Module: Vault::Defaults
- Defined in:
- lib/vault/defaults.rb
Constant Summary collapse
- VAULT_ADDRESS =
The default vault address.
"https://127.0.0.1:8200".freeze
- VAULT_DISK_TOKEN =
The path to the vault token on disk.
Pathname.new("#{ENV["HOME"]}/.vault-token")..freeze
- SSL_CIPHERS =
The list of SSL ciphers to allow. You should not change this value unless you absolutely know what you are doing!
"TLSv1.2:!aNULL:!eNULL".freeze
- RETRY_ATTEMPTS =
The default number of attempts.
2
- RETRY_BASE =
The default backoff interval.
0.05
- RETRY_MAX_WAIT =
The maximum amount of time for a single exponential backoff to sleep.
2.0
- DEFAULT_POOL_SIZE =
The default size of the connection pool
16
- RETRIED_EXCEPTIONS =
The set of exceptions that are detect and retried by default with ‘with_retries`
[HTTPServerError]
Class Method Summary collapse
-
.address ⇒ String
The address to communicate with Vault.
-
.hostname ⇒ String?
The SNI host to use when connecting to Vault via TLS.
-
.namespace ⇒ String?
Vault Namespace, if any.
-
.open_timeout ⇒ String?
The number of seconds to wait when trying to open a connection before timing out.
-
.options ⇒ Hash
The list of calculated options for this configurable.
-
.pool_size ⇒ Object
The size of the connection pool to communicate with Vault.
-
.proxy_address ⇒ String?
The HTTP Proxy server address as a string.
-
.proxy_password ⇒ String?
The HTTP Proxy user password as a string.
-
.proxy_port ⇒ String?
The HTTP Proxy server port as a string.
-
.proxy_username ⇒ String?
The HTTP Proxy server username as a string.
-
.read_timeout ⇒ String?
The number of seconds to wait when reading a response before timing out.
-
.ssl_ca_cert ⇒ String?
The path to the CA cert on disk to use for certificate verification.
-
.ssl_ca_path ⇒ String?
The path to the directory on disk holding CA certs to use for certificate verification.
-
.ssl_cert_store ⇒ OpenSSL::X509::Store?
The CA cert store to use for certificate verification.
-
.ssl_ciphers ⇒ String
The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing.
-
.ssl_pem_contents ⇒ String?
The raw contents (as a string) for the pem file.
-
.ssl_pem_file ⇒ String?
The path to a pem on disk to use with custom SSL verification.
-
.ssl_pem_passphrase ⇒ String?
Passphrase to the pem file on disk to use with custom SSL verification.
-
.ssl_timeout ⇒ String?
The number of seconds to wait for connecting and verifying SSL.
-
.ssl_verify ⇒ true, false
Verify SSL requests (default: true).
-
.timeout ⇒ String?
A default meta-attribute to set all timeout values - individually set timeout values will take precedence.
-
.token ⇒ String?
The vault token to use for authentiation.
Class Method Details
.address ⇒ String
The address to communicate with Vault.
46 47 48 |
# File 'lib/vault/defaults.rb', line 46 def address ENV["VAULT_ADDR"] || VAULT_ADDRESS end |
.hostname ⇒ String?
The SNI host to use when connecting to Vault via TLS.
73 74 75 |
# File 'lib/vault/defaults.rb', line 73 def hostname ENV["VAULT_TLS_SERVER_NAME"] end |
.namespace ⇒ String?
Vault Namespace, if any.
67 68 69 |
# File 'lib/vault/defaults.rb', line 67 def namespace ENV["VAULT_NAMESPACE"] end |
.open_timeout ⇒ String?
The number of seconds to wait when trying to open a connection before timing out
80 81 82 |
# File 'lib/vault/defaults.rb', line 80 def open_timeout ENV["VAULT_OPEN_TIMEOUT"] end |
.options ⇒ Hash
The list of calculated options for this configurable.
40 41 42 |
# File 'lib/vault/defaults.rb', line 40 def Hash[*Configurable.keys.map { |key| [key, public_send(key)] }.flatten] end |
.pool_size ⇒ Object
The size of the connection pool to communicate with Vault
86 87 88 89 90 91 92 |
# File 'lib/vault/defaults.rb', line 86 def pool_size if var = ENV["VAULT_POOL_SIZE"] return var.to_i else DEFAULT_POOL_SIZE end end |
.proxy_address ⇒ String?
