'use strict'; var z7 = require('zod'); var omit = require('lodash/omit'); var pick = require('lodash/pick'); var pSafe = require('p-safe'); var zodRequest = require('zod-request'); function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; } function _interopNamespace(e) { if (e && e.__esModule) return e; var n = Object.create(null); if (e) { Object.keys(e).forEach(function (k) { if (k !== 'default') { var d = Object.getOwnPropertyDescriptor(e, k); Object.defineProperty(n, k, d.get ? d : { enumerable: true, get: function () { return e[k]; } }); } }); } n.default = e; return Object.freeze(n); } var z7__namespace = /*#__PURE__*/_interopNamespace(z7); var omit__default = /*#__PURE__*/_interopDefault(omit); var pick__default = /*#__PURE__*/_interopDefault(pick); // src/lib/client.ts // src/lib/sector.ts var ApiSector = class { constructor(client) { this.client = client; } }; // src/errors.ts var VaultError = class extends Error { constructor(error) { if (Array.isArray(error)) { error = error.join("\n"); } super(error && error !== "" ? error : "Not Found"); } }; // src/utils/json.ts function isJson(data) { if (typeof data !== "string") return false; if (data === "" || data[0] !== "{") return false; try { const val = JSON.parse(data); if (!val) return false; return val; } catch (e) { return false; } } // src/utils/object.ts function removeUndefined(obj) { const result = {}; for (const key in obj) { const value = obj[key]; if (value !== void 0) { result[key] = value; } } return result; } // src/utils/generate-command.ts function generateCommand(init, raw = false) { return async (args, options = {}) => { const { method = "GET", path, client, schema } = init; const { strictSchema = true, ...opts } = options; const requestInit = { method, ...opts, path: schema?.path && typeof schema?.path === "object" ? pick__default.default(args || {}, Object.keys(schema.path.shape)) : void 0, params: schema?.searchParams && typeof schema?.searchParams === "object" ? pick__default.default(args || {}, Object.keys(schema.searchParams.shape)) : void 0, body: !schema?.body ? void 0 : schema.body instanceof z7__namespace.ZodObject ? pick__default.default(args || {}, Object.keys(schema.body.shape)) : removeUndefined( omit__default.default( args, // Potential Body Keys Object.keys(schema.searchParams?.shape || {}).concat(Object.keys(schema.path?.shape || {})).concat(Object.keys(schema.headers?.shape || {})) ) ), headers: removeUndefined( Object.assign( { "X-Vault-Token": client.token, "X-Vault-Namespace": client.namespace }, opts.headers || {} ) ), schema: Object.assign(schema, { response: z7__namespace.union([ schema.response ?? z7__namespace.any(), z7__namespace.object({ errors: z7__namespace.array(z7__namespace.string()) }) ]) }) }; const { url: _url, input } = zodRequest.generateRequest( `${client.endpoint}/${client.apiVersion}${client.pathPrefix}${path}`, requestInit ); return pSafe.trySafe(async () => { const fetcher = init.fetcher || client.fetcher || fetch; const rawInit = Object.assign(input, { url: new URL( _url.toString().replace(///g, "/") ) }); const { url, ...refinedInput } = init.refine ? init.refine(rawInit, args) : rawInit; if (refinedInput.body && !isJson(refinedInput.body)) { refinedInput.body = JSON.stringify(refinedInput.body); } const response = await fetcher(url, refinedInput); if (raw) { return { data: response }; } const { headers } = response; const hasContent = headers.has("content-length") && headers.get("content-length") !== "0"; if (!response.body && !hasContent) { return { data: response.ok }; } const hasJsonContentType = headers.has("content-type") && headers.get("content-type") === "application/json"; if (!strictSchema || !schema.response || schema.response instanceof z7__namespace.ZodAny) { if (hasJsonContentType) { return resolve(response, await response.json()); } return resolve(response, parseText(await response.text())); } try { const zr = new zodRequest.ZodResponse(response, schema.response); if (hasJsonContentType) { return resolve(response, await zr.json()); } return resolve(response, parseText(await zr.text())); } catch (e) { if (e && e instanceof VaultError) return { error: e }; if (e && typeof e === "object" && e.constructor.name === "ZodValidationError") { const error2 = new VaultError("Failed to validate response schema"); error2.cause = e.flatten(); return { error: error2 }; } const error = new VaultError("Failed to parse response"); error.cause = e; return { error }; } }); }; } function resolve(response, data) { if (typeof data === "object" && "errors" in data) { const error = new VaultError(data.errors); error.cause = response; return { error }; } return { data }; } function parseText(text) { const