vaultrs

A rust crate for interacting with the Hashicorp Vault API

This crate encompasses functions for interacting with the HTTP API available on Hashicorp Vault servers. It uses rustify in order to construct accurate representations of each of the endpoints available with the API. It then wraps these into more usable functions intended to be consumed by users of this crate.

The following functionality is currently supported:

• KV Secrets Engine V2
• PKI Secrets Engine
• Response Wrapping

Installation

cargo add vaultrs

Usage

Basic

The client is used to configure the connection to Vault and is required to be passed to all API calls for execution.

```rust use vaultrs::client::{VaultClient, VaultClientSettingsBuilder};

// Create a client let client = VaultClient::new( VaultClientSettingsBuilder::default() .address("https://127.0.0.1:8200") .token("TOKEN") .build() .unwrap() ).unwrap(); ```

Secrets

The library currently supports all operations available for version 2 of the key/value store.

```rust use vaultrs::kv2;

// Create and read secrets struct MySecret { key: String, password: String, }

let secret = MySecret { key: "super".tostring(), password: "secret".tostring(), }; kv2::set( &client, "secret", "mysecret", &secret, );

let secret = kv2::read::(&client, "secret" "mysecret").unwrap(); println!("{}", secret.password) // "secret" ```

PKI

The library currently supports all operations available for the PKI secrets engine.

```rust use vaultrs::pki::cert; use vaultrs::api::pki::requests::GenerateCertificateRequest;

// Generate a certificate using the PKI backend let cert = cert::generate( &client, "pki", "myrole", Some(GenerateCertificateRequest::builder().commonname("test.com")), ).unwrap(); println!("{}", cert.certificate) // "{PEM encoded certificate}" ```

Wrapping

All requests implement the ability to be wrapped. These can be passed in your application internally before being unwrapped.

```rust use vaultrs::api::ResponseWrapper; use vaulrs::api::sys::requests::ListMountsRequest;

let endpoint = ListMountsRequest::builder().build().unwrap(); let wrapresp = endpoint.wrap(&client); // Wrapped response assert!(wrapresp.is_ok());

let wrapresp = wrapresp.unwrap(); // Unwrap Result<> let info = wrapresp.lookup(&client); // Check status of this wrapped response assert!(info.isok());

let unwrapresp = wrapresp.unwrap(&client); // Unwrap the response assert!(unwrapresp.isok());

let info = wrapresp.lookup(&client); // Error: response already unwrapped assert!(info.iserr()); ```

Error Handling

All errors generated by this crate are wrapped in the ClientError enum provided by the crate. API warninings are automatically captured via log and API errors are captured and returned as their own variant. Connection related errors from rusify are wrapped and returned as a single variant.

Testing

See the the tests directory for tests. Run tests with cargo test.

Note: All tests rely on bringing up a local Vault development server using Docker. The Docker CLI must be installed on the machine running the tests and you must have permission to start new containers.

Contributing

1. Fork it (https://github.com/jmgilman/vaultrs/fork)
2. Create your feature branch (git checkout -b feature/fooBar)
3. Commit your changes (git commit -am 'Add some fooBar')
4. Push to the branch (git push origin feature/fooBar)
5. Create a new Pull Request

See CONTRIBUTING for extensive documentation on the architecture of this library and how to add additional functionality to it.