Polymorphic builders + supporting enum maps for the OCI Vault Secret Management API.
This module is the shared foundation for clj-oci.vault.secrets and
clj-oci.vault.versions. It does NOT make SDK calls — it produces Java
model instances that those modules pass into builder/to-java when
constructing request bodies.
The Vault SDK has four polymorphic base classes with Jackson-style
discriminators, plus one non-polymorphic composer (RotationConfig)
that contains a polymorphic field:
SecretContentDetails — Base64SecretContentDetails SecretGenerationContext — Bytes / Passphrase / SshKey GenerationContext SecretRule — SecretExpiryRule, SecretReuseRule TargetSystemDetails — Adb / Function TargetSystemDetails RotationConfig — contains TargetSystemDetails
Per the clj-oci convention (see CLAUDE.md), oci-build does NOT
auto-dispatch on a discriminator key. Each concrete subclass has its own
tiny helper that wraps builder/to-java for that concrete builder; the
downstream composer (create-secret, update-secret) accepts the pre-built
Java instance and assembles the request.
Javadocs: https://docs.oracle.com/en-us/iaas/tools/java/3.86.0/
Polymorphic builders + supporting enum maps for the OCI Vault Secret Management API. This module is the shared foundation for `clj-oci.vault.secrets` and `clj-oci.vault.versions`. It does NOT make SDK calls — it produces Java model instances that those modules pass into `builder/to-java` when constructing request bodies. The Vault SDK has four polymorphic base classes with Jackson-style discriminators, plus one non-polymorphic composer (`RotationConfig`) that contains a polymorphic field: SecretContentDetails — Base64SecretContentDetails SecretGenerationContext — Bytes / Passphrase / SshKey GenerationContext SecretRule — SecretExpiryRule, SecretReuseRule TargetSystemDetails — Adb / Function TargetSystemDetails RotationConfig — contains TargetSystemDetails Per the clj-oci convention (see CLAUDE.md), `oci-build` does NOT auto-dispatch on a discriminator key. Each concrete subclass has its own tiny helper that wraps `builder/to-java` for that concrete builder; the downstream composer (`create-secret`, `update-secret`) accepts the pre-built Java instance and assembles the request. Javadocs: https://docs.oracle.com/en-us/iaas/tools/java/3.86.0/
(adb-target-system-details params)Builds an AdbTargetSystemDetails for use as :targetSystemDetails on
rotation-config.
Params: :adbId — OCID of the autonomous database that Vault rotates against (required)
Builds an `AdbTargetSystemDetails` for use as `:targetSystemDetails` on
`rotation-config`.
Params:
:adbId — OCID of the autonomous database that Vault rotates against
(required)(base64-secret-content-details params)Builds a Base64SecretContentDetails for use as :secretContent on
create-secret / update-secret.
Params (camelCase matching the Builder setters):
:content — base64-encoded string, ≤25600 chars (required)
:name — version name, ≤50 chars, unique within secret (optional)
:stage — :current (default) or :pending (optional)
Builds a `Base64SecretContentDetails` for use as `:secretContent` on `create-secret` / `update-secret`. Params (camelCase matching the Builder setters): :content — base64-encoded string, ≤25600 chars (required) :name — version name, ≤50 chars, unique within secret (optional) :stage — `:current` (default) or `:pending` (optional)
(bytes-generation-context params)Builds a BytesGenerationContext for use as :secretGenerationContext on
create-secret / update-secret.
Params:
:generationTemplate — :bytes-512 or :bytes-1024 (required)
:secretTemplate — JSON string with %GENERATED_BYTES% placeholder
(optional)
Builds a `BytesGenerationContext` for use as `:secretGenerationContext` on
`create-secret` / `update-secret`.
Params:
:generationTemplate — `:bytes-512` or `:bytes-1024` (required)
:secretTemplate — JSON string with `%GENERATED_BYTES%` placeholder
(optional)(function-target-system-details params)Builds a FunctionTargetSystemDetails for use as :targetSystemDetails on
rotation-config.
