Over the past year, two privileged access management leaders—Centrify and Thycotic— combined to bring to market a comprehensive platform uniquely built to enable, empower, and secure the modern, hybrid enterprise.
All Thycotic integrations have now been rebranded and will be developed and maintained on the new Delinea GitHub. You can find the latest version of this repo here.
The Delinea Secret Server Java SDK contains classes that interact with Secret Server via the REST API.
The SDK contains an API based the Spring Framework RestTemplate, and a simple application based on Spring Boot, that calls the API.
You can use this SDk in your application by adding the following dependency:
<dependency>
<groupId>com.thycotic.secrets</groupId>
<artifactId>tss-sdk-java</artifactId>
<version>1.0</version>
</dependency>
The SDK builds and runs on Java 8 or later.
Apache Maven is also required to build the SDK.
Maven runs unit and integration tests during the build so the settings in
src/main/resources/application.properties
must be configured before the build
will succeed.
The API authenticates to Secret Server as an Application User. The SDK application gets a secret from Secret Server by it's id.
Either secret_server.tenant
or both secret_server.api_root_url
and secret_server.oauth2.token_url
must be set.
secret_server.tenant
simplifies the configuration when accessing Secret Server Cloud by using template URLs that
assume the default folder structure and parameterize the tenant.
secret_server.tenant = mytenant
# or
# secret_server.api_root_url = https://mysecretserver/SecretServer/api/v1
# secret_server.oauth2.token_url = https://mysecretserver/SecretServer/oauth2/token
secret_server.oauth2.username = app_user
secret_server.oauth2.password = app_user_password
When the tenant
is set, the API assumes a the top-level domain (TLD) of com
but it can be overridden:
secret_server.tld = com
After the SDK application settings are configured the jar can be built:
mvn package
However, the build runs the SDK application which requires a secret.id
property:
secret.id = 1
The build also produces an executable jar capable of accepting properties via the command-line. For example:
java -jar target/tss-sdk-java-1.0-SNAPSHOT-exec.jar --secret.id=1
Configure the SecretServerFactoryBean
in the Spring
ApplicationContext
then inject SecretServer
where required.
This simple example assumes that the SecretServerFactoryBean
was configured
externally thus allowing a SecretServer
instance to be injected automatically.
@Autowired
private SecretServer secretServer;
public static void main(final String[] args) {
final Secret secret = secretServer.getSecret(1);
secret.getItems().forEach(item -> {
if (item.getFieldName().equals("password")) {
System.out.println(String.format("The password is %s", item.getValue()));
}
});
}
This one creates an AnnotationConfigApplicationContext then configures
the SecretServerFactoryBean
from an in-place properties map then registers it
and finally uses it to get a SecretServer
instance to fetch the Secret
.
It could be used to adapt the API to a non-Spring Java application or to integrate
with an application environment that provides a configuration store.
final AnnotationConfigApplicationContext applicationContext = new AnnotationConfigApplicationContext();
// create a new Spring ApplicationContext using a Map as the PropertySource
properties.put("example.property", computedValue());
// ...
applicationContext.getEnvironment().getPropertySources()
.addLast(new MapPropertySource("properties", properties));
// Register the factoryBean
applicationContext.registerBean(SecretServerFactoryBean.class);
applicationContext.refresh();
// Fetch the secret
final Secret secret = applicationContext.getBean(SecretServer.class).getSecret(serverSecret.getId());