Module: Vault

Defined in:

lib/vault-ruby-wrapper.rb

Constant Summary

VALID_NAME =

/^[\.\-[:alnum:]_]+$/

Class Method Summary

• .data_bag(secret) ⇒ Object
• .data_bag_item(secret, item) ⇒ Object
• .secret_data(secret) ⇒ Object
• .validate_name!(name) ⇒ Object

Class Method Details

.data_bag(secret) ⇒ Object

# File 'lib/vault-ruby-wrapper.rb', line 21

def self.data_bag(secret)
  validate_name!(secret)
  return secret_data(secret).keys.collect{|k| k.to_s}
end

.data_bag_item(secret, item) ⇒ Object

# File 'lib/vault-ruby-wrapper.rb', line 26

def self.data_bag_item(secret, item)
  validate_name!(secret)
  validate_name!(item)

  data = secret_data(secret)[item.to_sym]
  unless data.to_s.strip.empty?
    return JSON.parse(data)
  end
  raise 'item does not exist'
end

.secret_data(secret) ⇒ Object

# File 'lib/vault-ruby-wrapper.rb', line 12

def self.secret_data(secret)
  mysecret = nil
  Vault.with_retries(Vault::HTTPConnectionError, attempts: 5) do
      mysecret = Vault.logical.read("secret/#{secret}") # rubocop:disable Lint/AssignmentInCondition
  end
  return mysecret.data if mysecret
  raise "Secret '#{secret}' returned an empty value"
end

.validate_name!(name) ⇒ Object

# File 'lib/vault-ruby-wrapper.rb', line 6

def self.validate_name!(name)
  unless name =~ VALID_NAME
    raise "DataBags must have a name matching #{VALID_NAME.inspect}, you gave #{name.inspect}"
  end
end