Liking cljdoc? Tell your friends :D

vault.secrets.kvv2

Interface for communicating with a Vault key value version 2 secret store (kv)

Interface for communicating with a Vault key value version 2 secret store (kv)
raw docstring

delete-metadata!clj

(delete-metadata! client mount path)

Permanently deletes the key metadata and all version data for the specified key. All version history will be removed. This cannot be undone. A boolean indicating deletion success is returned.

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the Vault secret mount (the part of the path which determines which secret engine is used)
  • path: String, the path aligned to the secret you wish to delete all data for
Permanently deletes the key metadata and all version data for the specified key.
All version history will be removed. This cannot be undone. A boolean indicating deletion success is returned.

- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the Vault secret mount (the part of the path which determines which secret engine is used)
- `path`: `String`, the path aligned to the secret you wish to delete all data for
sourceraw docstring

delete-secret!clj

(delete-secret! client mount path)
(delete-secret! client mount path versions)

Performs a soft delete a secret. This marks the versions as deleted and will stop them from being returned from reads, but the underlying data will not be removed. A delete can be undone using the undelete path.

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the Vault secret mount (the part of the path which determines which secret engine is used)
  • path: String, the path aligned to the secret you wish to delete
  • versions: vector<int>, the versions of that secret you wish to delete, defaults to deleting the latest version
Performs a soft delete a secret. This marks the versions as deleted and will stop them from being returned from
reads, but the underlying data will not be removed. A delete can be undone using the `undelete` path.

- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the Vault secret mount (the part of the path which determines which secret engine is used)
- `path`: `String`, the path aligned to the secret you wish to delete
- `versions`: `vector<int>`, the versions of that secret you wish to delete, defaults to deleting the latest version
sourceraw docstring

destroy-secret!clj

(destroy-secret! client mount path versions)

Permanently removes the specified version data for the provided key and version numbers from the key-value store.

Returns a boolean indicating whether the destroy was successful or throws and exception if an error occured.

Params:

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the path in vault of the secret engine you wish to configure
  • path: String, the path aligned to the secret you wish to destroy
  • versions: vector<int>, the versions you want to destroy
Permanently removes the specified version data for the provided key and version numbers from the key-value store.

Returns a boolean indicating whether the destroy was successful or throws and exception if an error occured.

Params:
- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the path in vault of the secret engine you wish to configure
- `path`: `String`, the path aligned to the secret you wish to destroy
- `versions`: `vector<int>`, the versions you want to destroy
sourceraw docstring

list-secretsclj

(list-secrets client mount path)

Returns a vector of the secrets names located under a path.

Params:

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the path in vault of the secret engine you wish to list secrets in
  • path: String, the path in vault of the secret you wish to list secrets at
Returns a vector of the secrets names located under a path.

Params:
- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the path in vault of the secret engine you wish to list secrets in
- `path`: `String`, the path in vault of the secret you wish to list secrets at
sourceraw docstring

read-configclj

(read-config client mount)
(read-config client mount opts)

Returns the current configuration for the secrets backend at the given path (mount)

Params:

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the path in vault of the secret engine you wish to read configurations for
  • opts: map, options to affect the read call, see vault.core/read-secret for more details
Returns the current configuration for the secrets backend at the given path (mount)

Params:
- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the path in vault of the secret engine you wish to read configurations for
- `opts`: `map`, options to affect the read call, see `vault.core/read-secret` for more details
sourceraw docstring

read-metadataclj

(read-metadata client mount path)
(read-metadata client mount path opts)

Returns retrieves the metadata and versions for the secret at the specified path.

Params:

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the secret engine mount point you wish to read secret metadata in
  • path: String, the path in vault of the secret you wish to read metadata for
  • opts: map, options to affect the read call, see vault.core/read-secret for more details
Returns  retrieves the metadata and versions for the secret at the specified path.

Params:
- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the secret engine mount point you wish to read secret metadata in
- `path`: `String`, the path in vault of the secret you wish to read metadata for
- `opts`: `map`, options to affect the read call, see `vault.core/read-secret` for more details
sourceraw docstring

read-secretclj

(read-secret client mount path)
(read-secret client mount path opts)

Reads a secret from a path. Returns the full map of stored secret data if the secret exists, or throws an exception if not.

Params:

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the path in vault of the secret engine you wish to read a secret in
  • path: String, the path in vault of the secret you wish to read
  • opts: map, Further optional read described below.

Additional options may include:

  • :not-found, any If the requested path is not found, return this value instead of throwing an exception.
  • :renew, boolean Whether or not to renew this secret when the lease is near expiry.
  • :rotate, boolean Whether or not to rotate this secret when the lease is near expiry and cannot be renewed.
  • :force-read, boolean Force the secret to be read from the server even if there is a valid lease cached.
  • :version, nat num, the version of the secret you wish to read
Reads a secret from a path. Returns the full map of stored secret data if
the secret exists, or throws an exception if not.

Params:
- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the path in vault of the secret engine you wish to read a secret in
- `path`: `String`, the path in vault of the secret you wish to read
- `opts`: `map`, Further optional read described below.

