Skip to contents

Key-Value Store (Version 1)

Key-Value Store (Version 1)

Details

Interact with vault's version 1 key-value store. This is useful for storing simple key-value data without versioning or metadata (see vault_client_kv2 for a richer key-value store).

Up to vault version 0.12.0 this was mounted by default at /secret. It can be accessed from vault with either the $read, $write, $list and $delete methods on the main vault_client object or by the $kv1 member of the secrets member of the main vault client (vault_client_secrets)

Super class

vaultr::vault_client_object -> vault_client_kv1

Methods

Inherited methods


Method new()

Create a vault_client_kv1 object. Not typically called by users.

Usage

vault_client_kv1$new(api_client, mount)

Arguments

api_client

A vault_api_client object

mount

Mount point for the backend


Method custom_mount()

Set up a vault_client_kv1 object at a custom mount. For example, suppose you mounted another copy of the kv1 secret backend at /secret2 you might use kv <- vault$secrets$kv1$custom_mount("/secret2") - this pattern is repeated for other secret and authentication backends.

Usage

vault_client_kv1$custom_mount(mount)

Arguments

mount

String, indicating the path that the engine is mounted at.


Method read()

Read a value from the vault. This can be used to read any value that you have permission to read in this store.

Usage

vault_client_kv1$read(path, field = NULL, metadata = FALSE)

Arguments

path

Path for the secret to read, such as /secret/mysecret

field

Optional field to read from the secret. Each secret is stored as a key/value set (represented in R as a named list) and this is equivalent to using [[field]] on the return value. The default, NULL, returns the full set of values.

metadata

Logical, indicating if we should return metadata for this secret (lease information etc) as an attribute along with the values itself. Ignored if field is specified.


Method write()

Write data into the vault. This can be used to write any value that you have permission to write in this store.

Usage

vault_client_kv1$write(path, data)

Arguments

path

Path for the secret to write, such as /secret/mysecret

data

A named list of values to write into the vault at this path. This replaces any existing values.


Method list()

List data in the vault at a give path. This can be used to list keys, etc (e.g., at /secret).

Usage

vault_client_kv1$list(path, full_names = FALSE)

Arguments

path

The path to list

full_names

Logical, indicating if full paths (relative to the vault root) should be returned.

value

A character vector (of zero length if no keys are found). Paths that are "directories" (i.e., that contain keys and could themselves be listed) will be returned with a trailing forward slash, e.g. path/


Method delete()

Delete a value from the vault

Usage

vault_client_kv1$delete(path)

Arguments

path

The path to delete

Examples


server <- vaultr::vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
#> ...waiting for Vault to start
if (!is.null(server)) {
  client <- server$client()

  # Write secrets
  client$secrets$kv1$write("/secret/path/mysecret", list(key = "value"))

  # List secrets - note the trailing "/" indicates a folder
  client$secrets$kv1$list("/secret")
  client$secrets$kv1$list("/secret/path")

  # Read secrets
  client$secrets$kv1$read("/secret/path/mysecret")
  client$secrets$kv1$read("/secret/path/mysecret", field = "key")

  # Delete secrets
  client$secrets$kv1$delete("/secret/path/mysecret")
  client$secrets$kv1$read("/secret/path/mysecret")

  # cleanup
  server$kill()
}