# Spring CredHub
Spring CredHub provides client-side support for storing, retrieving, and deleting credentials from a [CredHub](https://docs.cloudfoundry.org/credhub/) server running in a [Cloud Foundry](https://www.cloudfoundry.org/) platform.
CredHub provides an [HTTP API](https://docs.cloudfoundry.org/api/credhub/) to securely store, generate, retrieve, and delete credentials of various types. Spring CredHub provides a Java binding for the CredHub API, making it easy to integrate Spring applications with CredHub.
## 1. Getting started
Spring CredHub supports CredHub server version 1.x and 2.x.
This library is intended to provide full coverage of the CredHub API - all operations on all credential types.
Spring CredHub has been optimized to work with Spring Boot applications.
To include Spring CredHub in a Spring Boot application, add some dependencies to the project build file.
### 1.1. Maven Dependencies
Add the Spring CredHub starter to the `dependencies` section of the build file:
```
org.springframework.credhub
spring-credhub-starter
2.2.0
```
To enable reactive support in Spring CredHub, add the following [Spring WebFlux](https://docs.spring.io/spring-framework/docs/5.3.13/reference/html/web-reactive.html#spring-webflux) dependency to the build file:
```
org.springframework.boot
spring-boot-starter-webflux
5.3.13
```
To use OAuth2 authentication to CredHub, add the following [Spring Security](https://spring.io/projects/spring-security) dependencies to the build file:
```
org.springframework.security
spring-security-config
5.5.3
org.springframework.security
spring-security-oauth2-client
5.5.3
```
### 1.2. Gradle Dependencies
Add the Spring CredHub starter to the `dependencies` section of the build file:
```
dependencies {
compile('org.springframework.credhub:spring-credhub-starter:2.2.0')
}
```
To enable reactive support in Spring CredHub, add the following [Spring WebFlux](https://docs.spring.io/spring-framework/docs/5.3.13/reference/html/web-reactive.html#spring-webflux) dependency to the build file:
```
dependencies {
compile("org.springframework.boot:spring-boot-starter-webflux:5.3.13")
}
```
To use OAuth2 authentication to CredHub, add the following [Spring Security](https://spring.io/projects/spring-security) dependencies to the build file:
```
dependencies {
compile("org.springframework.security:spring-security-config:5.5.3")
compile("org.springframework.security:spring-security-oauth2-client:5.5.3")
}
```
## 2. Spring Boot Configuration
When using the Spring CredHub starter dependency, Spring CredHub can be configured with [Spring Boot application properties](https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html#boot-features-external-config-application-property-files).
With the proper configuration properties, Spring CredHub will auto-configure a connection to a CredHub server.
### 2.1. Mutual TLS Authentication
An application running on Cloud Foundry can authenticate to a CredHub server deployed to the same platform using mutual TLS.
Mutual TLS is the default authentication scheme when no other authentication credentials are provided.
To use mutual TLS authentication to a CredHub server, simply provide the URL of the CredHub server as an application property:
```
spring:
credhub:
url: [CredHub server URL]
```
See the [CredHub documentation](https://docs.cloudfoundry.org/api/credhub/version/main/#_mutual_tls) for more information on mutual TLS authentication.
An application running on Cloud Foundry can use the internal address `[https://credhub.service.cf.internal:8844](https://credhub.service.cf.internal:8844)` to communicate with a CredHub server deployed to the same platform.
### 2.2. OAuth2 Authentication
OAuth2 can be used to authenticate via UAA to any CredHub server.
Spring CredHub supports client credentials grant tokens for authentication using the following Spring CredHub and Spring Security configuration:
```
spring:
credhub:
url: [CredHub server URL]
oauth2:
registration-id: credhub-client
security:
oauth2:
client:
registration:
credhub-client:
provider: uaa
client-id: [OAuth2 client ID]
client-secret: [OAuth2 client secret]
authorization-grant-type: client_credentials
provider:
uaa:
token-uri: [UAA token server endpoint]
```
The ID provided in `spring.credhub.oauth2.registration-id` must refer to a client configured under `spring.security.oauth2.client.registration`.
See the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-security-oauth2) for more information on Spring Boot OAuth2 client configuration.
The OAuth2 client specified in the Spring Security client registration must have CredHub scopes such as `credhub.read` or `credhub.write` to perform most operations.
See the [CredHub documentation](https://docs.cloudfoundry.org/api/credhub/version/main/#_uaa_oauth2) for more information on OAuth2 authentication with UAA.
#### 2.2.1. Auto-configuration of Spring Security OAuth2
When `spring.credhub.oauth2` properties are set and Spring Security is on the application classpath, Spring CredHub will auto-configure the Spring Security beans required for OAuth2 authentication.
