Ptolemy v0.2.0 Ptolemy.Engines.PKI View Source
Ptolemy.Engines.PKI
provides a public facing API for CRUD operations for the Vault PKI engine.
Some function in this modules have additional options that can be provided to vault, you can get the option values from: https://www.vaultproject.io/api/secret/pki/index.html
Link to this section Summary
Functions
Create a role with a role from the specification provided
Create a role from the specification provided, errors out if an errors occurs
Revoke either a certificate or a role from the pki engine in vault
Revoke either a certificate or a role from the pki engine in vault, errors out if an errors occurs
Revoke a certificate in vault
Revoke a role in vault
Create a role from the specification provided via a specific path
Revoke a certificate in vault
Revoke a role in vault
Reads a brand new generated certificate from a role via given a specific path
Update a pki role in vault via a specified path
Reads a brand new generated certificate from a role
Reads a brand new generated certificate from a role, errors out if an error occurs
Update a pki role in vault
Update a pki role in vault, errors out if an errors occurs
Link to this section Functions
create(server_name, engine_name, role, params \\ %{}) View Source
Create a role with a role from the specification provided.
Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#create-update-role for options.
Example
iex(2)> Ptolemy.Engines.PKI.create(:production, :pki_engine1, :test_role1, %{allow_any_name: true})
{:ok, "PKI role created"}
create!(server_name, engine_name, role, params \\ %{}) View Source
Create a role from the specification provided, errors out if an errors occurs.
Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#create-update-role for options.
delete(server_name, engine_name, deleteType, arg1) View Source
Revoke either a certificate or a role from the pki engine in vault.
Optional payload is provided if there is a need to overide other options. See:
- For role deletion options: https://www.vaultproject.io/api/secret/pki/index.html#delete-role
- For cert deletion options:
Example
iex(2)> Ptolemy.Engines.PKI.delete(:production, :pki_engine1, :certificate, "17:84:7f:5b:bd:90:da:21:16")
{:ok, "PKI certificate revoked"}
iex(3)> Ptolemy.Engines.PKI.delete(:production, :pki_engine1, :role, :test_role1)
{:ok, "PKI role revoked"}
delete!(server_name, engine_name, deleteType, arg1) View Source
Revoke either a certificate or a role from the pki engine in vault, errors out if an errors occurs.
Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#delete-role for options.
delete_cert(server_name, engine_name, serial_number) View Source
Revoke a certificate in vault.
Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#delete-role for options.
Example
iex(2)> Ptolemy.Engines.PKI.delete_cert(:production, :pki_engine1, serial_number)
{:ok, "PKI certificate revoked"}
delete_role(server_name, engine_name, role) View Source
Revoke a role in vault.
Example
iex(2)> Ptolemy.Engines.PKI.delete_role(:production, :pki_engine1, :test_role1)
{:ok, "PKI role revoked"}
path_create(server_name, path, params \\ %{}) View Source
Create a role from the specification provided via a specific path.
Example
iex(2)> Ptolemy.Engines.PKI.path_create(:production, "/pki/data/", %{allow_any_name: true})
{:ok, "PKI role created"}
path_delete_cert(server_name, path, serial_number) View Source
Revoke a certificate in vault.
path_delete_role(server_name, path) View Source
Revoke a role in vault.
path_read(server_name, path, common_name, payload \\ %{}) View Source
Reads a brand new generated certificate from a role via given a specific path.
Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#generate-certificate for options.
Example
iex(2)> Ptolemy.Engines.PKI.path_read(:production, "/pki/test", "www.example.com")
{:ok,
%{
"auth" => nil,
"data" => %{
"certificate" => "-----BEGIN CERTIFICATE-----generated-cert-----END CERTIFICATE-----",
"expiration" => 1555610944,
"issuing_ca" => "-----BEGIN CERTIFICATE-----ca-cert-goes-here-----END CERTIFICATE-----",
"private_key" => "-----BEGIN RSA PRIVATE KEY-----some-rsa-key-here-----END RSA PRIVATE KEY-----",
"private_key_type" => "rsa",
"serial_number" => "1c:42:ac:e6:80:4c:7c:fc:70:af:c9:64:55:11:95:84:44:22:6f:e5"
},
"lease_duration" => 0,
"lease_id" => "",
"renewable" => false,
"request_id" => "f53c85d0-46ef-df35-349f-dfe4e43ac6d8",
"warnings" => nil,
"wrap_info" => nil
}
}
path_update(server_name, path, payload \\ %{}) View Source
Update a pki role in vault via a specified path.
Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#create-update-role for options.
Example
iex(2)> Ptolemy.Engines.PKI.path_update(:production, "pki/test", %{allow_any_name: false})
{:ok, "PKI role updated"}
read(server_name, engine_name, role, common_name, payload \\ %{}) View Source
Reads a brand new generated certificate from a role.
Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#generate-certificate for options.
Example
iex(2)> Ptolemy.Engines.PKI.read(:production, :pki_engine1, :test_role1, "www.example.com")
{:ok,
%{
"auth" => nil,
"data" => %{
"certificate" => "-----BEGIN CERTIFICATE-----generated-cert-----END CERTIFICATE-----",
"expiration" => 1555610944,
"issuing_ca" => "-----BEGIN CERTIFICATE-----ca-cert-goes-here-----END CERTIFICATE-----",
"private_key" => "-----BEGIN RSA PRIVATE KEY-----some-rsa-key-here-----END RSA PRIVATE KEY-----",
"private_key_type" => "rsa",
"serial_number" => "1c:42:ac:e6:80:4c:7c:fc:70:af:c9:64:55:11:95:84:44:22:6f:e5"
},
"lease_duration" => 0,
"lease_id" => "",
"renewable" => false,
"request_id" => "f53c85d0-46ef-df35-349f-dfe4e43ac6d8",
"warnings" => nil,
"wrap_info" => nil
}
}
read!(server_name, engine_name, role, common_name, payload \\ %{}) View Source
Reads a brand new generated certificate from a role, errors out if an error occurs.
update(server_name, engine_name, role, payload \\ %{}) View Source
Update a pki role in vault.
Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#create-update-role for options.
Example
iex(2)> Ptolemy.Engines.PKI.update(:production, :pki_engine1, :test_role1, %{allow_any_name: false})
{:ok, "PKI role updated"}
update!(server_name, engine_name, secret, payload \\ %{}) View Source
Update a pki role in vault, errors out if an errors occurs.
Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#create-update-role for options.