Expand description
vault:// backend for hasp.
Grammar: vault://<mount>/<path>?field=<key>
<mount>— Vault secrets engine mount point (host component).<path>— secret path within the mount, including KV-v2data/prefix when applicable.?field=— optional key to extract from the JSONdata.dataobject. When absent, the entire object is serialized.
Supported operations: get, put, list, delete, exists.
put semantics:
- Without
?field=: the value must be valid JSON and replaces the entiredata.dataobject. Symmetric withgetwithout?field=, which serializes the whole object. - With
?field=: performs read-modify-write. Creates the secret if absent. Non-JSON values are stored as JSON strings. This is optimistic: no CAS, so concurrent writes are last-write-wins.
Authentication is ambient only: VAULT_ADDR and VAULT_TOKEN.
If either is missing, every operation fails fast with
AuthenticationFailed before any network request, preventing
indefinite connection attempts against an undefined endpoint.
Vault’s HTTP API intentionally collapses 403 and 404 to prevent
existence oracles. This backend follows that choice: both map to
NotFound on get and to false on exists.
Structs§
- Vault
Backend - HTTP backend for HashiCorp Vault.
- Vault
Url - URL shape for
vault://addresses.