vault_client_audit: Vault Audit Devices

Description Methods Examples

Description

Interact with vault's audit devices. For more details, see https://www.vaultproject.io/docs/audit/

Methods

list

List active audit devices. Returns a data.frame of names, paths and descriptions of active audit devices.
Usage:

list()
enable

This endpoint enables a new audit device at the supplied path.
Usage:

enable(type, description = NULL, options = NULL, path = NULL)

Arguments:

  • type: Name of the audit device to enable

  • description: Human readable description for this audit device

  • options: Options to configure the device with. These vary by device. This must be a named list of strings.

  • path: Path to mount the audit device. By default, type is used as the path.

disable

Disable an audit device
Usage:

disable(path)

Arguments:

  • path: Path of the audit device to remove

hash

The hash method is used to calculate the hash of the data used by an audit device's hash function and salt. This can be used to search audit logs for a hashed value when the original value is known.
Usage:

hash(input, device)

Arguments:

  • input: The input string to hash

  • device: The path of the audit device

Examples

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
  client <- server$client()
  # By default no audit engines are enabled with the testing server
  client$audit$list()

  # Create a file-based audit device on a temporary file:
  path <- tempfile()
  client$audit$enable("file", options = list(file_path = path))
  client$audit$list()

  # Generate some activity on the server:
  client$write("/secret/mysecret", list(key = "value"))

  # The audit logs contain details about the activity - see the
  # vault documentation for details in interpreting this
  readLines(path)

  # cleanup
  server$kill()
  unlink(path)
}

vimc/vaultr documentation built on Nov. 8, 2019, 6:23 p.m.