vault.secret.kv.v2

Liking cljdoc? Tell your friends :D

Clojure only.

API
default-mount

The kv secrets engine is used to store arbitrary secrets within the configured physical storage for Vault. Writing to a key in the kv-v1 backend will replace the old value; sub-fields are not merged together.

Reference: https://www.vaultproject.io/api-docs/secret/kv/kv-v1

The kv secrets engine is used to store arbitrary secrets within the
configured physical storage for Vault. Writing to a key in the kv-v1 backend
will replace the old value; sub-fields are not merged together.

Reference: https://www.vaultproject.io/api-docs/secret/kv/kv-v1

raw docstring

API^cljprotocol

The kv secrets engine is used to store arbitrary static secrets within Vault. V2 of the engine enables secret versioning and metadata capabilities.

All of the methods in this protocol expect path to be relative to the secret engine mount point. To specify a custom mount, use with-mount.

The kv secrets engine is used to store arbitrary static secrets within
Vault. V2 of the engine enables secret versioning and metadata capabilities.

All of the methods in this protocol expect `path` to be relative to the
secret engine mount point. To specify a custom mount, use `with-mount`.

undelete-versions!^clj

(undelete-versions! client path versions)

Undelete the data for the provided versions of the secret. Returns nil.

This restores the data, allowing it to be returned on get requests.

Undelete the data for the provided versions of the secret. Returns `nil`.

This restores the data, allowing it to be returned on get requests.

read-secret^clj

(read-secret client path)

(read-secret client path opts)

Read the secret at the provided path. Returns the secret data, if present. Throws an exception or returns the provided not-found value if not. The returned value will have the additional information about the secret, such as the version, attached as metadata.

Options:

:version (integer)

Read a specific version of the secret. Defaults to the latest version.
:not-found (any)

If no secret exists at the given path or version, return this value instead of throwing an exception.
:refresh? (boolean)

Always make a read for fresh data, even if a cached secret is available.
:ttl (integer)

Cache the data read for the given number of seconds. A value of zero or less will disable caching.

Note that Vault internally stores data as JSON, so not all Clojure types will round-trip successfully!

Read the secret at the provided path. Returns the secret data, if present.
Throws an exception or returns the provided not-found value if not. The
returned value will have the additional information about the secret, such
as the version, attached as metadata.

Options:

- `:version` (integer)

  Read a specific version of the secret. Defaults to the latest version.

- `:not-found` (any)

  If no secret exists at the given path or version, return this value
  instead of throwing an exception.

- `:refresh?` (boolean)

  Always make a read for fresh data, even if a cached secret is
  available.

- `:ttl` (integer)

  Cache the data read for the given number of seconds. A value of zero or
  less will disable caching.

Note that Vault internally stores data as JSON, so not all Clojure types
will round-trip successfully!

with-mount^clj

(with-mount client mount)

Return an updated client which will resolve secrets against the provided mount instead of the default. Passing nil will reset the client to the default.

Return an updated client which will resolve secrets against the provided
mount instead of the default. Passing `nil` will reset the client to the
default.

delete-secret!^clj

(delete-secret! client path)

Delete the latest version of the secret at the provided path, if any. Returns nil.

This is a soft-delete that may later be reverted with [[undelete-versions!]].

Delete the latest version of the secret at the provided path, if any.
Returns `nil`.

This is a soft-delete that may later be reverted with [[undelete-versions!]].

read-metadata^clj

(read-metadata client path)

Read the metadata and versions for the secret at the specified path. Metadata is version-agnostic.

Read the metadata and versions for the secret at the specified path.
Metadata is version-agnostic.

patch-secret!^clj

(patch-secret! client path data)

(patch-secret! client path data opts)

Patch an existing secret at the provided location. The secret must neither be deleted nor destroyed. A new version will be created upon successfully applying a patch with the provided data. Returns the secret metadata.

Options:

:cas (integer)

If set, the update will only succeed if the current version of the secret matches this value.

Note that Vault internally stores data as JSON, so not all Clojure types will round-trip successfully!

