Class: Vault::Logical

Inherits:
Request show all
Defined in:
lib/vault/api/logical.rb

Instance Attribute Summary

Attributes inherited from Request

#client

Instance Method Summary collapse

Methods inherited from Request

#initialize, #inspect, #to_s

Methods included from EncodePath

encode_path

Constructor Details

This class inherits a constructor from Vault::Request

Instance Method Details

#delete(path) ⇒ true

Delete the secret at the given path. If the secret does not exist, vault will still return true.

Examples:

Vault.logical.delete("secret/password") #=> true

Parameters:

  • path (String)

    the path to delete

Returns:

  • (true)


89
90
91
92
# File 'lib/vault/api/logical.rb', line 89

def delete(path)
  client.delete("/v1/#{encode_path(path)}")
  return true
end

#list(path, options = {}) ⇒ Array<String>

List the secrets at the given path, if the path supports listing. If the the path does not exist, an exception will be raised.

Examples:

Vault.logical.list("secret") #=> [#<Vault::Secret>, #<Vault::Secret>, ...]

Parameters:

  • path (String)

    the path to list

Returns:

  • (Array<String>)


29
30
31
32
33
34
35
36
# File 'lib/vault/api/logical.rb', line 29

def list(path, options = {})
  headers = extract_headers!(options)
  json = client.list("/v1/#{encode_path(path)}", {}, headers)
  json[:data][:keys] || []
rescue HTTPError => e
  return [] if e.code == 404
  raise
end

#read(path, options = {}) ⇒ Secret?

Read the secret at the given path. If the secret does not exist, nil will be returned.

Examples:

Vault.logical.read("secret/password") #=> #<Vault::Secret lease_id="">

Parameters:

  • path (String)

    the path to read

Returns:



48
49
50
51
52
53
54
55
# File 'lib/vault/api/logical.rb', line 48

def read(path, options = {})
  headers = extract_headers!(options)
  json = client.get("/v1/#{encode_path(path)}", {}, headers)
  return Secret.decode(json)
rescue HTTPError => e
  return nil if e.code == 404
  raise
end

#unwrap(wrapper) ⇒ Secret?

Unwrap the data stored against the given token. If the secret does not exist, ‘nil` will be returned.

Examples:

Vault.logical.unwrap("f363dba8-25a7-08c5-430c-00b2367124e6") #=> #<Vault::Secret lease_id="">

Parameters:

  • wrapper (String)

    the token to use when unwrapping the value

Returns:



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# File 'lib/vault/api/logical.rb', line 104

def unwrap(wrapper)
  client.with_token(wrapper) do |client|
    json = client.get("/v1/cubbyhole/response")
    secret = Secret.decode(json)

    # If there is nothing in the cubbyhole, return early.
    if secret.nil? || secret.data.nil? || secret.data[:response].nil?
      return nil
    end

    # Extract the response and parse it into a new secret.
    json = JSON.parse(secret.data[:response], symbolize_names: true)
    secret = Secret.decode(json)
    return secret
  end
rescue HTTPError => e
  return nil if e.code == 404
  raise
end

#unwrap_token(wrapper) ⇒ String?

Unwrap a token in a wrapped response given the temporary token.

Examples:

Vault.logical.unwrap("f363dba8-25a7-08c5-430c-00b2367124e6") #=> "0f0f40fd-06ce-4af1-61cb-cdc12796f42b"

Parameters:

  • wrapper (String, Secret)

    the token to unwrap

Returns:

  • (String, nil)


133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# File 'lib/vault/api/logical.rb', line 133

def unwrap_token(wrapper)
  # If provided a secret, grab the token. This is really just to make the
  # API a bit nicer.
  if wrapper.is_a?(Secret)
    wrapper = wrapper.wrap_info.token
  end

  # Unwrap
  response = unwrap(wrapper)

  # If nothing was there, return nil
  if response.nil? || response.auth.nil?
    return nil
  end

  return response.auth.client_token
rescue HTTPError => e
  raise
end

#write(path, data = {}, options = {}) ⇒ Secret

Write the secret at the given path with the given data. Note that the data must be a Hash!

Examples:

Vault.logical.write("secret/password", value: "secret") #=> #<Vault::Secret lease_id="">

Parameters:

  • path (String)

    the path to write

  • data (Hash) (defaults to: {})

    the data to write

Returns:



69
70
71
72
73
74
75
76
77
# File 'lib/vault/api/logical.rb', line 69

def write(path, data = {}, options = {})
  headers = extract_headers!(options)
  json = client.put("/v1/#{encode_path(path)}", JSON.fast_generate(data), headers)
  if json.nil?
    return true
  else
    return Secret.decode(json)
  end
end