Using Java SDK

4 min

the kron pam java sdk provides a simple interface for integrating kron pam vault’s credential retrieval and management functions directly into java based applications it enables applications to securely fetch dynamic credentials, interact with the pam vault, and maintain compliance with automated password rotation policies—without embedding static credentials in code the sdk uses grpc for communication with the aapm agent and supports direct http(s) communication with the kron pam server when the agent is unavailable it is compatible with openjdk 8 or later and included with the kron pam secrets management agent package or available as a standalone library ( aapm sdk 1 0 0 jar ) key features secure retrieval of dynamic credentials without embedding passwords in code transparent integration with kron pam vault for compliance with password rotation policies dual communication support grpc with aapm agent (preferred) http(s) direct access to kron pam if agent is offline built in error handling and response formatting via response class example implementation below is an example test class demonstrating how to call the sdk and retrieve credentials dynamically package com sample; import com kron aapm access passwordmanager; import com kron aapm access response; import com kron aapm access validresponsetype; public class applicationtest { public static void main(string\[] args) { // kron pam server configuration string serveraddress = "https //kron pam ip address"; string token = "7bbb10be 83d2 44e2 9a08 b0951deabfe5"; // account and vault parameters string accountname = "lstprdodb01"; string accountpath = "/databases"; string comment = "production db password"; string passwdexpirationtime = "5"; boolean passwdchangerequired = false; boolean prettify = false; validresponsetype responsetype = validresponsetype text; boolean showusername = true; // secrets management agent configuration (optional) string agentaddress = "agentipaddress"; int agentport = 6396; try { // initialize passwordmanager with agent address and port passwordmanager manager = passwordmanager instance(agentaddress, agentport); // (optional) direct fallback to pam server manager httpaddress(serveraddress); // retrieve credentials from kron pam vault response passwdresponse = manager getpassword(accountname, token, accountpath); // print the result if (!passwdresponse haserror()) { system out println("rpc response success = \[" + passwdresponse getvalue() + "]"); } else { system out println("rpc response error = \[" + passwdresponse geterrvalue() + "]"); } } catch (exception e) { e printstacktrace(); } } } if using maven , define your dependency as follows pom xml \<dependency> \<groupid>com kron aapm\</groupid> \<artifactid>aapm sdk\</artifactid> \<version>1 0 0\</version> \</dependency> when executed successfully, the sdk retrieves the live credentials from the pam vault and returns them in the rpc response rpc response success = \[username aioc, password l1g3hs0j] process finished with exit code 0 configuration parameters parameter description serveraddress kron pam endpoint url token kron pam aapm token assigned for account accountname account name registered in kron pam vault accountpath account path within the vault (e g , /databases/sharedaccouts, /windows) comment optional descriptive comment for the fetching password passwdexpirationtime duration before password expiration (in minutes) passwdchangerequired whether to force a new password rotation upon retrieval responsetype format of the response (json or text) prettify enables formatted response output showusername include username in response (true/false) agentaddress kron pam secrets management agent ip address (hostname) agentport kron pam secrets management agent port number