Interact with HashiCorp’s vault, to securely use secrets from R. This package wraps the vault http API to allow secrets to be accessed from R. Secrets might be passwords, tokens, certificates or any other sensitive data.
- Authenticate with several different providers (token, username and password, GitHub, LDAP, and “approle”)
- Read and write secrets into vault using its key-value stores (version 1 or 2), cubbyhole and in-transit “encryption-as-a-service”
- Inspect and work with vault tokens
- Read, write and update vault policies
- Allows a degree of access to operator maintenance
- Work with vault’s audit devices
Usage
Create a vault client with the vault_client
function:
vault <- vaultr::vault_client(login = TRUE)
## Verifying token
Interact with vault using this object:
vault$list("secret/database")
## [1] "admin" "readonly"
and read secrets with
vault$read("secret/database/admin")
## $value
## [1] "s3cret"
vault$read("secret/database/readonly", field = "value")
## [1] "passw0rd"
or set secrets with
vault$write("secret/webserver", list(password = "horsestaple"))
vault$read("secret/webserver")
or delete secrets with
vault$delete("/secret/database/readonly")
Installation
Install vaultr
from CRAN with
install.packages("vaultr")
To install our internally released version (which might be ahead of CRAN) via r-universe, use
install.packages(
"vaultr",
repos = c("https://vimc.r-universe.dev", "https://cloud.r-project.org"))
or install the bleeding edge with
remotes::install_gitub("vimc/vaultr", upgrade = FALSE)