Module: Vault::Defaults

Defined in:

lib/vault/defaults.rb

Constant Summary

VAULT_ADDRESS =

The default vault address.

Returns:

• (String)

"https://127.0.0.1:8200".freeze

VAULT_DISK_TOKEN =

The path to the vault token on disk.

Returns:

• (String)

Pathname.new("#{ENV["HOME"]}/.vault-token").expand_path.freeze

SSL_CIPHERS =

The list of SSL ciphers to allow. You should not change this value unless you absolutely know what you are doing!

Returns:

• (String)

"TLSv1.2:!aNULL:!eNULL".freeze

RETRY_ATTEMPTS =

The default number of attempts.

Returns:

• (Fixnum)

2

RETRY_BASE =

The default backoff interval.

Returns:

• (Fixnum)

0.05

RETRY_MAX_WAIT =

The maximum amount of time for a single exponential backoff to sleep.

2.0

DEFAULT_POOL_SIZE =

The default size of the connection pool

16

RETRIED_EXCEPTIONS =

The set of exceptions that are detect and retried by default with ‘with_retries`

[HTTPServerError]

Class Method Summary

• .address ⇒ String

  The address to communicate with Vault.

• .hostname ⇒ String^?

  The SNI host to use when connecting to Vault via TLS.

• .open_timeout ⇒ String^?

  The number of seconds to wait when trying to open a connection before timing out.

• .options ⇒ Hash

  The list of calculated options for this configurable.

• .pool_size ⇒ Object

  The size of the connection pool to communicate with Vault.

• .proxy_address ⇒ String^?

  The HTTP Proxy server address as a string.

• .proxy_password ⇒ String^?

  The HTTP Proxy user password as a string.

• .proxy_port ⇒ String^?

  The HTTP Proxy server port as a string.

• .proxy_username ⇒ String^?

  The HTTP Proxy server username as a string.

• .read_timeout ⇒ String^?

  The number of seconds to wait when reading a response before timing out.

• .ssl_ca_cert ⇒ String^?

  The path to the CA cert on disk to use for certificate verification.

• .ssl_ca_path ⇒ String^?

  The path to the directory on disk holding CA certs to use for certificate verification.

• .ssl_cert_store ⇒ OpenSSL::X509::Store^?

  The CA cert store to use for certificate verification.

• .ssl_ciphers ⇒ String

  The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing.

• .ssl_pem_contents ⇒ String^?

  The raw contents (as a string) for the pem file.

• .ssl_pem_file ⇒ String^?

  The path to a pem on disk to use with custom SSL verification.

• .ssl_pem_passphrase ⇒ String^?

  Passphrase to the pem file on disk to use with custom SSL verification.

• .ssl_timeout ⇒ String^?

  The number of seconds to wait for connecting and verifying SSL.

• .ssl_verify ⇒ true, false

  Verify SSL requests (default: true).

• .timeout ⇒ String^?

  A default meta-attribute to set all timeout values - individually set timeout values will take precedence.

• .token ⇒ String^?

  The vault token to use for authentiation.

Class Method Details

.address ⇒ String

The address to communicate with Vault.

Returns:

• (String)

# File 'lib/vault/defaults.rb', line 46

def address
  ENV["VAULT_ADDR"] || VAULT_ADDRESS
end

.hostname ⇒ String^?

The SNI host to use when connecting to Vault via TLS.

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 66

def hostname
  ENV["VAULT_TLS_SERVER_NAME"]
end

.open_timeout ⇒ String^?

The number of seconds to wait when trying to open a connection before timing out

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 73

def open_timeout
  ENV["VAULT_OPEN_TIMEOUT"]
end

.options ⇒ Hash

The list of calculated options for this configurable.

Returns:

• (Hash)

# File 'lib/vault/defaults.rb', line 40

def options
  Hash[*Configurable.keys.map { |key| [key, public_send(key)] }.flatten]
end

.pool_size ⇒ Object

The size of the connection pool to communicate with Vault

Returns:

• Integer

# File 'lib/vault/defaults.rb', line 79

def pool_size
  if var = ENV["VAULT_POOL_SIZE"]
    return var.to_i
  else
    DEFAULT_POOL_SIZE
  end
end

.proxy_address ⇒ String^?

