Skip to contents

Interact with HashiCorp’s vault, to securely use secrets from R. This package wraps the vault http API to allow secrets to be accessed from R. Secrets might be passwords, tokens, certificates or any other sensitive data.

  • Authenticate with several different providers (token, username and password, GitHub, LDAP, and “approle”)
  • Read and write secrets into vault using its key-value stores (version 1 or 2), cubbyhole and in-transit “encryption-as-a-service”
  • Inspect and work with vault tokens
  • Read, write and update vault policies
  • Allows a degree of access to operator maintenance
  • Work with vault’s audit devices

Usage

Create a vault client with the vault_client function:

vault <- vaultr::vault_client(login = TRUE)
## Verifying token

Interact with vault using this object:

vault$list("secret/database")
## [1] "admin"    "readonly"

and read secrets with

vault$read("secret/database/admin")
## $value
## [1] "s3cret"
vault$read("secret/database/readonly", field = "value")
## [1] "passw0rd"

or set secrets with

vault$write("secret/webserver", list(password = "horsestaple"))
vault$read("secret/webserver")

or delete secrets with

vault$delete("/secret/database/readonly")

Installation

Install vaultr from CRAN with

To install our internally released version (which might be ahead of CRAN) via r-universe, use

install.packages(
  "vaultr",
  repos = c("https://vimc.r-universe.dev", "https://cloud.r-project.org"))

or install the bleeding edge with

remotes::install_gitub("vimc/vaultr", upgrade = FALSE)

License

MIT © Imperial College of Science, Technology and Medicine