Class: Vault::Secret

Inherits:
Response show all
Defined in:
lib/vault/api/secret.rb

Overview

Secret is a representation of a secret from Vault. Almost all data returned from Vault is represented as a secret.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Response

#==, decode, #initialize, #to_h

Constructor Details

This class inherits a constructor from Vault::Response

Instance Attribute Details

#authSecretAuth? (readonly)

Authentication information for this secret, if any. Most secrets will contain this field, but it may also be ‘nil`. When authenticating to Vault, the resulting Vault token will be included in this embedded field.

Examples:

Authenticating to Vault

secret = Vault.auth.userpass("username", "password")
secret.auth.client_token #=> "fdb29070-6379-70c9-ca3a-46152fb66de1"

Returns:



20
 
# File 'lib/vault/api/secret.rb', line 20

field :auth, load: ->(v) { SecretAuth.decode(v) }

#dataHash<Symbol, Object> (readonly)

Arbitrary data returned by the secret. The keys returned are dependent upon the request made. For more information on the names of the keys that may be returned, please see the Vault documentation.

Examples:

Reading data

secret = Vault.auth.token("abcd1234")
secret.data[:id] #=> "abcd1234"
secret.data[:ttl] #=> 0

Returns:

  • (Hash<Symbol, Object>) 


33
 
# File 'lib/vault/api/secret.rb', line 33

field :data, freeze: true

#lease_durationFixnum (readonly)

The number of seconds this lease is valid. If this number is 0 or nil, the secret does not expire.

Examples:

Getting lease duration

secret = Vault.logical.read("secret/foo")
secret.lease_duration #=> 2592000 # 30 days

Returns:

  • (Fixnum) 


56
 
# File 'lib/vault/api/secret.rb', line 56

field :lease_duration

#lease_idString (readonly)

Unique ID for the lease associated with this secret. The ‘lease_id` is a path and UUID that uniquely represents the secret. This may be used for renewing and revoking the secret, if permitted.

Examples:

Getting lease ID

secret = Vault.logical.read("postgresql/creds/readonly")
secret.lease_id #=> "postgresql/readonly/fdb29070-6379-70c9-ca3a-46152fb66de1"

Returns:

  • (String) 


68
 
# File 'lib/vault/api/secret.rb', line 68

field :lease_id

#metadataHash<Symbol, Object> (readonly)

Read-only metadata information related to the secret.

Examples:

Reading metadata

secret = Vault.logical(:versioned).read("secret", "foo")
secret.metadata[:created_time] #=> "2018-12-08T04:22:54.168065Z"
secret.metadata[:version]      #=> 1
secret.metadata[:destroyed]    #=> false

Returns:

  • (Hash<Symbol, Object>) 


45
 
# File 'lib/vault/api/secret.rb', line 45

field :metadata, freeze: true

#warningsArray<String>? (readonly)

List of warnings returned by the Vault server. These are returned by the Vault server and may include deprecation information, new APIs, or request using the API differently in the future.

Examples:

Display warnings

result = Vault.logical.read("secret/foo")
result.warnings #=> ["This path has been deprecated"]

Returns:

  • (Array<String>, nil) 


90
 
# File 'lib/vault/api/secret.rb', line 90

field :warnings, freeze: true

#wrap_infoWrapInfo? (readonly)

Wrapped information sent with the request (only present in Vault 0.6+).

Returns:



95
 
# File 'lib/vault/api/secret.rb', line 95

field :wrap_info, load: ->(v) { WrapInfo.decode(v) }

Instance Method Details

#renewable([r]) ⇒ Boolean

Returns whether this lease is renewable.

Examples:

Checking if a lease is renewable

secret = Vault.logical.read("secret/foo")
secret.renewable? #=> false

Returns:

  • (Boolean) 


78
 
# File 'lib/vault/api/secret.rb', line 78

field :renewable, as: :renewable?