An application can provide the required Spring Security OAuth2 beans to override the auto-configuration if necessary.
##### [](#servlet-and-non-reactive-applications)[Servlet and Non-reactive Applications](#servlet-and-non-reactive-applications)
Spring CredHub requires beans of the following types, provided by Spring Security, in order to authenticate using OAuth2.
| Required Bean Type | Auto-configured Type |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|[`ClientRegistrationRepository`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/registration/ClientRegistrationRepository.html)| [`InMemoryClientRegistrationRepository`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.html) |
|[`OAuth2AuthorizedClientRepository`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/web/OAuth2AuthorizedClientRepository.html) |[`AuthenticatedPrincipalOAuth2AuthorizedClientRepository`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepository.html)|
| [`OAuth2AuthorizedClientManager`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/OAuth2AuthorizedClientManager.html) | [`DefaultOAuth2AuthorizedClientManager`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/web\DefaultOAuth2AuthorizedClientManager.html) |
The auto-configured `DefaultOAuth2AuthorizedClientManager` assumes the application is running in a servlet container and has an active `HttpServletRequest`.
An application might need to provide an alternate implementation of the `OAuth2AuthorizedClientManager` bean such as [`AuthorizedClientServiceOAuth2AuthorizedClientManager`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.html) to process requests outside of an `HttpServletRequest`, as shown in the following example:
```
/*
* Copyright 2016-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.example.credhub;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
@Configuration
public class CredHubSecurityConfiguration {
@Bean
public AuthorizedClientServiceOAuth2AuthorizedClientManager reactiveClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientService authorizedClientService) {
AuthorizedClientServiceOAuth2AuthorizedClientManager clientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientService);
clientManager.setAuthorizedClientProvider(new ClientCredentialsOAuth2AuthorizedClientProvider());
return clientManager;
}
}
```
Refer to the [Spring Security documentation](https://docs.spring.io/spring-security/site/docs/5.5.3/reference/html5/#oauth2login-override-boot-autoconfig) for more information and examples of configuring other beans.
##### [](#reactive-applications)[Reactive Applications](#reactive-applications)
Spring CredHub requires beans of the following types, provided by Spring Security, in order to authenticate using OAuth2.
| Required Bean Type | Auto-configured Type |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [`ReactiveClientRegistrationRepository`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/registration/ReactiveClientRegistrationRepository.html) | [`InMemoryReactiveClientRegistrationRepository`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepository.html) |
|[`ServerOAuth2AuthorizedClientRepository`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizedClientRepository.html)|[`UnAuthenticatedServerOAuth2AuthorizedClientRepository`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.html)|
| [`ReactiveOAuth2AuthorizedClientManager`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientManager.html) | [`DefaultReactiveOAuth2AuthorizedClientManager`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.html) |
The auto-configured `DefaultReactiveOAuth2AuthorizedClientManager` requires an active `ServerHttpRequest` context.
An application might need to provide an alternate implementation of the `ReactiveOAuth2AuthorizedClientManager` bean such as [`AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager`](https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.html) to process requests outside of an `ServerHttpRequest`, as shown in the following example:
```
/*
* Copyright 2016-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.example.credhub;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
@Configuration
public class CredHubReactiveSecurityConfiguration {
@Bean
public AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager reactiveClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ReactiveOAuth2AuthorizedClientService authorizedClientService) {
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager clientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientService);
clientManager.setAuthorizedClientProvider(new ClientCredentialsReactiveOAuth2AuthorizedClientProvider());
return clientManager;
}
}
```
Refer to the [Spring Security documentation](https://docs.spring.io/spring-security/site/docs/5.5.3/reference/html5/#oauth2login-override-boot-autoconfig) for more information and examples of configuring other beans.
## 3. Introduction to CredHubOperations
The interface `org.springframework.credhub.core.CredHubOperations` and the implementation `org.springframework.credhub.core.CredHubTemplate` are the central classes in Spring CredHub.`CredHubOperations` provides access to additional operations interfaces that model the full CredHub API:
```
/**
* Get the operations for saving, retrieving, and deleting credentials.
*/
CredHubCredentialOperations credentials();
/**
* Get the operations for adding, retrieving, and deleting credential permissions.
*/
CredHubPermissionOperations permissions();
/**
* Get the operations for adding, retrieving, and deleting credential permissions.
*/
CredHubPermissionV2Operations permissionsV2();
/**
* Get the operations for retrieving, regenerating, and updating certificates.
*/
CredHubCertificateOperations certificates();
/**
* Get the operations for interpolating service binding credentials.
