Module: Vault::Defaults

Defined in:

lib/vault/defaults.rb

Constant Summary

VAULT_ADDRESS =

The default vault address.

Returns:

• (String)

"https://127.0.0.1:8200".freeze

VAULT_DISK_TOKEN =

The path to the vault token on disk.

Returns:

• (String)

Pathname.new("#{ENV["HOME"]}/.vault-token").expand_path.freeze

SSL_CIPHERS =

The list of SSL ciphers to allow. You should not change this value unless you absolutely know what you are doing!

Returns:

• (String)

"TLSv1.2:!aNULL:!eNULL".freeze

RETRY_ATTEMPTS =

The default number of attempts.

Returns:

• (Fixnum)

2

RETRY_BASE =

The default backoff interval.

Returns:

• (Fixnum)

0.05

RETRY_MAX_WAIT =

The maximum amount of time for a single exponential backoff to sleep.

2.0

DEFAULT_POOL_SIZE =

The default size of the connection pool

16

Class Method Summary

• .address ⇒ String

  The address to communicate with Vault.

• .hostname ⇒ String^?

  The SNI host to use when connecting to Vault via TLS.

• .open_timeout ⇒ String^?

  The number of seconds to wait when trying to open a connection before timing out.

• .options ⇒ Hash

  The list of calculated options for this configurable.

• .pool_size ⇒ Object

  The size of the connection pool to communicate with Vault.

• .proxy_address ⇒ String^?

  The HTTP Proxy server address as a string.

• .proxy_password ⇒ String^?

  The HTTP Proxy user password as a string.

• .proxy_port ⇒ String^?

  The HTTP Proxy server port as a string.

• .proxy_username ⇒ String^?

  The HTTP Proxy server username as a string.

• .read_timeout ⇒ String^?

  The number of seconds to wait when reading a response before timing out.

• .ssl_ca_cert ⇒ String^?

  The path to the CA cert on disk to use for certificate verification.

• .ssl_ca_path ⇒ String^?

  The path to the directory on disk holding CA certs to use for certificate verification.

• .ssl_cert_store ⇒ OpenSSL::X509::Store^?

  The CA cert store to use for certificate verification.

• .ssl_ciphers ⇒ String

  The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing.

• .ssl_pem_contents ⇒ String^?

  The raw contents (as a string) for the pem file.

• .ssl_pem_file ⇒ String^?

  The path to a pem on disk to use with custom SSL verification.

• .ssl_pem_passphrase ⇒ String^?

  Passphrase to the pem file on disk to use with custom SSL verification.

• .ssl_timeout ⇒ String^?

  The number of seconds to wait for connecting and verifying SSL.

• .ssl_verify ⇒ true, false

  Verify SSL requests (default: true).

• .timeout ⇒ String^?

  A default meta-attribute to set all timeout values - individually set timeout values will take precedence.

• .token ⇒ String^?

  The vault token to use for authentiation.

Class Method Details

.address ⇒ String

The address to communicate with Vault.

Returns:

• (String)

# File 'lib/vault/defaults.rb', line 41

def address
  ENV["VAULT_ADDR"] || VAULT_ADDRESS
end

.hostname ⇒ String^?

The SNI host to use when connecting to Vault via TLS.

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 61

def hostname
  ENV["VAULT_TLS_SERVER_NAME"]
end

.open_timeout ⇒ String^?

The number of seconds to wait when trying to open a connection before timing out

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 68

def open_timeout
  ENV["VAULT_OPEN_TIMEOUT"]
end

.options ⇒ Hash

The list of calculated options for this configurable.

Returns:

• (Hash)

# File 'lib/vault/defaults.rb', line 35

def options
  Hash[*Configurable.keys.map { |key| [key, public_send(key)] }.flatten]
end

.pool_size ⇒ Object

The size of the connection pool to communicate with Vault

Returns:

• Integer

# File 'lib/vault/defaults.rb', line 74

def pool_size
  if var = ENV["VAULT_POOL_SIZE"]
    return var.to_i
  else
    DEFAULT_POOL_SIZE
  end
end

.proxy_address ⇒ String^?

