Class: Vault::Logical
Instance Attribute Summary
Attributes inherited from Request
Instance Method Summary collapse
-
#delete(path) ⇒ true
Delete the secret at the given path.
-
#list(path, options = {}) ⇒ Array<String>
List the secrets at the given path, if the path supports listing.
-
#read(path, options = {}) ⇒ Secret?
Read the secret at the given path.
-
#unwrap(wrapper) ⇒ Secret?
Unwrap the data stored against the given token.
-
#unwrap_token(wrapper) ⇒ String?
Unwrap a token in a wrapped response given the temporary token.
-
#write(path, data = {}, options = {}) ⇒ Secret
Write the secret at the given path with the given data.
Methods inherited from Request
Methods included from EncodePath
Constructor Details
This class inherits a constructor from Vault::Request
Instance Method Details
#delete(path) ⇒ true
Delete the secret at the given path. If the secret does not exist, vault will still return true.
89 90 91 92 |
# File 'lib/vault/api/logical.rb', line 89 def delete(path) client.delete("/v1/#{encode_path(path)}") return true end |
#list(path, options = {}) ⇒ Array<String>
List the secrets at the given path, if the path supports listing. If the the path does not exist, an exception will be raised.
29 30 31 32 33 34 35 36 |
# File 'lib/vault/api/logical.rb', line 29 def list(path, = {}) headers = extract_headers!() json = client.list("/v1/#{encode_path(path)}", {}, headers) json[:data][:keys] || [] rescue HTTPError => e return [] if e.code == 404 raise end |
#read(path, options = {}) ⇒ Secret?
Read the secret at the given path. If the secret does not exist, nil
will be returned.
48 49 50 51 52 53 54 55 |
# File 'lib/vault/api/logical.rb', line 48 def read(path, = {}) headers = extract_headers!() json = client.get("/v1/#{encode_path(path)}", {}, headers) return Secret.decode(json) rescue HTTPError => e return nil if e.code == 404 raise end |
#unwrap(wrapper) ⇒ Secret?
Unwrap the data stored against the given token. If the secret does not exist, ‘nil` will be returned.
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
# File 'lib/vault/api/logical.rb', line 104 def unwrap(wrapper) client.with_token(wrapper) do |client| json = client.get("/v1/cubbyhole/response") secret = Secret.decode(json) # If there is nothing in the cubbyhole, return early. if secret.nil? || secret.data.nil? || secret.data[:response].nil? return nil end # Extract the response and parse it into a new secret. json = JSON.parse(secret.data[:response], symbolize_names: true) secret = Secret.decode(json) return secret end rescue HTTPError => e return nil if e.code == 404 raise end |
#unwrap_token(wrapper) ⇒ String?
Unwrap a token in a wrapped response given the temporary token.
133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 |
# File 'lib/vault/api/logical.rb', line 133 def unwrap_token(wrapper) # If provided a secret, grab the token. This is really just to make the # API a bit nicer. if wrapper.is_a?(Secret) wrapper = wrapper.wrap_info.token end # Unwrap response = unwrap(wrapper) # If nothing was there, return nil if response.nil? || response.auth.nil? return nil end return response.auth.client_token rescue HTTPError => e raise end |
#write(path, data = {}, options = {}) ⇒ Secret
Write the secret at the given path with the given data. Note that the data must be a Hash!
69 70 71 72 73 74 75 76 77 |
# File 'lib/vault/api/logical.rb', line 69 def write(path, data = {}, = {}) headers = extract_headers!() json = client.put("/v1/#{encode_path(path)}", JSON.fast_generate(data), headers) if json.nil? return true else return Secret.decode(json) end end |