vault4s/com.banno.vault/Vault

Vault

object Vault
class Object
trait Matchable
class Any

Type members

Classlikes

final case class InvalidRequirement(message: String) extends Throwable
final case class NonRenewableSecret(leaseId: String) extends Throwable
final case class NonRenewableToken(leaseId: String) extends Throwable

Value members

Concrete methods

def generateCertificate[F[_]](client: Client[F], vaultUri: Uri)(token: String, secretPath: String, payload: CertificateRequest)(implicit F: Sync[F]): F[VaultSecret[CertificateData]]

https://www.vaultproject.io/api/secret/pki/index.html#generate-certificate

https://www.vaultproject.io/api/secret/pki/index.html#generate-certificate

def generateSecret[F[_], A, B](client: Client[F], vaultUri: Uri)(token: String, secretPath: String, payload: A)(implicit evidence$1: Encoder[A], evidence$2: Decoder[B], F: Sync[F]): F[VaultSecret[B]]
def keepLoginAndSecretLeased[F[_], A](client: Client[F], vaultUri: Uri)(token: VaultToken, secretPath: String, duration: FiniteDuration, waitInterval: FiniteDuration)(implicit evidence$3: Concurrent[F], evidence$4: Decoder[A], T: Timer[F]): Stream[F, A]

This function logs in, requests a secret and then continually asks for a duration extension of the lease after each waitInterval

This function logs in, requests a secret and then continually asks for a duration extension of the lease after each waitInterval

def keepLoginRenewed[F[_]](client: Client[F], vaultUri: Uri)(token: VaultToken, tokenLeaseExtension: FiniteDuration)(implicit evidence$7: Concurrent[F], T: Timer[F]): Stream[F, String]

This function logs into the Vault server given by the vaultUri, to obtain a loginToken. It then also provides a Stream that continuously renews the token when it is about to finish.

This function logs into the Vault server given by the vaultUri, to obtain a loginToken. It then also provides a Stream that continuously renews the token when it is about to finish.

  • keeps the token constantly renewed
  • Upon termination of the Stream (from the using application) revokes the token. However, any error on revoking the token is ignored.
def listSecrets[F[_]](client: Client[F], vaultUri: Uri)(token: String, secretPath: String)(implicit F: Sync[F]): F[VaultKeys]

https://www.vaultproject.io/api/secret/kv/kv-v1#list-secrets uses GET alternative https://www.vaultproject.io/api-docs#api-operations vs LIST

https://www.vaultproject.io/api/secret/kv/kv-v1#list-secrets uses GET alternative https://www.vaultproject.io/api-docs#api-operations vs LIST

def login[F[_]](client: Client[F], vaultUri: Uri)(roleId: String)(implicit F: Sync[F]): F[VaultToken]

https://www.vaultproject.io/api/auth/approle/index.html#login-with-approle

https://www.vaultproject.io/api/auth/approle/index.html#login-with-approle

def loginAndKeep[F[_]](client: Client[F], vaultUri: Uri)(roleId: String, tokenLeaseExtension: FiniteDuration)(implicit evidence$8: Concurrent[F], T: Timer[F]): Stream[F, String]
def loginAndKeepSecretLeased[F[_], A](client: Client[F], vaultUri: Uri)(roleId: String, secretPath: String, duration: FiniteDuration, waitInterval: FiniteDuration)(implicit evidence$5: Concurrent[F], evidence$6: Decoder[A], T: Timer[F]): Stream[F, A]
def loginKubernetes[F[_]](client: Client[F], vaultUri: Uri)(role: String, jwt: String, mountPoint: Path)(implicit F: Sync[F]): F[VaultToken]

https://www.vaultproject.io/api/auth/kubernetes/index.html#login

https://www.vaultproject.io/api/auth/kubernetes/index.html#login

Value Params
mountPoint

The mount point of the Kubernetes auth method. Should start with a slash.

def readSecret[F[_], A](client: Client[F], vaultUri: Uri)(token: String, secretPath: String)(implicit F: Sync[F], D: Decoder[A]): F[VaultSecret[A]]

https://www.vaultproject.io/api/secret/kv/index.html#read-secret

https://www.vaultproject.io/api/secret/kv/index.html#read-secret

def readSecretAndRetain[F[_], A](client: Client[F], vaultUri: Uri, clientToken: String)(secretPath: String, leaseExtension: FiniteDuration)(implicit evidence$9: Concurrent[F], evidence$10: Decoder[A], T: Timer[F]): Stream[F, A]

This function uses the given Vault client, uri, and authenticated token to obtain a secret from Vault. It then also provides a Stream that continuously renews the lease on that secret, when it is about to finish. Upon termination of the Stream (from the using application) revokes the token (but any error on revokation is ignored).

This function uses the given Vault client, uri, and authenticated token to obtain a secret from Vault. It then also provides a Stream that continuously renews the lease on that secret, when it is about to finish. Upon termination of the Stream (from the using application) revokes the token (but any error on revokation is ignored).

def renewLease[F[_]](client: Client[F], vaultUri: Uri)(leaseId: String, newLeaseDuration: FiniteDuration, token: String)(implicit F: Sync[F]): F[VaultSecretRenewal]

https://www.vaultproject.io/api/system/leases.html#renew-lease

https://www.vaultproject.io/api/system/leases.html#renew-lease

def renewSelfToken[F[_]](client: Client[F], vaultUri: Uri)(token: VaultToken, newLeaseDuration: FiniteDuration)(implicit F: Sync[F]): F[VaultToken]

https://www.vaultproject.io/api/auth/token/index.html#renew-a-token-self-

https://www.vaultproject.io/api/auth/token/index.html#renew-a-token-self-

def revokeLease[F[_]](client: Client[F], vaultUri: Uri)(clientToken: String, leaseId: String)(implicit F: Sync[F]): F[Unit]

https://www.vaultproject.io/api/system/leases.html#revoke-lease

https://www.vaultproject.io/api/system/leases.html#revoke-lease

def revokeSelfToken[F[_]](client: Client[F], vaultUri: Uri)(token: VaultToken)(implicit F: Sync[F]): F[Unit]

https://www.vaultproject.io/api/auth/token/index.html#revoke-a-token-self-

https://www.vaultproject.io/api/auth/token/index.html#revoke-a-token-self-

Deprecated methods

@deprecated("Use loginKubernetes, which parameterizes the mount point", "7.1.2")
def kubernetesLogin[F[_]](client: Client[F], vaultUri: Uri)(role: String, jwt: String)(implicit F: Sync[F]): F[VaultToken]

https://www.vaultproject.io/api/auth/kubernetes/index.html#login

https://www.vaultproject.io/api/auth/kubernetes/index.html#login

Deprecated