Type Members

1.  trait AuthMethod extends Mount
2.  case class BackupKeys(nonce: String, keys: Map[String, String]) extends Product with Serializable
3.  case class HealthStatus(initialized: Boolean, sealed: Boolean, standby: Boolean, performanceStandby: Boolean, replicationPerformanceMode: String, replicationDrMode: String, serverTimeUtc: Int, version: String, clusterName: String, clusterId: String) extends Product with Serializable
   initialized

   Whether the Vault server is Initialized.

   standby

   Whether the Vault server is in Standby mode.

   replicationPerformanceMode

   Verbose description of DR mode

   replicationDrMode

   Verbose description of DR mode

   serverTimeUtc

   Server time in Unix seconds, UTC

   version

   Server Vault version

   clusterName

   Server cluster name

   clusterId

   Server cluster UUID

4.  case class InitOptions(secretShares: Int = 5, secretThreshold: Int = 3, pgpKeys: Option[Array[String]] = None, rootTokenPgpKey: Option[String] = None, recoveryShares: Option[Int] = None, recoveryThreshold: Option[Int] = None, recoveryPgpKeys: Option[Array[String]] = None, storedShares: Option[Int] = None) extends Product with Serializable
   secretShares

   Specifies the number of shares to split the master key into.

   secretThreshold

   Specifies the number of shares required to reconstruct the master key. This must be less than or equal secretShares. If using Vault HSM with auto-unsealing, this value must be the same as secretShares.

   pgpKeys

   Specifies an array of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as secretShares.

   rootTokenPgpKey

   Specifies a PGP public key used to encrypt the initial root token. The key must be base64-encoded from its original binary representation.

   recoveryShares

   Specifies the number of shares to split the recovery key into.

   recoveryThreshold

   Specifies the number of shares required to reconstruct the recovery key. This must be less than or equal to recoveryShares.

   recoveryPgpKeys

   Specifies an array of PGP public keys used to encrypt the output recovery keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as recoveryShares.

   storedShares

   Specifies the number of shares that should be encrypted by the HSM and stored for auto-unsealing. Currently must be the same as secretShares.

5.  case class InitResult(keys: Array[String], keysBase64: Array[String], rootToken: String) extends Product with Serializable
6.  case class KeyStatus(term: Int, installTime: OffsetDateTime) extends Product with Serializable

   Information about the current encryption key of Vault.

   Information about the current encryption key of Vault.

   term

   the sequential key number

   installTime

   the time that encryption key was installed

7.  case class LeaderStatus(haEnabled: Boolean, isSelf: Boolean, leaderAddress: Uri, leaderClusterAddress: Uri, performanceStandby: Boolean, performanceStandbyLastRemoteWal: Int) extends Product with Serializable
8.  case class Lease(id: String, issueTime: OffsetDateTime, expireTime: Option[OffsetDateTime], lastRenewal: Option[OffsetDateTime], renewable: Boolean, ttl: Duration = Duration.Undefined) extends Product with Serializable
9.  case class LeaseRenew(leaseId: String, renewable: Boolean, leaseDuration: Duration) extends Product with Serializable
10.  trait Mount extends AnyRef
11.  case class Mounted(accessor: String, uuid: UUID, type: String, description: String, config: TuneOptions, options: Map[String, String] = Map.empty, local: Boolean = false, sealWrap: Boolean = false, externalEntropyAccess: Boolean = false) extends Mount with Product with Serializable

    Represents a mounted mount.

    Represents a mounted mount.

    accessor

    the mount point accessor.

    uuid

    the uuid of the mount.

    description

    human-friendly description of this mount.

    config

    configuration options for this mount.

    options

    mount type specific options.

    local

    whether this is a local mount only. Local mounts are not replicated nor (if a secondary) removed by replication.

    sealWrap

    whether this mount seal wraps causing values.

    externalEntropyAccess

    whether the mount has access to Vault's external entropy source.