*/
CredHubInterpolationOperations interpolation();
/**
* Get the operations for retrieving CredHub server information.
*/
CredHubInfoOperations info();
```
### 3.1. Mapping to CredHub API
Each method of the `Operations` interfaces maps directly to one endpoint of the CredHub HTTP API.
The following table shows the mapping between the CredHub API and the appropriate Spring CredHub `Operations` interface.
| [CredHub Credentials API](https://docs.cloudfoundry.org/api/credhub/version/main/#_credentials_endpoint) | [CredHubCredentialOperations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/credential/CredHubCredentialOperations.html) |
|------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|[CredHub Permissions API](https://docs.cloudfoundry.org/api/credhub/version/main/#_permissions_v1_deprecated) (v1)| [CredHubPermissionOperations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/permission/CredHubPermissionOperations.html) |
| [CredHub Permissions API](https://docs.cloudfoundry.org/api/credhub/version/main/#_permissions_v2_endpoint) (v2) | [CredHubPermissionV2Operations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/permissionV2/CredHubPermissionV2Operations.html) |
| [CredHub Certificates API](https://docs.cloudfoundry.org/api/credhub/version/main/#_certificates_endpoint) | [CredHubCertificateOperations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/certificate/CredHubCertificateOperations.html) |
| [CredHub Interpolation API](https://docs.cloudfoundry.org/api/credhub/version/main/#_interpolation_endpoint) |[CredHubInterpolationOperations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/interpolation/CredHubInterpolationOperations.html)|
| [CredHub Information API](https://docs.cloudfoundry.org/api/credhub/version/main/#_info_endpoint) | [CredHubInfoOperations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/info/CredHubInfoOperations.html) |
### 3.2. CredHubOperations Auto-configuration
A `CredHubOperations` Spring bean is created using Spring Boot auto-configuration when application properties are properly configured.
Application classes can autowire an instance of this bean to interact with a CredHub server.
```
/*
* Copyright 2016-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.example.credhub;
import org.springframework.credhub.core.CredHubOperations;
import org.springframework.credhub.support.CredentialDetails;
import org.springframework.credhub.support.SimpleCredentialName;
import org.springframework.credhub.support.password.PasswordCredential;
import org.springframework.credhub.support.password.PasswordParameters;
import org.springframework.credhub.support.password.PasswordParametersRequest;
import org.springframework.stereotype.Component;
@Component
public class CredHubService {
private final CredHubOperations credHubOperations;
private final SimpleCredentialName credentialName;
public CredHubService(CredHubOperations credHubOperations) {
this.credHubOperations = credHubOperations;
this.credentialName = new SimpleCredentialName("example", "password");
}
public String generatePassword() {
PasswordParameters parameters = PasswordParameters.builder().length(12).excludeLower(false).excludeUpper(false)
.excludeNumber(false).includeSpecial(true).build();
CredentialDetails password = this.credHubOperations.credentials()
.generate(PasswordParametersRequest.builder().name(this.credentialName).parameters(parameters).build());
return password.getValue().getPassword();
}
public String getPassword() {
CredentialDetails password = this.credHubOperations.credentials()
.getByName(this.credentialName, PasswordCredential.class);
return password.getValue().getPassword();
}
}
```
## 4. Introduction to ReactiveCredHubOperations
The interface `org.springframework.credhub.core.ReactiveCredHubOperations` and the implementation `org.springframework.credhub.core.ReactiveCredHubTemplate` are the central classes in Spring CredHub reactive support.`ReactiveCredHubOperations` provides access to additional operations interfaces that model the full CredHub API:
```
/**
* Get the operations for saving, retrieving, and deleting credentials.
*/
ReactiveCredHubCredentialOperations credentials();
/**
* Get the operations for adding, retrieving, and deleting credential permissions.
*/
ReactiveCredHubPermissionOperations permissions();
/**
* Get the operations for adding, retrieving, and deleting credential permissions.
*/
ReactiveCredHubPermissionV2Operations permissionsV2();
/**
* Get the operations for retrieving, regenerating, and updating certificates.
*/
ReactiveCredHubCertificateOperations certificates();
/**
* Get the operations for interpolating service binding credentials.
*/
ReactiveCredHubInterpolationOperations interpolation();
/**
* Get the operations for retrieving CredHub server information.
*/
ReactiveCredHubInfoOperations info();
```
### 4.1. Mapping to CredHub API
Each method of the `Reactive…Operations` interfaces maps directly to one endpoint of the CredHub HTTP API.