json = isJson(text); if (json) { return json; } return text; } // src/engine/aws.ts var Aws = class extends ApiSector { /** * IAM * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#iam */ get config() { return generateCommand({ method: "POST", path: "/aws/config/root", client: this.client, schema: { body: z7__namespace.object({ max_retries: z7__namespace.number().optional(), access_key: z7__namespace.string().optional(), secret_key: z7__namespace.string().optional(), role_arn: z7__namespace.string().optional(), identity_token_audience: z7__namespace.string().optional(), identity_token_ttl: z7__namespace.string().optional(), region: z7__namespace.string().optional(), iam_endpoint: z7__namespace.string().optional(), sts_endpoint: z7__namespace.string().optional(), username_template: z7__namespace.string().optional() }), response: z7__namespace.any() } }); } /** * Read root configuration * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#read-root-configuration */ get rootInfo() { return generateCommand({ method: "GET", path: "/aws/config/root", client: this.client, schema: { response: z7__namespace.any() } }); } /** * Rotate root IAM credentials * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#rotate-root-iam-credentials */ get rotateRoot() { return generateCommand({ method: "POST", path: "/aws/config/rotate-root", client: this.client, schema: { response: z7__namespace.any() } }); } /** * Configure lease * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#configure-lease */ get configLease() { return generateCommand({ method: "POST", path: "/aws/config/lease", client: this.client, schema: { body: z7__namespace.object({ lease: z7__namespace.string(), lease_max: z7__namespace.number() }), response: z7__namespace.any() } }); } /** * Read lease * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#read-lease */ get lease() { return generateCommand({ method: "POST", path: "/aws/config/lease", client: this.client, schema: { response: z7__namespace.any() } }); } /** * Create/Update role * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#create-update-role */ get role() { return generateCommand({ method: "POST", path: "/aws/config/role", client: this.client, schema: { body: z7__namespace.object({ name: z7__namespace.string(), credential_type: z7__namespace.string(), role_arns: z7__namespace.array(z7__namespace.string()).optional(), policy_arns: z7__namespace.array(z7__namespace.string()).optional(), policy_document: z7__namespace.string().optional(), iam_groups: z7__namespace.array(z7__namespace.string()).optional(), iam_tags: z7__namespace.array(z7__namespace.string()).optional(), default_sts_ttl: z7__namespace.string().optional(), max_sts_ttl: z7__namespace.string().optional(), user_path: z7__namespace.string().optional(), permissions_boundary_arn: z7__namespace.string().optional(), mfa_serial_number: z7__namespace.string().optional(), policy: z7__namespace.string().optional(), arn: z7__namespace.string().optional() }), response: z7__namespace.any() } }); } /** * Read role * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#read-role */ get roleInfo() { return generateCommand({ method: "GET", path: "/aws/roles/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), response: z7__namespace.any() } }); } /** * List roles * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#list-roles */ get roles() { return generateCommand({ method: "LIST", path: "/aws/roles", client: this.client, schema: { response: z7__namespace.any() } }); } /** * Delete role * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#delete-role */ get deleteRole() { return generateCommand({ method: "DELETE", path: "/aws/roles/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), response: z7__namespace.any() } }); } /** * Generate credentials for the path `/aws/creds/:name` * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#generate-credentials */ get credentials() { return generateCommand({ method: "GET", path: "/aws/creds/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), searchParams: GenerateCredentialsParams, response: z7__namespace.any() } }); } /** * Generate credentials for the path `/aws/sts/:name` * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#generate-credentials */ get stsCredentials() { return generateCommand({ method: "POST", path: "/aws/sts/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), body: GenerateCredentialsParams, response: z7__namespace.any() } }); } /** * Create/Update static role * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#create-update-static-role */ get staticRole() { return generateCommand({ method: "POST", path: "/aws/static-roles/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), body: z7__namespace.object({ username: z7__namespace.string(), rotation_period: z7__namespace.union([z7__namespace.string(), z7__namespace.number()]) }), response: z7__namespace.any() } }); } /** * Read static role * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#read-static-role */ get staticRoleInfo() { return generateCommand({ method: "GET", path: "/aws/static-roles/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), response: z7__namespace.any() } }); } /** * Delete static role * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#delete-static-role */ get deleteStaticRole() { return generateCommand({ method: "DELETE", path: "/aws/static-roles/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), response: z7__namespace.any() } }); } /** * Get static credentials * * @link https://developer.hashicorp.com/vault/api-docs/secret/aws#get-static-credentials */ get staticCredentials() { return generateCommand({ method: "GET", path: "/aws/static-creds/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), response: z7__namespace.any() } }); } }; var GenerateCredentialsParams = z7__namespace.object({ role_arn: z7__namespace.string().optional(), role_session_name: z7__namespace.string().optional(), ttl: z7__namespace.string().optional(), mfa_code: z7__namespace.string().optional() }); z7__namespace.object({ client_token: z7__namespace.string(), policies: z7__namespace.array(z7__namespace.string()), metadata: z7__namespace.any(), lease_duration: z7__namespace.number(), renewable: z7__namespace.boolean() }); var EngineInfoSchema = z7__namespace.object({ accessor: z7__namespace.string(), config: z7__namespace.record(z7__namespace.any()).nullable(), description: z7__namespace.string(), external_entropy_access: z7__namespace.boolean(), local: z7__namespace.boolean(), options: z7__namespace.record(z7__namespace.any()).nullable(), plugin_version: z7__namespace.string(), running_plugin_version: z7__namespace.string(), running_sha256: z7__namespace.string(), seal_wrap: z7__namespace.boolean(), type: z7__namespace.string(), uuid: z7__namespace.string() }); var SuccessResponseSchema = z7__namespace.object({ request_id: z7__namespace.string(), lease_id: z7__namespace.string(), renewable: z7__namespace.boolean(), lease_duration: z7__namespace.number(), wrap_info: z7__namespace.record(z7__namespace.any()).nullable(), warnings: z7__namespace.record(z7__namespace.any()).nullable(), auth: z7__namespace.record(z7__namespace.any()).nullable() }); var ClientOptionsSchema = z7__namespace.object({ endpoint: z7__namespace.string().optional(), apiVersion: z7__namespace.string().optional(), pathPrefix: z7__namespace.string().optional(), token: z7__namespace.string().optional(), namespace: z7__namespace.string().optional() }); var ZodAnyRecord = z7__namespace.record(z7__namespace.any()); // src/engine/kubernetes.ts var Kubernetes = class extends ApiSector { /** * Write configuration * * @link https://developer.hashicorp.com/vault/api-docs/secret/kubernetes#write-configuration */ get config() { return generateCommand({ method: "POST", path: "/kubernetes/config", client: this.client, schema: { body: z7__namespace.object({ kubernetes_host: z7__namespace.string().optional(), kubernetes_ca_cert: z7__namespace.string().optional(), service_account_jwt: z7__namespace.string().optional(), disable_local_ca_jwt: z7__namespace.boolean().optional() }), response: ZodAnyRecord } }); } /** * Read configuration * * @link https://developer.hashicorp.com/vault/api-docs/secret/kubernetes#read-configuration */ get readConfig() { return generateCommand({ method: "GET", path: "/kubernetes/config", client: this.client, schema: { response: ZodAnyRecord } }); } /** * Delete configuration * * @link https://developer.hashicorp.com/vault/api-docs/secret/kubernetes#delete-configuration */ get deleteConfig() { return generateCommand({ method: "DELETE", path: "/kubernetes/config", client: this.client, schema: { response: z7__namespace.boolean() } }); } /** * Create role * * @link https://developer.hashicorp.com/vault/api-docs/secret/kubernetes#create-role */ get createRole() { return generateCommand({ method: "POST", path: "/kubernetes/roles/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), body: z7__namespace.object({ allowed_kubernetes_namespaces: z7__namespace.array(z7__namespace.string()).optional(), allowed_kubernetes_namespace_selector: z7__namespace.string().optional(), token_max_ttl: z7__namespace.string().optional(), token_default_ttl: z7__namespace.string().optional(), token_default_audiences: z7__namespace.string().optional(), service_account_name: z7__namespace.string().optional(), kubernetes_role_name: