saltext.vault.utils.vault.kv¶

Class wrappers for the Key/Value backend

class saltext.vault.utils.vault.kv.VaultKV(client, metadata_cache)[source]¶

Interface to Vault secret paths

read(path, include_metadata=False)[source]¶

Read secret data at path.

include_metadata: For KV v2, include metadata in the return value: {"data": {} ,"metadata": {}}.

write(path, data)[source]¶: Write secret data to path.

patch(path, data)[source]¶

Patch existing data. Tries to use a PATCH request, otherwise falls back to updating in memory and writing back the whole secret, thus might consume more than one token use.

Since this uses the JSON Merge Patch format, values set to null (None) will be dropped.

delete(path, versions=None)[source]¶

Delete secret path data. For KV v1, this is permanent. For KV v2, this only soft-deletes the data.

versions: For KV v2, specifies versions to soft-delete. Needs to be castable to a list of integers.

destroy(path, versions)[source]¶

Permanently remove version data. Requires KV v2.

versions: Specifies versions to destroy. Needs to be castable to a list of integers.

nuke(path)[source]¶: Delete path metadata and version data, including all version history. Requires KV v2.

list(path)[source]¶: List keys at path.

is_v2(path)[source]¶: Determines if a given secret path is KV v1 or v2.