Safe Haskell | None |
---|---|
Language | Haskell2010 |
Network.VaultTool
Description
Unless otherwise specified, all IO functions in this module may
potentially throw HttpException
or VaultException
- newtype VaultAddress = VaultAddress {}
- newtype VaultUnsealKey = VaultUnsealKey {}
- newtype VaultAuthToken = VaultAuthToken {}
- newtype VaultAppRoleId = VaultAppRoleId {}
- newtype VaultAppRoleSecretId = VaultAppRoleSecretId {}
- data VaultException
- data VaultHealth = VaultHealth {}
- vaultHealth :: VaultAddress -> IO VaultHealth
- data VaultConnection
- connectToVault :: VaultAddress -> VaultAuthToken -> IO VaultConnection
- connectToVaultAppRole :: VaultAddress -> VaultAppRoleId -> VaultAppRoleSecretId -> IO VaultConnection
- vaultAuthEnable :: VaultConnection -> Text -> IO ()
- vaultPolicyCreate :: VaultConnection -> Text -> Text -> IO ()
- vaultInit :: VaultAddress -> Int -> Int -> IO ([VaultUnsealKey], VaultAuthToken)
- data VaultSealStatus = VaultSealStatus {}
- vaultSealStatus :: VaultAddress -> IO VaultSealStatus
- vaultSeal :: VaultConnection -> IO ()
- data VaultUnseal
- vaultUnseal :: VaultAddress -> VaultUnseal -> IO VaultSealStatus
- vaultAppRoleCreate :: VaultConnection -> Text -> VaultAppRoleParameters -> IO ()
- vaultAppRoleRoleIdRead :: VaultConnection -> Text -> IO VaultAppRoleId
- vaultAppRoleSecretIdGenerate :: VaultConnection -> Text -> Text -> IO VaultAppRoleSecretIdGenerateResponse
- defaultVaultAppRoleParameters :: VaultAppRoleParameters
- data VaultAppRoleParameters = VaultAppRoleParameters {
- _VaultAppRoleParameters_BindSecretId :: Bool
- _VaultAppRoleParameters_Policies :: [Text]
- _VaultAppRoleParameters_SecretIdNumUses :: Maybe Int
- _VaultAppRoleParameters_SecretIdTTL :: Maybe Int
- _VaultAppRoleParameters_TokenNumUses :: Maybe Int
- _VaultAppRoleParameters_TokenTTL :: Maybe Int
- _VaultAppRoleParameters_TokenMaxTTL :: Maybe Int
- _VaultAppRoleParameters_Period :: Maybe Int
- data VaultAppRoleSecretIdGenerateResponse = VaultAppRoleSecretIdGenerateResponse {
- _VaultAppRoleSecretIdGenerateResponse_SecretIdAccessor :: VaultAppRoleSecretIdAccessor
- _VaultAppRoleSecretIdGenerateResponse_SecretId :: VaultAppRoleSecretId
- data VaultMount a b = VaultMount {}
- type VaultMountRead = VaultMount Text VaultMountConfigRead
- type VaultMountWrite = VaultMount (Maybe Text) (Maybe VaultMountConfigWrite)
- data VaultMountConfig a = VaultMountConfig {}
- type VaultMountConfigRead = VaultMountConfig Int
- type VaultMountConfigWrite = VaultMountConfig (Maybe Int)
- vaultMounts :: VaultConnection -> IO [(Text, VaultMountRead)]
- vaultMountTune :: VaultConnection -> Text -> IO VaultMountConfigRead
- vaultMountSetTune :: VaultConnection -> Text -> VaultMountConfigWrite -> IO ()
- vaultNewMount :: VaultConnection -> Text -> VaultMountWrite -> IO ()
- vaultUnmount :: VaultConnection -> Text -> IO ()
- newtype VaultSecretPath = VaultSecretPath {}
- data VaultSecretMetadata = VaultSecretMetadata {}
- vaultWrite :: ToJSON a => VaultConnection -> VaultSecretPath -> a -> IO ()
- vaultRead :: FromJSON a => VaultConnection -> VaultSecretPath -> IO (VaultSecretMetadata, Either (Value, String) a)
- vaultDelete :: VaultConnection -> VaultSecretPath -> IO ()
- vaultList :: VaultConnection -> VaultSecretPath -> IO [VaultSecretPath]
- isFolder :: VaultSecretPath -> Bool
- vaultListRecursive :: VaultConnection -> VaultSecretPath -> IO [VaultSecretPath]
Documentation
newtype VaultAuthToken Source #
Constructors
VaultAuthToken | |
Fields |
newtype VaultAppRoleId Source #
Constructors
VaultAppRoleId | |
Fields |
newtype VaultAppRoleSecretId Source #
Constructors
VaultAppRoleSecretId | |
Fields |
data VaultException Source #
Constructors
Instances
vaultHealth :: VaultAddress -> IO VaultHealth Source #
data VaultConnection Source #
