Ptolemy v0.2.0 Ptolemy.Engines.PKI View Source

Ptolemy.Engines.PKI provides a public facing API for CRUD operations for the Vault PKI engine.

Some function in this modules have additional options that can be provided to vault, you can get the option values from: https://www.vaultproject.io/api/secret/pki/index.html

Link to this section Summary

Functions

Create a role with a role from the specification provided

Create a role from the specification provided, errors out if an errors occurs

Revoke either a certificate or a role from the pki engine in vault

Revoke either a certificate or a role from the pki engine in vault, errors out if an errors occurs

Create a role from the specification provided via a specific path

Revoke a role in vault

Reads a brand new generated certificate from a role via given a specific path

Update a pki role in vault via a specified path

Reads a brand new generated certificate from a role

Reads a brand new generated certificate from a role, errors out if an error occurs

Update a pki role in vault, errors out if an errors occurs

Link to this section Functions

Link to this function

create(server_name, engine_name, role, params \\ %{}) View Source
create(atom(), atom(), atom(), map()) ::
  {:ok, String.t()} | {:error, String.t()}

Create a role with a role from the specification provided.

Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#create-update-role for options.

Example

iex(2)> Ptolemy.Engines.PKI.create(:production, :pki_engine1, :test_role1, %{allow_any_name: true})
{:ok, "PKI role created"}
Link to this function

create!(server_name, engine_name, role, params \\ %{}) View Source
create!(atom(), atom(), atom(), map()) :: :ok | no_return()

Create a role from the specification provided, errors out if an errors occurs.

Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#create-update-role for options.

Link to this function

delete(server_name, engine_name, deleteType, arg1) View Source
delete(atom(), atom(), atom(), any()) ::
  {:ok, String.t()} | {:error, String.t()}

Revoke either a certificate or a role from the pki engine in vault.

Optional payload is provided if there is a need to overide other options. See:

  • For role deletion options: https://www.vaultproject.io/api/secret/pki/index.html#delete-role
  • For cert deletion options:

Example

iex(2)> Ptolemy.Engines.PKI.delete(:production, :pki_engine1, :certificate, "17:84:7f:5b:bd:90:da:21:16")
 {:ok, "PKI certificate revoked"}
iex(3)> Ptolemy.Engines.PKI.delete(:production, :pki_engine1, :role, :test_role1)
{:ok, "PKI role revoked"}
Link to this function

delete!(server_name, engine_name, deleteType, arg1) View Source
delete!(atom(), atom(), atom(), any()) :: :ok | no_return()

Revoke either a certificate or a role from the pki engine in vault, errors out if an errors occurs.

Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#delete-role for options.

Link to this function

delete_cert(server_name, engine_name, serial_number) View Source
delete_cert(atom(), atom(), String.t()) ::
  {:ok, String.t()} | {:error, String.t()}

Revoke a certificate in vault.

Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#delete-role for options.

Example

iex(2)> Ptolemy.Engines.PKI.delete_cert(:production, :pki_engine1, serial_number)
{:ok, "PKI certificate revoked"}
Link to this function

delete_role(server_name, engine_name, role) View Source
delete_role(atom(), atom(), atom()) :: {:ok, String.t()} | {:error, String.t()}

Revoke a role in vault.

Example

iex(2)> Ptolemy.Engines.PKI.delete_role(:production, :pki_engine1, :test_role1)
{:ok, "PKI role revoked"}
Link to this function

path_create(server_name, path, params \\ %{}) View Source
path_create(atom(), String.t(), map()) ::
  {:ok, String.t()} | {:error, String.t()}

Create a role from the specification provided via a specific path.

Example

iex(2)> Ptolemy.Engines.PKI.path_create(:production, "/pki/data/", %{allow_any_name: true})
{:ok, "PKI role created"}
Link to this function

path_delete_cert(server_name, path, serial_number) View Source
path_delete_cert(atom(), String.t(), String.t()) ::
  {:ok, String.t()} | {:error, String.t()}

Revoke a certificate in vault.

Link to this function

path_delete_role(server_name, path) View Source
path_delete_role(atom(), String.t()) :: {:ok, String.t()} | {:error, String.t()}

Revoke a role in vault.

