vaultex v1.0.1 Vaultex.Client View Source

auth(
  method :: :approle,
  credentials :: {role_id :: String.t(), secret_id :: String.t()},
  timeout :: String.t() | nil
) :: {:ok | :error, any()}

auth(
  method :: :app_id,
  credentials :: {app_id :: String.t(), user_id :: String.t()},
  timeout :: String.t() | nil
) :: {:ok | :error, any()}

auth(
  method :: :userpass,
  credentials :: {username :: String.t(), password :: String.t()},
  timeout :: String.t() | nil
) :: {:ok | :error, any()}

auth(
  method :: :github,
  credentials :: {github_token :: String.t()},
  timeout :: String.t() | nil
) :: {:ok | :error, any()}

auth(
  method :: :token,
  credentials :: {token :: String.t()},
  timeout :: String.t() | nil
) :: {:ok, :authenticated}

Authenticates with vault using a tuple. This can be executed before attempting to read secrets from vault.

Parameters

method: Auth backend to use for authenticating, can be one of :approle, :app_id, :userpass, :github, :token
credentials: A tuple or map used for authentication depending on the method, {role_id, secret_id} for :approle, {app_id, user_id} for :app_id, {username, password} for :userpass, {github_token} for :github, {token} for :token, or json-encodable map for unhandled methods, i.e. %{jwt: "jwt", role: "role"} for :kubernetes
timeout: A integer greater than zero which specifies how many milliseconds to wait for a reply

Examples

iex> Vaultex.Client.auth(:approle, {role_id, secret_id}, 5000)
{:ok, :authenticated}

iex> Vaultex.Client.auth(:app_id, {app_id, user_id})
{:ok, :authenticated}

iex> Vaultex.Client.auth(:userpass, {username, password})
{:error, ["Something didn't work"]}

iex> Vaultex.Client.auth(:github, {github_token})
{:ok, :authenticated}

iex> Vaultex.Client.auth(:jwt, %{jwt: jwt, role: role})
{:ok, :authenticated}

child_spec(init_arg)

Returns a specification to start this module under a supervisor.

See Supervisor.

delete(key, auth_method, credentials, timeout \\ 5000)

Deletes a secret in Vault given a path.

Parameters

key: A String path where the secret will be deleted.
auth_method and credentials: See Vaultex.Client.auth
timeout: A integer greater than zero which specifies how many milliseconds to wait for a reply

Examples

iex> Vaultex.Client.delete("secret/foo", :app_role, {role_id, secret_id}, 5000)
:ok

iex> Vaultex.Client.delete("secret/foo", :app_id, {app_id, user_id})
:ok

init(state)

Callback implementation for GenServer.init/1.

read(key, auth_method, credentials, timeout \\ 5000)

Reads a secret from vault given a path.

Parameters

key: A String path to be used for querying vault.
auth_method and credentials: See Vaultex.Client.auth
timeout: A integer greater than zero which specifies how many milliseconds to wait for a reply

Examples

iex> Vaultex.Client.read("secret/foobar", :approle, {role_id, secret_id}, 5000)
{:ok, %{"value" => "bar"}}

iex> Vaultex.Client.read("secret/foo", :app_id, {app_id, user_id})
{:ok, %{"value" => "bar"}}

iex> Vaultex.Client.read("secret/baz", :userpass, {username, password})
{:error, ["Key not found"]}

iex> Vaultex.Client.read("secret/bar", :github, {github_token})
{:ok, %{"value" => "bar"}}

iex> Vaultex.Client.read("secret/bar", :plugin_defined_auth, credentials)
{:ok, %{"value" => "bar"}}

read_dynamic(key, auth_method, credentials, timeout \\ 5000)

Reads a dynamic secret from vault given a path and returns the secret along with lease information.

Parameters

key: A String path to be used for querying vault.
auth_method and credentials: See Vaultex.Client.auth
timeout: A integer greater than zero which specifies how many milliseconds to wait for a reply

Examples

iex> Vaultex.Client.read_dynamic("secret/dynamic/foobar", :approle, {role_id, secret_id}, 5000)
{:ok, %{"data" => %{"value" => "bar"}, "lease_duration" => 60, "lease_id" => "secret/dynamic/foo/b4z", "renewable" => true}}

iex> Vaultex.Client.read_dynamic("secret/dynamic/foo", :app_id, {app_id, user_id})
{:ok, %{"data" => %{"value" => "bar"}, "lease_duration" => 60, "lease_id" => "secret/dynamic/foo/b4z", "renewable" => true}}

iex> Vaultex.Client.read_dynamic("secret/dynamic/baz", :userpass, {username, password})
{:error, ["Key not found"]}

iex> Vaultex.Client.read_dynamic("secret/dynamic/bar", :github, {github_token})
{:ok, %{"data" => %{"value" => "bar"}, "lease_duration" => 60, "lease_id" => "secret/dynamic/foo/b4z", "renewable" => true}}

iex> Vaultex.Client.read_dynamic("secret/dynamic/bar", :plugin_defined_auth, credentials)
{:ok, %{"data" => %{"value" => "bar"}, "lease_duration" => 60, "lease_id" => "secret/dynamic/foo/b4z", "renewable" => true}}

renew_lease(lease_id, increment, auth_method, credentials, timeout \\ 5000)

Renews a lease for a dynamic secret

Parameters

lease_id: A String that is the lease ID returned when reading a dynamic secret
increment: An Integer that represents the time in seconds to extend the lease by
auth_method and credentials: See Vaultex.Client.auth
timeout: A integer greater than zero which specifies how many milliseconds to wait for a reply

Examples

iex> Vaultex.Client.renew_lease("secret/dynamic/foo/b4z", 100, :app_role, {role_id, secret_id}, 5000)
{:ok, %{"lease_id" => "secret/dynamic/foo/b4z", "lease_duration" => 160, "renewable" => true}}

start_link()

write(key, value, auth_method, credentials, timeout \\ 5000)

Writes a secret to Vault given a path.

Parameters

key: A String path where the secret will be written.
value: A String => String map that will be stored in Vault
auth_method and credentials: See Vaultex.Client.auth
timeout: A integer greater than zero which specifies how many milliseconds to wait for a reply

Examples

iex> Vaultex.Client.write("secret/foo", %{"value" => "bar"}, :app_role, {role_id, secret_id}, 5000)
:ok

iex> Vaultex.Client.write("secret/foo", %{"value" => "bar"}, :app_id, {app_id, user_id})
:ok