I want to store some secrets/credentials during runtime in my application, similar to the following command.
vault kv put -path=secret/application key1=val1
I have reviewed the HashiCorp SDK, but it only provides a write command that overrides previous keys/values in my secrets. I want to update key-value instead of override, how can I do that programmatically.
After digging through the code, I figured out. So what I have to do is to call the method ::opsForKeyValue, it returns the operations for managing key-value including patch command. So with patch command I'm be able to update key-vaule without overriding the previous one.
@Autowired
VaultTemplate template;
public void updateSecrets() {
var ops = template.opsForKeyValue("test", VaultKeyValueOperationsSupport.KeyValueBackend.KV_2);
ops.patch("application", Map.of("k3", "v3"));
}
** Note that it only supports KV version 2.
For my part, I use the "Vault Java Driver" library from Bettercloud, available here: https://bettercloud.github.io/vault-java-driver/.
It uses the API to communicate with the vault server, so you don't need to write your own requests. It is very easy to use.
Hopefully I could help you.
