vault_client_policy: Vault Policy Configuration
In vimc/vaultr: Vault Client for Secrets and Sensitive Data
vault_client_policy R Documentation
Vault Policy Configuration
Description
Vault Policy Configuration
Vault Policy Configuration
Details
Interact with vault's policies. To get started, you may want to
read up on policies as described in the vault manual, here:
https://developer.hashicorp.com/vault/docs/concepts/policies
Super class
vaultr::vault_client_object -> vault_client_policy
Methods
Public methods
-
-
-
-
-
Inherited methods
Method new()
Create a vault_client_policy object. Not typically
called by users.
Usage
vault_client_policy$new(api_client)
Arguments
api_clientA vault_api_client object
Method delete()
This endpoint deletes the policy with the given
name. This will immediately affect all users associated with
this policy.
Usage
vault_client_policy$delete(name)
Arguments
nameSpecifies the name of the policy to delete.
Method list()
Lists all configured policies.
Usage
vault_client_policy$list()
Method read()
Retrieve the policy body for the named policy
Usage
vault_client_policy$read(name)
Arguments
nameSpecifies the name of the policy to retrieve
Method write()
Create or update a policy. Once a policy is
updated, it takes effect immediately to all associated users.
Usage
vault_client_policy$write(name, rules)
Arguments
nameName of the policy to update
rulesSpecifies the policy document. This is a string
in "HashiCorp configuration language". At present this must
be read in as a single string (not a character vector of
strings); future versions of vaultr may allow more flexible
specification such as @filename
Examples
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
client <- server$client()
# The test server starts with only the policies "root" (do
# everything) and "default" (do nothing).
client$policy$list()
# Here let's make a policy that allows reading secrets from the
# path /secret/develop/* but nothing else
rules <- 'path "secret/develop/*" {policy = "read"}'
client$policy$write("read-secret-develop", rules)
# Our new rule is listed and can be read
client$policy$list()
client$policy$read("read-secret-develop")
# For testing, let's create a secret under this path, and under
# a different path:
client$write("/secret/develop/password", list(value = "password"))
client$write("/secret/production/password", list(value = "k2e89be@rdC#"))
# Create a token that can use this policy:
token <- client$auth$token$create(policies = "read-secret-develop")
# Login to the vault using this token:
alice <- vaultr::vault_client(addr = server$addr,
login = "token", token = token)
# We can read the paths that we have been granted access to:
alice$read("/secret/develop/password")
# We can't read secrets that are outside our path:
try(alice$read("/secret/production/password"))
# And we can't write:
try(alice$write("/secret/develop/password", list(value = "secret")))
# cleanup
server$kill()
}
vimc/vaultr documentation built on Nov. 11, 2023, 8:21 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
| vault_client_policy | R Documentation |
Vault Policy Configuration
Description
Vault Policy Configuration
Vault Policy Configuration
Details
Interact with vault's policies. To get started, you may want to read up on policies as described in the vault manual, here: https://developer.hashicorp.com/vault/docs/concepts/policies
Super class
vaultr::vault_client_object -> vault_client_policy
Methods
Public methods
Inherited methods
Method new()
Create a vault_client_policy object. Not typically
called by users.
Usage
vault_client_policy$new(api_client)
Arguments
api_clientA vault_api_client object
Method delete()
This endpoint deletes the policy with the given name. This will immediately affect all users associated with this policy.
Usage
vault_client_policy$delete(name)
Arguments
nameSpecifies the name of the policy to delete.
Method list()
Lists all configured policies.
Usage
vault_client_policy$list()
Method read()
Retrieve the policy body for the named policy
Usage
vault_client_policy$read(name)
Arguments
nameSpecifies the name of the policy to retrieve
Method write()
Create or update a policy. Once a policy is updated, it takes effect immediately to all associated users.
Usage
vault_client_policy$write(name, rules)
Arguments
nameName of the policy to update
rulesSpecifies the policy document. This is a string in "HashiCorp configuration language". At present this must be read in as a single string (not a character vector of strings); future versions of vaultr may allow more flexible specification such as
@filename
Examples
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
client <- server$client()
# The test server starts with only the policies "root" (do
# everything) and "default" (do nothing).
client$policy$list()
# Here let's make a policy that allows reading secrets from the
# path /secret/develop/* but nothing else
rules <- 'path "secret/develop/*" {policy = "read"}'
client$policy$write("read-secret-develop", rules)
# Our new rule is listed and can be read
client$policy$list()
client$policy$read("read-secret-develop")
# For testing, let's create a secret under this path, and under
# a different path:
client$write("/secret/develop/password", list(value = "password"))
client$write("/secret/production/password", list(value = "k2e89be@rdC#"))
# Create a token that can use this policy:
token <- client$auth$token$create(policies = "read-secret-develop")
# Login to the vault using this token:
alice <- vaultr::vault_client(addr = server$addr,
login = "token", token = token)
# We can read the paths that we have been granted access to:
alice$read("/secret/develop/password")
# We can't read secrets that are outside our path:
try(alice$read("/secret/production/password"))
# And we can't write:
try(alice$write("/secret/develop/password", list(value = "secret")))
# cleanup
server$kill()
}
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.