gothic-0.1.8.2: A Haskell Vault KVv2 secret engine client
Safe HaskellSafe-Inferred
LanguageHaskell2010

Database.Vault.KVv2.Client

Description

See https://www.vaultproject.io/api/secret/kv/kv-v2.html for HashiCorp Vault KVv2 API details

Synopsis

Documentation

Connect & configure Vault KVv2 Engine

vaultConnect Source #

Arguments

:: Maybe VaultAddr

Use Just this Vault server address, or get it from environment variable VAULT_ADDR

-> KVEnginePath

KV engine path

-> Maybe VaultToken

Use Just this VaultToken or get it from $HOME/.vaut-token

-> DisableCertValidation

Disable certificate validation

-> IO (Either String VaultConnection) 

Get a VaultConnection, or an error message.

λ: vaultConnect (Just "https://vault.local.lan:8200/") "/secret" Nothing False

kvEngineConfig Source #

Arguments

:: VaultConnection 
-> Int

Max versions

-> Bool

CAS required

-> IO (Either String Value) 

Set default secret settings for the KVv2 engine.

secretConfig Source #

Arguments

:: VaultConnection 
-> SecretPath 
-> Int

Max versions

-> Bool

CAS required

-> IO (Either String Value) 

Override default secret settings for the given secret.

Basic operations

putSecret Source #

Put SecretData into Vault at the given location.

getSecret :: VaultConnection -> SecretPath -> Maybe SecretVersion -> IO (Either String SecretData) Source #

Get a secret from Vault. Give Just the SecretVersion to retrieve or Nothing to get the current one.

λ>getSecret conn (SecretPath "MySecret") Nothing
Right (SecretData (fromList [("my","password")]))

Soft secret deletion

Permanent secret deletion

destroySecret :: VaultConnection -> SecretPath -> IO (Maybe Error) Source #

Permanently delete a secret, i.e. all its versions and metadata.

Get informations

currentSecretVersion :: VaultConnection -> SecretPath -> IO (Either String SecretVersion) Source #

Get version number of the current given secret.

readSecretMetadata :: VaultConnection -> SecretPath -> IO (Either String SecretMetadata) Source #

Retrieve versions history of the given secret.

λ: readSecretMetadata conn (SecretPath "MySecret")
Right (SecretMetadata (fromList [(SecretVersion 1,Metadata {destroyed = True, deletion_time = "", created_time = "2019-05-30T13:22:58.416399224Z"}),(SecretVersion 2,Metadata {destroyed = True, deletion_time = "2019-06-29T15:28:46.145302138Z"})]))

secretsList :: VaultConnection -> SecretPath -> IO (Either String [VaultKey]) Source #

Get list of secrets and folders at the given location.

Utils