Class: Vault::KV

Inherits:
Request show all
Defined in:
lib/vault/api/kv.rb

Instance Attribute Summary collapse

Attributes inherited from Request

#client

Instance Method Summary collapse

Methods inherited from Request

#inspect, #to_s

Methods included from EncodePath

encode_path

Constructor Details

#initialize(client, mount) ⇒ KV

Returns a new instance of KV.



21
22
23
24
25
# File 'lib/vault/api/kv.rb', line 21

def initialize(client, mount)
  super client

  @mount = mount
end

Instance Attribute Details

#mountObject (readonly)

Returns the value of attribute mount.



19
20
21
# File 'lib/vault/api/kv.rb', line 19

def mount
  @mount
end

Instance Method Details

#delete(path) ⇒ true

Delete the secret at the given path. If the secret does not exist, vault will still return true.

Examples:

Vault.logical.delete("secret/password") #=> true

Parameters:

  • path (String)

    the path to delete

Returns:

  • (true)


138
139
140
141
142
# File 'lib/vault/api/kv.rb', line 138

def delete(path)
  client.delete("/v1/#{mount}/data/#{encode_path(path)}")

  true
end

#delete_versions(path, versions) ⇒ true

Mark specific versions of a secret as deleted.

Examples:

Vault.kv("secret").delete_versions("password", [1, 2])

Parameters:

  • path (String)

    the path to remove versions from

  • versions (Array<Integer>)

    an array of versions to remove

Returns:

  • (true)


155
156
157
158
159
# File 'lib/vault/api/kv.rb', line 155

def delete_versions(path, versions)
  client.post("/v1/#{mount}/delete/#{encode_path(path)}", JSON.fast_generate(versions: versions))

  true
end

#destroy(path) ⇒ true

Completely remove a secret and its metadata.

Examples:

Vault.kv("secret").destroy("password")

Parameters:

  • path (String)

    the path to remove

Returns:

  • (true)


187
188
189
190
191
# File 'lib/vault/api/kv.rb', line 187

def destroy(path)
  client.delete("/v1/#{mount}/metadata/#{encode_path(path)}")

  true
end

#destroy_versions(path, versions) ⇒ true

Completely remove specific versions of a secret.

Examples:

Vault.kv("secret").destroy_versions("password", [1, 2])

Parameters:

  • path (String)

    the path to remove versions from

  • versions (Array<Integer>)

    an array of versions to destroy

Returns:

  • (true)


204
205
206
207
208
# File 'lib/vault/api/kv.rb', line 204

def destroy_versions(path, versions)
  client.post("/v1/#{mount}/destroy/#{encode_path(path)}", JSON.fast_generate(versions: versions))

  true
end

#list(path = "", options = {}) ⇒ Array<String>

List the names of secrets at the given path, if the path supports listing. If the the path does not exist, an empty array will be returned.

Examples:

Vault.kv("secret").list("foo") #=> ["bar", "baz"]

Parameters:

  • path (String) (defaults to: "")

    the path to list

Returns:

  • (Array<String>)


37
38
39
40
41
42
43
44
# File 'lib/vault/api/kv.rb', line 37

def list(path = "", options = {})
  headers = extract_headers!(options)
  json = client.list("/v1/#{mount}/metadata/#{encode_path(path)}", {}, headers)
  json[:data][:keys] || []
rescue HTTPError => e
  return [] if e.code == 404
  raise
end

#read(path, version = nil, options = {}) ⇒ Secret?

Read the secret at the given path. If the secret does not exist, nil will be returned. The latest version is returned by default, but you can request a specific version.

Examples:

Vault.kv("secret").read("password") #=> #<Vault::Secret lease_id="">

Parameters:

  • path (String)

    the path to read

  • version (Integer) (defaults to: nil)

    the version of the secret

Returns:



59
60
61
62
63
64
65
66
67
68
69
# File 'lib/vault/api/kv.rb', line 59

def read(path, version = nil, options = {})
  headers = extract_headers!(options)
  params  = {}
  params[:version] = version unless version.nil?

  json = client.get("/v1/#{mount}/data/#{encode_path(path)}", params, headers)
  return Secret.decode(json[:data])
rescue HTTPError => e
  return nil if e.code == 404
  raise
end

#read_metadata(path) ⇒ Hash?

Read the metadata of a secret at the given path. If the secret does not exist, nil will be returned.

Examples:

Vault.kv("secret").read_metadata("password") => {...}

Parameters:

  • path (String)

    the path to read

Returns:

  • (Hash, nil)


81
82
83
84
85
86
# File 'lib/vault/api/kv.rb', line 81

def (path)
  client.get("/v1/#{mount}/metadata/#{encode_path(path)}")[:data]
rescue HTTPError => e
  return nil if e.code == 404
  raise
end

#undelete_versions(path, versions) ⇒ true

Mark specific versions of a secret as active.

Examples:

Vault.kv("secret").undelete_versions("password", [1, 2])

Parameters:

  • path (String)

    the path to enable versions for

  • versions (Array<Integer>)

    an array of versions to mark as undeleted

Returns:

  • (true)


172
173
174
175
176
# File 'lib/vault/api/kv.rb', line 172

def undelete_versions(path, versions)
  client.post("/v1/#{mount}/undelete/#{encode_path(path)}", JSON.fast_generate(versions: versions))

  true
end

#write(path, data = {}, options = {}) ⇒ Secret

Write the secret at the given path with the given data. Note that the data must be a Hash!

Examples:

Vault.logical.write("secret/password", value: "secret") #=> #<Vault::Secret lease_id="">

Parameters:

  • path (String)

    the path to write

  • data (Hash) (defaults to: {})

    the data to write

Returns:



100
101
102
103
104
105
106
107
108
# File 'lib/vault/api/kv.rb', line 100

def write(path, data = {}, options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/#{mount}/data/#{encode_path(path)}", JSON.fast_generate(:data => data), headers)
  if json.nil?
    return true
  else
    return Secret.decode(json)
  end
end

#write_metadata(path, metadata = {}) ⇒ true

Write the metadata of a secret at the given path. Note that the data must be a Hash.

Examples:

Vault.kv("secret").("password", max_versions => 3)

Parameters:

  • path (String)

    the path to write

  • metadata (Hash) (defaults to: {})

    the metadata to write

Returns:

  • (true)


122
123
124
125
126
# File 'lib/vault/api/kv.rb', line 122

def (path,  = {})
  client.post("/v1/#{mount}/metadata/#{encode_path(path)}", JSON.fast_generate())

  true
end