Package com.maybeitssquid.rotatingsecrets.hikari

Class HikariCredentialsUpdater

java.lang.Object
com.maybeitssquid.rotatingsecrets.hikari.HikariCredentialsUpdater
All Implemented Interfaces:
UpdatableCredential<String>, com.zaxxer.hikari.HikariCredentialsProvider
public class HikariCredentialsUpdater extends Object implements UpdatableCredential<String>, com.zaxxer.hikari.HikariCredentialsProvider
Handles credential updates for HikariCP data sources.

This class implements both UpdatableCredential and HikariCredentialsProvider interfaces, serving as a bridge between the credential rotation system and HikariCP's built-in credential provider mechanism. It receives credential change notifications from the CredentialsProviderService and provides those credentials to HikariCP when new connections are created.

How It Works

  1. HikariCP is configured to use this class as its HikariCredentialsProvider
  2. When HikariCP needs credentials for a new connection, it calls getCredentials()
  3. When credentials are rotated, setCredential(String, String) is called
  4. The updater stores the new credentials and triggers soft eviction of existing connections
  5. Soft eviction marks connections for closure after they are returned to the pool
  6. New connections use the updated credentials from getCredentials()

Thread Safety

This class is thread-safe. The Credentials object is immutable and is replaced atomically when credentials are updated. The soft eviction operation is thread-safe as implemented by HikariCP.

See Also:

  • Constructor Details

    • HikariCredentialsUpdater

      public HikariCredentialsUpdater(String username, String password)
      Creates a new credentials updater with the specified initial credentials.
      Parameters:
      username - the initial database username
      password - the initial database password

  • Method Details

    • setDataSource

      public void setDataSource(com.zaxxer.hikari.HikariDataSource dataSource)
      Sets the HikariCP DataSource reference for connection eviction.

      This method is called after the DataSource is created to enable soft eviction of connections when credentials are rotated. The circular dependency (DataSource needs credentials provider, credentials provider needs DataSource for eviction) is resolved by injecting the DataSource after creation.

      Parameters:
      dataSource - the HikariCP DataSource to manage

    • setCredential

      public void setCredential(String username, String credential)
      Updates the stored credentials and soft-evicts existing connections.

      This method atomically replaces the stored credentials with new ones, then triggers a soft eviction of all existing connections in the pool. Soft eviction marks connections for closure after they are returned to the pool, allowing in-flight transactions to complete while ensuring new checkouts get fresh connections with the updated credentials.

      Specified by:
      setCredential in interface UpdatableCredential<String>
      Parameters:
      username - the new database username
      credential - the new database password

    • getCredentials

      public com.zaxxer.hikari.util.Credentials getCredentials()
      Provides the current credentials to HikariCP for new connection creation.

      This method is called by HikariCP's connection factory when creating new connections. It returns the most recently set credentials.

      Specified by:
      getCredentials in interface com.zaxxer.hikari.HikariCredentialsProvider
      Returns:
      the current credentials for database connections