Struct diem_vault_client::Client
source · pub struct Client { /* private fields */ }
Expand description
Client provides a client around the restful interface to a Vault servce. Learn more here: https://www.vaultproject.io/api-docs/
A brief overview of Vault:
- Vault stores data in various paths, in the case of a WebAPI, different URLs. So, for example, both a secret and a policy are hosted at distinct paths. Policies are then used to define which actors can access those paths and with what actions.
- Vault uses a KV store separated into various containers or secrets. In the concept of a file system, a secret might represent a folder, where keys would be files, and the contents the values. Policies are only applied at the folder level.
- Data is accessed in Vault via tokens. Policies can only be granted during creation of a token, but policies can be amended afterward. So you cannot add new policies to a token, but you can increase the tokens abilities by modifying the underlying policies.
Implementations§
source§impl Client
impl Client
pub fn new( host: String, token: String, ca_certificate: Option<String>, connection_timeout_ms: Option<u64>, response_timeout_ms: Option<u64> ) -> Self
pub fn delete_policy(&self, policy_name: &str) -> Result<(), Error>
pub fn list_policies(&self) -> Result<Vec<String>, Error>
sourcepub fn read_policy(&self, policy_name: &str) -> Result<Policy, Error>
pub fn read_policy(&self, policy_name: &str) -> Result<Policy, Error>
Retrieves the policy at the given policy name.
sourcepub fn set_policy(&self, policy_name: &str, policy: &Policy) -> Result<(), Error>
pub fn set_policy(&self, policy_name: &str, policy: &Policy) -> Result<(), Error>
Create a new policy in Vault, see the explanation for Policy for how the data is structured. Vault does not distingush a create and update. An update must first read the existing policy, amend the contents, and then be applied via this API.
sourcepub fn create_token(&self, policies: Vec<&str>) -> Result<String, Error>
pub fn create_token(&self, policies: Vec<&str>) -> Result<String, Error>
Creates a new token or identity for accessing Vault. The token will have access to anything under the default policy and any prescribed policies.
pub fn renew_token_self(&self, increment: Option<u32>) -> Result<u32, Error>
pub fn revoke_token_self(&self) -> Result<(), Error>
sourcepub fn read_secret(
&self,
secret: &str,
key: &str
) -> Result<ReadResponse<Value>, Error>
pub fn read_secret( &self, secret: &str, key: &str ) -> Result<ReadResponse<Value>, Error>
Read a key/value pair from a given secret store.
pub fn create_ed25519_key( &self, name: &str, exportable: bool ) -> Result<(), Error>
pub fn delete_key(&self, name: &str) -> Result<(), Error>
pub fn export_ed25519_key( &self, name: &str, version: Option<u32> ) -> Result<Ed25519PrivateKey, Error>
pub fn import_ed25519_key( &self, name: &str, key: &Ed25519PrivateKey ) -> Result<(), Error>
pub fn list_keys(&self) -> Result<Vec<String>, Error>
pub fn read_ed25519_key( &self, name: &str ) -> Result<Vec<ReadResponse<Ed25519PublicKey>>, Error>
pub fn rotate_key(&self, name: &str) -> Result<(), Error>
sourcepub fn trim_key_versions(&self, name: &str) -> Result<Ed25519PublicKey, Error>
pub fn trim_key_versions(&self, name: &str) -> Result<Ed25519PublicKey, Error>
Trims the number of key versions held in vault storage. This prevents stale keys from sitting around for too long and becoming susceptible to key gathering attacks.
Once the key versions have been trimmed, this method returns the most recent (i.e., highest versioned) public key for the given cryptographic key name.