require 'vault' module Legion module Crypt module Vault attr_accessor :sessions def settings Legion::Settings[:crypt][:vault] end def connect_vault # rubocop:disable Metrics/AbcSize @sessions = [] ::Vault.address = "#{Legion::Settings[:crypt][:vault][:protocol]}://#{Legion::Settings[:crypt][:vault][:address]}:#{Legion::Settings[:crypt][:vault][:port]}" # rubocop:disable Layout/LineLength Legion::Settings[:crypt][:vault][:token] = ENV['VAULT_DEV_ROOT_TOKEN_ID'] if ENV.key? 'VAULT_DEV_ROOT_TOKEN_ID' return nil if Legion::Settings[:crypt][:vault][:token].nil? ::Vault.token = Legion::Settings[:crypt][:vault][:token] Legion::Settings[:crypt][:vault][:connected] = true if ::Vault.sys.health_status.initialized? return unless Legion.const_defined? 'Extensions::Actors::Every' require_relative 'vault_renewer' @renewer = Legion::Crypt::Vault::Renewer.new end def read(path, type = 'legion') full_path = type.nil? || type.empty? ? "#{type}/#{path}" : path lease = ::Vault.logical.read(full_path) add_session(path: lease.lease_id) if lease.respond_to? :lease_id lease.data end def get(path) result = ::Vault.kv('legion').read(path) return nil if result.nil? result.data end def write(path, key, value) hash = {} hash[key.to_sym] = value ::Vault.kv('legion').write(path, **hash) end def exist?(path) !::Vault.kv('legion').read_metadata(path).nil? end def add_session(path:) @sessions.push(path) end def close_sessions Legion::Logging.info 'Closing all Legion::Crypt vault sessions' return if @sessions.nil? @sessions.each do |session| close_session(session: session) end end def shutdown_renewer return unless Legion::Settings[:crypt][:vault][:connected] return if @renewer.nil? Legion::Logging.debug 'Shutdown down Legion::Crypt::Vault::Renewer' @renewer.cancel end def close_session(session:) ::Vault.sys.revoke(session) end def renew_session(session:) ::Vault.sys.renew(session) end def renew_sessions(**_opts) @sessions.each do |session| renew_session(session: session) end end end end end