The Delinea Secret Server Java SDK

The Delinea Secret Server Java SDK contains classes that interact with Secret Server via the REST API.

The SDK contains an API based the Spring Framework RestTemplate, and a simple application based on Spring Boot, that calls the API.

Install into your application

You can use this SDk in your application by adding the following dependency:

<dependency>
  <groupId>com.delinea.secrets</groupId>
  <artifactId>tss-sdk-java</artifactId>
  <version>2.0</version>
</dependency>

Build locally

Prerequisites

The SDK builds and runs on Java 8 or later.

Apache Maven is also required to build the SDK.

Maven runs unit and integration tests during the build so the settings in src/main/resources/application.properties must be configured before the build will succeed.

Settings

The API authenticates to Secret Server using either an Application User or a Delinea Platform Service User . The SDK application gets a secret from Secret Server by it's id .

Secret Server Integration

1. Using Secret Server credentials

authentication_mode and server_url must be set.

Set authentication_mode to 0 for fetch secret using Secret Server credentials, provide the following properties:

authentication_mode =0
server_url =Secret_Server_url
api_version=v1

server.username =application_user
server.password =application_user_password 

2. Using the SDK client

To fetch secret using the SDK client, you need to create a new onboarding rule and use an onboarding key for authentication.

1. Go to Secret Server > Settings > All settings and click on SDK Client.
2. Click the Client Onboarding tab, then the Create rule.
3. Enter a name for the new rule(this will be your rule_name).
4. Check the Require onboarding key box.
5. Click Save to auto-generate an onboarding key.
6. You can see the key,select the Show key option (this will be your onboarding_key).

Set authentication_mode to 1 for fetch secret using SDK client, provide the following properties:

authentication_mode =1
server_url =Secret_Server_url
api_version=v1

rule_name =create_rule_name
onboarding_key =onboarding_key

Delinea Platfrom Integration

1. Using Delinea PLatform credentials

authentication_mode and server_url must be set.

Set authentication_mode to 0 for fetch secret using Delinea Platform credentials, provide the following properties:

authentication_mode =0
server_url =Delinea_Platform_url
api_version=v1

server.username =service_user
server.password =service_user_password

2. Using the SDK client

To fetch secret using the SDK client, you need to create a new onboarding rule and use an onboarding key for authentication.

1. Go to Delinea Platform > Settings > Secret Server > Administration > Tools and integrations > click on SDK Client.
2. Click the Client Onboarding tab, then the Create rule.
3. Enter a name for the new rule(this will be your rule_name).
4. Check the Require onboarding key box.
5. Click Save to auto-generate an onboarding key.
6. You can see the key, select the Show key option (this will be your onboarding_key).

Set authentication_mode=1 to fetch secrets using the SDK client. Set server_url to the Secret Server URL. To find the Secret Server URL in Delinea Platform, go to Settings > Secret Server > Secret Server connection and copy the Secret Server URL. Provide the following properties:

authentication_mode =1
server_url =Secret_Server_url
api_version=v1

rule_name =create_rule_name
onboarding_key =onboarding_key

Run the jar

After the SDK application settings are configured the jar can be built:

mvn package

However, the build runs the SDK application which requires a secret.id property:

secret.id = 1

The build also produces an executable jar capable of accepting properties via the command-line. For example:

java -jar target/tss-sdk-java-1.0-SNAPSHOT-exec.jar --secret.id=1

Use the API

Configure the SecretServerFactoryBean in the Spring ApplicationContext then inject SecretServer where required.

This simple example assumes that the SecretServerFactoryBean was configured externally thus allowing a SecretServer instance to be injected automatically.

@Autowired
private SecretServer secretServer;

public static void main(final String[] args) {
    final Secret secret = secretServer.getSecret(1);

    secret.getFields().forEach(item -> {
			if (item.getFieldName().equalsIgnoreCase("password")) {
				System.out.println(String.format("The password is %s", item.getValue()));
			}
    });
}

This one creates an AnnotationConfigApplicationContext then configures the SecretServerFactoryBean from an in-place properties map then registers it and finally uses it to get a SecretServer instance to fetch the Secret. It could be used to adapt the API to a non-Spring Java application or to integrate with an application environment that provides a configuration store.

final AnnotationConfigApplicationContext applicationContext = new AnnotationConfigApplicationContext();

// create a new Spring ApplicationContext using a Map as the PropertySource
properties.put("example.property", computedValue());
// ...

applicationContext.getEnvironment().getPropertySources()
        .addLast(new MapPropertySource("properties", properties));

// Register the factoryBean
applicationContext.registerBean(SecretServerFactoryBean.class);
applicationContext.refresh();

// Fetch the secret
final Secret secret = applicationContext.getBean(SecretServer.class).getSecret(serverSecret.getId());