Programming Guidelines

While developing Vault extensions is essentially programming in Java, there are some language and JDK restrictions to ensure your code runs securely in Vault.

You should observe the following general guidelines when developing Vault extensions:

• Only use interfaces provided by the Vault Java SDK
• Only use allowlisted JDK classes and methods
• Make your code thread safe
• Validate your code often
• Understand and follow all Vault limits and restrictions
• Only use RollbackException for exception handling

Collection Classes

Section link for Collection Classes

Vault Java SDK does not allow instantiation of traditional Java collection classes to create maps, lists, or sets. Instead, you must use the methods provided by the VaultCollections interface. Once you create a collection, you can use all allowlisted methods from the JDK Map, List, and Set interfaces.

Code Validation

Section link for Code Validation

Restrictions are checked during validation, which happens when you deploy code to Vault from a VPK. For example, if your code uses a third-party library or non-allowlisted class, it will not pass validation and deployment will fail. We recommend validating your code often during the development process to catch issues early.

You can do this with the Validate Package endpoint.

POST/api/{version}/services/package/actions/validate

To use this endpoint, you must create a Vault Package File (VPK) as input.

You can view, download, delete, enable or disable deployed extensions in the Admin UI, located in Admin > Configuration > VAULT JAVA SDK. Learn more about the Admin UI in Vault Help.