saltext.vault.utils.vault.kv¶
Class wrappers for the Key/Value backend
- class saltext.vault.utils.vault.kv.VaultKV(client, metadata_cache)[source]¶
Interface to Vault secret paths
- read(path, include_metadata=False, version=None)[source]¶
Read secret data at path.
- include_metadata
For KV v2, include metadata in the return value:
{"data": {} ,"metadata": {}}.
- read_meta(path)[source]¶
Read secret metadata for all versions at path. This is different from the metadata returned by read, which pertains only to the most recent version. Requires KV v2.
Added in version 1.2.0.
- patch(path, data)[source]¶
Patch existing data. Tries to use a PATCH request, otherwise falls back to updating in memory and writing back the whole secret, thus might consume more than one token use.
Since this uses the JSON Merge Patch format, values set to
null(None) will be dropped.
- delete(path, versions=None, all_versions=False)[source]¶
Delete secret path data. For KV v1, this is permanent. For KV v2, this only soft-deletes the data.
- versions
For KV v2, specifies versions to soft-delete. Needs to be castable to a list of integers.
- all_versions
For KV v2, delete all known versions. Defaults to false.
Added in version 1.2.0.
- restore(path, versions=None, all_versions=False)[source]¶
Added in version 1.2.0.
Restore secret versions. Requires KV v2.
- versions
Specifies soft-deleted versions of a secret path to restore. Needs to be castable to a list of integers. If unspecified and the latest version of a secret is deleted, restores this version, otherwise fails.
- all_versions
Restore all soft-deleted versions of the secret. Defaults to false.
- destroy(path, versions=None, all_versions=False)[source]¶
Permanently remove version data. Requires KV v2.
- versions
Specifies versions to destroy. Needs to be castable to a list of integers.
Changed in version 1.2.0: If unspecified, destroys the most recent version.
- all_versions
Destroy all versions of the secret. Defaults to false.
Added in version 1.2.0.