diff --git a/.classpath b/.classpath
new file mode 100644
index 0000000..76d6555
--- /dev/null
+++ b/.classpath
@@ -0,0 +1,27 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b83d222
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/target/
diff --git a/.project b/.project
new file mode 100644
index 0000000..f9bc3ce
--- /dev/null
+++ b/.project
@@ -0,0 +1,23 @@
+
+
+ java-client-example
+
+
+
+
+
+ org.eclipse.jdt.core.javabuilder
+
+
+
+
+ org.eclipse.m2e.core.maven2Builder
+
+
+
+
+
+ org.eclipse.jdt.core.javanature
+ org.eclipse.m2e.core.maven2Nature
+
+
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 0000000..809653a
--- /dev/null
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,6 @@
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.release=disabled
+org.eclipse.jdt.core.compiler.source=1.6
diff --git a/.settings/org.eclipse.m2e.core.prefs b/.settings/org.eclipse.m2e.core.prefs
new file mode 100644
index 0000000..14b697b
--- /dev/null
+++ b/.settings/org.eclipse.m2e.core.prefs
@@ -0,0 +1,4 @@
+activeProfiles=
+eclipse.preferences.version=1
+resolveWorkspaceProjects=true
+version=1
diff --git a/pom.xml b/pom.xml
index 5b8049e..4157760 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,64 +1,78 @@
-
- 4.0.0
- io.vaultproject.javaclientexample
- java-client-example
- jar
- 1.0-SNAPSHOT
- java-client-example
- http://maven.apache.org
-
-
- junit
- junit
- 3.8.1
- test
-
-
- com.bettercloud
- vault-java-driver
- 2.0.0
-
-
-
-
-
- org.apache.maven.plugins
- maven-assembly-plugin
-
-
- package
-
- single
-
-
-
-
- io.vaultproject.javaclientexample.App
-
-
-
- jar-with-dependencies
-
-
-
-
-
-
-
- org.apache.maven.plugins
- maven-jar-plugin
- 3.0.2
-
-
-
- true
- lib/
- io.vaultproject.javaclientexample.App
-
-
-
-
-
-
-
+
+ 4.0.0
+ io.vaultproject.javaclientexample
+ java-client-example
+ jar
+ 1.0-SNAPSHOT
+ java-client-example
+ http://maven.apache.org
+
+ 1.6
+ 1.6
+
+
+
+ junit
+ junit
+ 3.8.1
+ test
+
+
+ com.bettercloud
+ vault-java-driver
+ 2.0.0
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-site-plugin
+ 3.3
+
+
+ org.apache.maven.plugins
+ maven-project-info-reports-plugin
+ 2.7
+
+
+ org.apache.maven.plugins
+ maven-assembly-plugin
+
+
+ package
+
+ single
+
+
+
+
+ io.vaultproject.javaclientexample.App
+
+
+
+ jar-with-dependencies
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-jar-plugin
+ 3.0.2
+
+
+
+ true
+ lib/
+ io.vaultproject.javaclientexample.App
+
+
+
+
+
+
+
diff --git a/src/main/java/io/vaultproject/javaclientexample/App.java b/src/main/java/io/vaultproject/javaclientexample/App.java
index cd30158..fcca6f3 100644
--- a/src/main/java/io/vaultproject/javaclientexample/App.java
+++ b/src/main/java/io/vaultproject/javaclientexample/App.java
@@ -1,37 +1,84 @@
-package io.vaultproject.javaclientexample;
-import com.bettercloud.vault.*;
-
-/**
- * Hello world from Vault!
- *
- */
-public class App
-{
- public static void main( String[] args ) throws VaultException
- {
- /* The com.bettercloud.vault driver automatically reads a
- * a number of Environment Variables like VAULT_TOKEN or
- * VAULT_ADDR, you should ensure those are set properly
- * These are displayed just to ensure you have the
- * right ones for demo purposes.
