class Vault::AuthToken

Public Instance Methods

accessors(options = {}) click to toggle source

Lists all token accessors.

@example Listing token accessors

result = Vault.auth_token.accessors #=> #<Vault::Secret>
result.data[:keys] #=> ["476ea048-ded5-4d07-eeea-938c6b4e43ec", "bb00c093-b7d3-b0e9-69cc-c4d85081165b"]

@return [Array<Secret>]

# File lib/vault/api/auth_token.rb, line 25
def accessors(options = {})
  headers = extract_headers!(options)
  json = client.list("/v1/auth/token/accessors", options, headers)
  return Secret.decode(json)
end
create(options = {}) click to toggle source

Create an authentication token. Note that the parameters specified below are not validated and passed directly to the Vault server. Depending on the version of Vault in operation, some of these options may not work, and newer options may be available that are not listed here.

@example Creating a token

Vault.auth_token.create #=> #<Vault::Secret lease_id="">

@example Creating a token assigned to policies with a wrap TTL

Vault.auth_token.create(
  policies: ["myapp"],
  wrap_ttl: 500,
)

@param [Hash] options @option options [String] :id

The ID of the client token - this can only be specified for root tokens

@option options [Array<String>] :policies

List of policies to apply to the token

@option options [Fixnum, String] :wrap_ttl

The number of seconds or a golang-formatted timestamp like "5s" or "10m"
for the TTL on the wrapped response

@option options [Hash<String, String>] :meta

A map of metadata that is passed to audit backends

@option options [Boolean] :no_parent

Create a token without a parent - see also {#create_orphan}

@option options [Boolean] :no_default_policy

Create a token without the default policy attached

@option options [Boolean] :renewable

Set whether this token is renewable or not

@option options [String] :display_name

Name of the token

@option options [Fixnum] :num_uses

Maximum number of uses for the token

@return [Secret]

# File lib/vault/api/auth_token.rb, line 67
def create(options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/create", JSON.fast_generate(options), headers)
  return Secret.decode(json)
end
create_orphan(options = {}) click to toggle source

Create an orphaned authentication token.

@example

Vault.auth_token.create_orphan #=> #<Vault::Secret lease_id="">

@param (see create) @option (see create)

@return [Secret]

# File lib/vault/api/auth_token.rb, line 82
def create_orphan(options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/create-orphan", JSON.fast_generate(options), headers)
  return Secret.decode(json)
end
create_with_role(name, options = {}) click to toggle source

Create an orphaned authentication token.

@example

Vault.auth_token.create_with_role("developer") #=> #<Vault::Secret lease_id="">

@param [Hash] options

@return [Secret]

# File lib/vault/api/auth_token.rb, line 96
def create_with_role(name, options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/create/#{encode_path(name)}", JSON.fast_generate(options), headers)
  return Secret.decode(json)
end
lookup(token, options = {}) click to toggle source

Lookup information about the current token.

@example

Vault.auth_token.lookup("abcd-...") #=> #<Vault::Secret lease_id="">

@param [String] token @param [Hash] options

@return [Secret]

# File lib/vault/api/auth_token.rb, line 111
def lookup(token, options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/lookup", JSON.fast_generate(
    token: token,
  ), headers)
  return Secret.decode(json)
end
lookup_accessor(accessor, options = {}) click to toggle source

Lookup information about the given token accessor.

@example

Vault.auth_token.lookup_accessor("acbd-...") #=> #<Vault::Secret lease_id="">

@param [String] accessor @param [Hash] options

# File lib/vault/api/auth_token.rb, line 126
def lookup_accessor(accessor, options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/lookup-accessor", JSON.fast_generate(
    accessor: accessor,
  ), headers)
  return Secret.decode(json)
end
lookup_self() click to toggle source

Lookup information about the given token.

@example

Vault.auth_token.lookup_self #=> #<Vault::Secret lease_id="">

@return [Secret]

# File lib/vault/api/auth_token.rb, line 140
def lookup_self
  json = client.get("/v1/auth/token/lookup-self")
  return Secret.decode(json)
end
renew(token, increment = 0, options = {}) click to toggle source

Renew the given authentication token.

@example

Vault.auth_token.renew("abcd-1234") #=> #<Vault::Secret lease_id="">

@param [String] token

the auth token

@param [Fixnum] increment

@return [Secret]

# File lib/vault/api/auth_token.rb, line 155
def renew(token, increment = 0, options = {})
  headers = extract_headers!(options)
  json = client.put("/v1/auth/token/renew", JSON.fast_generate(
    token: token,
    increment: increment,
  ), headers)
  return Secret.decode(json)
end
renew_self(increment = 0, options = {}) click to toggle source

Renews a lease associated with the calling token.

@example

Vault.auth_token.renew_self #=> #<Vault::Secret lease_id="">

@param [Fixnum] increment

@return [Secret]

# File lib/vault/api/auth_token.rb, line 172
def renew_self(increment = 0, options = {})
  headers = extract_headers!(options)
  json = client.put("/v1/auth/token/renew-self", JSON.fast_generate(
    increment: increment,
  ), headers)
  return Secret.decode(json)
end
revoke(token, options = {}) click to toggle source

Revoke the token and all its children.

@example

Vault.auth_token.revoke("abcd-1234") #=> true

@param [String] token

the auth token

@return [true]

# File lib/vault/api/auth_token.rb, line 233
def revoke(token, options = {})
  headers = extract_headers!(options)
  client.put("/v1/auth/token/revoke", JSON.fast_generate(
    token: token,
  ), headers)
  return true
end
Also aliased as: revoke_tree
revoke_accessor(accessor, options = {}) click to toggle source

Revoke exactly the orphans at the id.

@example

Vault.auth_token.revoke_accessor("abcd-1234") #=> true

@param [String] accessor

the accessor to revoke

@return [true]

# File lib/vault/api/auth_token.rb, line 216
def revoke_accessor(accessor, options = {})
  headers = extract_headers!(options)
  client.put("/v1/auth/token/revoke-accessor", JSON.fast_generate(
    accessor: accessor,
  ), headers)
  return true
end
revoke_orphan(token, options = {}) click to toggle source

Revoke exactly the orphans at the id.

@example

Vault.auth_token.revoke_orphan("abcd-1234") #=> true

@param [String] token

the token to revoke

@return [true]

# File lib/vault/api/auth_token.rb, line 199
def revoke_orphan(token, options = {})
  headers = extract_headers!(options)
  client.put("/v1/auth/token/revoke-orphan", JSON.fast_generate(
    token: token,
  ), headers)
  return true
end
revoke_self() click to toggle source

Revokes the token used to call it.

@example

Vault.auth_token.revoke_self #=> 204

@return response code.

# File lib/vault/api/auth_token.rb, line 186
def revoke_self
  client.post("/v1/auth/token/revoke-self")
end
revoke_tree(token, options = {})
Alias for: revoke