The HTTP Proxy server address as a string
96 97 98 |
# File 'lib/vault/defaults.rb', line 96 def proxy_address ENV["VAULT_PROXY_ADDRESS"] end |
.proxy_password ⇒ String?
The HTTP Proxy user password as a string
108 109 110 |
# File 'lib/vault/defaults.rb', line 108 def proxy_password ENV["VAULT_PROXY_PASSWORD"] end |
.proxy_port ⇒ String?
The HTTP Proxy server port as a string
114 115 116 |
# File 'lib/vault/defaults.rb', line 114 def proxy_port ENV["VAULT_PROXY_PORT"] end |
.proxy_username ⇒ String?
The HTTP Proxy server username as a string
102 103 104 |
# File 'lib/vault/defaults.rb', line 102 def proxy_username ENV["VAULT_PROXY_USERNAME"] end |
.read_timeout ⇒ String?
The number of seconds to wait when reading a response before timing out
120 121 122 |
# File 'lib/vault/defaults.rb', line 120 def read_timeout ENV["VAULT_READ_TIMEOUT"] end |
.ssl_ca_cert ⇒ String?
The path to the CA cert on disk to use for certificate verification
158 159 160 |
# File 'lib/vault/defaults.rb', line 158 def ssl_ca_cert ENV["VAULT_CACERT"] end |
.ssl_ca_path ⇒ String?
The path to the directory on disk holding CA certs to use for certificate verification
171 172 173 |
# File 'lib/vault/defaults.rb', line 171 def ssl_ca_path ENV["VAULT_CAPATH"] end |
.ssl_cert_store ⇒ OpenSSL::X509::Store?
The CA cert store to use for certificate verification
164 165 166 |
# File 'lib/vault/defaults.rb', line 164 def ssl_cert_store nil end |
.ssl_ciphers ⇒ String
The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing
128 129 130 |
# File 'lib/vault/defaults.rb', line 128 def ssl_ciphers ENV["VAULT_SSL_CIPHERS"] || SSL_CIPHERS end |
.ssl_pem_contents ⇒ String?
The raw contents (as a string) for the pem file. To specify the path to the pem file, use #ssl_pem_file instead. This value is preferred over the value for #ssl_pem_file, if set.
136 137 138 139 140 141 142 |
# File 'lib/vault/defaults.rb', line 136 def ssl_pem_contents if ENV["VAULT_SSL_PEM_CONTENTS_BASE64"] Base64.decode64(ENV["VAULT_SSL_PEM_CONTENTS_BASE64"]) else ENV["VAULT_SSL_PEM_CONTENTS"] end end |
.ssl_pem_file ⇒ String?
The path to a pem on disk to use with custom SSL verification
146 147 148 |
# File 'lib/vault/defaults.rb', line 146 def ssl_pem_file ENV["VAULT_SSL_CERT"] || ENV["VAULT_SSL_PEM_FILE"] end |
.ssl_pem_passphrase ⇒ String?
Passphrase to the pem file on disk to use with custom SSL verification
152 153 154 |
# File 'lib/vault/defaults.rb', line 152 def ssl_pem_passphrase ENV["VAULT_SSL_CERT_PASSPHRASE"] end |
.ssl_timeout ⇒ String?
The number of seconds to wait for connecting and verifying SSL
192 193 194 |
# File 'lib/vault/defaults.rb', line 192 def ssl_timeout ENV["VAULT_SSL_TIMEOUT"] end |
.ssl_verify ⇒ true, false
Verify SSL requests (default: true)
177 178 179 180 181 182 183 184 185 186 187 188 |
# File 'lib/vault/defaults.rb', line 177 def ssl_verify # Vault CLI uses this envvar, so accept it by precedence if !ENV["VAULT_SKIP_VERIFY"].nil? return false end if ENV["VAULT_SSL_VERIFY"].nil? true else %w[t y].include?(ENV["VAULT_SSL_VERIFY"].downcase[0]) end end |
.timeout ⇒ String?
A default meta-attribute to set all timeout values - individually set timeout values will take precedence
199 200 201 |
# File 'lib/vault/defaults.rb', line 199 def timeout ENV["VAULT_TIMEOUT"] end |
.token ⇒ String?
The vault token to use for authentiation.
52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/vault/defaults.rb', line 52 def token if !ENV["VAULT_TOKEN"].nil? return ENV["VAULT_TOKEN"] end if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable? return VAULT_DISK_TOKEN.read.chomp end nil end |