- */
-
- String vaulttoken = System.getenv("VAULT_TOKEN");
- String vaulthost = System.getenv("VAULT_ADDR");
- System.out.format( "Using Vault Host %s\n", vaulthost);
- System.out.format( "With Vault Token %s\n", vaulttoken );
- /* This should be a separate method called from Main, then
- * again for simplicity...
- */
- final VaultConfig config = new VaultConfig().build();
- final Vault vault = new Vault(config);
- try {
- final String value = vault.logical()
- .read("secret/hello")
- .getData().get("value");
- System.out.format( "value key in secret/hello is " + value +"\n");
- } catch(VaultException e) {
- System.out.println("Exception thrown: " + e);
- }
- }
-}
+package io.vaultproject.javaclientexample;
+import java.util.HashMap;
+import java.util.Map;
+
+import com.bettercloud.vault.*;
+import com.bettercloud.vault.response.LogicalResponse;
+
+/**
+ * Hello world from Vault!
+ *
+ */
+public class App
+{
+
+ /* For Reference check out the Hashicorp Vault EaaS learn page:
+ https://learn.hashicorp.com/vault/encryption-as-a-service/eaas-transit
+ */
+
+ public static void main( String[] args ) throws VaultException
+ {
+ /* The com.bettercloud.vault driver automatically reads a
+ * a number of Environment Variables like VAULT_TOKEN or
+ * VAULT_ADDR, you should ensure those are set properly
+ * These are displayed just to ensure you have the
+ * right ones for demo purposes.
+ */
+
+
+ //Create secrets to save
+ Map secrets = new HashMap();
+ secrets.put("value", "world");
+
+
+ try {
+ VaultSecret vault = new VaultSecret();
+
+ //Write KV Secret
+ LogicalResponse writeResponse = vault.setKvSecret("secret/hello", secrets);
+ System.out.format( "Write request response : " + writeResponse.getRestResponse().getStatus() +"\n");
+
+ //read KV Secret
+ System.out.format( "value secret in secret/hello is " + vault.getKvSecret() +"\n");
+
+ //////////////////////////////////////////////////////////////////////////////////////////////////////
+ //Create Encryption Keys
+ String encryptionKey = "demo";
+ vault.createKeys(encryptionKey);
+
+ //Encrypt plaintext
+
+ String plainText = "test input";
+
+ Map ciphertext = vault.encryptSecret(encryptionKey, plainText);
+
+ System.out.format( "the encrypted Value is " + ciphertext.get("ciphertext") +"\n");
+
+
+ //Decrypt ciphertext
+ String plainTextResponse = vault.decryptSecret(encryptionKey, ciphertext.get("ciphertext"));
+ System.out.format( "the decrypted Value is " + plainTextResponse +"\n");
+
+
+ //Rotate Keys
+ vault.rotateKeys(encryptionKey);
+
+ //Encrypt plaintext after key rotate
+ plainText = "test 2";
+
+ Map ciphertext2 = vault.encryptSecret(encryptionKey, plainText);
+
+ System.out.format( "the encrypted Value is " + ciphertext2.get("ciphertext") +"\n");
+
+ //Decrypt ciphertext
+ plainTextResponse = vault.decryptSecret(encryptionKey, ciphertext.get("ciphertext"));
+ System.out.format( "the decrypted Value is " + plainTextResponse +"\n");
+
+
+ } catch(VaultException e) {
+ System.out.println("Exception thrown: " + e);
+ }
+
+
+ }
+}
diff --git a/src/main/java/io/vaultproject/javaclientexample/VaultSecret.java b/src/main/java/io/vaultproject/javaclientexample/VaultSecret.java
new file mode 100644
index 0000000..8b79382
--- /dev/null
+++ b/src/main/java/io/vaultproject/javaclientexample/VaultSecret.java
@@ -0,0 +1,152 @@
+/**
+ *
+ */
+package io.vaultproject.javaclientexample;
+
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+
+import com.bettercloud.vault.Vault;
+import com.bettercloud.vault.VaultConfig;
+import com.bettercloud.vault.VaultException;
+import com.bettercloud.vault.response.LogicalResponse;
+
+/**
+ * @author phatb
+ *
+ */
+public class VaultSecret {
+ Vault vault;
+
+ public VaultSecret() throws VaultException {
+ String vaulttoken = System.getenv("VAULT_TOKEN");
+ String vaulthost = System.getenv("VAULT_ADDR");
+ System.out.format( "Using Vault Host %s\n", vaulthost);
+ System.out.format( "With Vault Token %s\n", vaulttoken );
+ /* This should be a separate method called from Main, then
+ * again for simplicity...
