Module: Vault::Defaults
- Defined in:
- lib/vault/defaults.rb
Constant Summary collapse
- VAULT_ADDRESS =
The default vault address.
"https://127.0.0.1:8200".freeze
- VAULT_DISK_TOKEN =
The path to the vault token on disk.
Pathname.new("#{ENV["HOME"]}/.vault-token")..freeze
- SSL_CIPHERS =
The list of SSL ciphers to allow. You should not change this value unless you absolutely know what you are doing!
"TLSv1.2:!aNULL:!eNULL".freeze
- RETRY_ATTEMPTS =
The default number of attempts.
2
- RETRY_BASE =
The default backoff interval.
0.05
- RETRY_MAX_WAIT =
The maximum amount of time for a single exponential backoff to sleep.
2.0
- DEFAULT_POOL_SIZE =
The default size of the connection pool
16
Class Method Summary collapse
-
.address ⇒ String
The address to communicate with Vault.
-
.hostname ⇒ String?
The SNI host to use when connecting to Vault via TLS.
-
.open_timeout ⇒ String?
The number of seconds to wait when trying to open a connection before timing out.
-
.options ⇒ Hash
The list of calculated options for this configurable.
-
.pool_size ⇒ Object
The size of the connection pool to communicate with Vault.
-
.proxy_address ⇒ String?
The HTTP Proxy server address as a string.
-
.proxy_password ⇒ String?
The HTTP Proxy user password as a string.
-
.proxy_port ⇒ String?
The HTTP Proxy server port as a string.
-
.proxy_username ⇒ String?
The HTTP Proxy server username as a string.
-
.read_timeout ⇒ String?
The number of seconds to wait when reading a response before timing out.
-
.ssl_ca_cert ⇒ String?
The path to the CA cert on disk to use for certificate verification.
-
.ssl_ca_path ⇒ String?
The path to the directory on disk holding CA certs to use for certificate verification.
-
.ssl_cert_store ⇒ OpenSSL::X509::Store?
The CA cert store to use for certificate verification.
-
.ssl_ciphers ⇒ String
The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing.
-
.ssl_pem_contents ⇒ String?
The raw contents (as a string) for the pem file.
-
.ssl_pem_file ⇒ String?
The path to a pem on disk to use with custom SSL verification.
-
.ssl_pem_passphrase ⇒ String?
Passphrase to the pem file on disk to use with custom SSL verification.
-
.ssl_timeout ⇒ String?
The number of seconds to wait for connecting and verifying SSL.
-
.ssl_verify ⇒ true, false
Verify SSL requests (default: true).
-
.timeout ⇒ String?
A default meta-attribute to set all timeout values - individually set timeout values will take precedence.
-
.token ⇒ String?
The vault token to use for authentiation.
Class Method Details
.address ⇒ String
The address to communicate with Vault.
41 42 43 |
# File 'lib/vault/defaults.rb', line 41 def address ENV["VAULT_ADDR"] || VAULT_ADDRESS end |
.hostname ⇒ String?
The SNI host to use when connecting to Vault via TLS.
61 62 63 |
# File 'lib/vault/defaults.rb', line 61 def hostname ENV["VAULT_TLS_SERVER_NAME"] end |
.open_timeout ⇒ String?
The number of seconds to wait when trying to open a connection before timing out
68 69 70 |
# File 'lib/vault/defaults.rb', line 68 def open_timeout ENV["VAULT_OPEN_TIMEOUT"] end |
.options ⇒ Hash
The list of calculated options for this configurable.
35 36 37 |
# File 'lib/vault/defaults.rb', line 35 def Hash[*Configurable.keys.map { |key| [key, public_send(key)] }.flatten] end |
.pool_size ⇒ Object
The size of the connection pool to communicate with Vault
74 75 76 77 78 79 80 |
# File 'lib/vault/defaults.rb', line 74 def pool_size if var = ENV["VAULT_POOL_SIZE"] return var.to_i else DEFAULT_POOL_SIZE end end |
.proxy_address ⇒ String?
The HTTP Proxy server address as a string
84 85 86 |
# File 'lib/vault/defaults.rb', line 84 def proxy_address ENV["VAULT_PROXY_ADDRESS"] end |
.proxy_password ⇒ String?
