vault_client_audit: Vault Audit Devices

Description

Interact with vault's audit devices. For more details, see https://www.vaultproject.io/docs/audit/

Arguments

Methods

list

List active audit devices. Returns a data.frame of names, paths and descriptions of active audit devices. Usage:

list()

enable

This endpoint enables a new audit device at the supplied path. Usage:

enable(type, description = NULL, options = NULL, path = NULL)

Arguments:

type: Name of the audit device to enable
description: Human readable description for this audit device
options: Options to configure the device with. These vary by device. This must be a named list of strings.
path: Path to mount the audit device. By default, type is used as the path.

disable

Disable an audit device Usage:

disable(path)

Arguments:

path: Path of the audit device to remove

hash

The hash method is used to calculate the hash of the data used by an audit device's hash function and salt. This can be used to search audit logs for a hashed value when the original value is known. Usage:

hash(input, device)

Arguments:

input: The input string to hash
device: The path of the audit device

Examples

Run this code

# NOT RUN {
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
  client <- server$client()
  # By default no audit engines are enabled with the testing server
  client$audit$list()

  # Create a file-based audit device on a temporary file:
  path <- tempfile()
  client$audit$enable("file", options = list(file_path = path))
  client$audit$list()

  # Generate some activity on the server:
  client$write("/secret/mysecret", list(key = "value"))

  # The audit logs contain details about the activity - see the
  # vault documentation for details in interpreting this
  readLines(path)

  # cleanup
  server$kill()
  unlink(path)
}
# }

Run the code above in your browser using DataLab