vault_client_kv1: Key-Value Store (Version 1)

Description

Interact with vault's version 1 key-value store. This is useful for storing simple key-value data without versioning or metadata (see vault_client_kv2 for a richer key-value store).

Arguments

Methods

read

Read a value from the vault. This can be used to read any value that you have permission to read in this store. Usage:

read(path, field = NULL, metadata = FALSE)

Arguments:

path: Path for the secret to read, such as /secret/mysecret
field: Optional field to read from the secret. Each secret is stored as a key/value set (represented in R as a named list) and this is equivalent to using [[field]] on the return value. The default, NULL, returns the full set of values.
metadata: Logical, indicating if we should return metadata for this secret (lease information etc) as an attribute along with the values itself. Ignored if field is specified.

write

Write data into the vault. This can be used to write any value that you have permission to write in this store. Usage:

write(path, data)

Arguments:

path: Path for the secret to write, such as /secret/mysecret
data: A named list of values to write into the vault at this path. This replaces any existing values.

list

List data in the vault at a give path. This can be used to list keys, etc (e.g., at /secret). Usage:

list(path, full_names = FALSE)

Arguments:

path: The path to list
full_names: Logical, indicating if full paths (relative to the vault root) should be returned.

Value: A character vector (of zero length if no keys are found). Paths that are "directories" (i.e., that contain keys and could themselves be listed) will be returned with a trailing forward slash, e.g. path/

delete

Delete a value from the vault Usage:

delete(path)

Arguments:

path: The path to delete

custom_mount

Set up a vault_client_kv1 object at a custom mount. For example, suppose you mounted another copy of the kv1 secret backend at /secret2 you might use kv <- vault$secrets$kv1$custom_mount("/secret2") - this pattern is repeated for other secret and authentication backends. Usage:

custom_mount(mount)

Arguments:

mount: String, indicating the path that the engine is mounted at.

Details

Up to vault version 0.12.0 this was mounted by default at /secret. It can be accessed from vault with either the $read, $write, $list and $delete methods on the main vault_client object or by the $kv1 member of the secrets member of the main vault client.

Examples

Run this code

# NOT RUN {
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
  client <- server$client()

  # Write secrets
  client$secrets$kv1$write("/secret/path/mysecret", list(key = "value"))

  # List secrets - note the trailing "/" indicates a folder
  client$secrets$kv1$list("/secret")
  client$secrets$kv1$list("/secret/path")

  # Read secrets
  client$secrets$kv1$read("/secret/path/mysecret")
  client$secrets$kv1$read("/secret/path/mysecret", field = "key")

  # Delete secrets
  client$secrets$kv1$delete("/secret/path/mysecret")
  client$secrets$kv1$read("/secret/path/mysecret")

  # cleanup
  server$kill()
}
# }

Run the code above in your browser using DataLab