Allow logical() operation to set additional wrapTtl request headers #26
Description
With the approle authn ceremony, Vault allows you to wrap the secret, see: Response Wrap the SecretID
On the cli, it is as easy as adding the -wrap-ttl parameter
# This wraps the secretId so that it can only be retrieved once
# In this case the wrapped token is only valid for 60s
vault write -wrap-ttl=60s -force auth/approle/role/jenkins/secret-id
# it outputs something alike
# Key Value
# --- -----
# wrapping_token: hvs.CAESIJSSOk-5NW_YJvnInsFSrtbBKrf29Ux2-L_Ief3JyiSMGh4KHGh2cy4zUE4wdHMxY2FzRUxjT2dUYWdNcnhPR24
# wrapping_accessor: xAUGHpZMS0UiTK97avRhDqno
# wrapping_token_ttl: 1m
# wrapping_token_creation_time: 2023-03-03 10:51:18.507844663 +0000 UTC
# wrapping_token_creation_path: auth/approle/role/jenkins/secret-id
# wrapped_accessor: 4d75ac69-a10e-639d-6c04-ee3e9f923e0eWith the API, it seems that you can add the X-Vault-Wrap-TTL header in the request.
From the (decompiled) source, it seems that adding this header is not possible on the logical().write() operation.
RestResponse restResponse = (new Rest()).url(this.config.getAddress() + "/v1/" + LogicalUtilities.adjustPathForReadOrWrite(path, this.config.getPrefixPathDepth(), operation)).body(LogicalUtilities.jsonObjectToWriteFromEngineVersion(operation, requestJson).toString().getBytes(StandardCharsets.UTF_8))
.header("X-Vault-Token", this.config.getToken()) // these are the fixed headers -> add header in logical()?
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(this.config.getOpenTimeout())
.readTimeoutSeconds(this.config.getReadTimeout())
.sslVerification(this.config.getSslConfig().isVerify()).sslContext(this.config.getSslConfig().getSslContext()).post(); Would it be possible to add the ability to add either dynamic headers when building the logical() request or by adding a specific wrapTtl method?
Thanks,
Kris