Skip to contents

Cubbyhole secret store

Cubbyhole secret store

Details

Interact with vault's cubbyhole key-value store. This is useful for storing simple key-value data without versioning or metadata (c.f. vault_client_kv2) that is scoped to your current token only and not accessible to anyone else. For more details please see the vault documentation https://developer.hashicorp.com/vault/docs/secrets/cubbyhole

Super class

vaultr::vault_client_object -> vault_client_cubbyhole

Methods

Inherited methods


Method new()

Create a vault_client_cubbyhole object. Not typically called by users.

Usage

vault_client_cubbyhole$new(api_client)

Arguments

api_client

A vault_api_client object


Method read()

Read a value from your cubbyhole

Usage

vault_client_cubbyhole$read(path, field = NULL, metadata = FALSE)

Arguments

path

Path for the secret to read, such as /cubbyhole/mysecret

field

Optional field to read from the secret. Each secret is stored as a key/value set (represented in R as a named list) and this is equivalent to using [[field]] on the return value. The default, NULL, returns the full set of values.

metadata

Logical, indicating if we should return metadata for this secret (lease information etc) as an attribute along with the values itself. Ignored if field is specified.


Method write()

Write data into your cubbyhole.

Usage

vault_client_cubbyhole$write(path, data)

Arguments

path

Path for the secret to write, such as /cubbyhole/mysecret

data

A named list of values to write into the vault at this path. This replaces any existing values.


Method list()

List data in the vault at a give path. This can be used to list keys, etc (e.g., at /cubbyhole).

Usage

vault_client_cubbyhole$list(path, full_names = FALSE)

Arguments

path

The path to list

full_names

Logical, indicating if full paths (relative to the vault root) should be returned.

value

A character vector (of zero length if no keys are found). Paths that are "directories" (i.e., that contain keys and could themselves be listed) will be returned with a trailing forward slash, e.g. path/


Method delete()

Delete a value from the vault

Usage

vault_client_cubbyhole$delete(path)

Arguments

path

The path to delete

Examples


server <- vaultr::vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
#> ...waiting for Vault to start
if (!is.null(server)) {
  client <- server$client()

  # Shorter path for easier reading:
  cubbyhole <- client$secrets$cubbyhole
  cubbyhole

  # Write a value
  cubbyhole$write("cubbyhole/secret", list(key = "value"))
  # List it
  cubbyhole$list("cubbyhole")
  # Read it
  cubbyhole$read("cubbyhole/secret")
  # Delete it
  cubbyhole$delete("cubbyhole/secret")

  # cleanup
  server$kill()
}