Skip to content

Added patch to manage token as char array instead of String #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
henryx merged 2 commits into from
Dec 7, 2025
Merged

Added patch to manage token as char array instead of String #73

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fe4e3b6
Added patch to manage token as char array instead of string
henryx Dec 5, 2025
b66c4da
Fixed Javadoc
henryx Dec 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 15 additions & 6 deletions src/main/java/io/github/jopenlibs/vault/VaultConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ public class VaultConfig implements Serializable {

private Map<String, String> secretsEnginePathMap = new ConcurrentHashMap<>();
private String address;
private String token;
private char[] token;
private SslConfig sslConfig;
private Integer openTimeout;
private Integer readTimeout;
Expand Down Expand Up @@ -143,8 +143,16 @@ public VaultConfig address(final String address) {
* @return This object, with token populated, ready for additional builder-pattern method calls
* or else finalization with the build() method
*/
public VaultConfig token(final String token) {
this.token = token;
public VaultConfig token(final CharSequence token) {
if (token != null) {
char[] arr = new char[token.length()];
for (int i = 0; i < arr.length; i++) {
arr[i] = token.charAt(i);
}
this.token = arr;
} else {
this.token = null;
}
return this;
}

Expand Down Expand Up @@ -354,8 +362,9 @@ public VaultConfig build() throws VaultException {
throw new VaultException("No address is set");
}
}
if (this.token == null && environmentLoader.loadVariable(VAULT_TOKEN) != null) {
this.token = environmentLoader.loadVariable(VAULT_TOKEN);
String envVaultToken = environmentLoader.loadVariable(VAULT_TOKEN);
if (this.token == null && envVaultToken != null) {
this.token = envVaultToken.toCharArray();
}
if (this.openTimeout == null
&& environmentLoader.loadVariable(VAULT_OPEN_TIMEOUT) != null) {
Expand Down Expand Up @@ -393,7 +402,7 @@ public String getAddress() {
return address;
}

public String getToken() {
public char[] getToken() {
return token;
}

Expand Down
2 changes: 1 addition & 1 deletion src/main/java/io/github/jopenlibs/vault/VaultImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -309,7 +309,7 @@ private Map<String, String> collectSecretEngineVersions() {
try {
final RestResponse restResponse = new Rest()//NOPMD
.url(vaultConfig.getAddress() + "/v1/sys/mounts")
.header("X-Vault-Token", vaultConfig.getToken())
.token(vaultConfig.getToken())
.header("X-Vault-Namespace", this.vaultConfig.getNameSpace())
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(vaultConfig.getOpenTimeout())
Expand Down
28 changes: 14 additions & 14 deletions src/main/java/io/github/jopenlibs/vault/api/Auth.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -377,7 +377,7 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to
// HTTP request to Vault
final RestResponse restResponse = getRest()//NOPMD
.url(url)
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
Expand Down Expand Up @@ -1252,7 +1252,7 @@ public AuthResponse renewSelf(final long increment, final String tokenAuthMount)
final String requestJson = Json.object().add("increment", increment).toString();
final RestResponse restResponse = getRest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/renew-self")
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8))
Expand Down Expand Up @@ -1308,7 +1308,7 @@ public LookupResponse lookupSelf(final String tokenAuthMount) throws VaultExcept
// HTTP request to Vault
final RestResponse restResponse = getRest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/lookup-self")
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -1344,19 +1344,19 @@ public LogicalResponse lookupWrap() throws VaultException {
}

/**
* @see io.github.jopenlibs.vault.api.sys.Wrapping#lookupWrap(String)
* @see io.github.jopenlibs.vault.api.sys.Wrapping#lookupWrap(char[])
* @deprecated This method is deprecated and in future it will be removed
*/
public LogicalResponse lookupWrap(final String wrappedToken) throws VaultException {
public LogicalResponse lookupWrap(final char[] wrappedToken) throws VaultException {
Sys sys = new Sys(this.config);
return sys.wrapping().lookupWrap(wrappedToken, true);
}

