Skip to content

[ENG-3808] Add document for java sdk aws auth login #4604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fangpenlin merged 4 commits into from
Oct 3, 2025
Merged

[ENG-3808] Add document for java sdk aws auth login #4604

Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ea8c24d
Add document for java sdk aws auth login
Oct 3, 2025
eb64a73
Move doc section around to match the one in API doc
Oct 3, 2025
24cbc51
Update doc with the new overloaded method
Oct 3, 2025
898db6b
Remove other docs, focus on the identity id use case
Oct 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 67 additions & 0 deletions docs/sdks/languages/java.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,73 @@ sdk.Auth().UniversalAuthLogin(
- `clientId` (string): The client ID of your Machine Identity.
- `clientSecret` (string): The client secret of your Machine Identity.

### AWS Auth

```java
public void AwsAuthLogin(
AwsAuthLoginInput input
Comment thread
fangpenlin marked this conversation as resolved.
Outdated
)
throws InfisicalException
```

```java
var input = AwsAuthLoginInput
.builder()
.identityId("<machine-identity-id>")
.iamHttpRequestMethod("<iam-http-request-method>")
.iamRequestHeaders("<iam-request-headers>")
.iamRequestBody("<iam-request-body>")
.build();

sdk.Auth().AwsAuthLogin(input);
```

**Parameters:**
- `input` (AwsAuthLoginInput): The input for authenticating with AWS.
- `identityId` (String): The ID of the machine identity to authenticate with.
- `iamHttpRequestMethod` (String): The HTTP request method used in the signed request.
- `iamRequestHeaders` (String): The base64-encoded headers of the sts:GetCallerIdentity signed request.
- `iamRequestBody` (String): The base64-encoded body of the signed request. Most likely, the base64-encoding of Action=GetCallerIdentity&Version=2011-06-15.

Generating the login input requires retrieving AWS credentials from the current local environment and performing an AWS Signature Version 4 on the retrieved data.
To make it much easier for users, we provide a helper class to automatically generate the login input for you.

```java
import com.infisical.sdk.auth.AwsAuthProvider;
var input = AwsAuthProvider.defaultProvider()
.fromInstanceProfile()
.toLoginInput("<machine-identity-id>");
```

Since this is the most common use case for AWS authentication, we also provide an overloaded method for `AwsAuthLogin`:
Comment thread
fangpenlin marked this conversation as resolved.
Outdated

```java
public void AwsAuthLogin(
String identityId
)
throws InfisicalException
```

With this method, you can pass in the `identityId`, and it will retrieve AWS credentials automatically for you from your current environment:

```java
sdk.Auth().AwsAuthLogin("<machine-identity-id>");
```

If you prefer to retrieve AWS credentials manually from your local AWS environment, you can generate the login input by providing the AWS credentials yourself, as shown below:

```java
import com.infisical.sdk.auth.AwsAuthProvider;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
var input = AwsAuthProvider.defaultProvider()
.fromCredentials(
"<aws-region>",
AwsBasicCredentials.create("<aws-access-key>", "<aws-secret-key>"),
"<aws-session-token>"
)
.toLoginInput("<machine-identity-id>");
```
Comment thread
varonix0 marked this conversation as resolved.
Outdated

### LDAP Auth

```java
Expand Down
Loading