SecretClientBuilder Class

Package:
com.azure.security.keyvault.secrets
Maven Artifact:
com.azure:azure-security-keyvault-secrets:4.10.6
  • java.lang.Object
    • com.azure.security.keyvault.secrets.SecretClientBuilder

Implements

ConfigurationTrait<SecretClientBuilder> HttpTrait<SecretClientBuilder> TokenCredentialTrait<SecretClientBuilder>

public final class SecretClientBuilder
implements TokenCredentialTrait<SecretClientBuilder>, HttpTrait<SecretClientBuilder>, ConfigurationTrait<SecretClientBuilder>

This class provides a fluent builder API to help aid the configuration and instantiation of the SecretAsyncClient and SecretClient, by calling buildAsyncClient() and buildClient() respectively. It constructs an instance of the desired client.

The SecretClient/SecretAsyncClient both provide synchronous/asynchronous methods to manage KeyVaultSecret in the Azure Key Vault. The client supports creating, retrieving, updating, deleting, purging, backing up, restoring, and listing the KeyVaultSecret. The client also support listing DeletedSecret for a soft-delete enabled Azure Key Vault.

The minimal configuration options required by SecretClientBuilder to build SecretAsyncClient are vaultUrl and TokenCredential.

SecretAsyncClient secretAsyncClient = new SecretClientBuilder()
     .credential(new DefaultAzureCredentialBuilder().build())
     .vaultUrl("<your-key-vault-url>")
     .buildAsyncClient();

Samples to construct the sync client

SecretClient secretClient = new SecretClientBuilder()
     .credential(new DefaultAzureCredentialBuilder().build())
     .vaultUrl("<your-key-vault-url>")
     .buildClient();

The log detail level, multiple custom policies and custom HttpClient can be optionally configured in the SecretClientBuilder.

SecretAsyncClient secretAsyncClient = new SecretClientBuilder()
     .httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS))
     .vaultUrl("<your-key-vault-url>")
     .credential(new DefaultAzureCredentialBuilder().build())
     .httpClient(HttpClient.createDefault())
     .buildAsyncClient();

Constructor Summary

Constructor Description
SecretClientBuilder()

The constructor with defaults.

Method Summary

Modifier and Type Method and Description
SecretClientBuilder addPolicy(HttpPipelinePolicy policy)

Adds a HttpPipelinePolicy to apply on each request sent.
SecretAsyncClient buildAsyncClient()

Creates a SecretAsyncClient based on options set in the builder.
SecretClient buildClient()

Creates a SecretClient based on options set in the builder.
SecretClientBuilder clientOptions(ClientOptions clientOptions)

Allows for setting common properties such as application ID, headers, proxy configuration, etc.
SecretClientBuilder configuration(Configuration configuration)

Sets the configuration store that is used during construction of the service client.
SecretClientBuilder credential(TokenCredential credential)

Sets the TokenCredential used to authorize requests sent to the service.
SecretClientBuilder disableChallengeResourceVerification()

Disables verifying if the authentication challenge resource matches the Key Vault domain.
SecretClientBuilder httpClient(HttpClient client)

Sets the HttpClient to use for sending and receiving requests to and from the service.
SecretClientBuilder httpLogOptions(HttpLogOptions logOptions)

Sets the HttpLogOptions to use when sending and receiving requests to and from the service.
SecretClientBuilder pipeline(HttpPipeline pipeline)

Sets the HttpPipeline to use for the service client.
SecretClientBuilder retryOptions(RetryOptions retryOptions)

Sets the RetryOptions for all the requests made through the client.
SecretClientBuilder retryPolicy(RetryPolicy retryPolicy)

Sets the RetryPolicy that is used when each request is sent.
SecretClientBuilder serviceVersion(SecretServiceVersion version)

Sets the SecretServiceVersion that is used when making API requests.
SecretClientBuilder vaultUrl(String vaultUrl)

Sets the vault endpoint URL to send HTTP requests to.

Methods inherited from java.lang.Object

clone equals finalize getClass hashCode notify notifyAll toString wait wait wait

Constructor Details

SecretClientBuilder

public SecretClientBuilder()

The constructor with defaults.

Method Details

addPolicy

public SecretClientBuilder addPolicy(HttpPipelinePolicy policy)

Adds a HttpPipelinePolicy to apply on each request sent.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

policy - A HttpPipelinePolicy.

Returns:

The updated SecretClientBuilder object.

buildAsyncClient

public SecretAsyncClient buildAsyncClient()

Creates a SecretAsyncClient based on options set in the builder. Every time buildAsyncClient() is called, a new instance of SecretAsyncClient is created.

If pipeline(HttpPipeline pipeline) is set, then the pipeline and vaultUrl(String vaultUrl) are used to create the SecretClientBuilder. All other builder settings are ignored. If pipeline is not set, then credential(TokenCredential credential), and vaultUrl(String vaultUrl) key vault url are required to build the SecretAsyncClient.

