Module: Vault::Defaults

Defined in:
lib/vault/defaults.rb

Constant Summary collapse

VAULT_ADDRESS =

The default vault address.

Returns:

  • (String) 
"https://127.0.0.1:8200".freeze
VAULT_DISK_TOKEN =

The path to the vault token on disk.

Returns:

  • (String) 
Pathname.new("#{ENV["HOME"]}/.vault-token").expand_path.freeze
SSL_CIPHERS =

The list of SSL ciphers to allow. You should not change this value unless you absolutely know what you are doing!

Returns:

  • (String) 
"TLSv1.2:!aNULL:!eNULL".freeze
RETRY_ATTEMPTS =

The default number of attempts.

Returns:

  • (Fixnum) 
2
RETRY_BASE =

The default backoff interval.

Returns:

  • (Fixnum) 
0.05
RETRY_MAX_WAIT =

The maximum amount of time for a single exponential backoff to sleep.

2.0
DEFAULT_POOL_SIZE =

The default size of the connection pool

16
DEFAULT_POOL_TIMEOUT =

The default timeout in seconds for retrieving a connection from the connection pool

0.5
RETRIED_EXCEPTIONS =

The set of exceptions that are detect and retried by default with ‘with_retries`

[HTTPServerError, MissingRequiredStateError]

Class Method Summary collapse

Class Method Details

.addressString

The address to communicate with Vault.

Returns:

  • (String) 


52
53
54
 
# File 'lib/vault/defaults.rb', line 52

def address
  ENV["VAULT_ADDR"] || VAULT_ADDRESS
end

.hostnameString?

The SNI host to use when connecting to Vault via TLS.

Returns:

  • (String, nil) 


79
80
81
 
# File 'lib/vault/defaults.rb', line 79

def hostname
  ENV["VAULT_TLS_SERVER_NAME"]
end

.namespaceString?

Vault Namespace, if any.

Returns:

  • (String, nil) 


73
74
75
 
# File 'lib/vault/defaults.rb', line 73

def namespace
  ENV["VAULT_NAMESPACE"]
end

.open_timeoutString?

The number of seconds to wait when trying to open a connection before timing out

Returns:

  • (String, nil) 


86
87
88
 
# File 'lib/vault/defaults.rb', line 86

def open_timeout
  ENV["VAULT_OPEN_TIMEOUT"]
end

.optionsHash

The list of calculated options for this configurable.

Returns:

  • (Hash) 


46
47
48
 
# File 'lib/vault/defaults.rb', line 46

def options
  Hash[*Configurable.keys.map { |key| [key, public_send(key)] }.flatten]
end

.pool_sizeObject

The size of the connection pool to communicate with Vault

Returns:

  • Integer



92
93
94
95
96
97
98
 
# File 'lib/vault/defaults.rb', line 92

def pool_size
  if var = ENV["VAULT_POOL_SIZE"]
    var.to_i
  else
    DEFAULT_POOL_SIZE
  end
end

.pool_timeoutObject

The timeout for getting a connection from the connection pool that communicates with Vault

Returns:

  • Float



102
103
104
105
106
107
108
 
# File 'lib/vault/defaults.rb', line 102

def pool_timeout
  if var = ENV["VAULT_POOL_TIMEOUT"]
    var.to_f
  else
    DEFAULT_POOL_TIMEOUT
  end
end

.proxy_addressString?

The HTTP Proxy server address as a string

Returns:

  • (String, nil) 


112
113
114
 
# File 'lib/vault/defaults.rb', line 112

def proxy_address
  ENV["VAULT_PROXY_ADDRESS"]
end

.proxy_passwordString?

The HTTP Proxy user password as a string

Returns:

  • (String, nil) 


124
125
126
 
# File 'lib/vault/defaults.rb', line 124

def proxy_password
  ENV["VAULT_PROXY_PASSWORD"]
end

.proxy_portString?

The HTTP Proxy server port as a string

Returns:

  • (String, nil) 


130
131
132
 
# File 'lib/vault/defaults.rb', line 130

def proxy_port
  ENV["VAULT_PROXY_PORT"]
end

.proxy_usernameString?