/**
* @see io.github.jopenlibs.vault.api.sys.Wrapping#lookupWrap(String, boolean)
* @see io.github.jopenlibs.vault.api.sys.Wrapping#lookupWrap(char[], boolean)
* @deprecated This method is deprecated and in future it will be removed
*/
public LogicalResponse lookupWrap(final String wrappedToken, boolean inBody)
public LogicalResponse lookupWrap(final char[] wrappedToken, boolean inBody)
throws VaultException {
Sys sys = new Sys(this.config);
return sys.wrapping().lookupWrap(wrappedToken, inBody);
Expand Down Expand Up @@ -1385,7 +1385,7 @@ public void revokeSelf(final String tokenAuthMount) throws VaultException {
// HTTP request to Vault
final RestResponse restResponse = getRest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/revoke-self")
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -1417,19 +1417,19 @@ public UnwrapResponse unwrap() throws VaultException {
}

/**
* @see io.github.jopenlibs.vault.api.sys.Wrapping#unwrap(String)
* @see io.github.jopenlibs.vault.api.sys.Wrapping#unwrap(char[])
* @deprecated This method is deprecated and in future it will be removed
*/
public UnwrapResponse unwrap(final String wrappedToken) throws VaultException {
public UnwrapResponse unwrap(final char[] wrappedToken) throws VaultException {
Sys sys = new Sys(this.config);
return sys.wrapping().unwrap(wrappedToken, true);
}

/**
* @see io.github.jopenlibs.vault.api.sys.Wrapping#unwrap(String, boolean)
* @see io.github.jopenlibs.vault.api.sys.Wrapping#unwrap(char[], boolean)
* @deprecated This method is deprecated and in future it will be removed
*/
public UnwrapResponse unwrap(final String wrappedToken, boolean inBody) throws VaultException {
public UnwrapResponse unwrap(final char[] wrappedToken, boolean inBody) throws VaultException {
Sys sys = new Sys(this.config);
return sys.wrapping().unwrap(wrappedToken, inBody);
}
Expand All @@ -1444,10 +1444,10 @@ public WrapResponse wrap(final JsonObject jsonObject, int ttlInSec) throws Vault
}

/**
* @see io.github.jopenlibs.vault.api.sys.Wrapping#rewrap(String)
* @see io.github.jopenlibs.vault.api.sys.Wrapping#rewrap(char[])
* @deprecated This method is deprecated and in future it will be removed
*/
public WrapResponse rewrap(final String wrappedToken) throws VaultException {
public WrapResponse rewrap(final char[] wrappedToken) throws VaultException {
Sys sys = new Sys(this.config);
return sys.wrapping().rewrap(wrappedToken);
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/io/github/jopenlibs/vault/api/Debug.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ public HealthResponse health(
// Build an HTTP request for Vault
final Rest rest = getRest()//NOPMD
.url(config.getAddress() + "/v1/" + path)
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down
16 changes: 8 additions & 8 deletions src/main/java/io/github/jopenlibs/vault/api/Logical.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ private LogicalResponse read(final String path, final logicalOperations operatio
final RestResponse restResponse = getRest()//NOPMD
.url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(path,
config.getPrefixPathDepth(), operation))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -148,7 +148,7 @@ public LogicalResponse read(final String path, Boolean shouldRetry, final Intege
.url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(
path,
config.getPrefixPathDepth(), logicalOperations.readV2))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.parameter("version", version.toString())
Expand Down Expand Up @@ -288,7 +288,7 @@ private LogicalResponse write(final String path, final Map<String, Object> nameV
config.getPrefixPathDepth(), operation))
.body(jsonObjectToWriteFromEngineVersion(operation, dataJson, optionsJson)
.toString().getBytes(StandardCharsets.UTF_8))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.header("X-Vault-Wrap-TTL", wrapTTL != null ? wrapTTL.toString() : null)
Expand Down Expand Up @@ -380,7 +380,7 @@ private LogicalResponse delete(final String path, final Logical.logicalOperation
final RestResponse restResponse = getRest()//NOPMD
.url(config.getAddress() + "/v1/" + adjustPathForDelete(path,
config.getPrefixPathDepth(), operation))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -430,7 +430,7 @@ public LogicalResponse delete(final String path, final int[] versions) throws Va
final RestResponse restResponse = getRest()//NOPMD
.url(config.getAddress() + "/v1/" + adjustPathForVersionDelete(path,
config.getPrefixPathDepth()))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -490,7 +490,7 @@ public LogicalResponse unDelete(final String path, final int[] versions) throws
final RestResponse restResponse = getRest() //NOPMD
.url(config.getAddress() + "/v1/" + adjustPathForVersionUnDelete(path,
config.getPrefixPathDepth()))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -537,7 +537,7 @@ public LogicalResponse destroy(final String path, final int[] versions) throws V
final RestResponse restResponse = getRest()//NOPMD
.url(config.getAddress() + "/v1/" + adjustPathForVersionDestroy(path,
config.getPrefixPathDepth()))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -574,7 +574,7 @@ public LogicalResponse upgrade(final String kvPath) throws VaultException {
final RestResponse restResponse = getRest()//NOPMD
.url(config.getAddress() + "/v1/sys/mounts/" + (kvPath.replaceAll("/", "")
+ "/tune"))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down
10 changes: 5 additions & 5 deletions src/main/java/io/github/jopenlibs/vault/api/database/Database.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ public DatabaseResponse createOrUpdateRole(final String roleName,
final RestResponse restResponse = getRest()//NOPMD
.url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath,
roleName))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
Expand Down Expand Up @@ -139,7 +139,7 @@ public DatabaseResponse getRole(final String roleName) throws VaultException {
final RestResponse restResponse = getRest()//NOPMD
.url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath,
roleName))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -191,7 +191,7 @@ public DatabaseResponse revoke(final String serialNumber) throws VaultException