Returns:

A SecretAsyncClient with the options set from the builder.

buildClient

public SecretClient buildClient()

Creates a SecretClient based on options set in the builder. Every time buildClient() is called, a new instance of SecretClient is created.

If pipeline(HttpPipeline pipeline) is set, then the pipeline and vaultUrl(String vaultUrl) are used to create the SecretClientBuilder. All other builder settings are ignored. If pipeline is not set, then credential(TokenCredential credential), and vaultUrl(String vaultUrl) key vault url are required to build the SecretClient.

Returns:

A SecretClient with the options set from the builder.

clientOptions

public SecretClientBuilder clientOptions(ClientOptions clientOptions)

Allows for setting common properties such as application ID, headers, proxy configuration, etc. Note that it is recommended that this method be called with an instance of the HttpClientOptions class (a subclass of the ClientOptions base class). The HttpClientOptions subclass provides more configuration options suitable for HTTP clients, which is applicable for any class that implements this HttpTrait interface.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

clientOptions - A configured instance of HttpClientOptions.

Returns:

The updated SecretClientBuilder object.

configuration

public SecretClientBuilder configuration(Configuration configuration)

Sets the configuration store that is used during construction of the service client. The default configuration store is a clone of the global configuration store, use NONE to bypass using configuration settings during construction.

Parameters:

configuration - The configuration store used to

Returns:

The updated SecretClientBuilder object.

credential

public SecretClientBuilder credential(TokenCredential credential)

Sets the TokenCredential used to authorize requests sent to the service. Refer to the Azure SDK for Java identity and authentication documentation for more details on proper usage of the TokenCredential type.

Parameters:

credential - TokenCredential used to authorize requests sent to the service.

Returns:

The updated SecretClientBuilder object.

disableChallengeResourceVerification

public SecretClientBuilder disableChallengeResourceVerification()

Disables verifying if the authentication challenge resource matches the Key Vault domain. This verification is performed by default.

Returns:

The updated SecretClientBuilder object.

httpClient

public SecretClientBuilder httpClient(HttpClient client)

Sets the HttpClient to use for sending and receiving requests to and from the service.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

client - The HttpClient to use for requests.

Returns:

The updated SecretClientBuilder object.

httpLogOptions

public SecretClientBuilder httpLogOptions(HttpLogOptions logOptions)

Sets the HttpLogOptions to use when sending and receiving requests to and from the service. If a logLevel is not provided, default value of HttpLogDetailLevel#NONE is set.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

logOptions - The HttpLogOptions to use when sending and receiving requests to and from the service.

Returns:

The updated SecretClientBuilder object.

pipeline

public SecretClientBuilder pipeline(HttpPipeline pipeline)

Sets the HttpPipeline to use for the service client.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

The vaultUrl(String vaultUrl) is not ignored when pipeline is set.

Parameters:

pipeline - HttpPipeline to use for sending service requests and receiving responses.

Returns:

The updated SecretClientBuilder object.

retryOptions

public SecretClientBuilder retryOptions(RetryOptions retryOptions)

Sets the RetryOptions for all the requests made through the client.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Setting this is mutually exclusive with using retryPolicy(RetryPolicy retryPolicy).

Parameters:

retryOptions - The RetryOptions to use for all the requests made through the client.

Returns:

The updated SecretClientBuilder object.

retryPolicy

public SecretClientBuilder retryPolicy(RetryPolicy retryPolicy)

Sets the RetryPolicy that is used when each request is sent. Setting this is mutually exclusive with using retryOptions(RetryOptions retryOptions). The default retry policy will be used in the pipeline, if not provided.

Parameters:

retryPolicy - user's retry policy applied to each request.

Returns:

The updated SecretClientBuilder object.

serviceVersion

public SecretClientBuilder serviceVersion(SecretServiceVersion version)

Sets the SecretServiceVersion that is used when making API requests.

If a service version is not provided, the service version that will be used will be the latest known service version based on the version of the client library being used. If no service version is specified, updating to a newer version the client library will have the result of potentially moving to a newer service version.

Parameters:

version - SecretServiceVersion of the service API used when making requests.

Returns:

The updated SecretClientBuilder object.

vaultUrl

public SecretClientBuilder vaultUrl(String vaultUrl)

Sets the vault endpoint URL to send HTTP requests to. You should validate that this URL references a valid Key Vault resource. Refer to the following documentation for details.

Parameters:

vaultUrl - The vault url is used as destination on Azure to send requests to. If you have a secret identifier, create a new KeyVaultSecretIdentifier to parse it and obtain the vaultUrl and other information.

Returns:

The updated SecretClientBuilder object.

Applies to