Class: Vault::AuthTLS

Inherits:

Request

• Object
• Request
• Vault::AuthTLS

Defined in:

lib/vault/api/auth_tls.rb

Instance Attribute Summary

Attributes inherited from Request

#client

Instance Method Summary

• #certificate(name) ⇒ Secret^?

  Get the certificate by the given name.

• #certificates(options = {}) ⇒ Array<String>

  The list of certificates in vault auth backend.

• #delete_certificate(name) ⇒ Object

  Delete the certificate with the given name.

• #set_certificate(name, options = {}) ⇒ true

  Saves a certificate with the given name and attributes.

Methods inherited from Request

#initialize, #inspect, #to_s

Methods included from EncodePath

encode_path

Constructor Details

This class inherits a constructor from Vault::Request

Instance Method Details

#certificate(name) ⇒ Secret^?

Get the certificate by the given name. If a certificate does not exist by that name, nil is returned.

Examples:

Vault.auth_tls.certificate("web") #=> #<Vault::Secret lease_id="...">

Returns:

• (Secret, nil)

# File 'lib/vault/api/auth_tls.rb', line 56

def certificate(name)
  json = client.get("/v1/auth/cert/certs/#{encode_path(name)}")
  return Secret.decode(json)
rescue HTTPError => e
  return nil if e.code == 404
  raise
end

#certificates(options = {}) ⇒ Array<String>

The list of certificates in vault auth backend.

Examples:

Vault.auth_tls.certificates #=> ["web"]

Returns:

• (Array<String>)

# File 'lib/vault/api/auth_tls.rb', line 70

def certificates(options = {})
  headers = extract_headers!(options)
  json = client.list("/v1/auth/cert/certs", options, headers)
  return Secret.decode(json).data[:keys] || []
rescue HTTPError => e
  return [] if e.code == 404
  raise
end

#delete_certificate(name) ⇒ Object

Delete the certificate with the given name. If a certificate does not exist, vault will not return an error.

Examples:

Vault.auth_tls.delete_certificate("web") #=> true

Parameters:

• name (String) —

  the name of the certificate

# File 'lib/vault/api/auth_tls.rb', line 87

def delete_certificate(name)
  client.delete("/v1/auth/cert/certs/#{encode_path(name)}")
  return true
end

#set_certificate(name, options = {}) ⇒ true

Saves a certificate with the given name and attributes. The certificate with the given name must already exist.

Examples:

Vault.auth_tls.set_certificate("web", {
  display_name: "web-cert",
  certificate:  "-----BEGIN CERTIFICATE...",
  policies:     "default",
  ttl:          3600,
}) #=> true

Parameters:

• name (String) —

  the name of the certificate

• options (Hash) (defaults to: {})

Options Hash (options):

• :certificate (String) —

  The PEM-formatted CA certificate.

• :policies (String) —

  A comma-separated list of policies issued when authenticating with this CA.

• :display_name (String) —

  The name to display on tokens issued against this CA.

• :ttl (Fixnum) —

  The TTL period of the token, provided as a number of seconds.

Returns:

• (true)

# File 'lib/vault/api/auth_tls.rb', line 43

def set_certificate(name, options = {})
  headers = extract_headers!(options)
  client.post("/v1/auth/cert/certs/#{encode_path(name)}", JSON.fast_generate(options), headers)
  return true
end