vault4s/com.banno.vault/Vault

Vault

object Vault
class Object
trait Matchable
class Any

Type members

Classlikes

final case class InvalidRequirement(message: String) extends Throwable
final case class NonRenewableSecret(leaseId: String) extends Throwable
final case class NonRenewableToken(leaseId: String) extends Throwable

Value members

Concrete methods

def generateCertificate[F[_]](client: Client[F], vaultUri: Uri)(token: String, secretPath: String, payload: CertificateRequest)(F: Sync[F]): F[VaultSecret[CertificateData]]

https://www.vaultproject.io/api/secret/pki/index.html#generate-certificate

https://www.vaultproject.io/api/secret/pki/index.html#generate-certificate

def generateSecret[F[_], A, B](client: Client[F], vaultUri: Uri)(token: String, secretPath: String, payload: A)(`evidence$1`: Encoder[A], `evidence$2`: Decoder[B], F: Sync[F]): F[VaultSecret[B]]
def keepLoginAndSecretLeased[F[_], A](client: Client[F], vaultUri: Uri)(token: VaultToken, secretPath: String, duration: FiniteDuration, waitInterval: FiniteDuration)(`evidence$3`: Concurrent[F], `evidence$4`: Decoder[A], T: Timer[F]): Stream[F, A]

This function logs in, requests a secret and then continually asks for a duration extension of the lease after each waitInterval

This function logs in, requests a secret and then continually asks for a duration extension of the lease after each waitInterval

def keepLoginRenewed[F[_]](client: Client[F], vaultUri: Uri)(token: VaultToken, tokenLeaseExtension: FiniteDuration)(`evidence$7`: Concurrent[F], T: Timer[F]): Stream[F, String]

This function logs into the Vault server given by the vaultUri, to obtain a loginToken. It then also provides a Stream that continuously renews the token when it is about to finish.

This function logs into the Vault server given by the vaultUri, to obtain a loginToken. It then also provides a Stream that continuously renews the token when it is about to finish.

  • keeps the token constantly renewed
  • Upon termination of the Stream (from the using application) revokes the token. However, any error on revoking the token is ignored.
def kubernetesLogin[F[_]](client: Client[F], vaultUri: Uri)(role: String, jwt: String)(F: Sync[F]): F[VaultToken]

https://www.vaultproject.io/api/auth/kubernetes/index.html#login

https://www.vaultproject.io/api/auth/kubernetes/index.html#login

def listSecrets[F[_]](client: Client[F], vaultUri: Uri)(token: String, secretPath: String)(F: Sync[F]): F[VaultKeys]

https://www.vaultproject.io/api/secret/kv/kv-v1#list-secrets uses GET alternative https://www.vaultproject.io/api-docs#api-operations vs LIST

https://www.vaultproject.io/api/secret/kv/kv-v1#list-secrets uses GET alternative https://www.vaultproject.io/api-docs#api-operations vs LIST

def login[F[_]](client: Client[F], vaultUri: Uri)(roleId: String)(F: Sync[F]): F[VaultToken]

https://www.vaultproject.io/api/auth/approle/index.html#login-with-approle

https://www.vaultproject.io/api/auth/approle/index.html#login-with-approle

def loginAndKeep[F[_]](client: Client[F], vaultUri: Uri)(roleId: String, tokenLeaseExtension: FiniteDuration)(`evidence$8`: Concurrent[F], T: Timer[F]): Stream[F, String]
def loginAndKeepSecretLeased[F[_], A](client: Client[F], vaultUri: Uri)(roleId: String, secretPath: String, duration: FiniteDuration, waitInterval: FiniteDuration)(`evidence$5`: Concurrent[F], `evidence$6`: Decoder[A], T: Timer[F]): Stream[F, A]
def readSecret[F[_], A](client: Client[F], vaultUri: Uri)(token: String, secretPath: String)(F: Sync[F], D: Decoder[A]): F[VaultSecret[A]]

https://www.vaultproject.io/api/secret/kv/index.html#read-secret

https://www.vaultproject.io/api/secret/kv/index.html#read-secret

def readSecretAndRetain[F[_], A](client: Client[F], vaultUri: Uri, clientToken: String)(secretPath: String, leaseExtension: FiniteDuration)(`evidence$9`: Concurrent[F], `evidence$10`: Decoder[A], T: Timer[F]): Stream[F, A]

This function uses the given Vault client, uri, and authenticated token to obtain a secret from Vault. It then also provides a Stream that continuously renews the lease on that secret, when it is about to finish. Upon termination of the Stream (from the using application) revokes the token (but any error on revokation is ignored).

This function uses the given Vault client, uri, and authenticated token to obtain a secret from Vault. It then also provides a Stream that continuously renews the lease on that secret, when it is about to finish. Upon termination of the Stream (from the using application) revokes the token (but any error on revokation is ignored).

def renewLease[F[_]](client: Client[F], vaultUri: Uri)(leaseId: String, newLeaseDuration: FiniteDuration, token: String)(F: Sync[F]): F[VaultSecretRenewal]

https://www.vaultproject.io/api/system/leases.html#renew-lease

https://www.vaultproject.io/api/system/leases.html#renew-lease

def renewSelfToken[F[_]](client: Client[F], vaultUri: Uri)(token: VaultToken, newLeaseDuration: FiniteDuration)(F: Sync[F]): F[VaultToken]

https://www.vaultproject.io/api/auth/token/index.html#renew-a-token-self-

https://www.vaultproject.io/api/auth/token/index.html#renew-a-token-self-

def revokeLease[F[_]](client: Client[F], vaultUri: Uri)(clientToken: String, leaseId: String)(F: Sync[F]): F[Unit]

https://www.vaultproject.io/api/system/leases.html#revoke-lease

https://www.vaultproject.io/api/system/leases.html#revoke-lease

def revokeSelfToken[F[_]](client: Client[F], vaultUri: Uri)(token: VaultToken)(F: Sync[F]): F[Unit]

https://www.vaultproject.io/api/auth/token/index.html#revoke-a-token-self-

https://www.vaultproject.io/api/auth/token/index.html#revoke-a-token-self-