Module: Vault::Defaults

Defined in:
lib/vault/defaults.rb

Constant Summary collapse

VAULT_ADDRESS =

The default vault address.

Returns:

  • (String) 
"https://127.0.0.1:8200".freeze
VAULT_DISK_TOKEN =

The path to the vault token on disk.

Returns:

  • (String) 
Pathname.new("#{ENV["HOME"]}/.vault-token").expand_path.freeze
SSL_CIPHERS =

The list of SSL ciphers to allow. You should not change this value unless you absolutely know what you are doing!

Returns:

  • (String) 
"TLSv1.2:!aNULL:!eNULL".freeze
RETRY_ATTEMPTS =

The default number of attempts.

Returns:

  • (Fixnum) 
2
RETRY_BASE =

The default backoff interval.

Returns:

  • (Fixnum) 
0.05
RETRY_MAX_WAIT =

The maximum amount of time for a single exponential backoff to sleep.

2.0

Class Method Summary collapse

Class Method Details

.addressString

The address to communicate with Vault.

Returns:

  • (String) 


38
39
40
 
# File 'lib/vault/defaults.rb', line 38

def address
  ENV["VAULT_ADDR"] || VAULT_ADDRESS
end

.open_timeoutString?

The number of seconds to wait when trying to open a connection before timing out

Returns:

  • (String, nil) 


59
60
61
 
# File 'lib/vault/defaults.rb', line 59

def open_timeout
  ENV["VAULT_OPEN_TIMEOUT"]
end

.optionsHash

The list of calculated options for this configurable.

Returns:

  • (Hash) 


32
33
34
 
# File 'lib/vault/defaults.rb', line 32

def options
  Hash[*Configurable.keys.map { |key| [key, public_send(key)] }.flatten]
end

.proxy_addressString?

The HTTP Proxy server address as a string

Returns:

  • (String, nil) 


65
66
67
 
# File 'lib/vault/defaults.rb', line 65

def proxy_address
  ENV["VAULT_PROXY_ADDRESS"]
end

.proxy_passwordString?

The HTTP Proxy user password as a string

Returns:

  • (String, nil) 


77
78
79
 
# File 'lib/vault/defaults.rb', line 77

def proxy_password
  ENV["VAULT_PROXY_PASSWORD"]
end

.proxy_portString?

The HTTP Proxy server port as a string

Returns:

  • (String, nil) 


83
84
85
 
# File 'lib/vault/defaults.rb', line 83

def proxy_port
  ENV["VAULT_PROXY_PORT"]
end

.proxy_usernameString?

The HTTP Proxy server username as a string

Returns:

  • (String, nil) 


71
72
73
 
# File 'lib/vault/defaults.rb', line 71

def proxy_username
  ENV["VAULT_PROXY_USERNAME"]
end

.read_timeoutString?

The number of seconds to wait when reading a response before timing out

Returns:

  • (String, nil) 


89
90
91
 
# File 'lib/vault/defaults.rb', line 89

def read_timeout
  ENV["VAULT_READ_TIMEOUT"]
end

.ssl_ca_certString?

The path to the CA cert on disk to use for certificate verification

Returns:

  • (String, nil) 


123
124
125
 
# File 'lib/vault/defaults.rb', line 123

def ssl_ca_cert
  ENV["VAULT_CACERT"]
end

.ssl_ca_pathString?

The path to the directory on disk holding CA certs to use for certificate verification

Returns:

  • (String, nil) 


136
137
138
 
# File 'lib/vault/defaults.rb', line 136

def ssl_ca_path
  ENV["VAULT_CAPATH"]
end

.ssl_cert_storeOpenSSL::X509::Store?

The CA cert store to use for certificate verification

Returns:

  • (OpenSSL::X509::Store, nil) 


129
130
131
 
# File 'lib/vault/defaults.rb', line 129

def ssl_cert_store
  nil
end

.ssl_ciphersString

The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing

Returns:

  • (String) 


97
98
99
 
# File 'lib/vault/defaults.rb', line 97

def ssl_ciphers
  ENV["VAULT_SSL_CIPHERS"] || SSL_CIPHERS
end

.ssl_pem_contentsString?

The raw contents (as a string) for the pem file. To specify the path to the pem file, use #ssl_pem_file instead. This value is preferred over the value for #ssl_pem_file, if set.

Returns:

  • (String, nil) 


105
106
107
 
# File 'lib/vault/defaults.rb', line 105

def ssl_pem_contents
  ENV["VAULT_SSL_PEM_CONTENTS"]
end

.ssl_pem_fileString?

The path to a pem on disk to use with custom SSL verification

Returns:

  • (String, nil) 


111
112
113
 
# File 'lib/vault/defaults.rb', line 111

def ssl_pem_file
  ENV["VAULT_SSL_CERT"] || ENV["VAULT_SSL_PEM_FILE"]
end

.ssl_pem_passphraseString?

Passphrase to the pem file on disk to use with custom SSL verification

Returns:

  • (String, nil) 


117
118
119
 
# File 'lib/vault/defaults.rb', line 117

def ssl_pem_passphrase
  ENV["VAULT_SSL_CERT_PASSPHRASE"]
end

.ssl_timeoutString?

The number of seconds to wait for connecting and verifying SSL

Returns:

  • (String, nil) 


157
158
159
 
# File 'lib/vault/defaults.rb', line 157

def ssl_timeout
  ENV["VAULT_SSL_TIMEOUT"]
end

.ssl_verifytrue, false

Verify SSL requests (default: true)

Returns:

  • (true, false) 


142
143
144
145
146
147
148
149
150
151
152
153
 
# File 'lib/vault/defaults.rb', line 142

def ssl_verify
  # Vault CLI uses this envvar, so accept it by precedence
  if !ENV["VAULT_SKIP_VERIFY"].nil?
    return false
  end

  if ENV["VAULT_SSL_VERIFY"].nil?
    true
  else
    %w[t y].include?(ENV["VAULT_SSL_VERIFY"].downcase[0])
  end
end

.timeoutString?

A default meta-attribute to set all timeout values - individually set timeout values will take precedence

Returns:

  • (String, nil) 


164
165
166
 
# File 'lib/vault/defaults.rb', line 164

def timeout
  ENV["VAULT_TIMEOUT"]
end

.tokenString?

The vault token to use for authentiation.

Returns:

  • (String, nil) 


44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/vault/defaults.rb', line 44

def token
  if !ENV["VAULT_TOKEN"].nil?
    return ENV["VAULT_TOKEN"]
  end

  if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable?
    return VAULT_DISK_TOKEN.read.chomp
  end

  nil
end