Skip to contents

Vault Secret Configuration

Vault Secret Configuration

Details

Interact with vault's secret backends.

Super class

vaultr::vault_client_object -> vault_client_secrets

Public fields

cubbyhole

The cubbyhole backend: vault_client_cubbyhole

kv1

The version 1 key-value backend: vault_client_kv1

kv2

The version 2 key-value backend: vault_client_kv2

transit

The transit backend: vault_client_transit

Methods

Inherited methods


Method new()

Create a vault_client_secrets object. Not typically called by users.

Usage

vault_client_secrets$new(api_client)

Arguments

api_client

A vault_api_client object


Method disable()

Disable a previously-enabled secret engine

Usage

vault_client_secrets$disable(path)

Arguments

path

Path of the secret engine


Method enable()

Enable a secret backend in the vault server

Usage

vault_client_secrets$enable(
  type,
  path = type,
  description = NULL,
  version = NULL
)

Arguments

type

The type of secret backend (e.g., transit, kv).

path

Specifies the path in which to enable the auth method. Defaults to be the same as type.

description

Human-friendly description of the backend; will be returned by $list()

version

Used only for the kv backend, where an integer is used to select between vault_client_kv1 and vault_client_kv2 engines.


Method list()

List enabled secret engines

Usage

vault_client_secrets$list(detailed = FALSE)

Arguments

detailed

Logical, indicating if detailed output is wanted.


Method move()

Move the path that a secret engine is mounted at

Usage

vault_client_secrets$move(from, to)

Arguments

from

Original path

to

New path

Examples


server <- vaultr::vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
#> ...waiting for Vault to start
if (!is.null(server)) {
  client <- server$client()

  # To remove the default version 1 kv store and replace with a
  # version 2 store:
  client$secrets$disable("/secret")
  client$secrets$enable("kv", "/secret", version = 2)

  # cleanup
  server$kill()
}