The HTTP Proxy server address as a string

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 84

def proxy_address
  ENV["VAULT_PROXY_ADDRESS"]
end

.proxy_password ⇒ String^?

The HTTP Proxy user password as a string

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 96

def proxy_password
  ENV["VAULT_PROXY_PASSWORD"]
end

.proxy_port ⇒ String^?

The HTTP Proxy server port as a string

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 102

def proxy_port
  ENV["VAULT_PROXY_PORT"]
end

.proxy_username ⇒ String^?

The HTTP Proxy server username as a string

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 90

def proxy_username
  ENV["VAULT_PROXY_USERNAME"]
end

.read_timeout ⇒ String^?

The number of seconds to wait when reading a response before timing out

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 108

def read_timeout
  ENV["VAULT_READ_TIMEOUT"]
end

.ssl_ca_cert ⇒ String^?

The path to the CA cert on disk to use for certificate verification

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 142

def ssl_ca_cert
  ENV["VAULT_CACERT"]
end

.ssl_ca_path ⇒ String^?

The path to the directory on disk holding CA certs to use for certificate verification

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 155

def ssl_ca_path
  ENV["VAULT_CAPATH"]
end

.ssl_cert_store ⇒ OpenSSL::X509::Store^?

The CA cert store to use for certificate verification

Returns:

• (OpenSSL::X509::Store, nil)

# File 'lib/vault/defaults.rb', line 148

def ssl_cert_store
  nil
end

.ssl_ciphers ⇒ String

The ciphers that will be used when communicating with vault over ssl You should only change the defaults if the ciphers are not available on your platform and you know what you are doing

Returns:

• (String)

# File 'lib/vault/defaults.rb', line 116

def ssl_ciphers
  ENV["VAULT_SSL_CIPHERS"] || SSL_CIPHERS
end

.ssl_pem_contents ⇒ String^?

The raw contents (as a string) for the pem file. To specify the path to the pem file, use #ssl_pem_file instead. This value is preferred over the value for #ssl_pem_file, if set.

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 124

def ssl_pem_contents
  ENV["VAULT_SSL_PEM_CONTENTS"]
end

.ssl_pem_file ⇒ String^?

The path to a pem on disk to use with custom SSL verification

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 130

def ssl_pem_file
  ENV["VAULT_SSL_CERT"] || ENV["VAULT_SSL_PEM_FILE"]
end

.ssl_pem_passphrase ⇒ String^?

Passphrase to the pem file on disk to use with custom SSL verification

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 136

def ssl_pem_passphrase
  ENV["VAULT_SSL_CERT_PASSPHRASE"]
end

.ssl_timeout ⇒ String^?

The number of seconds to wait for connecting and verifying SSL

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 176

def ssl_timeout
  ENV["VAULT_SSL_TIMEOUT"]
end

.ssl_verify ⇒ true, false

Verify SSL requests (default: true)

Returns:

• (true, false)

# File 'lib/vault/defaults.rb', line 161

def ssl_verify
  # Vault CLI uses this envvar, so accept it by precedence
  if !ENV["VAULT_SKIP_VERIFY"].nil?
    return false
  end

  if ENV["VAULT_SSL_VERIFY"].nil?
    true
  else
    %w[t y].include?(ENV["VAULT_SSL_VERIFY"].downcase[0])
  end
end

.timeout ⇒ String^?

A default meta-attribute to set all timeout values - individually set timeout values will take precedence

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 183

def timeout
  ENV["VAULT_TIMEOUT"]
end

.token ⇒ String^?

The vault token to use for authentiation.

Returns:

• (String, nil)

# File 'lib/vault/defaults.rb', line 47

def token
  if !ENV["VAULT_TOKEN"].nil?
    return ENV["VAULT_TOKEN"]
  end

  if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable?
    return VAULT_DISK_TOKEN.read.chomp
  end

  nil
end