class Vault::KV

Attributes

mount[R]

Public Class Methods

new(client, mount) click to toggle source
Calls superclass method
# File lib/vault/api/kv.rb, line 18
def initialize(client, mount)
  super client

  @mount = mount
end

Public Instance Methods

delete(path) click to toggle source

Delete the secret at the given path. If the secret does not exist, vault will still return true.

@example

Vault.logical.delete("secret/password") #=> true

@param [String] path

the path to delete

@return [true]

# File lib/vault/api/kv.rb, line 135
def delete(path)
  client.delete("/v1/#{mount}/data/#{encode_path(path)}")

  true
end
delete_versions(path, versions) click to toggle source

Mark specific versions of a secret as deleted.

@example

Vault.kv("secret").delete_versions("password", [1, 2])

@param [String] path

the path to remove versions from

@param [Array<Integer>] versions

an array of versions to remove

@return [true]

# File lib/vault/api/kv.rb, line 152
def delete_versions(path, versions)
  client.post("/v1/#{mount}/delete/#{encode_path(path)}", JSON.fast_generate(versions: versions))

  true
end
destroy(path) click to toggle source

Completely remove a secret and its metadata.

@example

Vault.kv("secret").destroy("password")

@param [String] path

the path to remove

@return [true]

# File lib/vault/api/kv.rb, line 184
def destroy(path)
  client.delete("/v1/#{mount}/metadata/#{encode_path(path)}")

  true
end
destroy_versions(path, versions) click to toggle source

Completely remove specific versions of a secret.

@example

Vault.kv("secret").destroy_versions("password", [1, 2])

@param [String] path

the path to remove versions from

@param [Array<Integer>] versions

an array of versions to destroy

@return [true]

# File lib/vault/api/kv.rb, line 201
def destroy_versions(path, versions)
  client.post("/v1/#{mount}/destroy/#{encode_path(path)}", JSON.fast_generate(versions: versions))

  true
end
list(path = "", options = {}) click to toggle source

List the names of secrets at the given path, if the path supports listing. If the the path does not exist, an empty array will be returned.

@example

Vault.kv("secret").list("foo") #=> ["bar", "baz"]

@param [String] path

the path to list

@return [Array<String>]

# File lib/vault/api/kv.rb, line 34
def list(path = "", options = {})
  headers = extract_headers!(options)
  json = client.list("/v1/#{mount}/metadata/#{encode_path(path)}", {}, headers)
  json[:data][:keys] || []
rescue HTTPError => e
  return [] if e.code == 404
  raise
end
read(path, version = nil, options = {}) click to toggle source

Read the secret at the given path. If the secret does not exist, nil will be returned. The latest version is returned by default, but you can request a specific version.

@example

Vault.kv("secret").read("password") #=> #<Vault::Secret lease_id="">

@param [String] path

the path to read

@param [Integer] version

the version of the secret

@return [Secret, nil]

# File lib/vault/api/kv.rb, line 56
def read(path, version = nil, options = {})
  headers = extract_headers!(options)
  params  = {}
  params[:version] = version unless version.nil?

  json = client.get("/v1/#{mount}/data/#{encode_path(path)}", params, headers)
  return Secret.decode(json[:data])
rescue HTTPError => e
  return nil if e.code == 404
  raise
end
read_metadata(path) click to toggle source

Read the metadata of a secret at the given path. If the secret does not exist, nil will be returned.

@example

Vault.kv("secret").read_metadata("password") => {...}

@param [String] path

the path to read

@return [Hash, nil]

# File lib/vault/api/kv.rb, line 78
def read_metadata(path)
  client.get("/v1/#{mount}/metadata/#{encode_path(path)}")[:data]
rescue HTTPError => e
  return nil if e.code == 404
  raise
end
undelete_versions(path, versions) click to toggle source

Mark specific versions of a secret as active.

@example

Vault.kv("secret").undelete_versions("password", [1, 2])

@param [String] path

the path to enable versions for

@param [Array<Integer>] versions

an array of versions to mark as undeleted

@return [true]

# File lib/vault/api/kv.rb, line 169
def undelete_versions(path, versions)
  client.post("/v1/#{mount}/undelete/#{encode_path(path)}", JSON.fast_generate(versions: versions))

  true
end
write(path, data = {}, options = {}) click to toggle source

Write the secret at the given path with the given data. Note that the data must be a {Hash}!

@example

Vault.logical.write("secret/password", value: "secret") #=> #<Vault::Secret lease_id="">

@param [String] path

the path to write

@param [Hash] data

the data to write

@return [Secret]

# File lib/vault/api/kv.rb, line 97
def write(path, data = {}, options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/#{mount}/data/#{encode_path(path)}", JSON.fast_generate(:data => data), headers)
  if json.nil?
    return true
  else
    return Secret.decode(json)
  end
end
write_metadata(path, metadata = {}) click to toggle source

Write the metadata of a secret at the given path. Note that the data must be a {Hash}.

@example

Vault.kv("secret").write_metadata("password", max_versions => 3)

@param [String] path

the path to write

@param [Hash] metadata

the metadata to write

@return [true]

# File lib/vault/api/kv.rb, line 119
def write_metadata(path, metadata = {})
  client.post("/v1/#{mount}/metadata/#{encode_path(path)}", JSON.fast_generate(metadata))

  true
end