config
Fetch the configuration for this kv2
store. Returns a named list of values, the contents of which will depend on the vault version.
Usage:
config(mount = NULL)
Arguments:
custom_mount
Set up a vault_client_kv2
object at a custom mount. For example, suppose you mounted another copy of the kv2
secret backend at /secret2
you might use kv <- vault$secrets$kv2$custom_mount("/secret2")
- this pattern is repeated for other secret and authentication backends.
Usage:
custom_mount(mount)
Arguments:
delete
Delete a secret from the vault. This marks the version as deleted and will stop it from being returned from reads, but the underlying data will not be removed. A delete can be undone using the undelete method.
Usage:
delete(path, version = NULL, mount = NULL)
Arguments:
path
: Path to delete
version
: Optional version to delete. If NULL
(the default) then the latest version of the secret is deleted. Otherwise, version
can be a vector of integer versions to delete.
mount
: Custom mount path to use for this store (see Details
.
destroy
Delete a secret entirely. Unlike delete
this operation is irreversible and is more like the delete
operation on vault_client_kv1
stores.
Usage:
destroy(path, version, mount = NULL)
Arguments:
path
: Path to delete
version
: Version numbers to delete, as a vector of integers (this is required)
mount
: Custom mount path to use for this store (see Details
.
get
Read a secret from the vault
Usage:
get(path, version = NULL, field = NULL, metadata = FALSE,
mount = NULL)
Arguments:
path
: Path of the secret to read
version
: Optional version of the secret to read. If NULL
(the default) then the most recent version is read. Otherwise this must be a scalar integer.
field
: Optional field to read from the secret. Each secret is stored as a key/value set (represented in R as a named list) and this is equivalent to using [[field]]
on the return value. The default, NULL
, returns the full set of values.
metadata
: Logical, indicating if we should return metadata for this secret (lease information etc) as an attribute along with the values itself. Ignored if field
is specified.
mount
: Custom mount path to use for this store (see Details
.
list
List data in the vault at a give path. This can be used to list keys, etc (e.g., at /secret
).
Usage:
list(path, full_names = FALSE, mount = NULL)
Arguments:
path
: The path to list
full_names
: Logical, indicating if full paths (relative to the vault root) should be returned.
mount
: Custom mount path to use for this store (see Details
.
Value:
A character vector (of zero length if no keys are found). Paths that are "directories" (i.e., that contain keys and could themselves be listed) will be returned with a trailing forward slash, e.g. path/
metadata_get
Read secret metadata and versions at the specified path
Usage:
metadata_get(path, mount = NULL)
Arguments:
metadata_put
Update metadata for a secret. This is allowed even if a secret does not yet exist, though this requires the create
vault permission at this path.
Usage:
metadata_put(path, cas_required = NULL, max_versions = NULL, mount = NULL)
Arguments:
path
: Path of secret to update metadata for
cas_required
: Logical, indicating that if If true the key will require the cas parameter to be set on all write requests (see put
). If FALSE
, the backends configuration will be used.
max_versions
: Integer, indicating the maximum number of versions to keep per key. If not set, the backend's configured max version is used. Once a key has more than the configured allowed versions the oldest version will be permanently deleted.
mount
: Custom mount path to use for this store (see Details
.
metadata_delete
This method permanently deletes the key metadata and all version data for the specified key. All version history will be removed.
Usage:
metadata_delete(path, mount = NULL)
Arguments:
put
Create or update a secret in this store.
Usage:
put(path, data, cas = NULL, mount = NULL)
Arguments:
path
: Path for the secret to write, such as /secret/mysecret
data
: A named list of values to write into the vault at this path.
cas
: Integer, indicating the "cas" value to use a "Check-And-Set" operation. If not set the write will be allowed. If set to 0 a write will only be allowed if the key doesn't exist. If the index is non-zero the write will only be allowed if the key's current version matches the version specified in the cas parameter.
mount
: Custom mount path to use for this store (see Details
.
undelete
Undeletes the data for the provided version and path in the key-value store. This restores the data, allowing it to be returned on get requests. This works with data deleted with $delete
but not with $destroy
.
Usage:
undelete(path, version, mount = NULL)
Arguments:
path
: The path to undelete
version
: Integer vector of versions to undelete
mount
: Custom mount path to use for this store (see Details
.