vaultrs 0.8.0

An asynchronous Rust client library for the Hashicorp Vault API.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299

#![cfg_attr(docsrs, feature(doc_cfg))]

//! # vaultrs
//! An asynchronous Rust client library for the [Hashicorp Vault] and [OpenBao] API.
//!
//! ## Usages
//!
//! ### AWS
//!
//! The library currently supports all operations available for the
//! AWS Secret Engine.
//!
//! Only Vault is tested as for OpenBao its an external plugin.
//!
//! See [aws tests] for more examples.
//!
//! ```no_run
//! use vaultrs::sys::mount;
//! use vaultrs::aws;
//! use vaultrs::api::aws::requests::{SetConfigurationRequest, CreateUpdateRoleRequest, GenerateCredentialsRequest};
//!
//! # #[tokio::main]
//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
//! # use vaultrs::client::{VaultClientSettingsBuilder, VaultClient};
//! # let client = VaultClient::new(
//! #     VaultClientSettingsBuilder::default()
//! #         .address("https://127.0.0.1:8200")
//! #         .token("TOKEN")
//! #         .build()
//! #         .unwrap()
//! # ).unwrap();
//!
//! // Mount AWS SE
//! mount::enable(&client, "aws_test", "aws", None).await?;
//!
//! // Configure AWS SE
//! aws::config::set(&client, "aws_test", "access_key", "secret_key", Some(SetConfigurationRequest::builder()
//!     .max_retries(3)
//!     .region("eu-central-1")
//! )).await?;
//!
//! // Create HVault role
//! aws::roles::create_update(&client, "aws_test", "my_role", "assumed_role", Some(CreateUpdateRoleRequest::builder()
//!         .role_arns( vec!["arn:aws:iam::123456789012:role/test_role".to_string()] )
//! )).await?;
//!
//! // Generate credentials
//! let res = aws::roles::credentials(&client, "aws_test", "my_role", Some(GenerateCredentialsRequest::builder()
//!     .ttl("3h")
//! )).await?;
//!
//! let creds = res;
//! // creds.access_key
//! // creds.secret_key
//! // creds.security_token
//! #    Ok(())
//! # }
//! ```
//!
//! ### Key Value v2
//!
//! The library currently supports all operations available for version 2 of the
//! key/value store.
//!
//! ```no_run
//! use serde::{Deserialize, Serialize};
//! use vaultrs::kv2;
//!
//! // Create and read secrets
//! #[derive(Debug, Deserialize, Serialize)]
//! struct MySecret {
//!     key: String,
//!     password: String,
//! }
//!
//! # #[tokio::main]
//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
//! # use vaultrs::client::{VaultClientSettingsBuilder, VaultClient};
//! # let client = VaultClient::new(
//! #     VaultClientSettingsBuilder::default()
//! #         .address("https://127.0.0.1:8200")
//! #         .token("TOKEN")
//! #         .build()
//! #         .unwrap()
//! # ).unwrap();
//!
//! let secret = MySecret {
//!     key: "super".to_string(),
//!     password: "secret".to_string(),
//! };
//! kv2::set(
//!     &client,
//!     "secret",
//!     "mysecret",
//!     &secret,
//! ).await;
//!
//! let secret: MySecret = kv2::read(&client, "secret", "mysecret").await.unwrap();
//! println!("{}", secret.password); // "secret"
//! # Ok(())
//! # }
//! ```
//!
//! ### Key Value v1
//!
//! The library currently supports all operations available for version 1 of the
//! key/value store.
//!
//! ```no_run
//! use vaultrs::kv1;
//! use std::collections::HashMap;
//!
//! # #[tokio::main]
//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
//! # use vaultrs::client::{VaultClientSettingsBuilder, VaultClient};
//! # let client = VaultClient::new(
//! #     VaultClientSettingsBuilder::default()
//! #         .address("https://127.0.0.1:8200")
//! #         .token("TOKEN")
//! #         .build()
//! #         .unwrap()
//! # ).unwrap();
//!
//! let my_secrets = HashMap::from([
//!     ("key1", "value1"),
//!     ("key2", "value2")
//! ]);
//!
//! kv1::set(&client, "secret", "my/secrets", &my_secrets).await.unwrap();
//!
//! let read_secrets: HashMap<String, String> = kv1::get(&client, "secret", "my/secrets").await.unwrap();
//!
//! println!("{:}", read_secrets.get("key1").unwrap()); // value1
//!
//! let list_secret = kv1::list(&client, "secret", "my").await.unwrap();
//!
//! println!("{:?}", list_secret.data.keys); // [ "secrets" ]
//!
//! kv1::delete(&client, "secret", "my/secrets").await.unwrap();
//! # Ok(())
//! # }
//! ```
//!
//! ### PKI
//!
//! The library currently supports all operations available for the PKI secrets
//! engine.
//!
//! ```no_run
//! use vaultrs::api::pki::requests::GenerateCertificateRequest;
//! use vaultrs::pki::cert;
