Provides the management of configurations.
ArrayProvides the management of configurations.
Process the configurations using inputs and environment variables.
Kind: global constant
Default: ["debug","vault_host","vault_port","vault_ssl","vault_token","ssl_ciphers","ssl_cert_file","ssl_pem_file","ssl_pem_passphrase","ssl_ca_cert","ssl_verify","proxy_address","proxy_port","proxy_username","proxy_password","timeout","secret_shares","secret_threshold","backup_dir"]
| Vaulted Method | Vault API (/v1) |
|---|---|
| getInitStatus | GET sys/init |
| init | PUT sys/init |
| getSealedStatus | GET sys/seal-status |
| seal | PUT sys/seal |
| unSeal | PUT sys/unseal |
| getMounts | GET sys/mounts |
| deleteMount | DELETE sys/mounts/:id |
| createMount | POST sys/mounts/:id |
| reMount | POST sys/remount |
| getAuditMounts | GET sys/audit |
| enableAudit | PUT sys/audit/:id |
| disableAudit | DELETE sys/audit/:id |
| enableFileAudit | PUT sys/audit/:id |
| enableSyslogAudit | PUT sys/audit/:id |
| getPolicies | GET sys/policy |
| createPolicy | PUT sys/policy/:id |
| deletePolicy | DELETE sys/policy/:id |
| getLeader | GET sys/leader |
| checkHealth | GET sys/health |
| getKeyStatus | GET sys/key-status |
| rotateKey | PUT sys/rotate |
| getRekeyStatus | GET sys/rekey/init |
| startRekey | PUT sys/rekey/init |
| stopRekey | DELETE sys/rekey/init |
| updateRekey | PUT sys/rekey/update |
| getAuthMounts | GET sys/auth |
| deleteAuthMount | DELETE sys/auth/:id |
| createAuthMount | POST sys/auth/:id |
| createToken | POST auth/token/create |
| renewToken | POST auth/token/renew/:id |
| lookupToken | GET auth/token/lookup/:id |
| revokeToken | POST auth/token/revoke/:id |
| revokeTokenOrphan | POST auth/token/revoke-orphan/:id |
| revokeTokenPrefix | POST auth/token/revoke-prefix/:id |
| lookupTokenSelf | GET auth/token/lookup-self |
| revokeTokenSelf | POST auth/token/revoke-self |
| getApp | GET auth/app-id/map/app-id/:id |
| createApp | POST auth/app-id/map/app-id/:id |
| deleteApp | DELETE auth/app-id/map/app-id/:id |
| getUser | GET auth/app-id/map/user-id/:id |
| createUser | POST auth/app-id/map/user-id/:id |
| deleteUser | DELETE auth/app-id/map/user-id/:id |
| appLogin | POST auth/app-id/login |
| read | GET secret/:id |
| write | PUT secret/:id |
| delete | DELETE secret/:id |
| configConsulAccess | POST consul/config/access |
| getConsulRole | GET consul/roles/:id |
| createConsulRole | POST consul/roles/:id |
| deleteConsulRole | DELETE consul/roles/:id |
| generateConsulRoleToken | GET consul/creds/:id |
| Attribute | Environment Variable | Default Value | Description |
|---|---|---|---|
| vault_host | VAULT_HOST | 127.0.0.1 |
Vault server hostname |
| vault_port | VAULT_PORT | 8200 |
Vault server port |
| vault_ssl | VAULT_SSL | true (enabled) |
Use SSL? |
| vault_token | VAULT_TOKEN | Token to use to access the vault | |
| ssl_ciphers | VAULT_SSL_CIPHERS | TLSv1.2 |
The ciphers that will be used when communicating with vault over ssl |
| ssl_cert_file | VAULT_SSL_CERT | Path to custom SSL cert file | |
| ssl_pem_file | VAULT_SSL_CERT_KEY | Path of SSL cert PEM file to use with custom SSL verification | |
| ssl_pem_passphrase | VAULT_SSL_CERT_PASSPHRASE | Passphrase associated SSL cert PEM file to use with custom SSL verification | |
| ssl_ca_cert | VAULT_CACERT | CA cert path used for certification verification | |
| ssl_verify | VAULT_SSL_VERIFY | true |
validate SSL requests? |
| timeout | VAULT_TIMEOUT | milliseconds to wait for response headers | |
| proxy_address | VAULT_PROXY_ADDRESS | HTTP Proxy server address | |
| proxy_password | VAULT_PROXY_PASSWORD | HTTP Proxy user password | |
| proxy_port | VAULT_PROXY_PORT | HTTP Proxy server port | |
| proxy_username | VAULT_PROXY_USERNAME | HTTP Proxy server username | |
| debug | DEBUG | Show verbose messages, network requests | |
| secret_shares | SECRET_SHARES | 3 |
Number of shared secret keys to generate |
| secret_threshold | SECRET_THRESHOLD | 2 |
Threshold at which to unseal vault (must be <= SECRET_SHARES) |
| backup_dir | VAULT_SAFE | ~/.vault |
Directory to backup keys |
Provides implementation for the Vault Audit APIs
Extends: Vaulted
Vaulted
PromisePromisePromisePromisePromiseGets the list of mounted audit backends for the vault.
Kind: inner method of audit
Resolve: [Mounts] Resolves with current list of mounted audit backends
Reject: Error An error indicating what went wrong
Enable a specific audit backend for use with the vault.
Kind: inner method of audit
Resolve: success
Reject: Error An error indicating what went wrong
| Param | Type | Description |
|---|---|---|
| options | Object |
object of options to send to API request |
| options.id | string |
unique identifier for the audit mount |
| options.body | Object |
holds the attributes passed as inputs |
| options.body.type | string |
the type of audit ('file', 'syslog') |
| [options.body.description] | string |
a description of the audit backend for operators. |
| [options.body.options] | Object |
options for configuring a specific type of audit backend |
Disable a specific audit backend from the vault.
Kind: inner method of audit
Resolve: success
Reject: Error An error indicating what went wrong
| Param | Type | Description |
|---|---|---|
| options | Object |
object of options to send to API request |
| options.id | string |
unique identifier for the audit mount |
Convenience method to enable the file audit backend for use with the vault.
Kind: inner method of audit
Resolve: success
Reject: Error An error indicating what went wrong
| Param | Type | Default | Description |
|---|---|---|---|
| options | Object |
object of options to send to API request | |
| options.id | string |
unique identifier for the file audit mount | |
| options.body | Object |
holds the attributes passed as inputs | |
| options.body.path | string |
the directory where to write the audit files | |
| [options.body.description] | string |
a description of the file audit backend for operators. | |
| [options.body.log_raw] | Object |
false |
Should security sensitive information be logged raw. |
Convenience method to enable the syslog audit backend for use with the vault.
Kind: inner method of audit
Resolve: success
Reject: Error An error indicating what went wrong
| Param | Type | Default | Description |
|---|---|---|---|
| options | Object |
object of options to send to API request | |
| options.id | string |
unique identifier for the syslog audit mount | |
| options.body | Object |
holds the attributes passed as inputs | |
| [options.body.description] | string |
a description of the syslog audit backend for operators. | |
| [options.body.facility] | string |
"AUTH" |
The syslog facility to use. |
| [options.body.tag] | string |
"vault" |
The syslog tag to use. |
| [options.body.log_raw] | Object |
false |
Should security sensitive information be logged raw. |