final RestResponse restResponse = getRest()//NOPMD
.url(String.format("%s/v1/%s/revoke", config.getAddress(), this.mountPath))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -237,7 +237,7 @@ public DatabaseResponse deleteRole(final String roleName) throws VaultException
final RestResponse restResponse = getRest()//NOPMD
.url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath,
roleName))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -284,7 +284,7 @@ public DatabaseResponse creds(final String roleName) throws VaultException {
final RestResponse restResponse = getRest()//NOPMD
.url(String.format("%s/v1/%s/creds/%s", config.getAddress(), this.mountPath,
roleName))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down
12 changes: 6 additions & 6 deletions src/main/java/io/github/jopenlibs/vault/api/pki/Pki.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ public PkiResponse createOrUpdateRole(final String roleName, final RoleOptions o
final RestResponse restResponse = getRest()//NOPMD
.url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath,
roleName))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
Expand Down Expand Up @@ -167,7 +167,7 @@ public PkiResponse getRole(final String roleName) throws VaultException {
final RestResponse restResponse = getRest()//NOPMD
.url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath,
roleName))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand All @@ -187,7 +187,7 @@ public PkiResponse getRole(final String roleName) throws VaultException {
}

/**
* <p>Operation to revike a certificate in the vault using the PKI backend.
* <p>Operation to revoke a certificate in the vault using the PKI backend.
* Relies on an authentication token being present in the <code>VaultConfig</code>
* instance.</p>
*
Expand Down Expand Up @@ -218,7 +218,7 @@ public PkiResponse revoke(final String serialNumber) throws VaultException {
final String requestJson = jsonObject.toString();
final RestResponse restResponse = getRest()//NOPMD
.url(String.format("%s/v1/%s/revoke", config.getAddress(), this.mountPath))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -264,7 +264,7 @@ public PkiResponse deleteRole(final String roleName) throws VaultException {
final RestResponse restResponse = getRest()//NOPMD
.url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath,
roleName))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
Expand Down Expand Up @@ -541,7 +541,7 @@ public PkiResponse issue(

final RestResponse restResponse = getRest()//NOPMD
.url(String.format(endpoint, config.getAddress(), this.mountPath, roleName))
.header("X-Vault-Token", config.getToken())
.token(config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
Expand Down
Loading
Loading