The HTTP Proxy server address as a string

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 89

def proxy_address
  ENV["VAULT_PROXY_ADDRESS"]
end

.proxy_password ⇒ String^?

The HTTP Proxy user password as a string

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 101

def proxy_password
  ENV["VAULT_PROXY_PASSWORD"]
end

.proxy_port ⇒ String^?

The HTTP Proxy server port as a string

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 107

def proxy_port
  ENV["VAULT_PROXY_PORT"]
end

.proxy_username ⇒ String^?

The HTTP Proxy server username as a string

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 95

def proxy_username
  ENV["VAULT_PROXY_USERNAME"]
end

.read_timeout ⇒ String^?

The number of seconds to wait when reading a response before timing out

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 113

def read_timeout
  ENV["VAULT_READ_TIMEOUT"]
end

.ssl_ca_cert ⇒ String^?

The path to the CA cert on disk to use for certificate verification

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 151

def ssl_ca_cert
  ENV["VAULT_CACERT"]
end

.ssl_ca_path ⇒ String^?

The path to the directory on disk holding CA certs to use for certificate verification

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 164

def ssl_ca_path
  ENV["VAULT_CAPATH"]
end

.ssl_cert_store ⇒ OpenSSL::X509::Store^?

The CA cert store to use for certificate verification

Returns:

• (OpenSSL::X509::Store, nil)

# File 'lib/vault/defaults.rb', line 157

def ssl_cert_store
  nil
end

.ssl_ciphers ⇒ String

The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing

Returns:

• (String)

# File 'lib/vault/defaults.rb', line 121

def ssl_ciphers
  ENV["VAULT_SSL_CIPHERS"] || SSL_CIPHERS
end

.ssl_pem_contents ⇒ String^?

The raw contents (as a string) for the pem file. To specify the path to the pem file, use #ssl_pem_file instead. This value is preferred over the value for #ssl_pem_file, if set.

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 129

def ssl_pem_contents
  if ENV["VAULT_SSL_PEM_CONTENTS_BASE64"]
    Base64.decode64(ENV["VAULT_SSL_PEM_CONTENTS_BASE64"])
  else
    ENV["VAULT_SSL_PEM_CONTENTS"]
  end
end

.ssl_pem_file ⇒ String^?

The path to a pem on disk to use with custom SSL verification

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 139

def ssl_pem_file
  ENV["VAULT_SSL_CERT"] || ENV["VAULT_SSL_PEM_FILE"]
end

.ssl_pem_passphrase ⇒ String^?

Passphrase to the pem file on disk to use with custom SSL verification

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 145

def ssl_pem_passphrase
  ENV["VAULT_SSL_CERT_PASSPHRASE"]
end

.ssl_timeout ⇒ String^?

The number of seconds to wait for connecting and verifying SSL

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 185

def ssl_timeout
  ENV["VAULT_SSL_TIMEOUT"]
end

.ssl_verify ⇒ true, false

Verify SSL requests (default: true)

Returns:

• (true, false)

# File 'lib/vault/defaults.rb', line 170

def ssl_verify
  # Vault CLI uses this envvar, so accept it by precedence
  if !ENV["VAULT_SKIP_VERIFY"].nil?
    return false
  end

  if ENV["VAULT_SSL_VERIFY"].nil?
    true
  else
    %w[t y].include?(ENV["VAULT_SSL_VERIFY"].downcase[0])
  end
end

.timeout ⇒ String^?

A default meta-attribute to set all timeout values - individually set timeout values will take precedence

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 192

def timeout
  ENV["VAULT_TIMEOUT"]
end

.token ⇒ String^?

The vault token to use for authentiation.

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 52

def token
  if !ENV["VAULT_TOKEN"].nil?
    return ENV["VAULT_TOKEN"]
  end

  if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable?
    return VAULT_DISK_TOKEN.read.chomp
  end

  nil
end