[keycloak-dev] Addition of vault() method to KeycloakSession

Stefan Guilhen sguilhen at redhat.com
Fri Aug 23 09:37:45 EDT 2019 

Yeah, the object being returned is wrapping the actual provider and offers
a  more convenient API for retrieving secrets so in that sense I believe it
is in line with what we have for keys and other managers.

I've opened a PR following this approach:
https://github.com/keycloak/keycloak/pull/6262  Any comments are welcome.

On Fri, Aug 23, 2019, 08:11 Stian Thorgersen <sthorger at redhat.com> wrote:

> KeycloakSession methods are mostly used to load a manager, not the
> provider directly. As such it has a wrapper API usually. Just look at keys
> or signing for instance.
>
> If it's just loading the provider directly then there's no need to add it
> to the KeycloakSession.
>
> On Thu, 22 Aug 2019 at 20:02, Stefan Guilhen <sguilhen at redhat.com> wrote:
>
>> Hi all,
>>
>> We've been considering the addition of a vault() method to KeycloakSession
>> that returns an object that can be used to obtain secrets in different
>> flavors from the configured vault. This is inline with what we already
>> have
>> for keys, tokens, etc and provides users of the vault with a better
>> experience than looking up the provider using getProvider(Class) and then
>> figuring out how to translate secrets retrieved in raw form into more
>> usable formats, like String.
>>
>> As of now, all the interfaces of the Vault SPI are in the
>> server-spi-private module and for this to work I will need to move a
>> couple
>> of them to the server-spi module, but I think this is ok since the plan is
>> to eventually move all the interfaces there at some point.
>>
>> Just wanted to check if anyone has any strong objections to this plan
>> before I move on with the implementation.
>>
>> Cheers!
>> --
>>
>> Stefan Guilhen
>>
>> Principal Software Engineer
>>
>> Red Hat <https://www.redhat.com/>
>>
>> sguilhen at redhat.com    IM: sguilhen
>> @RedHat <https://twitter.com/redhat>   Red Hat
>> <https://www.linkedin.com/company/red-hat>  Red Hat
>> <https://www.facebook.com/RedHatInc>
>> <https://www.redhat.com/>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>

More information about the keycloak-dev mailing list