The HTTP Proxy user password as a string
96 97 98 |
# File 'lib/vault/defaults.rb', line 96 def proxy_password ENV["VAULT_PROXY_PASSWORD"] end |
.proxy_port ⇒ String?
The HTTP Proxy server port as a string
102 103 104 |
# File 'lib/vault/defaults.rb', line 102 def proxy_port ENV["VAULT_PROXY_PORT"] end |
.proxy_username ⇒ String?
The HTTP Proxy server username as a string
90 91 92 |
# File 'lib/vault/defaults.rb', line 90 def proxy_username ENV["VAULT_PROXY_USERNAME"] end |
.read_timeout ⇒ String?
The number of seconds to wait when reading a response before timing out
108 109 110 |
# File 'lib/vault/defaults.rb', line 108 def read_timeout ENV["VAULT_READ_TIMEOUT"] end |
.ssl_ca_cert ⇒ String?
The path to the CA cert on disk to use for certificate verification
142 143 144 |
# File 'lib/vault/defaults.rb', line 142 def ssl_ca_cert ENV["VAULT_CACERT"] end |
.ssl_ca_path ⇒ String?
The path to the directory on disk holding CA certs to use for certificate verification
155 156 157 |
# File 'lib/vault/defaults.rb', line 155 def ssl_ca_path ENV["VAULT_CAPATH"] end |
.ssl_cert_store ⇒ OpenSSL::X509::Store?
The CA cert store to use for certificate verification
148 149 150 |
# File 'lib/vault/defaults.rb', line 148 def ssl_cert_store nil end |
.ssl_ciphers ⇒ String
The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing
116 117 118 |
# File 'lib/vault/defaults.rb', line 116 def ssl_ciphers ENV["VAULT_SSL_CIPHERS"] || SSL_CIPHERS end |
.ssl_pem_contents ⇒ String?
The raw contents (as a string) for the pem file. To specify the path to the pem file, use #ssl_pem_file instead. This value is preferred over the value for #ssl_pem_file, if set.
124 125 126 |
# File 'lib/vault/defaults.rb', line 124 def ssl_pem_contents ENV["VAULT_SSL_PEM_CONTENTS"] end |
.ssl_pem_file ⇒ String?
The path to a pem on disk to use with custom SSL verification
130 131 132 |
# File 'lib/vault/defaults.rb', line 130 def ssl_pem_file ENV["VAULT_SSL_CERT"] || ENV["VAULT_SSL_PEM_FILE"] end |
.ssl_pem_passphrase ⇒ String?
Passphrase to the pem file on disk to use with custom SSL verification
136 137 138 |
# File 'lib/vault/defaults.rb', line 136 def ssl_pem_passphrase ENV["VAULT_SSL_CERT_PASSPHRASE"] end |
.ssl_timeout ⇒ String?
The number of seconds to wait for connecting and verifying SSL
176 177 178 |
# File 'lib/vault/defaults.rb', line 176 def ssl_timeout ENV["VAULT_SSL_TIMEOUT"] end |
.ssl_verify ⇒ true, false
Verify SSL requests (default: true)
161 162 163 164 165 166 167 168 169 170 171 172 |
# File 'lib/vault/defaults.rb', line 161 def ssl_verify # Vault CLI uses this envvar, so accept it by precedence if !ENV["VAULT_SKIP_VERIFY"].nil? return false end if ENV["VAULT_SSL_VERIFY"].nil? true else %w[t y].include?(ENV["VAULT_SSL_VERIFY"].downcase[0]) end end |
.timeout ⇒ String?
A default meta-attribute to set all timeout values - individually set timeout values will take precedence
183 184 185 |
# File 'lib/vault/defaults.rb', line 183 def timeout ENV["VAULT_TIMEOUT"] end |
.token ⇒ String?
The vault token to use for authentiation.
47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/vault/defaults.rb', line 47 def token if !ENV["VAULT_TOKEN"].nil? return ENV["VAULT_TOKEN"] end if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable? return VAULT_DISK_TOKEN.read.chomp end nil end |