vault_client_policy | R Documentation |
Vault Policy Configuration
Vault Policy Configuration
Interact with vault's policies. To get started, you may want to read up on policies as described in the vault manual, here: https://developer.hashicorp.com/vault/docs/concepts/policies
vaultr::vault_client_object
-> vault_client_policy
new()
Create a vault_client_policy
object. Not typically
called by users.
vault_client_policy$new(api_client)
api_client
A vault_api_client object
delete()
This endpoint deletes the policy with the given name. This will immediately affect all users associated with this policy.
vault_client_policy$delete(name)
name
Specifies the name of the policy to delete.
list()
Lists all configured policies.
vault_client_policy$list()
read()
Retrieve the policy body for the named policy
vault_client_policy$read(name)
name
Specifies the name of the policy to retrieve
write()
Create or update a policy. Once a policy is updated, it takes effect immediately to all associated users.
vault_client_policy$write(name, rules)
name
Name of the policy to update
rules
Specifies the policy document. This is a string
in "HashiCorp configuration language". At present this must
be read in as a single string (not a character vector of
strings); future versions of vaultr may allow more flexible
specification such as @filename
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
client <- server$client()
# The test server starts with only the policies "root" (do
# everything) and "default" (do nothing).
client$policy$list()
# Here let's make a policy that allows reading secrets from the
# path /secret/develop/* but nothing else
rules <- 'path "secret/develop/*" {policy = "read"}'
client$policy$write("read-secret-develop", rules)
# Our new rule is listed and can be read
client$policy$list()
client$policy$read("read-secret-develop")
# For testing, let's create a secret under this path, and under
# a different path:
client$write("/secret/develop/password", list(value = "password"))
client$write("/secret/production/password", list(value = "k2e89be@rdC#"))
# Create a token that can use this policy:
token <- client$auth$token$create(policies = "read-secret-develop")
# Login to the vault using this token:
alice <- vaultr::vault_client(addr = server$addr,
login = "token", token = token)
# We can read the paths that we have been granted access to:
alice$read("/secret/develop/password")
# We can't read secrets that are outside our path:
try(alice$read("/secret/production/password"))
# And we can't write:
try(alice$write("/secret/develop/password", list(value = "secret")))
# cleanup
server$kill()
}
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.