Class: Vault::Sys
- Defined in:
- lib/vault/api/sys.rb,
lib/vault/api/sys/auth.rb,
lib/vault/api/sys/init.rb,
lib/vault/api/sys/seal.rb,
lib/vault/api/sys/audit.rb,
lib/vault/api/sys/lease.rb,
lib/vault/api/sys/mount.rb,
lib/vault/api/sys/leader.rb,
lib/vault/api/sys/policy.rb
Instance Attribute Summary
Attributes inherited from Request
Instance Method Summary collapse
-
#audits ⇒ Hash<Symbol, Audit>
List all audis for the vault.
-
#auths ⇒ Hash<Symbol, Auth>
List all auths in Vault.
-
#delete_policy(name) ⇒ Object
Delete the policy with the given name.
-
#disable_audit(path) ⇒ true
Disable a particular audit.
-
#disable_auth(path) ⇒ true
Disable a particular authentication at the given path.
-
#enable_audit(path, type, description, options = {}) ⇒ true
Enable a particular audit.
-
#enable_auth(path, type, description = nil) ⇒ true
Enable a particular authentication at the given path.
-
#init(options = {}) ⇒ InitResponse
Initialize a new vault.
-
#init_status ⇒ InitStatus
Show the initialization status for this vault.
-
#leader ⇒ LeaderStatus
Determine the leader status for this vault.
-
#mount(path, type, description = nil) ⇒ Object
Create a mount at the given path.
-
#mounts ⇒ Hash<Symbol, Mount>
List all mounts in the vault.
-
#policies ⇒ Array<String>
The list of policies in vault.
-
#policy(name) ⇒ Policy?
Get the policy by the given name.
-
#put_policy(name, rules) ⇒ true
Create a new policy with the given name and rules.
-
#remount(from, to) ⇒ true
Change the name of the mount.
-
#renew(id, increment = 0) ⇒ Secret
Renew a lease with the given ID.
-
#revoke(id) ⇒ true
Revoke the secret at the given id.
-
#revoke_prefix(id) ⇒ true
Revoke all secrets under the given prefix.
-
#seal ⇒ true
Seal the vault.
-
#seal_status ⇒ SealStatus
Get the current seal status.
-
#unmount(path) ⇒ true
Unmount the thing at the given path.
-
#unseal(shard) ⇒ SealStatus
Unseal the vault with the given shard.
Methods inherited from Request
Constructor Details
This class inherits a constructor from Vault::Request
Instance Method Details
#audits ⇒ Hash<Symbol, Audit>
List all audis for the vault.
15 16 17 18 19 20 |
# File 'lib/vault/api/sys/audit.rb', line 15 def audits json = client.get("/v1/sys/audit") return Hash[*json.map do |k,v| [k.to_s.chomp("/").to_sym, Audit.decode(v)] end.flatten] end |
#auths ⇒ Hash<Symbol, Auth>
List all auths in Vault.
15 16 17 18 19 20 |
# File 'lib/vault/api/sys/auth.rb', line 15 def auths json = client.get("/v1/sys/auth") return Hash[*json.map do |k,v| [k.to_s.chomp("/").to_sym, Auth.decode(v)] end.flatten] end |
#delete_policy(name) ⇒ Object
Delete the policy with the given name. If a policy does not exist, vault will not return an error.
71 72 73 74 |
# File 'lib/vault/api/sys/policy.rb', line 71 def delete_policy(name) client.delete("/v1/sys/policy/#{name}") return true end |
#disable_audit(path) ⇒ true
Disable a particular audit. If an audit does not exist, and error will be raised.
55 56 57 58 |
# File 'lib/vault/api/sys/audit.rb', line 55 def disable_audit(path) client.delete("/v1/sys/audit/#{path}") return true end |
#disable_auth(path) ⇒ true
Disable a particular authentication at the given path. If not auth exists at that path, an error will be raised.
53 54 55 56 |
# File 'lib/vault/api/sys/auth.rb', line 53 def disable_auth(path) client.delete("/v1/sys/auth/#{path}") return true end |
#enable_audit(path, type, description, options = {}) ⇒ true
Enable a particular audit. Note: the options
depend heavily on the type of audit being enabled. Please refer to audit-specific documentation for which need to be enabled.
39 40 41 42 43 44 45 46 |
# File 'lib/vault/api/sys/audit.rb', line 39 def enable_audit(path, type, description, = {}) client.put("/v1/sys/audit/#{path}", JSON.fast_generate( type: type, description: description, options: , )) return true end |
#enable_auth(path, type, description = nil) ⇒ true
Enable a particular authentication at the given path.
35 36 37 38 39 40 41 |
# File 'lib/vault/api/sys/auth.rb', line 35 def enable_auth(path, type, description = nil) payload = { type: type } payload[:description] = description if !description.nil? client.post("/v1/sys/auth/#{path}", JSON.fast_generate(payload)) return true end |
#init(options = {}) ⇒ InitResponse
Initialize a new vault.
