Vault Low-Level Client
Vault Low-Level Client
Details
Low-level API client. This can be used to directly communicate with the vault server. This object will primarily be useful for debugging, testing or developing new vault methods, but is nonetheless described here.
Super class
vaultr::vault_client_object
-> vault_api_client
Public fields
addr
The vault address (with protocol, hostname and port)
base_url
The base url (with protocol, hostname, port and api version path)
tls_config
Information used in TLS config, if used
namespace
The vault namespace, if used
token
The vault token, if authenticated
version
The vault server version, once queried
Methods
Inherited methods
Method new()
Create a new api client
Usage
vault_api_client$new(addr = NULL, tls_config = NULL, namespace = NULL)
Method request()
Make a request to the api. Typically you should use
one of the higher-level wrappers, such as $GET
or $POST
.
Arguments
verb
The HTTP verb to use, as a
httr
function (e.g., passhttr::GET
for aGET
request).path
The request path
...
Additional arguments passed to the
httr
functiontoken
Optional token, overriding the client token
Method is_authenticated()
Test if the vault client currently holds a vault token. This method does not verify the token - only test that is present.
Method set_token()
Set a token within the client
Arguments
token
String, with the new vault client token
verify
Logical, indicating if we should test that the token is valid. If
TRUE
, then we use$verify_token()
to test the token before setting it and if it is not valid an error will be thrown and the token not set.quiet
Logical, if
TRUE
, then informational messages will be suppressed.
Method verify_token()
Test that a token is valid with the vault.
This will call vault's /sys/capabilities-self
endpoint with the
token provided and check the /sys
path.
Method server_version()
Retrieve the vault server version. This is by default cached within the client for a session. Will return an R numeric_version object.
Examples
server <- vaultr::vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
if (!is.null(server)) {
# Ordinarily, we would use the "vault_client" object for
# high-level access to the vault server
client <- server$client()
client$status()
# The api() method returns the "api client" object:
api <- client$api()
api
# This allows running arbitrary HTTP requests against the server:
api$GET("/sys/seal-status")
# this is how vaultr is internally implemented so anything can
# be done here, for example following vault's API documentation
# https://www.vaultproject.io/api/secret/kv/kv-v1.html#sample-request-2
api$POST("/secret/mysecret", body = list(key = "value"))
api$GET("/secret/mysecret")
api$DELETE("/secret/mysecret")
# cleanup
server$kill()
}