pub struct Client { /* private fields */ }
Expand description

Client provides a client around the restful interface to a Vault servce. Learn more here: https://www.vaultproject.io/api-docs/

A brief overview of Vault:

  • Vault stores data in various paths, in the case of a WebAPI, different URLs. So, for example, both a secret and a policy are hosted at distinct paths. Policies are then used to define which actors can access those paths and with what actions.
  • Vault uses a KV store separated into various containers or secrets. In the concept of a file system, a secret might represent a folder, where keys would be files, and the contents the values. Policies are only applied at the folder level.
  • Data is accessed in Vault via tokens. Policies can only be granted during creation of a token, but policies can be amended afterward. So you cannot add new policies to a token, but you can increase the tokens abilities by modifying the underlying policies.

Implementations§

source§

impl Client

source

pub fn new( host: String, token: String, ca_certificate: Option<String>, connection_timeout_ms: Option<u64>, response_timeout_ms: Option<u64> ) -> Self

source

pub fn delete_policy(&self, policy_name: &str) -> Result<(), Error>

source

pub fn list_policies(&self) -> Result<Vec<String>, Error>

source

pub fn read_policy(&self, policy_name: &str) -> Result<Policy, Error>

Retrieves the policy at the given policy name.

source

pub fn set_policy(&self, policy_name: &str, policy: &Policy) -> Result<(), Error>

Create a new policy in Vault, see the explanation for Policy for how the data is structured. Vault does not distingush a create and update. An update must first read the existing policy, amend the contents, and then be applied via this API.

source

pub fn create_token(&self, policies: Vec<&str>) -> Result<String, Error>

Creates a new token or identity for accessing Vault. The token will have access to anything under the default policy and any prescribed policies.

source

pub fn renew_token_self(&self, increment: Option<u32>) -> Result<u32, Error>

source

pub fn revoke_token_self(&self) -> Result<(), Error>

source

pub fn list_secrets(&self, secret: &str) -> Result<Vec<String>, Error>

List all stored secrets

source

pub fn delete_secret(&self, secret: &str) -> Result<(), Error>

Delete a specific secret store

source

pub fn read_secret( &self, secret: &str, key: &str ) -> Result<ReadResponse<Value>, Error>

Read a key/value pair from a given secret store.

source

pub fn create_ed25519_key( &self, name: &str, exportable: bool ) -> Result<(), Error>

source

pub fn delete_key(&self, name: &str) -> Result<(), Error>

source

pub fn export_ed25519_key( &self, name: &str, version: Option<u32> ) -> Result<Ed25519PrivateKey, Error>

source

pub fn import_ed25519_key( &self, name: &str, key: &Ed25519PrivateKey ) -> Result<(), Error>

source

pub fn list_keys(&self) -> Result<Vec<String>, Error>

source

pub fn read_ed25519_key( &self, name: &str ) -> Result<Vec<ReadResponse<Ed25519PublicKey>>, Error>

source

pub fn rotate_key(&self, name: &str) -> Result<(), Error>

source

pub fn trim_key_versions(&self, name: &str) -> Result<Ed25519PublicKey, Error>

Trims the number of key versions held in vault storage. This prevents stale keys from sitting around for too long and becoming susceptible to key gathering attacks.

Once the key versions have been trimmed, this method returns the most recent (i.e., highest versioned) public key for the given cryptographic key name.

source

pub fn sign_ed25519( &self, name: &str, data: &[u8], version: Option<u32> ) -> Result<Ed25519Signature, Error>

source

pub fn write_secret( &self, secret: &str, key: &str, value: &Value, version: Option<u32> ) -> Result<u32, Error>

Create or update a key/value pair in a given secret store.

source

pub fn unsealed(&self) -> Result<bool, Error>

Returns whether or not the vault is unsealed (can be read from / written to). This can be queried without authentication.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V