Project

vault_api

0.0
No release in over 3 years
Ruby Client for the Vault Gem
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
 Dependencies
 Project Readme

VaultApi

A ruby wrapper for the Vault gem.

Installation

Add this line to your application's Gemfile:

gem 'vault_api'

And then execute:

$ bundle

Or install it yourself as:

$ gem build vault_api.gemspec
$ gem install 'vault_api'

Usage

Configuration

Before you can make calls to VaultApi you must configure the library with a valid api_token or user/password. You can request a token be generated by VaultApi.

There are two ways to configure the gem. You can pass a hash of configuration options when you create a client, or you can use a configure block.

I) Passing hash of configuration.

For admin user

client = VaultApi.client({
  address: 'VAULT_SERVER_ADDRESS',
  token:   'VAULT_TOKEN',
  env:     'ENVIRONMENT'
})

For normal user

client = VaultApi.client({
  address:  'VAULT_SERVER_ADDRESS',
  user:     'VAULT_USER_NAME',
  password: 'VAULT_PASSWORD',
  env:      'ENVIRONMENT'
})

II) Using a configure block

For admin user

VaultApi.configure do |config|
  config.address = 'VAULT_SERVER_ADDRESS'
  config.token   = 'VAULT_TOKEN'
  config.env     = 'ENVIRONMENT'
end
client = VaultApi.client

For normal user

VaultApi.configure do |config|
  config.address  = 'VAULT_SERVER_ADDRESS'
  config.user     = 'VAULT_USER_NAME'
  config.password = 'VAULT_PASSWORD'
  config.env      = 'ENVIRONMENT'
end
client = VaultApi.client

Limitations in Configuration

To configure Vault as a root user, you must specify 'token' parameter in configuration and do not specify 'user' and 'password' parameters.

To configure Vault as a normal user, you must specify 'user' and 'password' parameters in configuration not do not specify 'token' parameter.

If you specify both i.e. 'token' and 'user-password' configurations then 'user-password' would be prefered over 'token' configuration. Still vault-api may not behave as expected.

Example calls

1. Secrets
i) Add a secret file.
client.add_secret("path/to/secret/file/secret_file_name.yml")
ii) Upload secret files.
client.upload_secrets("path/to/secrets/folder")
iii) Get a secret file.
client.read_secret('secret_file_name')
iv) Get secrets.
client.secrets
v) Delete a secret.
client.delete_secret('secret_file_name')
2. Policies
i) Add a policy.
client.create_policy('user', 'policy_path', ['capability_1', 'capability_2'])
ii) Get a policy.
client.read_policy('user')
iii) Update a policy.
client.update_policy('user', 'policy_path', ['capability_3'])
iv) Delete a policy
client.delete_policy('user')
3. Entries CRUD.
i) Add an entry.
client.add_entry('secret_name', 'key', 'value')
ii) Get an entry.
client.read_entry('secret_name', 'key')
iii) Update an entry.
client.update_entry('secret_name', 'key', 'value')
iv) Delete an entry.
client.delete_entry('secret_name', 'key')
4. Clone Entries.
i) Clone an entry to single target user.
client.clone_entry('secret_name', 'key', 'target_username')
ii) Clone multiple entries to single target user.
client.clone_entry('secret_name', ['key1', 'key2'], 'target_username')
iii) Clone all entries to single target user.
client.clone_entry('secret_name', 'all', 'target_username')
iv) Clone an entry to multiple target users.
client.clone_entry('secret_name', 'key', ['target_username1', 'target_username2'])
v) Clone multiple entries to multiple target users.
client.clone_entry('secret_name', ['key1', 'key2'], ['target_username1', 'target_username2'])
vi) Clone all entries to multiple target users.
client.clone_entry('secret_name', 'all', ['target_username1', 'target_username2'])
vii) Clone an entry to all target users.
client.clone_entry('secret_name', 'key', 'all')
viii) Clone multiple entries to all target users.
client.clone_entry('secret_name', ['key1', 'key2'], 'all')
ix) Clone all entries to all target users.
client.clone_entry('secret_name', 'all', 'all')

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request