connectToVault :: VaultAddress -> VaultAuthToken -> IO VaultConnection Source #
Just initializes the VaultConnection
objects, does not actually make any
contact with the vault server. (That is also the explanation why there is no
function to disconnect)
connectToVaultAppRole :: VaultAddress -> VaultAppRoleId -> VaultAppRoleSecretId -> IO VaultConnection Source #
Initializes the VaultConnection
objects using approle credentials to retrieve an authtoken,
and then calls connectToVault
vaultAuthEnable :: VaultConnection -> Text -> IO () Source #
vaultPolicyCreate :: VaultConnection -> Text -> Text -> IO () Source #
Arguments
:: VaultAddress | |
-> Int |
|
-> Int |
|
-> IO ([VaultUnsealKey], VaultAuthToken) | master keys and initial root token |
data VaultSealStatus Source #
Constructors
VaultSealStatus | |
Fields
|
vaultSeal :: VaultConnection -> IO () Source #
vaultUnseal :: VaultAddress -> VaultUnseal -> IO VaultSealStatus Source #
vaultAppRoleCreate :: VaultConnection -> Text -> VaultAppRoleParameters -> IO () Source #
vaultAppRoleSecretIdGenerate :: VaultConnection -> Text -> Text -> IO VaultAppRoleSecretIdGenerateResponse Source #
data VaultAppRoleParameters Source #
https://www.vaultproject.io/api/auth/approle/index.html#create-new-approle
Note: For TTL fields, only integer number seconds, i.e. 3600, are supported
Constructors
data VaultAppRoleSecretIdGenerateResponse Source #
Constructors
VaultAppRoleSecretIdGenerateResponse | |
Fields
|
Instances
data VaultMount a b Source #
Constructors
VaultMount | |
Fields
|
type VaultMountWrite = VaultMount (Maybe Text) (Maybe VaultMountConfigWrite) Source #
data VaultMountConfig a Source #
Constructors
VaultMountConfig | |
Fields |
Instances
ToJSON VaultMountConfigWrite Source # | |
ToJSON VaultMountWrite Source # | |
FromJSON VaultMountConfigRead Source # | |
FromJSON VaultMountRead Source # | |
Eq a => Eq (VaultMountConfig a) Source # | |
Ord a => Ord (VaultMountConfig a) Source # | |
Show a => Show (VaultMountConfig a) Source # | |
type VaultMountConfigWrite = VaultMountConfig (Maybe Int) Source #
vaultMounts :: VaultConnection -> IO [(Text, VaultMountRead)] Source #
https://www.vaultproject.io/docs/http/sys-mounts.html
For your convenience, the results are returned sorted (by the mount point)
vaultMountSetTune :: VaultConnection -> Text -> VaultMountConfigWrite -> IO () Source #
vaultNewMount :: VaultConnection -> Text -> VaultMountWrite -> IO () Source #
vaultUnmount :: VaultConnection -> Text -> IO () Source #
data VaultSecretMetadata Source #
Constructors
VaultSecretMetadata | |
vaultWrite :: ToJSON a => VaultConnection -> VaultSecretPath -> a -> IO () Source #
https://www.vaultproject.io/docs/secrets/generic/index.html
The value that you give must encode as a JSON object
Arguments
:: FromJSON a | |
=> VaultConnection | |
-> VaultSecretPath | |
-> IO (VaultSecretMetadata, Either (Value, String) a) | A You will get the
"data" as a raw
|
vaultDelete :: VaultConnection -> VaultSecretPath -> IO () Source #
vaultList :: VaultConnection -> VaultSecretPath -> IO [VaultSecretPath] Source #
https://www.vaultproject.io/docs/secrets/generic/index.html
This will normalise the results to be full secret paths.
Will return only secrets that in the are located in the folder hierarchy directly below the given folder.
Use isFolder
to check if whether each result is a secret or a subfolder.
The order of the results is unspecified.
To recursively retrieve all of the secrets use vaultListRecursive
isFolder :: VaultSecretPath -> Bool Source #
vaultListRecursive :: VaultConnection -> VaultSecretPath -> IO [VaultSecretPath] Source #
Recursively calls vaultList
to retrieve all of the secrets in a folder
(including all subfolders and sub-subfolders, etc...)
There will be no folders in the result.
The order of the results is unspecified.