Patch an existing secret at the provided location. The secret must neither
be deleted nor destroyed. A new version will be created upon successfully
applying a patch with the provided data. Returns the secret metadata.

Options:

- `:cas` (integer)

  If set, the update will only succeed if the current version of the secret
  matches this value.

Note that Vault internally stores data as JSON, so not all Clojure types
will round-trip successfully!

patch-metadata!^clj

(patch-metadata! client path opts)

Patch the existing metadata for the secret at the provided location. Returns nil.

See [[write-metadata!]] for options.

Patch the existing metadata for the secret at the provided location.
Returns `nil`.

See [[write-metadata!]] for options.

destroy-secret!^clj

(destroy-secret! client path)

Permanently delete the secret metadata and all version data for the given path. All version history will be removed. Returns nil.

Permanently delete the secret metadata and all version data for the given
path. All version history will be removed. Returns `nil`.

write-metadata!^clj

(write-metadata! client path opts)

Update the metadata of a secret at the specified path. Returns nil. This does not create a new version.

Options:

:max-versions (integer)

Number of versions to keep per key. Once the secret has more than the configured allowed versions, the oldest version will be permanently deleted.
:cas-required (boolean)

If true, the key will require the cas parameter to be set on all write requests.
:delete-version-after (string)

Duration string specifying the time after which all new versions written to this secret should be deleted. Accepts Go duration format strings.
:custom-metadata (map)

Map of arbitrary string-to-string valued user-provided metadata meant to describe the secret.

Update the metadata of a secret at the specified path. Returns `nil`. This
does not create a new version.

Options:

- `:max-versions` (integer)

  Number of versions to keep per key. Once the secret has more than the
  configured allowed versions, the oldest version will be permanently
  deleted.

- `:cas-required` (boolean)

  If true, the key will require the cas parameter to be set on all write requests.

- `:delete-version-after` (string)

  Duration string specifying the time after which all new versions written
  to this secret should be deleted. Accepts Go duration format strings.

- `:custom-metadata` (map)

  Map of arbitrary string-to-string valued user-provided metadata meant to
  describe the secret.

list-secrets^clj

(list-secrets client path)

List the secret names located under a path prefix location. Returns a map with a :keys vector of name strings, where further folders are suffixed with /. The path must be a folder; calling this method on a file or a prefix which does not exist will return nil.

List the secret names located under a path prefix location. Returns a map
with a `:keys` vector of name strings, where further folders are suffixed
with `/`. The path must be a folder; calling this method on a file or a
prefix which does not exist will return `nil`.

write-secret!^clj

(write-secret! client path data)

(write-secret! client path data opts)

Store data at the provided path, creating a new version of the secret. Returns the secret metadata.

Options:

:cas (integer)

If set, the write will only succeed if the current version of the secret matches this value. If set to 0, it will only succeed if the key doesn't exist.

Note that Vault internally stores data as JSON, so not all Clojure types will round-trip successfully!

Store data at the provided path, creating a new version of the secret.
Returns the secret metadata.

Options:

- `:cas` (integer)

  If set, the write will only succeed if the current version of the secret
  matches this value. If set to `0`, it will only succeed if the key doesn't
  exist.

Note that Vault internally stores data as JSON, so not all Clojure types
will round-trip successfully!

delete-versions!^clj

(delete-versions! client path versions)

Issue a soft delete of the specified versions of the secret. Returns nil.

This marks the versions as deleted and will stop them from being returned from reads, but the underlying data will not be removed. A delete can be undone using the undelete-versions! method.

Issue a soft delete of the specified versions of the secret. Returns
`nil`.

This marks the versions as deleted and will stop them from being returned
from reads, but the underlying data will not be removed. A delete can be
undone using the `undelete-versions!` method.

destroy-versions!^clj

(destroy-versions! client path versions)

Permanently remove the data for the provided secret and version numbers. Returns nil.

Permanently remove the data for the provided secret and version numbers.
Returns `nil`.

source raw docstring

default-mount^clj

Default mount point to use if one is not provided.

Default mount point to use if one is not provided.

source raw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

Keyboard shortcuts Report a problem cljdoc on GitHub

× close