High-level namespace for tracking and maintaining leases on dynamic secrets read by a vault client.
High-level namespace for tracking and maintaining leases on dynamic secrets read by a vault client.
(delete! store lease-id)
Remove an entry for the given lease, if present.
Remove an entry for the given lease, if present.
(expired? lease)
True if the given lease is expired.
True if the given lease is expired.
(expires-within? lease ttl)
True if the lease will expire within ttl
seconds.
True if the lease will expire within `ttl` seconds.
(find-data store cache-key)
Retrieve an existing leased secret from the store by cache key. Returns the secret data, or nil if not found or expired.
Retrieve an existing leased secret from the store by cache key. Returns the secret data, or nil if not found or expired.
(get-lease store lease-id)
Retrieve a lease from the store. Returns the lease information, including secret data, or nil if not found or expired.
Retrieve a lease from the store. Returns the lease information, including secret data, or nil if not found or expired.
(invalidate! store cache-key)
Remove entries matching the given cache key.
Remove entries matching the given cache key.
(maintain! client renew-fn)
Maintain all the leases in the store, blocking until complete.
Maintain all the leases in the store, blocking until complete.
(new-store)
Construct a new stateful store for leased secrets.
Construct a new stateful store for leased secrets.
(put! store lease data)
Persist a leased secret in the store. Returns the lease data.
Persist a leased secret in the store. Returns the lease data.
(renewable-lease lease opts)
Helper to apply common renewal settings to the lease map.
Options may contain:
:renew?
If true, attempt to automatically renew the lease when near expiry.
(Default: false):renew-within
Renew the lease when within this many seconds of the lease expiry.
(Default: 60):renew-increment
How long to request the lease be renewed for, in seconds.:on-renew
A function to call with the updated lease information after a successful
renewal.:on-error
A function to call with any exceptions encountered while renewing or
rotating the lease.Helper to apply common renewal settings to the lease map. Options may contain: - `:renew?` If true, attempt to automatically renew the lease when near expiry. (Default: false) - `:renew-within` Renew the lease when within this many seconds of the lease expiry. (Default: 60) - `:renew-increment` How long to request the lease be renewed for, in seconds. - `:on-renew` A function to call with the updated lease information after a successful renewal. - `:on-error` A function to call with any exceptions encountered while renewing or rotating the lease.
(rotatable-lease lease opts rotate-fn)
Helper to apply common rotation settings to the lease map. The rotation function will be called with no arguments and should synchronously return a new secret data result, and update the lease store as a side-effect.
Options may contain:
:rotate?
If true, attempt to read a new secret when the lease can no longer be
renewed. (Default: false):rotate-within
Rotate the secret when within this many seconds of the lease expiry.
(Default: 60):on-rotate
A function to call with the new secret data after a successful rotation.:on-error
A function to call with any exceptions encountered while renewing or
rotating the lease.Helper to apply common rotation settings to the lease map. The rotation function will be called with no arguments and should synchronously return a new secret data result, and update the lease store as a side-effect. Options may contain: - `:rotate?` If true, attempt to read a new secret when the lease can no longer be renewed. (Default: false) - `:rotate-within` Rotate the secret when within this many seconds of the lease expiry. (Default: 60) - `:on-rotate` A function to call with the new secret data after a successful rotation. - `:on-error` A function to call with any exceptions encountered while renewing or rotating the lease.
(update! store updates)
Merge some updated information into an existing lease. Updates should
contain a ::lease/id
. Returns the updated lease, or nil if no such lease
was present.
Merge some updated information into an existing lease. Updates should contain a `::lease/id`. Returns the updated lease, or nil if no such lease was present.
(valid? lease)
True if the lease information map conforms to the spec.
True if the lease information map conforms to the spec.
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close