Link to this function

path_read(server_name, path, common_name, payload \\ %{}) View Source
path_read(atom(), String.t(), String.t(), map()) ::
  {:ok, map()} | {:error, String.t()}

Reads a brand new generated certificate from a role via given a specific path.

Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#generate-certificate for options.

Example

iex(2)> Ptolemy.Engines.PKI.path_read(:production, "/pki/test", "www.example.com")
{:ok,
  %{
    "auth" => nil,
    "data" => %{
      "certificate" => "-----BEGIN CERTIFICATE-----generated-cert-----END CERTIFICATE-----",
      "expiration" => 1555610944,
      "issuing_ca" => "-----BEGIN CERTIFICATE-----ca-cert-goes-here-----END CERTIFICATE-----",
      "private_key" => "-----BEGIN RSA PRIVATE KEY-----some-rsa-key-here-----END RSA PRIVATE KEY-----",
      "private_key_type" => "rsa",
      "serial_number" => "1c:42:ac:e6:80:4c:7c:fc:70:af:c9:64:55:11:95:84:44:22:6f:e5"
    },
    "lease_duration" => 0,
    "lease_id" => "",
    "renewable" => false,
    "request_id" => "f53c85d0-46ef-df35-349f-dfe4e43ac6d8",
    "warnings" => nil,
    "wrap_info" => nil
  }
}
Link to this function

path_update(server_name, path, payload \\ %{}) View Source
path_update(atom(), String.t(), map()) ::
  {:ok, String.t()} | {:error, String.t()}

Update a pki role in vault via a specified path.

Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#create-update-role for options.

Example

iex(2)> Ptolemy.Engines.PKI.path_update(:production, "pki/test", %{allow_any_name: false})
{:ok, "PKI role updated"}
Link to this function

read(server_name, engine_name, role, common_name, payload \\ %{}) View Source
read(atom(), atom(), atom(), String.t(), map()) ::
  {:ok, map()} | {:error, String.t()}

Reads a brand new generated certificate from a role.

Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#generate-certificate for options.

Example

iex(2)> Ptolemy.Engines.PKI.read(:production, :pki_engine1, :test_role1, "www.example.com")
{:ok,
  %{
    "auth" => nil,
    "data" => %{
      "certificate" => "-----BEGIN CERTIFICATE-----generated-cert-----END CERTIFICATE-----",
      "expiration" => 1555610944,
      "issuing_ca" => "-----BEGIN CERTIFICATE-----ca-cert-goes-here-----END CERTIFICATE-----",
      "private_key" => "-----BEGIN RSA PRIVATE KEY-----some-rsa-key-here-----END RSA PRIVATE KEY-----",
      "private_key_type" => "rsa",
      "serial_number" => "1c:42:ac:e6:80:4c:7c:fc:70:af:c9:64:55:11:95:84:44:22:6f:e5"
    },
    "lease_duration" => 0,
    "lease_id" => "",
    "renewable" => false,
    "request_id" => "f53c85d0-46ef-df35-349f-dfe4e43ac6d8",
    "warnings" => nil,
    "wrap_info" => nil
  }
}
Link to this function

read!(server_name, engine_name, role, common_name, payload \\ %{}) View Source
read!(atom(), atom(), atom(), String.t(), map()) :: map() | no_return()

Reads a brand new generated certificate from a role, errors out if an error occurs.

Link to this function

update(server_name, engine_name, role, payload \\ %{}) View Source
update(atom(), atom(), atom(), map()) ::
  {:ok, String.t()} | {:error, String.t()}

Update a pki role in vault.

Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#create-update-role for options.

Example

iex(2)> Ptolemy.Engines.PKI.update(:production, :pki_engine1, :test_role1, %{allow_any_name: false})
{:ok, "PKI role updated"}
Link to this function

update!(server_name, engine_name, secret, payload \\ %{}) View Source
update!(atom(), atom(), atom(), map()) :: :ok | no_return()

Update a pki role in vault, errors out if an errors occurs.

Optional payload is provided if there is a need to overide other options. See https://www.vaultproject.io/api/secret/pki/index.html#create-update-role for options.