Module: Vault::Defaults

Defined in:
lib/vault/defaults.rb

Constant Summary collapse

VAULT_ADDRESS =

The default vault address.

Returns:

  • (String) 
"https://127.0.0.1:8200".freeze
DEFAULT_VAULT_DISK_TOKEN =

The default path to the vault token on disk.

Returns:

  • (String) 
Pathname.new("#{ENV["HOME"]}/.vault-token").expand_path.freeze
SSL_CIPHERS =

The list of SSL ciphers to allow. You should not change this value unless you absolutely know what you are doing!

Returns:

  • (String) 
"TLSv1.2:!aNULL:!eNULL".freeze
RETRY_ATTEMPTS =

The default number of attempts.

Returns:

  • (Fixnum) 
2
RETRY_BASE =

The default backoff interval.

Returns:

  • (Fixnum) 
0.05
RETRY_MAX_WAIT =

The maximum amount of time for a single exponential backoff to sleep.

2.0
DEFAULT_POOL_SIZE =

The default size of the connection pool

16
DEFAULT_POOL_TIMEOUT =

The default timeout in seconds for retrieving a connection from the connection pool

0.5
RETRIED_EXCEPTIONS =

The set of exceptions that are detect and retried by default with ‘with_retries`

[HTTPServerError, MissingRequiredStateError]

Class Method Summary collapse

Class Method Details

.addressString

The address to communicate with Vault.

Returns:

  • (String) 


52
53
54
 
# File 'lib/vault/defaults.rb', line 52

def address
  ENV["VAULT_ADDR"] || VAULT_ADDRESS
end

.fetch_from_disk(env_var) ⇒ Object 



62
63
64
65
66
67
 
# File 'lib/vault/defaults.rb', line 62

def fetch_from_disk(env_var)
  path = ENV[env_var] ? Pathname.new(ENV[env_var]) : DEFAULT_VAULT_DISK_TOKEN
  if path.exist? && path.readable?
    path.read.chomp
  end
end

.hostnameString?

The SNI host to use when connecting to Vault via TLS.

Returns:

  • (String, nil) 


77
78
79
 
# File 'lib/vault/defaults.rb', line 77

def hostname
  ENV["VAULT_TLS_SERVER_NAME"]
end

.namespaceString?

Vault Namespace, if any.

Returns:

  • (String, nil) 


71
72
73
 
# File 'lib/vault/defaults.rb', line 71

def namespace
  ENV["VAULT_NAMESPACE"]
end

.open_timeoutString?

The number of seconds to wait when trying to open a connection before timing out

Returns:

  • (String, nil) 


84
85
86
 
# File 'lib/vault/defaults.rb', line 84

def open_timeout
  ENV["VAULT_OPEN_TIMEOUT"]
end

.optionsHash

The list of calculated options for this configurable.

Returns:

  • (Hash) 


46
47
48
 
# File 'lib/vault/defaults.rb', line 46

def options
  Hash[*Configurable.keys.map { |key| [key, public_send(key)] }.flatten]
end

.pool_sizeObject

The size of the connection pool to communicate with Vault

Returns:

  • Integer



90
91
92
93
94
95
96
 
# File 'lib/vault/defaults.rb', line 90

def pool_size
  if var = ENV["VAULT_POOL_SIZE"]
    var.to_i
  else
    DEFAULT_POOL_SIZE
  end
end

.pool_timeoutObject

The timeout for getting a connection from the connection pool that communicates with Vault

Returns:

  • Float



100
101
102
103
104
105
106
 
# File 'lib/vault/defaults.rb', line 100

def pool_timeout
  if var = ENV["VAULT_POOL_TIMEOUT"]
    var.to_f
  else
    DEFAULT_POOL_TIMEOUT
  end
end

.proxy_addressString?

The HTTP Proxy server address as a string

Returns:

  • (String, nil) 


110
111
112
 
# File 'lib/vault/defaults.rb', line 110

def proxy_address
  ENV["VAULT_PROXY_ADDRESS"]
end

.proxy_passwordString?

The HTTP Proxy user password as a string

Returns:

  • (String, nil) 


122
123
124
 
# File 'lib/vault/defaults.rb', line 122

def proxy_password
  ENV["VAULT_PROXY_PASSWORD"]
end

.proxy_portString?

