Package org.saidone.service

Class SecretService

java.lang.Object
org.saidone.component.BaseComponent
org.saidone.service.SecretService
All Implemented Interfaces:
org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware
@Service @ConditionalOnExpression("${application.service.vault.encryption.enabled}.equals(true)") public class SecretService extends BaseComponent
Service responsible for reading encryption secrets from HashiCorp Vault.

The service uses Spring Vault kv-v2 operations to read one configured key from one configured secret path. Consumers can request either the latest secret version or a specific version.

When an error occurs while waiting for the asynchronous Vault call, methods in this class log the exception, restore the interrupted status for InterruptedException, and return null to indicate the secret could not be retrieved.

  • Constructor Details

    • SecretService

      public SecretService()

  • Method Details

    • init

      public void init()
      Initializes Vault operations after dependency injection.

      This method prepares the VaultVersionedKeyValueOperations instance bound to the configured KV mount and checks the Vault system health endpoint. If Vault is reported as not initialized, startup is aborted through BaseComponent.shutDown(int).

      Overrides:
      init in class BaseComponent

    • getSecret

      public Secret getSecret()
      Retrieves the latest configured secret value from Vault.

      This is a convenience method equivalent to calling getSecret(Integer) with null.

      Returns:
      the latest Secret, or null when retrieval fails

    • getSecret

      public Secret getSecret(Integer version)
      Retrieves a secret from Vault for a specific version or for the latest version.
      Parameters:
      version - the version number to retrieve; null loads the latest version
      Returns:
      a Secret containing secret bytes and metadata version, or null if retrieval fails