vault_client_auth_github: Vault GitHub Authentication Configuration
In vaultr: Vault Client for Secrets and Sensitive Data
vault_client_auth_github R Documentation
Vault GitHub Authentication Configuration
Description
Vault GitHub Authentication Configuration
Vault GitHub Authentication Configuration
Details
Interact with vault's GitHub authentication backend. For more
details, please see the vault documentation at
https://developer.hashicorp.com/vault/docs/auth/github
Super class
vaultr::vault_client_object -> vault_client_auth_github
Methods
Public methods
-
-
-
-
-
-
-
Inherited methods
Method new()
Create a vault_client_github object. Not typically
called by users.
Usage
vault_client_auth_github$new(api_client, mount)
Arguments
api_clientA vault_api_client object
mountMount point for the backend
Method custom_mount()
Set up a vault_client_auth_github object at a
custom mount. For example, suppose you mounted the github
authentication backend at /github-myorg you might use gh <- vault$auth$github2$custom_mount("/github-myorg") - this
pattern is repeated for other secret and authentication
backends.
Usage
vault_client_auth_github$custom_mount(mount)
Arguments
mountString, indicating the path that the engine is
mounted at.
Method configure()
Configures the connection parameters for
GitHub-based authentication.
Usage
vault_client_auth_github$configure(
organization,
base_url = NULL,
ttl = NULL,
max_ttl = NULL
)
Arguments
organizationThe organization users must be part of
(note American spelling).
base_urlThe API endpoint to
use. Useful if you are running GitHub Enterprise or an
API-compatible authentication server.
ttlDuration after which authentication will be expired
max_ttlMaximum duration after which authentication will
be expired
Method configuration()
Reads the connection parameters for GitHub-based
authentication.
Usage
vault_client_auth_github$configuration()
Method write()
Write a mapping between a GitHub team or user and
a set of vault policies.
Usage
vault_client_auth_github$write(team_name, policies, user = FALSE)
Arguments
team_nameString, with the GitHub team name
policiesA character vector of vault policies that this
user or team will have for vault access if they match this
team or user.
userScalar logical - if TRUE, then team_name is
interpreted as a user instead.
Method read()
Write a mapping between a GitHub team or user and
a set of vault policies.
Usage
vault_client_auth_github$read(team_name, user = FALSE)
Arguments
team_nameString, with the GitHub team name
userScalar logical - if TRUE, then team_name is
interpreted as a user instead.
Method login()
Log into the vault using GitHub authentication.
Normally you would not call this directly but instead use
$login with method = "github" and proving the token
argument. This function returns a vault token but does not
set it as the client token.
Usage
vault_client_auth_github$login(token = NULL)
Arguments
tokenA GitHub token to authenticate with.
Examples
server <- vaultr::vault_test_server(if_disabled = message)
token <- Sys.getenv("VAULT_TEST_AUTH_GITHUB_TOKEN")
if (!is.null(server) && nzchar(token)) {
client <- server$client()
client$auth$enable("github")
# To enable login for members of the organisation "example":
client$auth$github$configure(organization = "example")
# To map members of the "robots" team *within* that organisation
# to the "defaut" policy:
client$auth$github$write("development", "default")
# Once configured like this, if we have a PAT for a member of
# the "development" team saved as an environment variable
# "VAULT_AUTH_GITHUB_TOKEN" then doing
#
# vaultr::vault_client(addr = ..., login = "github")
#
# will contact GitHub to verify the user token and vault will
# then issue a client token
# cleanup
server$kill()
}
vaultr documentation built on Nov. 9, 2023, 5:07 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
| vault_client_auth_github | R Documentation |
Vault GitHub Authentication Configuration
Description
Vault GitHub Authentication Configuration
Vault GitHub Authentication Configuration
Details
Interact with vault's GitHub authentication backend. For more details, please see the vault documentation at https://developer.hashicorp.com/vault/docs/auth/github
Super class
vaultr::vault_client_object -> vault_client_auth_github
Methods
Public methods
Inherited methods
Method new()
Create a vault_client_github object. Not typically
called by users.
Usage
vault_client_auth_github$new(api_client, mount)
Arguments
api_clientA vault_api_client object
mountMount point for the backend
Method custom_mount()
Set up a vault_client_auth_github object at a
custom mount. For example, suppose you mounted the github
authentication backend at /github-myorg you might use gh <- vault$auth$github2$custom_mount("/github-myorg") - this
pattern is repeated for other secret and authentication
backends.
Usage
vault_client_auth_github$custom_mount(mount)
Arguments
mountString, indicating the path that the engine is mounted at.
Method configure()
Configures the connection parameters for GitHub-based authentication.
Usage
vault_client_auth_github$configure( organization, base_url = NULL, ttl = NULL, max_ttl = NULL )
Arguments
organizationThe organization users must be part of (note American spelling).
base_urlThe API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.
ttlDuration after which authentication will be expired
max_ttlMaximum duration after which authentication will be expired
Method configuration()
Reads the connection parameters for GitHub-based authentication.
Usage
vault_client_auth_github$configuration()
Method write()
Write a mapping between a GitHub team or user and a set of vault policies.
Usage
vault_client_auth_github$write(team_name, policies, user = FALSE)
Arguments
team_nameString, with the GitHub team name
policiesA character vector of vault policies that this user or team will have for vault access if they match this team or user.
userScalar logical - if
TRUE, thenteam_nameis interpreted as a user instead.
Method read()
Write a mapping between a GitHub team or user and a set of vault policies.
Usage
vault_client_auth_github$read(team_name, user = FALSE)
Arguments
team_nameString, with the GitHub team name
userScalar logical - if
TRUE, thenteam_nameis interpreted as a user instead.
Method login()
Log into the vault using GitHub authentication.
Normally you would not call this directly but instead use
$login with method = "github" and proving the token
argument. This function returns a vault token but does not
set it as the client token.
Usage
vault_client_auth_github$login(token = NULL)
Arguments
tokenA GitHub token to authenticate with.
Examples
server <- vaultr::vault_test_server(if_disabled = message)
token <- Sys.getenv("VAULT_TEST_AUTH_GITHUB_TOKEN")
if (!is.null(server) && nzchar(token)) {
client <- server$client()
client$auth$enable("github")
# To enable login for members of the organisation "example":
client$auth$github$configure(organization = "example")
# To map members of the "robots" team *within* that organisation
# to the "defaut" policy:
client$auth$github$write("development", "default")
# Once configured like this, if we have a PAT for a member of
# the "development" team saved as an environment variable
# "VAULT_AUTH_GITHUB_TOKEN" then doing
#
# vaultr::vault_client(addr = ..., login = "github")
#
# will contact GitHub to verify the user token and vault will
# then issue a client token
# cleanup
server$kill()
}
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.