public abstract class ConfidentialStore extends Object
ConfidentialKeys, and the holder
of the master secret.
This class is only relevant for the implementers of ConfidentialKeys.
Most plugin code should interact with ConfidentialKeys.
OEM distributions of Jenkins can provide a custom ConfidentialStore implementation
by writing a subclass, mark it with MetaInfServices annotation, package it as a Jenkins module,
and bundling it with the war file. This doesn't use Extension because some plugins
have been found to use Secret before we get to InitMilestone#PLUGINS_PREPARED, and
therefore Extensions aren't loaded yet. (Similarly, it's conceivable that some future
core code might need this early on during the boot sequence.)
| Constructor and Description |
|---|
ConfidentialStore() |
| Modifier and Type | Method and Description |
|---|---|
static ConfidentialStore |
get()
Retrieves the currently active singleton instance of
ConfidentialStore. |
protected abstract byte[] |
load(ConfidentialKey key)
Reverse operation of
store(ConfidentialKey, byte[]) |
abstract byte[] |
randomBytes(int size)
Works like
SecureRandom#nextBytes(byte[]). |
protected abstract void |
store(ConfidentialKey key,
byte[] payload)
Persists the payload of
ConfidentialKey to a persisted storage (such as disk.)
The expectation is that the persisted form is secure. |
protected abstract void store(ConfidentialKey key, byte[] payload) throws IOException
ConfidentialKey to a persisted storage (such as disk.)
The expectation is that the persisted form is secure.IOException@CheckForNull protected abstract byte[] load(ConfidentialKey key) throws IOException
store(ConfidentialKey, byte[])IOExceptionpublic abstract byte[] randomBytes(int size)
SecureRandom#nextBytes(byte[]).
This enables implementations to consult other entropy sources, if it's available.@Nonnull public static ConfidentialStore get()
ConfidentialStore.Copyright © 2019. All rights reserved.