Skip to contents

Vault Tools

Vault Tools

Details

Interact with vault's cryptographic tools. This provides support for high-quality random numbers and cryptographic hashes. This functionality is also available through the transit secret engine.

Super class

vaultr::vault_client_object -> vault_client_tools

Methods

Inherited methods


Method new()

Create a vault_client_tools object. Not typically called by users.

Usage

vault_client_tools$new(api_client)

Arguments

api_client

A vault_api_client object


Method random()

Generates high-quality random bytes of the specified length. This is totally independent of R's random number stream and provides random numbers suitable for cryptographic purposes.

Usage

vault_client_tools$random(bytes = 32, format = "hex")

Arguments

bytes

Number of bytes to generate (as an integer)

format

The output format to produce; must be one of hex (a single hex string such as d1189e2f83b72ab6), base64 (a single base64 encoded string such as 8TDJekY0mYs=) or raw (a raw vector of length bytes).


Method hash()

Generates a cryptographic hash of given data using the specified algorithm.

Usage

vault_client_tools$hash(data, algorithm = NULL, format = "hex")

Arguments

data

A raw vector of data to hash. To generate a raw vector from an R object, one option is to use unserialize(x, NULL) but be aware that version information may be included. Alternatively, for a string, one might use charToRaw.

algorithm

A string indicating the hash algorithm to use. The exact set of supported algorithms may depend by vault server version, but as of version 1.0.0 vault supports sha2-224, sha2-256, sha2-384 and sha2-512. The default is sha2-256.

format

The format of the output - must be one of hex or base64.

Examples

server <- vaultr::vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
#> ...waiting for Vault to start
if (!is.null(server)) {
  client <- server$client()

  # Random bytes in hex
  client$tools$random()
  # base64
  client$tools$random(format = "base64")
  # raw
  client$tools$random(10, format = "raw")

  # Hash data:
  data <- charToRaw("hello vault")
  # will produce 55e702...92efd40c2a4
  client$tools$hash(data)

  # sha2-512 hash:
  client$tools$hash(data, "sha2-512")

  # cleanup
  server$kill()
}