Module: Vault::Defaults
- Defined in:
- lib/vault/defaults.rb
Constant Summary collapse
- VAULT_ADDRESS =
The default vault address.
"https://127.0.0.1:8200".freeze
- VAULT_DISK_TOKEN =
The path to the vault token on disk.
Pathname.new("#{ENV["HOME"]}/.vault-token")..freeze
- SSL_CIPHERS =
The list of SSL ciphers to allow. You should not change this value unless you absolutely know what you are doing!
"TLSv1.2:!aNULL:!eNULL".freeze
- RETRY_ATTEMPTS =
The default number of attempts.
2
- RETRY_BASE =
The default backoff interval.
0.05
- RETRY_MAX_WAIT =
The maximum amount of time for a single exponential backoff to sleep.
2.0
- DEFAULT_POOL_SIZE =
The default size of the connection pool
16
- DEFAULT_POOL_TIMEOUT =
The default timeout in seconds for retrieving a connection from the connection pool
0.5
- RETRIED_EXCEPTIONS =
The set of exceptions that are detect and retried by default with ‘with_retries`
[HTTPServerError, MissingRequiredStateError]
Class Method Summary collapse
-
.address ⇒ String
The address to communicate with Vault.
-
.hostname ⇒ String?
The SNI host to use when connecting to Vault via TLS.
-
.namespace ⇒ String?
Vault Namespace, if any.
-
.open_timeout ⇒ String?
The number of seconds to wait when trying to open a connection before timing out.
-
.options ⇒ Hash
The list of calculated options for this configurable.
-
.pool_size ⇒ Object
The size of the connection pool to communicate with Vault.
-
.pool_timeout ⇒ Object
The timeout for getting a connection from the connection pool that communicates with Vault.
-
.proxy_address ⇒ String?
The HTTP Proxy server address as a string.
-
.proxy_password ⇒ String?
The HTTP Proxy user password as a string.
-
.proxy_port ⇒ String?
The HTTP Proxy server port as a string.
-
.proxy_username ⇒ String?
The HTTP Proxy server username as a string.
-
.read_timeout ⇒ String?
The number of seconds to wait when reading a response before timing out.
-
.ssl_ca_cert ⇒ String?
The path to the CA cert on disk to use for certificate verification.
-
.ssl_ca_path ⇒ String?
The path to the directory on disk holding CA certs to use for certificate verification.
-
.ssl_cert_store ⇒ OpenSSL::X509::Store?
The CA cert store to use for certificate verification.
-
.ssl_ciphers ⇒ String
The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing.
-
.ssl_pem_contents ⇒ String?
The raw contents (as a string) for the pem file.
-
.ssl_pem_file ⇒ String?
The path to a pem on disk to use with custom SSL verification.
-
.ssl_pem_passphrase ⇒ String?
Passphrase to the pem file on disk to use with custom SSL verification.
-
.ssl_timeout ⇒ String?
The number of seconds to wait for connecting and verifying SSL.
-
.ssl_verify ⇒ true, false
Verify SSL requests (default: true).
-
.timeout ⇒ String?
A default meta-attribute to set all timeout values - individually set timeout values will take precedence.
-
.token ⇒ String?
The vault token to use for authentiation.
Class Method Details
.address ⇒ String
The address to communicate with Vault.
52 53 54 |
# File 'lib/vault/defaults.rb', line 52 def address ENV["VAULT_ADDR"] || VAULT_ADDRESS end |
.hostname ⇒ String?
The SNI host to use when connecting to Vault via TLS.
79 80 81 |
# File 'lib/vault/defaults.rb', line 79 def hostname ENV["VAULT_TLS_SERVER_NAME"] end |
.namespace ⇒ String?
Vault Namespace, if any.
73 74 75 |
# File 'lib/vault/defaults.rb', line 73 def namespace ENV["VAULT_NAMESPACE"] end |
.open_timeout ⇒ String?
The number of seconds to wait when trying to open a connection before timing out
86 87 88 |
# File 'lib/vault/defaults.rb', line 86 def open_timeout ENV["VAULT_OPEN_TIMEOUT"] end |
.options ⇒ Hash
The list of calculated options for this configurable.
46 47 48 |
# File 'lib/vault/defaults.rb', line 46 def Hash[*Configurable.keys.map { |key| [key, public_send(key)] }.flatten] end |
.pool_size ⇒ Object
The size of the connection pool to communicate with Vault
92 93 94 95 96 97 98 |
# File 'lib/vault/defaults.rb', line 92 def pool_size if var = ENV["VAULT_POOL_SIZE"] var.to_i else DEFAULT_POOL_SIZE end end |
.pool_timeout ⇒ Object
The timeout for getting a connection from the connection pool that communicates with Vault
102 103 104 105 106 107 108 |
# File 'lib/vault/defaults.rb', line 102 def pool_timeout if var = ENV["VAULT_POOL_TIMEOUT"] var.to_f else DEFAULT_POOL_TIMEOUT end end |
.proxy_address ⇒ String?
