class Vault::AuthTLS

Public Instance Methods

certificate(name) click to toggle source

Get the certificate by the given name. If a certificate does not exist by that name, nil is returned.

@example

Vault.auth_tls.certificate("web") #=> #<Vault::Secret lease_id="...">

@return [Secret, nil]

# File lib/vault/api/auth_tls.rb, line 56
def certificate(name)
  json = client.get("/v1/auth/cert/certs/#{encode_path(name)}")
  return Secret.decode(json)
rescue HTTPError => e
  return nil if e.code == 404
  raise
end
certificates(options = {}) click to toggle source

The list of certificates in vault auth backend.

@example

Vault.auth_tls.certificates #=> ["web"]

@return [Array<String>]

# File lib/vault/api/auth_tls.rb, line 70
def certificates(options = {})
  headers = extract_headers!(options)
  json = client.list("/v1/auth/cert/certs", options, headers)
  return Secret.decode(json).data[:keys] || []
rescue HTTPError => e
  return [] if e.code == 404
  raise
end
delete_certificate(name) click to toggle source

Delete the certificate with the given name. If a certificate does not exist, vault will not return an error.

@example

Vault.auth_tls.delete_certificate("web") #=> true

@param [String] name

the name of the certificate
# File lib/vault/api/auth_tls.rb, line 87
def delete_certificate(name)
  client.delete("/v1/auth/cert/certs/#{encode_path(name)}")
  return true
end
set_certificate(name, options = {}) click to toggle source

Saves a certificate with the given name and attributes. The certificate with the given name must already exist.

@example

Vault.auth_tls.set_certificate("web", {
  display_name: "web-cert",
  certificate:  "-----BEGIN CERTIFICATE...",
  policies:     "default",
  ttl:          3600,
}) #=> true

@param [String] name

the name of the certificate

@param [Hash] options @option options [String] :certificate

The PEM-formatted CA certificate.

@option options [String] :policies

A comma-separated list of policies issued when authenticating with this
CA.

@option options [String] :display_name

The name to display on tokens issued against this CA.

@option options [Fixnum] :ttl

The TTL period of the token, provided as a number of seconds.

@return [true]

# File lib/vault/api/auth_tls.rb, line 43
def set_certificate(name, options = {})
  headers = extract_headers!(options)
  client.post("/v1/auth/cert/certs/#{encode_path(name)}", JSON.fast_generate(options), headers)
  return true
end