Skip to contents

Vault Audit Devices

Vault Audit Devices

Details

Interact with vault's audit devices. For more details, see https://developer.hashicorp.com/vault/docs/audit

Super class

vaultr::vault_client_object -> vault_client_audit

Methods

Inherited methods


Method new()

Create an audit object

Usage

vault_client_audit$new(api_client)

Arguments

api_client

a vault_api_client object


Method list()

List active audit devices. Returns a data.frame of names, paths and descriptions of active audit devices.

Usage

vault_client_audit$list()


Method enable()

This endpoint enables a new audit device at the supplied path.

Usage

vault_client_audit$enable(
  type,
  description = NULL,
  options = NULL,
  path = NULL
)

Arguments

type

Name of the audit device to enable

description

Human readable description for this audit device

options

Options to configure the device with. These vary by device. This must be a named list of strings.

path

Path to mount the audit device. By default, type is used as the path.


Method disable()

Disable an audit device

Usage

vault_client_audit$disable(path)

Arguments

path

Path of the audit device to remove


Method hash()

The hash method is used to calculate the hash of the data used by an audit device's hash function and salt. This can be used to search audit logs for a hashed value when the original value is known.

Usage

vault_client_audit$hash(input, device)

Arguments

input

The input string to hash

device

The path of the audit device

Examples

server <- vaultr::vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
#> ...waiting for Vault to start
if (!is.null(server)) {
  client <- server$client()
  # By default no audit engines are enabled with the testing server
  client$audit$list()

  # Create a file-based audit device on a temporary file:
  path <- tempfile()
  client$audit$enable("file", options = list(file_path = path))
  client$audit$list()

  # Generate some activity on the server:
  client$write("/secret/mysecret", list(key = "value"))

  # The audit logs contain details about the activity - see the
  # vault documentation for details in interpreting this
  readLines(path)

  # cleanup
  server$kill()
  unlink(path)
}