38 39 40 41 42 43 44 |
# File 'lib/vault/api/sys/init.rb', line 38 def init( = {}) json = client.put("/v1/sys/init", JSON.fast_generate( secret_shares: .fetch(:shares, 5), secret_threshold: .fetch(:threshold, 3), )) return InitResponse.decode(json) end |
#init_status ⇒ InitStatus
Show the initialization status for this vault.
19 20 21 22 |
# File 'lib/vault/api/sys/init.rb', line 19 def init_status json = client.get("/v1/sys/init") return InitStatus.decode(json) end |
#leader ⇒ LeaderStatus
Determine the leader status for this vault.
20 21 22 23 |
# File 'lib/vault/api/sys/leader.rb', line 20 def leader json = client.get("/v1/sys/leader") return LeaderStatus.decode(json) end |
#mount(path, type, description = nil) ⇒ Object
Create a mount at the given path.
33 34 35 36 37 38 39 |
# File 'lib/vault/api/sys/mount.rb', line 33 def mount(path, type, description = nil) payload = { type: type } payload[:description] = description if !description.nil? client.post("/v1/sys/mounts/#{path}", JSON.fast_generate(payload)) return true end |
#mounts ⇒ Hash<Symbol, Mount>
List all mounts in the vault.
15 16 17 18 19 20 |
# File 'lib/vault/api/sys/mount.rb', line 15 def mounts json = client.get("/v1/sys/mounts") return Hash[*json.map do |k,v| [k.to_s.chomp("/").to_sym, Mount.decode(v)] end.flatten] end |
#policies ⇒ Array<String>
The list of policies in vault.
15 16 17 |
# File 'lib/vault/api/sys/policy.rb', line 15 def policies client.get("/v1/sys/policy")[:policies] end |
#policy(name) ⇒ Policy?
Get the policy by the given name. If a policy does not exist by that name, nil
is returned.
26 27 28 29 30 31 32 |
# File 'lib/vault/api/sys/policy.rb', line 26 def policy(name) json = client.get("/v1/sys/policy/#{name}") return Policy.decode(json) rescue HTTPError => e return nil if e.code == 404 raise end |
#put_policy(name, rules) ⇒ true
Create a new policy with the given name and rules.
It is recommend that you load policy rules from a file:
56 57 58 59 60 61 |
# File 'lib/vault/api/sys/policy.rb', line 56 def put_policy(name, rules) client.put("/v1/sys/policy/#{name}", JSON.fast_generate( rules: rules, )) return true end |
#remount(from, to) ⇒ true
Change the name of the mount
67 68 69 70 71 72 73 |
# File 'lib/vault/api/sys/mount.rb', line 67 def remount(from, to) client.post("/v1/sys/remount", JSON.fast_generate( from: from, to: to, )) return true end |
#renew(id, increment = 0) ⇒ Secret
Renew a lease with the given ID.
15 16 17 18 19 20 |
# File 'lib/vault/api/sys/lease.rb', line 15 def renew(id, increment = 0) json = client.put("/v1/sys/renew/#{id}", JSON.fast_generate( increment: increment, )) return Secret.decode(json) end |
#revoke(id) ⇒ true
Revoke the secret at the given id. If the secret does not exist, an error will be raised.
32 33 34 35 |
# File 'lib/vault/api/sys/lease.rb', line 32 def revoke(id) client.put("/v1/sys/revoke/#{id}", nil) return true end |
#revoke_prefix(id) ⇒ true
Revoke all secrets under the given prefix.
46 47 48 49 |
# File 'lib/vault/api/sys/lease.rb', line 46 def revoke_prefix(id) client.put("/v1/sys/revoke-prefix/#{id}", nil) return true end |
#seal ⇒ true
Seal the vault. Warning: this will seal the vault!
28 29 30 31 |
# File 'lib/vault/api/sys/seal.rb', line 28 def seal client.put("/v1/sys/seal", nil) return true end |
#seal_status ⇒ SealStatus
Get the current seal status.
17 18 19 20 |
# File 'lib/vault/api/sys/seal.rb', line 17 def seal_status json = client.get("/v1/sys/seal-status") return SealStatus.decode(json) end |
#unmount(path) ⇒ true
Unmount the thing at the given path. If the mount does not exist, an error will be raised.
51 52 53 54 |
# File 'lib/vault/api/sys/mount.rb', line 51 def unmount(path) client.delete("/v1/sys/mounts/#{path}") return true end |
#unseal(shard) ⇒ SealStatus
Unseal the vault with the given shard.
42 43 44 45 46 47 |
# File 'lib/vault/api/sys/seal.rb', line 42 def unseal(shard) json = client.put("/v1/sys/unseal", JSON.fast_generate( key: shard, )) return SealStatus.decode(json) end |