12.  case class Plugin(name: String, sha256: String, command: String, builtin: Boolean = false, args: Array[String] = Array.empty, env: Array[String] = Array.empty) extends Product with Serializable
    name

    the name is what is used to look up plugins in the catalog.

    sha256

    the SHA256 sum of the plugin's binary. Before a plugin is run it's SHA will be checked against this value, if they do not match the plugin can not be run.

    command

    the command used to execute the plugin. This is relative to the plugin directory. e.g. "myplugin".

    args

    the arguments used to execute the plugin. If the arguments are provided here, the command parameter should only contain the named program. e.g. "--my_flag=1".

    env

    the environment variables used during the execution of the plugin. Each entry is of the form "key=value". e.g "FOO=BAR".

13.  case class Policy(rules: String) extends Product with Serializable
14.  case class RekeyProgress(started: Boolean, nonce: String, progress: Int, required: Int, complete: Boolean, encodedToken: String, encodedRootToken: String, pgpFingerprint: String, otp: String, otpLength: Int, verificationRequired: Boolean) extends Product with Serializable
15.  case class RekeyVerificationProgress(nonce: String, t: Int, n: Int, progress: Int) extends Product with Serializable
    nonce

    the nonce for the current rekey operation.

    t

    is the threshold required for the new shares to pass verification

    n

    the total number of new shares that were generated

    progress

    is how many of the new unseal keys have been provided for this verification operation

16.  case class RootGenerationProgress(started: Boolean, nonce: String, progress: Int, required: Int, complete: Boolean, encodedToken: String, encodedRootToken: String, pgpFingerprint: String, otp: String, otpLength: Int) extends Product with Serializable
    started

    whether a root generation attempt has been started.

    nonce

    the nonce for the current attempt.

    progress

    how many unseal keys have been provided for this generation attempt.

    required

    how many unseal keys must be provided to complete the generation attempt.

    complete

    whether the attempt is complete.

    encodedToken

    the encoded token. The token will either be encrypted using PGP or XOR'd using the OTP.

    encodedRootToken

    the encoded root token. The token will either be encrypted using PGP or XOR'd using the OTP.

    pgpFingerprint

    the PGP fingerprint used to encrypt the final root token. This will be an empty string unless a PGP key is being used to encrypt the final root token.

    otp

    the one-time-password (OTP) being used to encode the final root token. The OTP is a base64 string, with length of otpLength. The raw bytes (char codes) of the token will be XOR'd with this value before being returned as a response to the final unseal key, encoded as base64. This field will only be returned once, on the response to the start request.

    otpLength

    the size of the OTP.

17.  case class SealStatus(type: String, sealed: Boolean, secretThreshold: Int, secretShares: Int, progress: Int, version: String, nonce: String, clusterName: Option[String], clusterId: Option[String]) extends Product with Serializable
18.  trait SecretEngine extends Mount
19.  case class TuneOptions(defaultLeaseTtl: Duration, maxLeaseTtl: Duration = Duration.Zero, forceNoCache: Boolean = false, tokenType: Option[TokenType] = None, listingVisibility: Option[String] = None, auditNonHmacRequestKeys: Option[List[String]] = None, auditNonHmacResponseKeys: Option[List[String]] = None, allowedResponseHeaders: Option[List[String]] = None, passthroughRequestHeaders: Option[List[String]] = None) extends Product with Serializable
    defaultLeaseTtl

    The default lease duration, specified as a string duration like "5s" or "30m".

    maxLeaseTtl

    The maximum lease duration, specified as a string duration like "5s" or "30m".

    forceNoCache

    Disable caching.

    tokenType

    the type of tokens that should be returned by the mount. Only usable for Auth Methods.

    listingVisibility

    Specifies whether to show this mount in the UI-specific listing endpoint.

    auditNonHmacRequestKeys

    list of keys that will not be HMAC'd by audit devices in the request data object.

    auditNonHmacResponseKeys

    list of keys that will not be HMAC'd by audit devices in the response data object.

    allowedResponseHeaders

    list of headers to whitelist, allowing a plugin to include them in the response.

    passthroughRequestHeaders

    list of headers to whitelist and pass from the request to the plugin.

20.  case class UnsealOptions(key: String, reset: Option[Boolean] = None, migrate: Option[Boolean] = None) extends Product with Serializable