Inherited methods
Method new()
Create a new vault client. Not typically called
directly, but via the vault_client
method.
Usage
vault_client_$new(addr, tls_config, namespace)
Arguments
addr
The vault address, including protocol and port
tls_config
The TLS config, if used
namespace
The namespace, if used
Method api()
Returns an api client object that can be used to
directly interact with the vault server.
Usage
vault_client_$api()
Method read()
Read a value from the vault. This can be used to
read any value that you have permission to read, and can also
be used as an interface to a version 1 key-value store (see
vault_client_kv1. Similar to the vault CLI command
vault read
.
Usage
vault_client_$read(path, field = NULL, metadata = FALSE)
Arguments
path
Path for the secret to read, such as
/secret/mysecret
field
Optional field to read from the secret. Each
secret is stored as a key/value set (represented in R as a
named list) and this is equivalent to using [[field]]
on
the return value. The default, NULL
, returns the full set
of values.
metadata
Logical, indicating if we should return
metadata for this secret (lease information etc) as an
attribute along with the values itself. Ignored if field
is specified.
Write data into the vault. This can be used to
write any value that you have permission to write, and can
also be used as an interface to a version 1 key-value store
(see vault_client_kv1. Similar to the vault CLI
command vault write
.
Usage
vault_client_$write(path, data)
Arguments
path
Path for the secret to write, such as
/secret/mysecret
data
A named list of values to write into the vault at
this path. This replaces any existing values.
Method delete()
Delete a value from the vault
Usage
vault_client_$delete(path)
Arguments
path
The path to delete
List data in the vault at a given path. This can
be used to list keys, etc (e.g., at /secret
).
Usage
vault_client_$list(path, full_names = FALSE)
Arguments
path
The path to list
full_names
Logical, indicating if full paths (relative
to the vault root) should be returned.
Returns
A character vector (of zero length if no keys are
found). Paths that are "directories" (i.e., that contain
keys and could themselves be listed) will be returned with a
trailing forward slash, e.g. path/
Method login()
Login to the vault. This method is more
complicated than most.
Usage
vault_client_$login(
...,
method = "token",
mount = NULL,
renew = FALSE,
quiet = FALSE,
token_only = FALSE,
use_cache = TRUE
)
Arguments
...
Additional named parameters passed through to the
underlying method
method
Authentication method to use, as a string.
Supported values include token
(the default), github
,
approle
, ldap
, and userpass
.
mount
The mount path for the authentication backend, if
it has been mounted in a nonstandard location. If not
given, then it is assumed that the backend was mounted at a
path corresponding to the method name.
renew
Login, even if we appear to hold a valid token.
If FALSE
and we have a token then login
does nothing.
quiet
Suppress some informational messages
token_only
Logical, indicating that we do not want to
actually log in, but instead just generate a token and return
that. IF given then renew
is ignored and we always
generate a new token.
use_cache
Logical, indicating if we should look in the
session cache for a token for this client. If this is TRUE
then when we log in we save a copy of the token for this
session and any subsequent calls to login
at this vault
address that use use_cache = TRUE
will be able to use this
token. Using cached tokens will make using some
authentication backends that require authentication with
external resources (e.g., github
) much faster.
Method status()
Return the status of the vault server, including
whether it is sealed or not, and the vault server version.
Usage
vault_client_$status()
Method unwrap()
Returns the original response inside the given
wrapping token. The vault endpoints used by this method
perform validation checks on the token, returns the original
value on the wire rather than a JSON string representation of
it, and ensures that the response is properly audit-logged.
Usage
vault_client_$unwrap(token)
Arguments
token
Specifies the wrapping token ID
Method wrap_lookup()
Look up properties of a wrapping token.
Usage
vault_client_$wrap_lookup(token)
Arguments
token
Specifies the wrapping token ID to lookup