-
Notifications
You must be signed in to change notification settings - Fork 27
/
hashicorp.clj
55 lines (47 loc) · 1.72 KB
/
hashicorp.clj
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
(ns keycloak.vault.hashicorp
(:require [vault.core :as vault]
[vault.client.http]
[vault.secrets.kvv2 :as vault-kvv2]
[keycloak.vault.protocol :as vault-protocol :refer [Vault]]))
(defn vault-url
([]
(vault-url nil))
([host]
(vault-url nil host 8200))
([protocol host port]
(str (or protocol "http") "://" (or host "localhost") (when port (str ":" port)))))
;;
(defn new-client
([]
(new-client (vault-url)))
([vault-url]
(vault/new-client vault-url)))
(defn authenticate! [client token]
(vault/authenticate! client :token token))
(defn- write-secret! [client token mount path payload]
(let [authenticated-client (authenticate! client token)]
(vault-kvv2/write-secret! authenticated-client mount path payload)))
(defn- read-secret [client token mount path]
(let [authenticated-client (authenticate! client token)]
(vault-kvv2/read-secret authenticated-client mount path)))
(defrecord HashicorpVault [client token mount]
Vault
(write-secret! [vault path payload]
(try
(write-secret! client token mount path {:secret payload})
(catch java.lang.Throwable e
(println (format "Can't write secret to vault at %s with engine %s and path %s because of exception:" vault-url mount path))
(.printStackTrace e)))
)
(read-secret [vault path]
(try
(read-secret client token mount path)
(catch java.lang.Throwable e
(println (format "Can't read secret to vault at %s with engine %s and path %s because of exception:" vault-url mount path))
(.printStackTrace e)))
))
(comment
(def client (new-client (vault-url)))
(def vault (->HashicorpVault client "myroot" "secret"))
(vault-protocol/write-secret! vault "test" "yo")
)