAndSecret<T extends Secret>
Container for a principal and secret.Modifier and TypeMethodDescriptionstatic <T extends Secret>
CredentialPair<T>CredentialPair.credentialPair
(SecretReference<T> secretReference, Function<T, PrincipalAndSecret<T>, NoSuchSecretException> mapper) Factory method to create a new instance ofCredentialPair
from a reference to a secret containing both the principal and secret.static <T extends Secret>
CredentialPair<T>CredentialPair.fixedPrincipalCredentialPair
(String principal, SecretReference<T> secretReference) Factory method to create a new instance ofCredentialPair
with a static principal and a dynamic principal secret. -
Uses of Secret in org.forgerock.secrets.keys
Modifier and TypeClassDescriptionclass
A key used for verifying certificate signatures.class
Base class for all secrets that are used as keys for cryptographic operations.class
A key that is used for decrypting confidential data.class
A key that is used for encrypting confidential data.class
A key that is used in a key-agreement protocol (such as Diffie-Hellman) to agree another key.class
A key that is used to decrypt (or "unwrap") other keys that have been encrypted with aKeyEncryptionKey
.class
A key that is used to encrypt ("wrap") other keys.class
A key that is used for signing digital signatures.class
A key used for verifying digital signatures. -
Uses of Secret in org.forgerock.secrets.keystore
Modifier and TypeMethodDescription<S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<Stream<S>,NeverThrowsException> Modifier and TypeMethodDescriptionvoid
Retires a key previously used for a given purpose.void
Rotates the key associated with a given purpose.KeyStoreSecretStore.StableIdProvider.stableIdFor
(KeyStoreSecretStore.KeyDetails keyDetails, Class<? extends Secret> secretType) Produce the secret's stable ID. -
Uses of Secret in org.forgerock.secrets.propertyresolver
Modifier and TypeMethodDescription<S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<Stream<S>,NeverThrowsException> <S extends Secret>
Promise<Stream<S>,NeverThrowsException> Returns a stream of the active secret for the given purpose.Modifier and TypeMethodDescriptionFileSystemSecretStore.getStoredType()
PropertyResolverSecretStore.getStoredType()
SecretBuilder.build(Purpose)
instead.