Additional options may include:
- `:not-found`, `any`
  If the requested path is not found, return this value instead of throwing
  an exception.
- `:renew`, `boolean`
  Whether or not to renew this secret when the lease is near expiry.
- `:rotate`, `boolean`
  Whether or not to rotate this secret when the lease is near expiry and
  cannot be renewed.
- `:force-read`, `boolean`
  Force the secret to be read from the server even if there is a valid lease cached.
- `:version`, `nat num`, the version of the secret you wish to read
sourceraw docstring

undelete-secret!clj

(undelete-secret! client mount path versions)

Undeletes the data for the provided version and path in the key-value store. This restores the data, allowing it to be returned on get requests.

Params:

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the path in vault of the secret engine you wish to configure
  • path: String, the path aligned to the secret you wish to undelete
  • versions: vector<int>, the versions you want to undelete
Undeletes the data for the provided version and path in the key-value store. This restores the data, allowing it to
be returned on get requests.

Params:
- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the path in vault of the secret engine you wish to configure
- `path`: `String`, the path aligned to the secret you wish to undelete
- `versions`: `vector<int>`, the versions you want to undelete
sourceraw docstring

write-config!clj

(write-config! client mount config)

Configures backend level settings that are applied to every key in the key-value store for a given secret engine.

Returns a boolean indicating whether the write was successful or throws an exception if an error occured.

Params:

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the path in vault of the secret engine you wish to configure
  • config: map, the configurations you wish to write.

Configuration options are:

  • :max-versions: int, The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions the oldest version will be permanently deleted. Defaults to 10.
  • :cas-required: boolean, – If true all keys will require the cas parameter to be set on all write requests.
  • :delete-version-after String – If set, specifies the length of time before a version is deleted. Accepts Go duration format string.
Configures backend level settings that are applied to every key in the key-value store for a given secret engine.

Returns a boolean indicating whether the write was successful or throws an exception if an error occured.

Params:
- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the path in vault of the secret engine you wish to configure
- `config`: `map`, the configurations you wish to write.

Configuration options are:
- `:max-versions`: `int`, The number of versions to keep per key. This value applies to all keys, but a key's
metadata setting can overwrite this value. Once a key has more than the configured allowed versions the oldest
version will be permanently deleted. Defaults to 10.
- `:cas-required`: `boolean`, – If true all keys will require the cas parameter to be set on all write requests.
- `:delete-version-after` `String` – If set, specifies the length of time before a version is deleted.
Accepts Go duration format string.
sourceraw docstring

write-metadata!clj

(write-metadata! client mount path metadata)

Creates a new version of a secret at the specified location. If the value does not yet exist, the calling token must have an ACL policy granting the create capability. If the value already exists, the calling token must have an ACL policy granting the update capability. Returns a boolean indicating whether the write was successful.

Params:

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the secret engine mount point you wish to write secret metadata in
  • path: String, the path in vault of the secret you wish to write metadata for'
  • metadata: map the metadata you wish to write.

Metadata options are: -:max-versions: int, The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions the oldest version will be permanently deleted. Defaults to 10. -:cas-required: boolean, – If true all keys will require the cas parameter to be set on all write requests.

  • :delete-version-afterString` – If set, specifies the length of time before a version is deleted. Accepts Go duration format string.
Creates a new version of a secret at the specified location. If the value does not yet exist, the calling token
must have an ACL policy granting the create capability. If the value already exists, the calling token must have an
ACL policy granting the update capability. Returns a boolean indicating whether the write was successful.

Params:
- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the secret engine mount point you wish to write secret metadata in
- `path`: `String`, the path in vault of the secret you wish to write metadata for'
- `metadata`: `map` the metadata you wish to write.

Metadata options are:
-`:max-versions`: `int`, The number of versions to keep per key. This value applies to all keys, but a key's
metadata setting can overwrite this value. Once a key has more than the configured allowed versions the oldest
version will be permanently deleted. Defaults to 10.
-`:cas-required`: `boolean`, – If true all keys will require the cas parameter to be set on all write requests.
- :delete-version-after` `String` – If set, specifies the length of time before a version is deleted.
Accepts Go duration format string.
sourceraw docstring

write-secret!clj

(write-secret! client mount path data)

Writes secret data to a path.

Returns a boolean indicating whether the write was successful or throws an exception if an error occured.

Params:

  • client: vault.client, A client that handles vault auth, leases, and basic CRUD ops
  • mount: String, the path in vault of the secret engine you wish to write a secret in
  • path: String, the path of the secret you wish to write the data to
  • data: map, the secret data you wish to write
Writes secret data to a path.

Returns a boolean indicating whether the write was successful or throws an exception if an error occured.

Params:
- `client`: `vault.client`, A client that handles vault auth, leases, and basic CRUD ops
- `mount`: `String`, the path in vault of the secret engine you wish to write a secret in
- `path`: `String`, the path of the secret you wish to write the data to
- `data`: `map`, the secret data you wish to write
sourceraw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close