vault_api_client: Vault Low-Level Client

In vaultr: Vault Client for Secrets and Sensitive Data

Vault Low-Level Client

Description

Vault Low-Level Client

Vault Low-Level Client

Details

Low-level API client. This can be used to directly communicate with the vault server. This object will primarily be useful for debugging, testing or developing new vault methods, but is nonetheless described here.

Super class

vaultr::vault_client_object -> vault_api_client

Public fields

addr

The vault address (with protocol, hostname and port)

base_url

The base url (with protocol, hostname, port and api version path)

tls_config

Information used in TLS config, if used

namespace

The vault namespace, if used

token

The vault token, if authenticated

version

The vault server version, once queried

Methods

Public methods

• vault_api_client$new()

• vault_api_client$request()

• vault_api_client$is_authenticated()

• vault_api_client$set_token()

• vault_api_client$verify_token()

• vault_api_client$server_version()

• vault_api_client$GET()

• vault_api_client$LIST()

• vault_api_client$POST()

• vault_api_client$PUT()

• vault_api_client$DELETE()

Inherited methods

• vaultr::vault_client_object$format()
• vaultr::vault_client_object$help()

---

Method new()

Create a new api client

Usage

vault_api_client$new(addr = NULL, tls_config = NULL, namespace = NULL)

Arguments

addr

Address of the vault server

tls_config

Optional TLS config

namespace

Optional namespace

---

Method request()

Make a request to the api. Typically you should use one of the higher-level wrappers, such as ⁠$GET⁠ or ⁠$POST⁠.

Usage

vault_api_client$request(verb, path, ..., token = self$token)

Arguments

verb

The HTTP verb to use, as a httr function (e.g., pass httr::GET for a GET request).

path

The request path

...

Additional arguments passed to the httr function

token

Optional token, overriding the client token

---

Method is_authenticated()

Test if the vault client currently holds a vault token. This method does not verify the token - only test that is present.

Usage

vault_api_client$is_authenticated()

---

Method set_token()

Set a token within the client

Usage

vault_api_client$set_token(token, verify = FALSE, quiet = FALSE)

Arguments

token

String, with the new vault client token

verify

Logical, indicating if we should test that the token is valid. If TRUE, then we use ⁠$verify_token()⁠ to test the token before setting it and if it is not valid an error will be thrown and the token not set.

quiet

Logical, if TRUE, then informational messages will be suppressed.

---

Method verify_token()

Test that a token is valid with the vault. This will call vault's ⁠/sys/capabilities-self⁠ endpoint with the token provided and check the ⁠/sys⁠ path.

Usage

vault_api_client$verify_token(token, quiet = TRUE)

Arguments

token

String, with the vault client token to test

quiet

Logical, if TRUE, then informational messages will be suppressed

---

Method server_version()

Retrieve the vault server version. This is by default cached within the client for a session. Will return an R numeric_version object.

Usage

vault_api_client$server_version(refresh = FALSE)

Arguments

refresh

Logical, indicating if the server version information should be refreshed even if known.

---

Method GET()

Send a GET request to the vault server

Usage

vault_api_client$GET(path, ...)

Arguments

path

The server path to use. This is the "interesting" part of the path only, with the server base url and api version information added.

...

Additional httr-compatible options. These will be named parameters or httr "request" objects.

---

Method LIST()

Send a LIST request to the vault server

Usage

vault_api_client$LIST(path, ...)

Arguments

path

The server path to use. This is the "interesting" part of the path only, with the server base url and api version information added.

...

Additional httr-compatible options. These will be named parameters or httr "request" objects.

---

Method POST()

Send a POST request to the vault server

Usage

vault_api_client$POST(path, ...)

Arguments

path

The server path to use. This is the "interesting" part of the path only, with the server base url and api version information added.

...

Additional httr-compatible options. These will be named parameters or httr "request" objects.

---

Method PUT()

Send a PUT request to the vault server

Usage

vault_api_client$PUT(path, ...)

Arguments

path

The server path to use. This is the "interesting" part of the path only, with the server base url and api version information added.

...

Additional httr-compatible options. These will be named parameters or httr "request" objects.

---

Method DELETE()

Send a DELETE request to the vault server

Usage

vault_api_client$DELETE(path, ...)

Arguments

path

The server path to use. This is the "interesting" part of the path only, with the server base url and api version information added.

...

Additional httr-compatible options. These will be named parameters or httr "request" objects.

Examples

server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
  # Ordinarily, we would use the "vault_client" object for
  # high-level access to the vault server
  client <- server$client()
  client$status()

  # The api() method returns the "api client" object:
  api <- client$api()
  api

  # This allows running arbitrary HTTP requests against the server:
  api$GET("/sys/seal-status")

  # this is how vaultr is internally implemented so anything can
  # be done here, for example following vault's API documentation
  # https://www.vaultproject.io/api/secret/kv/kv-v1.html#sample-request-2
  api$POST("/secret/mysecret", body = list(key = "value"))
  api$GET("/secret/mysecret")
  api$DELETE("/secret/mysecret")

  # cleanup
  server$kill()
}

vaultr documentation built on Nov. 9, 2023, 5:07 p.m.