Package com.github.cafapi.common.util.secret

Class SecretUtil

java.lang.Object
com.github.cafapi.common.util.secret.SecretUtil
public final class SecretUtil extends Object

  • Method Summary

    Modifier and Type
    Method
    Description
    static String
    getSecret(String key)
    Retrieves a secret value from various sources based on configuration: Environment variables (if CAF_ENABLE_ENV_SECRETS is true or not set) File content (if CAF_ENABLE_FILE_SECRETS is true and path specified by environment variable with "_FILE" suffix) For example, for a key "DATABASE_PASSWORD": First checks environment variable (if enabled): DATABASE_PASSWORD Then checks file path in environment variable (if enabled): DATABASE_PASSWORD_FILE
    static String
    getSecret(String key, String defaultValue)
    Retrieves a secret value from various sources based on configuration: Environment variables (if CAF_ENABLE_ENV_SECRETS is true or not set) File content (if CAF_ENABLE_FILE_SECRETS is true and path specified by environment variable with "_FILE" suffix) For example, for a key "DATABASE_PASSWORD": First checks environment variable (if enabled): DATABASE_PASSWORD Then checks file path in environment variable (if enabled): DATABASE_PASSWORD_FILE

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • getSecret

      public static String getSecret(String key) throws IOException
      Retrieves a secret value from various sources based on configuration:
      1. Environment variables (if CAF_ENABLE_ENV_SECRETS is true or not set)
      2. File content (if CAF_ENABLE_FILE_SECRETS is true and path specified by environment variable with "_FILE" suffix)
      For example, for a key "DATABASE_PASSWORD":
      • First checks environment variable (if enabled): DATABASE_PASSWORD
      • Then checks file path in environment variable (if enabled): DATABASE_PASSWORD_FILE
      Parameters:
      key - The base key to look up the secret value. Must not be null.
      Returns:
      The secret value if found in any of the enabled sources, or null if not found. If found in a file, the content is trimmed of leading and trailing whitespace.
      Throws:
      IOException - If there is an error reading the file when using the _FILE variant
      NullPointerException - If the key parameter is null

    • getSecret

      public static String getSecret(String key, String defaultValue) throws IOException
      Retrieves a secret value from various sources based on configuration:
      1. Environment variables (if CAF_ENABLE_ENV_SECRETS is true or not set)
      2. File content (if CAF_ENABLE_FILE_SECRETS is true and path specified by environment variable with "_FILE" suffix)
      For example, for a key "DATABASE_PASSWORD":
      • First checks environment variable (if enabled): DATABASE_PASSWORD
      • Then checks file path in environment variable (if enabled): DATABASE_PASSWORD_FILE
      Parameters:
      key - The base key to look up the secret value. Must not be null.
      defaultValue - The value to return if no secret is found. May be null.
      Returns:
      The secret value if found in any of the enabled sources, or defaultValue if not found. If found in a file, the content is trimmed of leading and trailing whitespace.
      Throws:
      IOException - If there is an error reading the file when using the _FILE variant
      NullPointerException - If the key parameter is null