The HTTP Proxy server address as a string
112 113 114 |
# File 'lib/vault/defaults.rb', line 112 def proxy_address ENV["VAULT_PROXY_ADDRESS"] end |
.proxy_password ⇒ String?
The HTTP Proxy user password as a string
124 125 126 |
# File 'lib/vault/defaults.rb', line 124 def proxy_password ENV["VAULT_PROXY_PASSWORD"] end |
.proxy_port ⇒ String?
The HTTP Proxy server port as a string
130 131 132 |
# File 'lib/vault/defaults.rb', line 130 def proxy_port ENV["VAULT_PROXY_PORT"] end |
.proxy_username ⇒ String?
The HTTP Proxy server username as a string
118 119 120 |
# File 'lib/vault/defaults.rb', line 118 def proxy_username ENV["VAULT_PROXY_USERNAME"] end |
.read_timeout ⇒ String?
The number of seconds to wait when reading a response before timing out
136 137 138 |
# File 'lib/vault/defaults.rb', line 136 def read_timeout ENV["VAULT_READ_TIMEOUT"] end |
.ssl_ca_cert ⇒ String?
The path to the CA cert on disk to use for certificate verification
174 175 176 |
# File 'lib/vault/defaults.rb', line 174 def ssl_ca_cert ENV["VAULT_CACERT"] end |
.ssl_ca_path ⇒ String?
The path to the directory on disk holding CA certs to use for certificate verification
187 188 189 |
# File 'lib/vault/defaults.rb', line 187 def ssl_ca_path ENV["VAULT_CAPATH"] end |
.ssl_cert_store ⇒ OpenSSL::X509::Store?
The CA cert store to use for certificate verification
180 181 182 |
# File 'lib/vault/defaults.rb', line 180 def ssl_cert_store nil end |
.ssl_ciphers ⇒ String
The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing
144 145 146 |
# File 'lib/vault/defaults.rb', line 144 def ssl_ciphers ENV["VAULT_SSL_CIPHERS"] || SSL_CIPHERS end |
.ssl_pem_contents ⇒ String?
The raw contents (as a string) for the pem file. To specify the path to the pem file, use #ssl_pem_file instead. This value is preferred over the value for #ssl_pem_file, if set.
152 153 154 155 156 157 158 |
# File 'lib/vault/defaults.rb', line 152 def ssl_pem_contents if ENV["VAULT_SSL_PEM_CONTENTS_BASE64"] Base64.decode64(ENV["VAULT_SSL_PEM_CONTENTS_BASE64"]) else ENV["VAULT_SSL_PEM_CONTENTS"] end end |
.ssl_pem_file ⇒ String?
The path to a pem on disk to use with custom SSL verification
162 163 164 |
# File 'lib/vault/defaults.rb', line 162 def ssl_pem_file ENV["VAULT_SSL_CERT"] || ENV["VAULT_SSL_PEM_FILE"] end |
.ssl_pem_passphrase ⇒ String?
Passphrase to the pem file on disk to use with custom SSL verification
168 169 170 |
# File 'lib/vault/defaults.rb', line 168 def ssl_pem_passphrase ENV["VAULT_SSL_CERT_PASSPHRASE"] end |
.ssl_timeout ⇒ String?
The number of seconds to wait for connecting and verifying SSL
208 209 210 |
# File 'lib/vault/defaults.rb', line 208 def ssl_timeout ENV["VAULT_SSL_TIMEOUT"] end |
.ssl_verify ⇒ true, false
Verify SSL requests (default: true)
193 194 195 196 197 198 199 200 201 202 203 204 |
# File 'lib/vault/defaults.rb', line 193 def ssl_verify # Vault CLI uses this envvar, so accept it by precedence if !ENV["VAULT_SKIP_VERIFY"].nil? return false end if ENV["VAULT_SSL_VERIFY"].nil? true else %w[t y].include?(ENV["VAULT_SSL_VERIFY"].downcase[0]) end end |
.timeout ⇒ String?
A default meta-attribute to set all timeout values - individually set timeout values will take precedence
215 216 217 |
# File 'lib/vault/defaults.rb', line 215 def timeout ENV["VAULT_TIMEOUT"] end |
.token ⇒ String?
The vault token to use for authentiation.
58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/vault/defaults.rb', line 58 def token if !ENV["VAULT_TOKEN"].nil? return ENV["VAULT_TOKEN"] end if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable? return VAULT_DISK_TOKEN.read.chomp end nil end |