Using Java SDK

4 min

the kron pam java sdk provides a simple interface for integrating kron pam vault’s credential retrieval and management functions directly into java based applications it enables applications to securely fetch dynamic credentials, interact with the pam vault, and maintain compliance with automated password rotation policies—without embedding static credentials in code the sdk uses grpc for communication with the aapm agent and supports direct http(s) communication with the kron pam server when the agent is unavailable it is compatible with openjdk 8 or later and included with the kron pam secrets management agent package or available as a standalone library ( aapm sdk 1 0 0 jar ) key features secure retrieval of dynamic credentials without embedding passwords in code transparent integration with kron pam vault for compliance with password rotation policies dual communication support grpc with aapm agent (preferred) http(s) direct access to kron pam if agent is offline built in error handling and response formatting via response class example implementation below is an example test class demonstrating how to call the sdk and retrieve credentials dynamically package org example; import com kron aapm access passwordmanager; import com kron aapm access response; import com kron aapm rpc accessrequestvalidtypes; import com kron aapm rpc validresponsetype; import java util hashmap; import java util map; public class main { public static void main(string\[] args) { string pamurl = "https //test krontech com"; string agenthost = "10 20 30 40"; integer agentport = 6396; string accounttoken = "6d8beac9 843c 41d1 8131 0cfc09fc4899"; string accountname = "dynamictestaccount"; string accountpath = "/testservers"; map\<string, string> account = new hashmap<>(); account put("token", accounttoken); account put("name", accountname); account put("path", accountpath); passwordmanager passwordmanager = passwordmanager instance(agenthost, agentport); passwordmanager httpaddress(pamurl); response response = makerequest(passwordmanager, account); if (!response haserror()) { system out println("response value " + response getvalue()); } else { system out println("error value " + response geterrvalue()); } } private static response makerequest(passwordmanager passwordmanager, map\<string, string> account) { string accounttoken = account get("token"); string accountname = account get("name"); string accountpath = account get("path"); accessrequestvalidtypes request = accessrequestvalidtypes newbuilder() setaccountname(accountname) setaccounttoken(accounttoken) setaccountpath(accountpath) setresponsetype(validresponsetype text) setshowusername(false) setapiversion("v2") setpasswordchangerequired(true) setpasswdexpirationtime("5") build(); return passwordmanager getpassword(request); } } if using maven , define your dependency as follows pom xml \<dependency> \<groupid>com kron aapm\</groupid> \<artifactid>aapm sdk\</artifactid> \<version>1 0 0\</version> \</dependency> when executed successfully, the sdk retrieves the live credentials from the pam vault and returns them in the rpc response rpc response success = \[username aioc, password l1g3hs0j] process finished with exit code 0 configuration parameters parameter description serveraddress kron pam endpoint url token kron pam aapm token assigned for account accountname account name registered in kron pam vault accountpath account path within the vault (e g , /databases/sharedaccouts, /windows) comment optional descriptive comment for the fetching password passwdexpirationtime duration before password expiration (in minutes) passwdchangerequired whether to force a new password rotation upon retrieval (true/false) responsetype format of the response (json or text) prettify enables formatted response output setapiversion ensures that the aapm agent returns a response in the same format as kron pam for static credential types (default value v2) showusername include username in response (true/false) agentaddress kron pam secrets management agent ip address (hostname) agentport kron pam secrets management agent port number ignoreagentcertificate ignores connection errors when using a self signed certificate for the aapm agent (true/false) ignoreinterceptorcertificate ignores connection errors when using a self signed certificate defined on kron pam (true/false) disableagentsecurechannel parameter required for using the aapm agent without a certificate (not recommended) (true/false) disableinterceptorsecurerequest parameter required for using kron pam without a certificate (not recommended) (true/false)