module Vault::Defaults

Constants

DEFAULT_POOL_SIZE

The default size of the connection pool

RETRIED_EXCEPTIONS

The set of exceptions that are detect and retried by default with `with_retries`

RETRY_ATTEMPTS

The default number of attempts. @return [Fixnum]

RETRY_BASE

The default backoff interval. @return [Fixnum]

RETRY_MAX_WAIT

The maximum amount of time for a single exponential backoff to sleep.

SSL_CIPHERS

The list of SSL ciphers to allow. You should not change this value unless you absolutely know what you are doing! @return [String]

VAULT_ADDRESS

The default vault address. @return [String]

VAULT_DISK_TOKEN

The path to the vault token on disk. @return [String]

Public Class Methods

address() click to toggle source

The address to communicate with Vault. @return [String]

# File lib/vault/defaults.rb, line 46
def address
  ENV["VAULT_ADDR"] || VAULT_ADDRESS
end
hostname() click to toggle source

The SNI host to use when connecting to Vault via TLS. @return [String, nil]

# File lib/vault/defaults.rb, line 73
def hostname
  ENV["VAULT_TLS_SERVER_NAME"]
end
namespace() click to toggle source

Vault Namespace, if any. @return [String, nil]

# File lib/vault/defaults.rb, line 67
def namespace
  ENV["VAULT_NAMESPACE"]
end
open_timeout() click to toggle source

The number of seconds to wait when trying to open a connection before timing out @return [String, nil]

# File lib/vault/defaults.rb, line 80
def open_timeout
  ENV["VAULT_OPEN_TIMEOUT"]
end
options() click to toggle source

The list of calculated options for this configurable. @return [Hash]

# File lib/vault/defaults.rb, line 40
def options
  Hash[*Configurable.keys.map { |key| [key, public_send(key)] }.flatten]
end
pool_size() click to toggle source

The size of the connection pool to communicate with Vault @return Integer

# File lib/vault/defaults.rb, line 86
def pool_size
  if var = ENV["VAULT_POOL_SIZE"]
    return var.to_i
  else
    DEFAULT_POOL_SIZE
  end
end
proxy_address() click to toggle source

The HTTP Proxy server address as a string @return [String, nil]

# File lib/vault/defaults.rb, line 96
def proxy_address
  ENV["VAULT_PROXY_ADDRESS"]
end
proxy_password() click to toggle source

The HTTP Proxy user password as a string @return [String, nil]

# File lib/vault/defaults.rb, line 108
def proxy_password
  ENV["VAULT_PROXY_PASSWORD"]
end
proxy_port() click to toggle source

The HTTP Proxy server port as a string @return [String, nil]

# File lib/vault/defaults.rb, line 114
def proxy_port
  ENV["VAULT_PROXY_PORT"]
end
proxy_username() click to toggle source

The HTTP Proxy server username as a string @return [String, nil]

# File lib/vault/defaults.rb, line 102
def proxy_username
  ENV["VAULT_PROXY_USERNAME"]
end
read_timeout() click to toggle source

The number of seconds to wait when reading a response before timing out @return [String, nil]

# File lib/vault/defaults.rb, line 120
def read_timeout
  ENV["VAULT_READ_TIMEOUT"]
end
ssl_ca_cert() click to toggle source

The path to the CA cert on disk to use for certificate verification @return [String, nil]

# File lib/vault/defaults.rb, line 158
def ssl_ca_cert
  ENV["VAULT_CACERT"]
end
ssl_ca_path() click to toggle source

The path to the directory on disk holding CA certs to use for certificate verification @return [String, nil]

# File lib/vault/defaults.rb, line 171
def ssl_ca_path
  ENV["VAULT_CAPATH"]
end
ssl_cert_store() click to toggle source

The CA cert store to use for certificate verification @return [OpenSSL::X509::Store, nil]

# File lib/vault/defaults.rb, line 164
def ssl_cert_store
  nil
end
ssl_ciphers() click to toggle source

The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing @return [String]

# File lib/vault/defaults.rb, line 128
def ssl_ciphers
  ENV["VAULT_SSL_CIPHERS"] || SSL_CIPHERS
end
ssl_pem_contents() click to toggle source

The raw contents (as a string) for the pem file. To specify the path to the pem file, use {#ssl_pem_file} instead. This value is preferred over the value for {#ssl_pem_file}, if set. @return [String, nil]

# File lib/vault/defaults.rb, line 136
def ssl_pem_contents
  if ENV["VAULT_SSL_PEM_CONTENTS_BASE64"]
    Base64.decode64(ENV["VAULT_SSL_PEM_CONTENTS_BASE64"])
  else
    ENV["VAULT_SSL_PEM_CONTENTS"]
  end
end
ssl_pem_file() click to toggle source

The path to a pem on disk to use with custom SSL verification @return [String, nil]

# File lib/vault/defaults.rb, line 146
def ssl_pem_file
  ENV["VAULT_SSL_CERT"] || ENV["VAULT_SSL_PEM_FILE"]
end
ssl_pem_passphrase() click to toggle source

Passphrase to the pem file on disk to use with custom SSL verification @return [String, nil]

# File lib/vault/defaults.rb, line 152
def ssl_pem_passphrase
  ENV["VAULT_SSL_CERT_PASSPHRASE"]
end
ssl_timeout() click to toggle source

The number of seconds to wait for connecting and verifying SSL @return [String, nil]

# File lib/vault/defaults.rb, line 192
def ssl_timeout
  ENV["VAULT_SSL_TIMEOUT"]
end
ssl_verify() click to toggle source

Verify SSL requests (default: true) @return [true, false]

# File lib/vault/defaults.rb, line 177
def ssl_verify
  # Vault CLI uses this envvar, so accept it by precedence
  if !ENV["VAULT_SKIP_VERIFY"].nil?
    return false
  end

  if ENV["VAULT_SSL_VERIFY"].nil?
    true
  else
    %w[t y].include?(ENV["VAULT_SSL_VERIFY"].downcase[0])
  end
end
timeout() click to toggle source

A default meta-attribute to set all timeout values - individually set timeout values will take precedence @return [String, nil]

# File lib/vault/defaults.rb, line 199
def timeout
  ENV["VAULT_TIMEOUT"]
end
token() click to toggle source

The vault token to use for authentiation. @return [String, nil]

# File lib/vault/defaults.rb, line 52
def token
  if !ENV["VAULT_TOKEN"].nil?
    return ENV["VAULT_TOKEN"]
  end

  if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable?
    return VAULT_DISK_TOKEN.read.chomp
  end

  nil
end