api
Returns an api client object that can be used to directly interact with the vault server.
Usage:
api()
read
Read a value from the vault. This can be used to read any value that you have permission to read, and can also be used as an interface to a version 1 key-value store (see vault_client_kv1
. Similar to the vault CLI command vault read
.
Usage:
read(path, field = NULL, metadata = FALSE)
Arguments:
path
: Path for the secret to read, such as /secret/mysecret
field
: Optional field to read from the secret. Each secret is stored as a key/value set (represented in R as a named list) and this is equivalent to using [[field]]
on the return value. The default, NULL
, returns the full set of values.
metadata
: Logical, indicating if we should return metadata for this secret (lease information etc) as an attribute along with the values itself. Ignored if field
is specified.
write
Write data into the vault. This can be used to write any value that you have permission to write, and can also be used as an interface to a version 1 key-value store (see vault_client_kv1
. Similar to the vault CLI command vault write
.
Usage:
write(path, data)
Arguments:
path
: Path for the secret to write, such as /secret/mysecret
data
: A named list of values to write into the vault at this path. This replaces any existing values.
list
List data in the vault at a given path. This can be used to list keys, etc (e.g., at /secret
).
Usage:
list(path, full_names = FALSE)
Arguments:
Value:
A character vector (of zero length if no keys are found). Paths that are "directories" (i.e., that contain keys and could themselves be listed) will be returned with a trailing forward slash, e.g. path/
delete
Delete a value from the vault
Usage:
delete(path)
Arguments:
login
Login to the vault. This method is more complicated than most.
Usage:
login(..., method = "token", mount = NULL, renew = FALSE,
quiet = FALSE, token_only = FALSE, use_cache = TRUE)
Arguments:
...
: Additional named parameters passed through to the underlying method
method
: Authentication method to use, as a string. Supported values include token
(the default), github
, approle
and userpass
.
mount
: The mount path for the authentication backend, if it has been mounted in a nonstandard location. If not given, then it is assumed that the backend was mounted at a path corresponding to the method name.
renew
: Login, even if we appear to hold a valid token. If FALSE
and we have a token then login
does nothing.
quiet
: Suppress some informational messages
token_only
: Logical, indicating that we do not want to actually log in, but instead just generate a token and return that. IF given then renew
is ignored and we always generate a new token.
use_cache
: Logical, indicating if we should look in the session cache for a token for this client. If this is TRUE
then when we log in we save a copy of the token for this session and any subsequent calls to login
at this vault address that use use_cache = TRUE
will be able to use this token. Using cached tokens will make using some authentication backends that require authentication with external resources (e.g., github
) much faster.
status
Return the status of the vault server, including whether it is sealed or not, and the vault server version.
Usage:
status()
unwrap
Returns the original response inside the given wrapping token. The vault endpoints used by this method perform validation checks on the token, returns the original value on the wire rather than a JSON string representation of it, and ensures that the response is properly audit-logged.
Usage:
unwrap(token)
Arguments:
wrap_lookup
Look up properties of a wrapping token.
Usage:
wrap_lookup(token)
Arguments: