VaultApi
A ruby wrapper for the Vault gem.
Installation
Add this line to your application's Gemfile:
gem 'vault_api'
And then execute:
$ bundle
Or install it yourself as:
$ gem build vault_api.gemspec
$ gem install 'vault_api'
Usage
Configuration
Before you can make calls to VaultApi you must configure the library with a valid api_token or user/password. You can request a token be generated by VaultApi.
There are two ways to configure the gem. You can pass a hash of configuration options when you create a client, or you can use a configure block.
I) Passing hash of configuration.
For admin user
client = VaultApi.client({
address: 'VAULT_SERVER_ADDRESS',
token: 'VAULT_TOKEN',
env: 'ENVIRONMENT'
})
For normal user
client = VaultApi.client({
address: 'VAULT_SERVER_ADDRESS',
user: 'VAULT_USER_NAME',
password: 'VAULT_PASSWORD',
env: 'ENVIRONMENT'
})
II) Using a configure block
For admin user
VaultApi.configure do |config|
config.address = 'VAULT_SERVER_ADDRESS'
config.token = 'VAULT_TOKEN'
config.env = 'ENVIRONMENT'
end
client = VaultApi.client
For normal user
VaultApi.configure do |config|
config.address = 'VAULT_SERVER_ADDRESS'
config.user = 'VAULT_USER_NAME'
config.password = 'VAULT_PASSWORD'
config.env = 'ENVIRONMENT'
end
client = VaultApi.client
Limitations in Configuration
To configure Vault as a root user, you must specify 'token' parameter in configuration and do not specify 'user' and 'password' parameters.
To configure Vault as a normal user, you must specify 'user' and 'password' parameters in configuration not do not specify 'token' parameter.
If you specify both i.e. 'token' and 'user-password' configurations then 'user-password' would be prefered over 'token' configuration. Still vault-api may not behave as expected.
Example calls
1. Secrets
i) Add a secret file.
client.add_secret("path/to/secret/file/secret_file_name.yml")
ii) Upload secret files.
client.upload_secrets("path/to/secrets/folder")
iii) Get a secret file.
client.read_secret('secret_file_name')
iv) Get secrets.
client.secrets
v) Delete a secret.
client.delete_secret('secret_file_name')
2. Policies
i) Add a policy.
client.create_policy('user', 'policy_path', ['capability_1', 'capability_2'])
ii) Get a policy.
client.read_policy('user')
iii) Update a policy.
client.update_policy('user', 'policy_path', ['capability_3'])
iv) Delete a policy
client.delete_policy('user')
3. Entries CRUD.
i) Add an entry.
client.add_entry('secret_name', 'key', 'value')
ii) Get an entry.
client.read_entry('secret_name', 'key')
iii) Update an entry.
client.update_entry('secret_name', 'key', 'value')
iv) Delete an entry.
client.delete_entry('secret_name', 'key')
4. Clone Entries.
i) Clone an entry to single target user.
client.clone_entry('secret_name', 'key', 'target_username')
ii) Clone multiple entries to single target user.
client.clone_entry('secret_name', ['key1', 'key2'], 'target_username')
iii) Clone all entries to single target user.
client.clone_entry('secret_name', 'all', 'target_username')
iv) Clone an entry to multiple target users.
client.clone_entry('secret_name', 'key', ['target_username1', 'target_username2'])
v) Clone multiple entries to multiple target users.
client.clone_entry('secret_name', ['key1', 'key2'], ['target_username1', 'target_username2'])
vi) Clone all entries to multiple target users.
client.clone_entry('secret_name', 'all', ['target_username1', 'target_username2'])
vii) Clone an entry to all target users.
client.clone_entry('secret_name', 'key', 'all')
viii) Clone multiple entries to all target users.
client.clone_entry('secret_name', ['key1', 'key2'], 'all')
ix) Clone all entries to all target users.
client.clone_entry('secret_name', 'all', 'all')
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request