The HTTP Proxy server username as a string

Returns:

  • (String, nil) 


118
119
120
 
# File 'lib/vault/defaults.rb', line 118

def proxy_username
  ENV["VAULT_PROXY_USERNAME"]
end

.read_timeoutString?

The number of seconds to wait when reading a response before timing out

Returns:

  • (String, nil) 


136
137
138
 
# File 'lib/vault/defaults.rb', line 136

def read_timeout
  ENV["VAULT_READ_TIMEOUT"]
end

.ssl_ca_certString?

The path to the CA cert on disk to use for certificate verification

Returns:

  • (String, nil) 


174
175
176
 
# File 'lib/vault/defaults.rb', line 174

def ssl_ca_cert
  ENV["VAULT_CACERT"]
end

.ssl_ca_pathString?

The path to the directory on disk holding CA certs to use for certificate verification

Returns:

  • (String, nil) 


187
188
189
 
# File 'lib/vault/defaults.rb', line 187

def ssl_ca_path
  ENV["VAULT_CAPATH"]
end

.ssl_cert_storeOpenSSL::X509::Store?

The CA cert store to use for certificate verification

Returns:

  • (OpenSSL::X509::Store, nil) 


180
181
182
 
# File 'lib/vault/defaults.rb', line 180

def ssl_cert_store
  nil
end

.ssl_ciphersString

The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing

Returns:

  • (String) 


144
145
146
 
# File 'lib/vault/defaults.rb', line 144

def ssl_ciphers
  ENV["VAULT_SSL_CIPHERS"] || SSL_CIPHERS
end

.ssl_pem_contentsString?

The raw contents (as a string) for the pem file. To specify the path to the pem file, use #ssl_pem_file instead. This value is preferred over the value for #ssl_pem_file, if set.

Returns:

  • (String, nil) 


152
153
154
155
156
157
158
 
# File 'lib/vault/defaults.rb', line 152

def ssl_pem_contents
  if ENV["VAULT_SSL_PEM_CONTENTS_BASE64"]
    Base64.decode64(ENV["VAULT_SSL_PEM_CONTENTS_BASE64"])
  else
    ENV["VAULT_SSL_PEM_CONTENTS"]
  end
end

.ssl_pem_fileString?

The path to a pem on disk to use with custom SSL verification

Returns:

  • (String, nil) 


162
163
164
 
# File 'lib/vault/defaults.rb', line 162

def ssl_pem_file
  ENV["VAULT_SSL_CERT"] || ENV["VAULT_SSL_PEM_FILE"]
end

.ssl_pem_passphraseString?

Passphrase to the pem file on disk to use with custom SSL verification

Returns:

  • (String, nil) 


168
169
170
 
# File 'lib/vault/defaults.rb', line 168

def ssl_pem_passphrase
  ENV["VAULT_SSL_CERT_PASSPHRASE"]
end

.ssl_timeoutString?

The number of seconds to wait for connecting and verifying SSL

Returns:

  • (String, nil) 


208
209
210
 
# File 'lib/vault/defaults.rb', line 208

def ssl_timeout
  ENV["VAULT_SSL_TIMEOUT"]
end

.ssl_verifytrue, false

Verify SSL requests (default: true)

Returns:

  • (true, false) 


193
194
195
196
197
198
199
200
201
202
203
204
 
# File 'lib/vault/defaults.rb', line 193

def ssl_verify
  # Vault CLI uses this envvar, so accept it by precedence
  if !ENV["VAULT_SKIP_VERIFY"].nil?
    return false
  end

  if ENV["VAULT_SSL_VERIFY"].nil?
    true
  else
    %w[t y].include?(ENV["VAULT_SSL_VERIFY"].downcase[0])
  end
end

.timeoutString?

A default meta-attribute to set all timeout values - individually set timeout values will take precedence

Returns:

  • (String, nil) 


215
216
217
 
# File 'lib/vault/defaults.rb', line 215

def timeout
  ENV["VAULT_TIMEOUT"]
end

.tokenString?

The vault token to use for authentiation.

Returns:

  • (String, nil) 


58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/vault/defaults.rb', line 58

def token
  if !ENV["VAULT_TOKEN"].nil?
    return ENV["VAULT_TOKEN"]
  end

  if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable?
    return VAULT_DISK_TOKEN.read.chomp
  end

  nil
end