The following table shows the mapping between the CredHub API and the appropriate Spring CredHub `Reactive…Operations` interface.
| [CredHub Credentials API](https://docs.cloudfoundry.org/api/credhub/version/main/#_credentials_endpoint) | [ReactiveCredHubCredentialOperations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/credential/ReactiveCredHubCredentialOperations.html) |
|------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|[CredHub Permissions API](https://docs.cloudfoundry.org/api/credhub/version/main/#_permissions_v1_deprecated) (v1)| [ReactiveCredHubPermissionOperations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/permission/ReactiveCredHubPermissionOperations.html) |
| [CredHub Permissions API](https://docs.cloudfoundry.org/api/credhub/version/main/#_permissions_v2_endpoint) (v2) | [ReactiveCredHubPermissionV2Operations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/permissionV2/ReactiveCredHubPermissionV2Operations.html) |
| [CredHub Certificates API](https://docs.cloudfoundry.org/api/credhub/version/main/#_certificates_endpoint) | [ReactiveCredHubCertificateOperations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/certificate/ReactiveCredHubCertificateOperations.html) |
| [CredHub Interpolation API](https://docs.cloudfoundry.org/api/credhub/version/main/#_interpolation_endpoint) |[ReactiveCredHubInterpolationOperations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/interpolation/ReactiveCredHubInterpolationOperations.html)|
| [CredHub Information API](https://docs.cloudfoundry.org/api/credhub/version/main/#_info_endpoint) | [ReactiveCredHubInfoOperations](https://docs.spring.io/spring-credhub/docs/2.2.0/api/index.html?org/springframework/credhub/core/info/ReactiveCredHubInfoOperations.html) |
### 4.2. ReactiveCredHubOperations Auto-configuration
A `ReactiveCredHubOperations` Spring bean is created using Spring Boot auto-configuration when application properties are properly configured and the Spring WebFlux library is on the classpath.
Application classes can autowire an instance of this bean to interact with a CredHub server.
```
/*
* Copyright 2016-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.example.credhub;
import reactor.core.publisher.Mono;
import org.springframework.credhub.core.ReactiveCredHubOperations;
import org.springframework.credhub.support.SimpleCredentialName;
import org.springframework.credhub.support.password.PasswordCredential;
import org.springframework.credhub.support.password.PasswordParameters;
import org.springframework.credhub.support.password.PasswordParametersRequest;
import org.springframework.stereotype.Component;
@Component
public class ReactiveCredHubService {
private final ReactiveCredHubOperations credHubOperations;
private final SimpleCredentialName credentialName;
public ReactiveCredHubService(ReactiveCredHubOperations credHubOperations) {
this.credHubOperations = credHubOperations;
this.credentialName = new SimpleCredentialName("example", "password");
}
public Mono generatePassword() {
PasswordParameters parameters = PasswordParameters.builder().length(12).excludeLower(false).excludeUpper(false)
.excludeNumber(false).includeSpecial(true).build();
return this.credHubOperations.credentials()
.generate(PasswordParametersRequest.builder().name(this.credentialName).parameters(parameters).build(),
PasswordCredential.class)
.map((password) -> password.getValue().getPassword());
}
public Mono getPassword() {
return this.credHubOperations.credentials().getByName(this.credentialName, PasswordCredential.class)
.map((password) -> password.getValue().getPassword());
}
}
```
## 5. HTTP Client Support
Spring CredHub `CredHubOperations` supports multiple HTTP client libraries to communicate with the CredHub API. The following libraries are supported:
* Java’s builtin `HttpURLConnection` (default)
* [Apache HttpComponents](https://hc.apache.org/)
* [OkHttp 3](https://square.github.io/okhttp/)
* [Netty](https://netty.io/)
Choosing a specific client library requires the appropriate dependency to be available on the application classpath.
The application classpath will be inspected for each client library in the order listed above.
Spring CredHub `ReactiveCredHubOperations` only supports the Netty HTTP client library.
### 5.1. Apache HttpComponents
To use Apache HttpComponents to communicate with CredHub, add the following dependency to the application:
```
org.apache.httpcomponents
httpclient
```
| |Apache HttpClient’s [wire logging](https://hc.apache.org/httpcomponents-client-4.5.x/logging.html) can be enabled through logging configuration. Make sure to not accidentally enable wire logging as logs may expose traffic (including tokens and secrets) between your application and CredHub in plain text.|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
### 5.2. OkHttp 3
To use OkHttp 3 to communicate with CredHub, add the following dependency to the application:
```
com.squareup.okhttp3
okhttp
```
### 5.3. Netty
To use Netty to communicate with CredHub, add the following dependency to the application:
```
io.netty
netty-all
```