The HTTP Proxy server port as a string

Returns:

  • (String, nil) 


128
129
130
 
# File 'lib/vault/defaults.rb', line 128

def proxy_port
  ENV["VAULT_PROXY_PORT"]
end

.proxy_usernameString?

The HTTP Proxy server username as a string

Returns:

  • (String, nil) 


116
117
118
 
# File 'lib/vault/defaults.rb', line 116

def proxy_username
  ENV["VAULT_PROXY_USERNAME"]
end

.read_timeoutString?

The number of seconds to wait when reading a response before timing out

Returns:

  • (String, nil) 


134
135
136
 
# File 'lib/vault/defaults.rb', line 134

def read_timeout
  ENV["VAULT_READ_TIMEOUT"]
end

.ssl_ca_certString?

The path to the CA cert on disk to use for certificate verification

Returns:

  • (String, nil) 


172
173
174
 
# File 'lib/vault/defaults.rb', line 172

def ssl_ca_cert
  ENV["VAULT_CACERT"]
end

.ssl_ca_pathString?

The path to the directory on disk holding CA certs to use for certificate verification

Returns:

  • (String, nil) 


185
186
187
 
# File 'lib/vault/defaults.rb', line 185

def ssl_ca_path
  ENV["VAULT_CAPATH"]
end

.ssl_cert_storeOpenSSL::X509::Store?

The CA cert store to use for certificate verification

Returns:

  • (OpenSSL::X509::Store, nil) 


178
179
180
 
# File 'lib/vault/defaults.rb', line 178

def ssl_cert_store
  nil
end

.ssl_ciphersString

The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing

Returns:

  • (String) 


142
143
144
 
# File 'lib/vault/defaults.rb', line 142

def ssl_ciphers
  ENV["VAULT_SSL_CIPHERS"] || SSL_CIPHERS
end

.ssl_pem_contentsString?

The raw contents (as a string) for the pem file. To specify the path to the pem file, use #ssl_pem_file instead. This value is preferred over the value for #ssl_pem_file, if set.

Returns:

  • (String, nil) 


150
151
152
153
154
155
156
 
# File 'lib/vault/defaults.rb', line 150

def ssl_pem_contents
  if ENV["VAULT_SSL_PEM_CONTENTS_BASE64"]
    Base64.decode64(ENV["VAULT_SSL_PEM_CONTENTS_BASE64"])
  else
    ENV["VAULT_SSL_PEM_CONTENTS"]
  end
end

.ssl_pem_fileString?

The path to a pem on disk to use with custom SSL verification

Returns:

  • (String, nil) 


160
161
162
 
# File 'lib/vault/defaults.rb', line 160

def ssl_pem_file
  ENV["VAULT_SSL_CERT"] || ENV["VAULT_SSL_PEM_FILE"]
end

.ssl_pem_passphraseString?

Passphrase to the pem file on disk to use with custom SSL verification

Returns:

  • (String, nil) 


166
167
168
 
# File 'lib/vault/defaults.rb', line 166

def ssl_pem_passphrase
  ENV["VAULT_SSL_CERT_PASSPHRASE"]
end

.ssl_timeoutString?

The number of seconds to wait for connecting and verifying SSL

Returns:

  • (String, nil) 


206
207
208
 
# File 'lib/vault/defaults.rb', line 206

def ssl_timeout
  ENV["VAULT_SSL_TIMEOUT"]
end

.ssl_verifytrue, false

Verify SSL requests (default: true)

Returns:

  • (true, false) 


191
192
193
194
195
196
197
198
199
200
201
202
 
# File 'lib/vault/defaults.rb', line 191

def ssl_verify
  # Vault CLI uses this envvar, so accept it by precedence
  if !ENV["VAULT_SKIP_VERIFY"].nil?
    return false
  end

  if ENV["VAULT_SSL_VERIFY"].nil?
    true
  else
    %w[t y].include?(ENV["VAULT_SSL_VERIFY"].downcase[0])
  end
end

.timeoutString?

A default meta-attribute to set all timeout values - individually set timeout values will take precedence

Returns:

  • (String, nil) 


213
214
215
 
# File 'lib/vault/defaults.rb', line 213

def timeout
  ENV["VAULT_TIMEOUT"]
end

.tokenString?

The vault token to use for authentiation.

Returns:

  • (String, nil) 


58
59
60
 
# File 'lib/vault/defaults.rb', line 58

def token
  ENV["VAULT_TOKEN"] || fetch_from_disk("VAULT_TOKEN_FILE")
end