Examples
Using the Vault Key Value Engine
The KV engine in vault lets you store arbitrary secrets in a JSON-object like manner. This will create non-refreshable (as in always valid) leases:
sourceimport cats.effect.IO
import scala.concurrent.ExecutionContext
import com.commercetools.tresor.vault._
implicit val executionContext: ExecutionContext = ???
val vaultConfig =
VaultConfig(apiUrl = "http://vault-host:8200/v1", token = "vault-token")
val kvSecret: IO[Lease] =
KV[cats.effect.IO]("secret")
.secret(KeyValueContext(key = "treasure"), vaultConfig)
Using the AWS Engine with auto-refresh
The AWS engine create refreshable leases for which a reference can be used for storing. Usually you would create the reference in a safe way during application bootstrap, this has been omitted here:
sourceimport cats.effect.IO
import com.commercetools.tresor.vault._
implicit val executionContext: scala.concurrent.ExecutionContext = ???
val vaultConfig =
VaultConfig(apiUrl = s"http://vault-host/v1", token = "vault-token")
val awsContext = AwsContext(name = "some-role")
val initialLease: Ref[IO, Option[Lease]] = Ref.unsafe[IO, Option[Lease]](None)
val awsEngine = AWS[IO]("aws")
val leaseWithRefresh: IO[Lease] = AWS[IO]("aws").refresh(initialLease)(
create = awsEngine.createCredentials(awsContext),
renew = awsEngine.renew
)(vaultConfig)
The source code for this page can be found here.