Examples

Using the Vault Key Value Engine

The KV engine in vault lets you store arbitrary secrets in a JSON-object like manner. This will create non-refreshable (as in always valid) leases:

sourceimport cats.effect.IO
import scala.concurrent.ExecutionContext
import com.commercetools.tresor.vault._

implicit val executionContext: ExecutionContext = ???

val vaultConfig =
  VaultConfig(apiUrl = "http://vault-host:8200/v1", token = "vault-token")

val kvSecret: IO[Lease] =
  KV[cats.effect.IO]("secret")
    .secret(KeyValueContext(key = "treasure"), vaultConfig)

Using the AWS Engine with auto-refresh

The AWS engine create refreshable leases for which a reference can be used for storing. Usually you would create the reference in a safe way during application bootstrap, this has been omitted here:

sourceimport cats.effect.IO

import com.commercetools.tresor.vault._

implicit val executionContext: scala.concurrent.ExecutionContext = ???

val vaultConfig =
  VaultConfig(apiUrl = s"http://vault-host/v1", token = "vault-token")
val awsContext = AwsContext(name = "some-role")
val initialLease: Ref[IO, Option[Lease]] = Ref.unsafe[IO, Option[Lease]](None)
val awsEngine = AWS[IO]("aws")

val leaseWithRefresh: IO[Lease] = AWS[IO]("aws").refresh(initialLease)(
  create = awsEngine.createCredentials(awsContext),
  renew = awsEngine.renew
)(vaultConfig)
The source code for this page can be found here.