[keycloak-dev] Addition of vault() method to KeycloakSession

Stian Thorgersen sthorger at redhat.com
Fri Aug 23 07:11:38 EDT 2019


KeycloakSession methods are mostly used to load a manager, not the provider
directly. As such it has a wrapper API usually. Just look at keys or
signing for instance.

If it's just loading the provider directly then there's no need to add it
to the KeycloakSession.

On Thu, 22 Aug 2019 at 20:02, Stefan Guilhen <sguilhen at redhat.com> wrote:

> Hi all,
>
> We've been considering the addition of a vault() method to KeycloakSession
> that returns an object that can be used to obtain secrets in different
> flavors from the configured vault. This is inline with what we already have
> for keys, tokens, etc and provides users of the vault with a better
> experience than looking up the provider using getProvider(Class) and then
> figuring out how to translate secrets retrieved in raw form into more
> usable formats, like String.
>
> As of now, all the interfaces of the Vault SPI are in the
> server-spi-private module and for this to work I will need to move a couple
> of them to the server-spi module, but I think this is ok since the plan is
> to eventually move all the interfaces there at some point.
>
> Just wanted to check if anyone has any strong objections to this plan
> before I move on with the implementation.
>
> Cheers!
> --
>
> Stefan Guilhen
>
> Principal Software Engineer
>
> Red Hat <https://www.redhat.com/>
>
> sguilhen at redhat.com    IM: sguilhen
> @RedHat <https://twitter.com/redhat>   Red Hat
> <https://www.linkedin.com/company/red-hat>  Red Hat
> <https://www.facebook.com/RedHatInc>
> <https://www.redhat.com/>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list