+ */
+ VaultConfig config = new VaultConfig().build();
+ vault = new Vault(config);
+ }
+
+ public LogicalResponse setKvSecret(String path, Map values){
+ LogicalResponse writeResponse = null;
+ try {
+
+ // Write operation
+ writeResponse = vault.logical().write("secret/hello", values);
+
+ } catch(VaultException e) {
+ System.out.println("Exception thrown: " + e);
+ }
+ return writeResponse;
+
+
+ }
+
+ public String getKvSecret(){
+ String value = "";
+ try {
+ value = vault.logical()
+ .read("secret/hello")
+ .getData().get("value");
+
+ } catch(VaultException e) {
+ System.out.println("Exception thrown: " + e);
+ }
+ return value;
+
+
+ }
+
+ public Map encryptSecret(String key, String plainText){
+ String transit = "transit/encrypt/"+key;
+ String encodedString = Base64.getEncoder().encodeToString(plainText.getBytes());
+
+ Map toEncrypt = new HashMap();
+ toEncrypt.put("plaintext", encodedString);
+
+ LogicalResponse writeResponse = null;
+ try {
+
+ // Write operation
+ writeResponse = vault.logical().write(transit, toEncrypt);
+
+ } catch(VaultException e) {
+ System.out.println("Exception thrown: " + e);
+ }
+ return writeResponse.getData();
+
+
+ }
+
+ public String decryptSecret(String key, String cipherText){
+ String transit = "transit/decrypt/"+key;
+ String plainText = null;
+
+ Map toDecrypt = new HashMap();
+ toDecrypt.put("ciphertext", cipherText);
+
+ LogicalResponse writeResponse = null;
+ try {
+
+ // Write operation
+ writeResponse = vault.logical().write(transit, toDecrypt);
+
+ byte[] decodedBytes = Base64.getDecoder().decode(writeResponse.getData().get("plaintext"));
+ plainText = new String(decodedBytes);
+
+ } catch(VaultException e) {
+ System.out.println("Exception thrown: " + e);
+ }
+ return plainText;
+
+
+ }
+
+ public void rotateKeys(String key) {
+ String transit = "transit/keys/"+key+"/rotate";
+
+ Map empty = new HashMap();
+
+ LogicalResponse writeResponse = null;
+ try {
+
+ // Write operation
+ writeResponse = vault.logical().write(transit, empty);
+
+ System.out.println("keys rotated: " + writeResponse.getRestResponse().getStatus() );
+
+ } catch(VaultException e) {
+ System.out.println("Exception thrown: " + e);
+ }
+
+
+
+
+ }
+
+ public void createKeys(String key) {
+ String transit = "transit/keys/"+key;
+
+ Map empty = new HashMap();
+
+ LogicalResponse writeResponse = null;
+ try {
+
+ // Write operation
+ writeResponse = vault.logical().write(transit, empty);
+
+ // System.out.println("keys created: " + writeResponse.getRestResponse().getStatus() );
+
+ } catch(VaultException e) {
+ System.out.println("Exception thrown: " + e);
+ }
+
+
+ }
+
+
+}