Params: :functionId — OCID of the OCI Function that Vault invokes to rotate (required)
Builds a `FunctionTargetSystemDetails` for use as `:targetSystemDetails` on
`rotation-config`.
Params:
:functionId — OCID of the OCI Function that Vault invokes to rotate
(required)(passphrase-generation-context params)Builds a PassphraseGenerationContext for use as :secretGenerationContext
on create-secret / update-secret.
Params:
:generationTemplate — :secrets-default-password or
:dbaas-default-password (required)
:passphraseLength — integer length (optional)
:secretTemplate — JSON string with %GENERATED_PASSPHRASE%
placeholder (optional)
Builds a `PassphraseGenerationContext` for use as `:secretGenerationContext`
on `create-secret` / `update-secret`.
Params:
:generationTemplate — `:secrets-default-password` or
`:dbaas-default-password` (required)
:passphraseLength — integer length (optional)
:secretTemplate — JSON string with `%GENERATED_PASSPHRASE%`
placeholder (optional)(rotation-config params)Builds a RotationConfig for use as :rotationConfig on create-secret /
update-secret. Caller pre-builds the :targetSystemDetails via
adb-target-system-details or function-target-system-details.
Params:
:targetSystemDetails — pre-built TargetSystemDetails (required)
:isScheduledRotationEnabled — boolean; if true, :rotationInterval
must be set (optional)
:rotationInterval — ISO 8601 duration; 1d to 360d (optional)
Builds a `RotationConfig` for use as `:rotationConfig` on `create-secret` /
`update-secret`. Caller pre-builds the `:targetSystemDetails` via
`adb-target-system-details` or `function-target-system-details`.
Params:
:targetSystemDetails — pre-built TargetSystemDetails (required)
:isScheduledRotationEnabled — boolean; if true, `:rotationInterval`
must be set (optional)
:rotationInterval — ISO 8601 duration; 1d to 360d (optional)(secret-expiry-rule params)Builds a SecretExpiryRule for use in the :secretRules list on
create-secret / update-secret.
Params: :secretVersionExpiryInterval — ISO 8601 duration (e.g. "P30D"), 1d to 90d (optional) :timeOfAbsoluteExpiry — java.util.Date (optional) :isSecretContentRetrievalBlockedOnExpiry — boolean (optional)
Builds a `SecretExpiryRule` for use in the `:secretRules` list on
`create-secret` / `update-secret`.
Params:
:secretVersionExpiryInterval — ISO 8601 duration (e.g. "P30D"),
1d to 90d (optional)
:timeOfAbsoluteExpiry — java.util.Date (optional)
:isSecretContentRetrievalBlockedOnExpiry — boolean (optional)(secret-reuse-rule params)Builds a SecretReuseRule for use in the :secretRules list on
create-secret / update-secret.
Params: :isEnforcedOnDeletedSecretVersions — boolean (optional)
Builds a `SecretReuseRule` for use in the `:secretRules` list on `create-secret` / `update-secret`. Params: :isEnforcedOnDeletedSecretVersions — boolean (optional)
(ssh-key-generation-context params)Builds an SshKeyGenerationContext for use as :secretGenerationContext
on create-secret / update-secret.
Params:
:generationTemplate — :rsa-2048, :rsa-3072, or :rsa-4096 (required)
:secretTemplate — JSON string with %GENERATED_PUBLIC_KEY% /
%GENERATED_PRIVATE_KEY% placeholders (optional)
Builds an `SshKeyGenerationContext` for use as `:secretGenerationContext`
on `create-secret` / `update-secret`.
Params:
:generationTemplate — `:rsa-2048`, `:rsa-3072`, or `:rsa-4096` (required)
:secretTemplate — JSON string with `%GENERATED_PUBLIC_KEY%` /
`%GENERATED_PRIVATE_KEY%` placeholders (optional)cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |