Key-Value Store (Version 1)
Key-Value Store (Version 1)
Details
Interact with vault's version 1 key-value store. This is useful for storing simple key-value data without versioning or metadata (see vault_client_kv2 for a richer key-value store).
Up to vault version 0.12.0 this was mounted by default at
/secret
. It can be accessed from vault with either the $read
,
$write
, $list
and $delete
methods on the main
vault_client object or by the $kv1
member of the
secrets
member of the main vault client
(vault_client_secrets)
Super class
vaultr::vault_client_object
-> vault_client_kv1
Methods
Inherited methods
Method new()
Create a vault_client_kv1
object. Not typically
called by users.
Usage
vault_client_kv1$new(api_client, mount)
Arguments
api_client
A vault_api_client object
mount
Mount point for the backend
Method custom_mount()
Set up a vault_client_kv1
object at a custom
mount. For example, suppose you mounted another copy of the
kv1
secret backend at /secret2
you might use kv <- vault$secrets$kv1$custom_mount("/secret2")
- this pattern is
repeated for other secret and authentication backends.
Method read()
Read a value from the vault. This can be used to read any value that you have permission to read in this store.
Arguments
path
Path for the secret to read, such as
/secret/mysecret
field
Optional field to read from the secret. Each secret is stored as a key/value set (represented in R as a named list) and this is equivalent to using
[[field]]
on the return value. The default,NULL
, returns the full set of values.metadata
Logical, indicating if we should return metadata for this secret (lease information etc) as an attribute along with the values itself. Ignored if
field
is specified.
Method write()
Write data into the vault. This can be used to write any value that you have permission to write in this store.
Method list()
List data in the vault at a give path. This can
be used to list keys, etc (e.g., at /secret
).
Arguments
path
The path to list
full_names
Logical, indicating if full paths (relative to the vault root) should be returned.
value
A character vector (of zero length if no keys are found). Paths that are "directories" (i.e., that contain keys and could themselves be listed) will be returned with a trailing forward slash, e.g.
path/
Examples
server <- vaultr::vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
#> ...waiting for Vault to start
if (!is.null(server)) {
client <- server$client()
# Write secrets
client$secrets$kv1$write("/secret/path/mysecret", list(key = "value"))
# List secrets - note the trailing "/" indicates a folder
client$secrets$kv1$list("/secret")
client$secrets$kv1$list("/secret/path")
# Read secrets
client$secrets$kv1$read("/secret/path/mysecret")
client$secrets$kv1$read("/secret/path/mysecret", field = "key")
# Delete secrets
client$secrets$kv1$delete("/secret/path/mysecret")
client$secrets$kv1$read("/secret/path/mysecret")
# cleanup
server$kill()
}