//!
//! # #[tokio::main]
//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
//! # use vaultrs::client::{VaultClientSettingsBuilder, VaultClient};
//! # let client = VaultClient::new(
//! #     VaultClientSettingsBuilder::default()
//! #         .address("https://127.0.0.1:8200")
//! #         .token("TOKEN")
//! #         .build()
//! #         .unwrap()
//! # ).unwrap();
//!
//! // Generate a certificate using the PKI backend
//! let cert = cert::generate(
//!     &client,
//!     "pki",
//!     "my_role",
//!     Some(GenerateCertificateRequest::builder().common_name("test.com")),
//! ).await?;
//! println!("{}", cert.certificate); // "{PEM encoded certificate}"
//! # Ok(())
//! # }
//! ```
//!
//! ### Transit
//!
//! The library supports most operations for the
//! [Transit](https://developer.hashicorp.com/vault/api-docs/secret/transit) secrets engine,
//! other than importing keys or `batch_input` parameters.
//!
//! ```no_run
//! use vaultrs::api::transit::requests::CreateKeyRequest;
//! use vaultrs::api::transit::KeyType;
//! use vaultrs::transit::key;
//!
//! # #[tokio::main]
//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
//! # use vaultrs::client::{VaultClientSettingsBuilder, VaultClient};
//! # let client = VaultClient::new(
//! #     VaultClientSettingsBuilder::default()
//! #         .address("https://127.0.0.1:8200")
//! #         .token("TOKEN")
//! #         .build()
//! #         .unwrap()
//! # ).unwrap();
//!
//! // Create an encryption key using the /transit backend
//! key::create(
//!     &client,
//!     "transit",
//!     "my-transit-key",
//!     Some(CreateKeyRequest::builder()
//!        .derived(true)
//!        .key_type(KeyType::Aes256Gcm96)
//!        .auto_rotate_period("30d")),
//! ).await.unwrap();
//! # Ok(())
//! # }
//! ```
//!
//! ### Wrapping
//!
//! All requests implement the ability to be
//! [wrapped](https://developer.hashicorp.com/vault/docs/concepts/response-wrapping). These
//! can be passed in your application internally before being unwrapped.
//!
//! ```no_run
//! use vaultrs::api::ResponseWrapper;
//! use vaultrs::api::sys::requests::ListMountsRequest;
//!
//! # #[tokio::main]
//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
//! # use vaultrs::client::{VaultClientSettingsBuilder, VaultClient};
//! # let client = VaultClient::new(
//! #     VaultClientSettingsBuilder::default()
//! #         .address("https://127.0.0.1:8200")
//! #         .token("TOKEN")
//! #         .build()
//! #         .unwrap()
//! # ).unwrap();
//!
//!
//! let endpoint = ListMountsRequest::builder().build().unwrap();
//! let wrap_resp = endpoint.wrap(&client).await; // Wrapped response
//! assert!(wrap_resp.is_ok());
//!
//! let wrap_resp = wrap_resp.unwrap(); // Unwrap Result<>
//! let info = wrap_resp.lookup(&client).await; // Check status of this wrapped response
//! assert!(info.is_ok());
//!
//! let unwrap_resp = wrap_resp.unwrap(&client).await; // Unwrap the response
//! assert!(unwrap_resp.is_ok());
//!
//! let info = wrap_resp.lookup(&client).await; // Error: response already unwrapped
//! assert!(info.is_err());
//! # Ok(())
//! # }
//! ```
//!
//! ### Proxy
//!
//! You can configure the client to use an HTTP or HTTPS proxy by setting the `proxy` option
//! in `VaultClientSettingsBuilder`. This is useful for routing requests through a proxy server
//! for logging, monitoring, or network policy reasons.
//!
//! ```no_run
//! use vaultrs::client::{VaultClientSettingsBuilder, VaultClient};
//!
//! # #[tokio::main]
//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
//! let settings = VaultClientSettingsBuilder::default()
//!     .address("https://127.0.0.1:8200")
//!     .token("TOKEN")
//!     .proxy("http://127.0.0.1:8080")
//!     .build()
//!     .unwrap();
//!
//! let client = VaultClient::new(settings).unwrap();
//! // All requests made by `client` will be routed through the proxy
//! # Ok(())
//! # }
//! ```
//!
//! //!
//! [Hashicorp Vault]: https://developer.hashicorp.com/vault
//! [aws tests]: https://github.com/jmgilman/vaultrs/blob/master/vaultrs-tests/tests/api_tests/aws.rs
//! [OpenBao]: https://openbao.org/

#[macro_use]
extern crate derive_builder;
#[macro_use]
extern crate tracing;

pub mod api;
pub mod auth;
pub mod aws;
pub mod client;
pub mod cubbyhole;
pub mod database;
pub mod error;
pub mod identity;
pub mod kv1;
pub mod kv2;
pub mod pki;
pub mod ssh;
pub mod sys;
pub mod token;
pub mod transit;