Expand description
vaultrs
An asynchronous Rust client library for the Hashicorp Vault API
The following backends are currently supported:
- Auth
- Secrets
- Sys
See something missing? Open an issue.
Installation
Add vaultrs as a dependency to your cargo.toml:
[dependencies]
vaultrs = "0.6.2"
Usage
Basic
The client is used to configure the connection to Vault and is required to be passed to all API calls for execution. Behind the scenes it uses an asynchronous client from Reqwest for communicating to Vault.
use vaultrs::client::{Client, VaultClient, VaultClientSettingsBuilder};
// Create a client
let mut client = VaultClient::new(
VaultClientSettingsBuilder::default()
.address("https://127.0.0.1:8200")
.token("TOKEN")
.build()
.unwrap()
).unwrap();
Secrets
The library currently supports all operations available for version 2 of the key/value store.
use serde::{Deserialize, Serialize};
use vaultrs::kv2;
// Create and read secrets
#[derive(Debug, Deserialize, Serialize)]
struct MySecret {
key: String,
password: String,
}
let secret = MySecret {
key: "super".to_string(),
password: "secret".to_string(),
};
kv2::set(
&client,
"secret",
"mysecret",
&secret,
).await;
let secret: MySecret = kv2::read(&client, "secret", "mysecret").await.unwrap();
println!("{}", secret.password) // "secret"
PKI
The library currently supports all operations available for the PKI secrets engine.
use vaultrs::api::pki::requests::GenerateCertificateRequest;
use vaultrs::pki::cert;
// Generate a certificate using the PKI backend
let cert = cert::generate(
&client,
"pki",
"my_role",
Some(GenerateCertificateRequest::builder().common_name("test.com")),
).await.unwrap();
println!("{}", cert.certificate) // "{PEM encoded certificate}"
Wrapping
All requests implement the ability to be wrapped. These can be passed in your application internally before being unwrapped.
use vaultrs::api::ResponseWrapper;
use vaultrs::api::sys::requests::ListMountsRequest;
let endpoint = ListMountsRequest::builder().build().unwrap();
let wrap_resp = endpoint.wrap(&client).await; // Wrapped response
assert!(wrap_resp.is_ok());
let wrap_resp = wrap_resp.unwrap(); // Unwrap Result<>
let info = wrap_resp.lookup(&client).await; // Check status of this wrapped response
assert!(info.is_ok());
let unwrap_resp = wrap_resp.unwrap(&client).await; // Unwrap the response
assert!(unwrap_resp.is_ok());
let info = wrap_resp.lookup(&client).await; // Error: response already unwrapped
assert!(info.is_err());
Error Handling
All errors generated by this crate are wrapped in the ClientError
enum
provided by the crate. API warnings are automatically captured via log
and
API errors are captured and returned as their own variant. Connection
related errors from rusify
are wrapped and returned as a single variant.
Testing
See the the tests directory for tests. Run tests with cargo test
.
Note: All tests rely on bringing up a local Vault development server using Docker. In order to run tests Docker must be running locally (Docker Desktop works).
Contributing
- Fork it (https://github.com/jmgilman/vaultrs/fork)
- Create your feature branch (git checkout -b feature/fooBar)
- Commit your changes (git commit -am ‘Add some fooBar’)
- Push to the branch (git push origin feature/fooBar)
- Create a new Pull Request
See CONTRIBUTING for extensive documentation on the architecture of this library and how to add additional functionality to it.