Method: Vault::AppRole#create_secret_id

Defined in:
lib/vault/api/approle.rb

#create_secret_id(role_name, options = {}) ⇒ true

Generates and issues a new SecretID on an existing AppRole.

Examples:

Generate a new SecretID

result = Vault.approle.create_secret_id("testrole") #=> #<Vault::Secret lease_id="...">
result.data[:secret_id] #=> "841771dc-11c9-bbc7-bcac-6a3945a69cd9"

Assign a custom SecretID

result = Vault.approle.create_secret_id("testrole", {
  secret_id: "testsecretid"
}) #=> #<Vault::Secret lease_id="...">
result.data[:secret_id] #=> "testsecretid"

Parameters:

  • role_name (String)

    The name of the AppRole

  • options (Hash) (defaults to: {})

Options Hash (options):

  • :secret_id (String)

    SecretID to be attached to the Role. If not set, then the new SecretID will be generated

  • :metadata (Hash<String, String>)

    Metadata to be tied to the SecretID. This should be a JSON-formatted string containing the metadata in key-value pairs. It will be set on tokens issued with this SecretID, and is logged in audit logs in plaintext.

Returns:

  • (true) 


160
161
162
163
164
165
166
167
168
 
# File 'lib/vault/api/approle.rb', line 160

def create_secret_id(role_name, options = {})
  headers = extract_headers!(options)
  if options[:secret_id]
    json = client.post("/v1/auth/approle/role/#{encode_path(role_name)}/custom-secret-id", JSON.fast_generate(options), headers)
  else
    json = client.post("/v1/auth/approle/role/#{encode_path(role_name)}/secret-id", JSON.fast_generate(options), headers)
  end
  return Secret.decode(json)
end