saltext.vault.utils.vault¶

High-level utility functions for Vault interaction

saltext.vault.utils.vault.query(method, endpoint, opts, context, payload=None, wrap=False, raise_error=True, is_unauthd=False, **kwargs)[source]¶

Query the Vault API. Supplemental arguments to requests.request can be passed as kwargs.

method: HTTP verb to use.
endpoint: API path to call (without leading /v1/).
opts: Pass __opts__ from the module.
context: Pass __context__ from the module.
payload: Dictionary of payload values to send, if any.
wrap: Whether to request response wrapping. Should be a time string like 30s or False (default).
raise_error: Whether to inspect the response code and raise exceptions. Defaults to True.
is_unauthd: Whether the queried endpoint is an unauthenticated one and hence does not deduct a token use. Only relevant for endpoints not found in sys. Defaults to False.

saltext.vault.utils.vault.query_raw(method, endpoint, opts, context, payload=None, wrap=False, retry=True, is_unauthd=False, **kwargs)[source]¶

Query the Vault API, returning the raw response object. Supplemental arguments to requests.request can be passed as kwargs.

method: HTTP verb to use.
endpoint: API path to call (without leading /v1/).
opts: Pass __opts__ from the module.
context: Pass __context__ from the module.
payload: Dictionary of payload values to send, if any.
retry: Retry the query with cleared cache in case the permission was denied (to check for revoked cached credentials). Defaults to True.
wrap: Whether to request response wrapping. Should be a time string like 30s or False (default).
is_unauthd: Whether the queried endpoint is an unauthenticated one and hence does not deduct a token use. Only relevant for endpoints not found in sys. Defaults to False.

saltext.vault.utils.vault.is_v2(path, opts, context)[source]¶: Determines if a given secret path is KV v1 or v2.

saltext.vault.utils.vault.read_kv(path, opts, context, include_metadata=False)[source]¶: Read secret at <path>.

saltext.vault.utils.vault.write_kv(path, data, opts, context)[source]¶: Write secret <data> to <path>.

saltext.vault.utils.vault.patch_kv(path, data, opts, context)[source]¶: Patch secret <data> at <path>.

saltext.vault.utils.vault.delete_kv(path, opts, context, versions=None)[source]¶: Delete secret at <path>. For KV v2, versions can be specified, which will be soft-deleted.

saltext.vault.utils.vault.destroy_kv(path, versions, opts, context)[source]¶: Destroy secret <versions> at <path>. Requires KV v2.

saltext.vault.utils.vault.list_kv(path, opts, context)[source]¶: List secrets at <path>.