z7__namespace.string().optional(), kubernetes_role_type: z7__namespace.string().optional(), generated_role_rules: z7__namespace.string().optional(), name_template: z7__namespace.string().optional(), extra_annotations: z7__namespace.record(z7__namespace.string()).optional(), extra_labels: z7__namespace.record(z7__namespace.string()).optional() }), response: ZodAnyRecord } }); } /** * Read role * * @link https://developer.hashicorp.com/vault/api-docs/secret/kubernetes#read-role */ get role() { return generateCommand({ method: "GET", path: "/kubernetes/roles/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), response: ZodAnyRecord } }); } /** * List roles * * @link https://developer.hashicorp.com/vault/api-docs/secret/kubernetes#list-roles */ get roles() { return generateCommand({ method: "LIST", path: "/kubernetes/roles", client: this.client, schema: { response: ZodAnyRecord } }); } /** * Delete role * * @link https://developer.hashicorp.com/vault/api-docs/secret/kubernetes#delete-role */ get deleteRole() { return generateCommand({ method: "DELETE", path: "/kubernetes/roles/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), response: z7__namespace.boolean() } }); } /** * Generate credentials * * @link https://developer.hashicorp.com/vault/api-docs/secret/kubernetes#generate-credentials */ get generateCreds() { return generateCommand({ method: "POST", path: "/kubernetes/creds/{{name}}", client: this.client, schema: { path: z7__namespace.object({ name: z7__namespace.string() }), body: z7__namespace.object({ role: z7__namespace.string(), kubernetes_namespace: z7__namespace.string().optional(), cluster_role_binding: z7__namespace.boolean().optional(), ttl: z7__namespace.string().optional(), audiences: z7__namespace.string().optional() }), response: ZodAnyRecord } }); } }; var Kv = class extends ApiSector { /** * Read secret * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v1#read-secret */ get read() { return generateCommand({ method: "GET", path: "/{{mountPath}}/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), response: SuccessResponseSchema.extend({ data: ZodAnyRecord }) } }); } /** * List secrets * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v1#list-secrets */ get list() { return generateCommand({ method: "LIST", path: "/{{mountPath}}/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), response: SuccessResponseSchema.extend({ data: z7__namespace.object({ keys: z7__namespace.array(z7__namespace.string()) }) }) } }); } /** * Create/Update secret * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v1#create-update-secret */ get write() { return generateCommand({ method: "POST", path: "/{{mountPath}}/{{path}}", client: this.client, schema: { // Parameters // // path (string: ) – Specifies the path of the secrets to create/update. This is specified as part of the URL. // :key (string: "") – Specifies a key in the payload, paired with an associated value, to be held at the given location. Multiple key/value pairs can be specified, and all will be returned on a read operation. A key called ttl will trigger some special behavior. See the Vault KV secrets engine documentation for details. path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), body: z7__namespace.object({ data: ZodAnyRecord }), response: z7__namespace.boolean() }, refine: (init) => { init.body = init.body ? init.body.data || {} : {}; return init; } }); } /** * Delete secret * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v1#delete-secret */ get delete() { return generateCommand({ method: "DELETE", path: "/{{mountPath}}/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), response: z7__namespace.boolean() } }); } /** * Engine info */ get info() { return generateCommand({ method: "GET", path: "/sys/mounts/{{mountPath}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string() }), response: SuccessResponseSchema.extend({ deprecation_status: z7__namespace.string(), type: z7__namespace.string(), description: z7__namespace.string(), seal_wrap: z7__namespace.boolean(), options: ZodAnyRecord, running_plugin_version: z7__namespace.string(), running_sha256: z7__namespace.string(), config: z7__namespace.object({ default_lease_ttl: z7__namespace.number(), force_no_cache: z7__namespace.boolean(), max_lease_ttl: z7__namespace.number() }), accessor: z7__namespace.string(), local: z7__namespace.boolean(), external_entropy_access: z7__namespace.boolean(), uuid: z7__namespace.string(), plugin_version: z7__namespace.string(), data: z7__namespace.object({ accessor: z7__namespace.string(), config: z7__namespace.object({ default_lease_ttl: z7__namespace.number(), force_no_cache: z7__namespace.boolean(), max_lease_ttl: z7__namespace.number() }), deprecation_status: z7__namespace.string(), description: z7__namespace.string(), external_entropy_access: z7__namespace.boolean(), local: z7__namespace.boolean(), options: ZodAnyRecord, plugin_version: z7__namespace.string(), running_plugin_version: z7__namespace.string(), running_sha256: z7__namespace.string(), seal_wrap: z7__namespace.boolean(), type: z7__namespace.string(), uuid: z7__namespace.string() }) }) } }); } }; var Kv2 = class extends ApiSector { /** * Configure the KV engine * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#configure-the-kv-engine */ get config() { return generateCommand({ method: "POST", path: "/{{mountPath}}/config", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string() }), body: z7__namespace.object({ max_versions: z7__namespace.number().optional(), cas_required: z7__namespace.boolean().optional(), delete_version_after: z7__namespace.string().optional() }), response: z7__namespace.boolean() } }); } /** * Read KV engine configuration * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#read-kv-engine-configuration */ get readConfig() { return generateCommand({ method: "GET", path: "/{{mountPath}}/config", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string() }), response: SuccessResponseSchema.extend({ data: z7__namespace.object({ cas_required: z7__namespace.boolean(), delete_version_after: z7__namespace.string(), max_versions: z7__namespace.number() }) }) } }); } /** * Read secret version * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#read-secret-version */ get read() { return generateCommand({ method: "GET", path: "/{{mountPath}}/data/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), searchParams: z7__namespace.object({ version: z7__namespace.number().default(0).optional() }), response: SuccessResponseSchema.extend({ data: z7__namespace.object({ data: z7__namespace.record(z7__namespace.string()), metadata: MetadataSchema }) }) } }); } /** * Create/Update secret * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#create-update-secret */ get write() { return generateCommand({ method: "POST", path: "/{{mountPath}}/data/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), body: z7__namespace.object({ data: z7__namespace.record(z7__namespace.any()).default({}), options: PostOptionsSchema.default({}).optional() }), response: SuccessResponseSchema.extend({ data: MetadataSchema }) } }); } /** * Patch secret * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#patch-secret */ get patch() { return generateCommand({ method: "PATCH", path: "/{{mountPath}}/data/{{path}}", client: this.client, refine: (init) => { init.headers = Object.assign(init.headers || {}, { "Content-Type": "application/merge-patch+json" }); return init; }, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), body: z7__namespace.object({ data: z7__namespace.any(), options: PostOptionsSchema }), response: z7__namespace.object({ data: MetadataSchema }) } }); } /** * Read secret subkeys * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#read-secret-subkeys */ get subKeys() { return generateCommand({ method: "GET", path: "/{{mountPath}}/subkeys/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), searchParams: z7__namespace.object({ version: z7__namespace.number().optional(), depth: z7__namespace.number().optional() }), response: SuccessResponseSchema.extend({ data: z7__namespace.object({ metadata: MetadataSchema, subkeys: z7__namespace.record(z7__namespace.any()) }) }) } }); } /** * Delete latest version of secret * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-latest-version-of-secret */ get deleteLatest() { return generateCommand({ method: "DELETE", path: "/{{mountPath}}/data/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), response: z7__namespace.boolean() } }); } /** * Delete secret versions * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-secret-versions */ get delete() { return generateCommand({ method: "POST", path: "/{{mountPath}}/delete/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), body: z7__namespace.object({ versions: z7__namespace.array(z7__namespace.number()) }), response: z7__namespace.boolean() } }); } /** * Undelete secret versions * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#undelete-secret-versions */ get undelete() { return generateCommand({ method: "POST", path: "/{{mountPath}}/undelete/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), body: z7__namespace.object({ versions: z7__namespace.array(z7__namespace.number()) }), response: z7__namespace.boolean() } }); } /** * Destroy secret versions * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#destroy-secret-versions */ get destroy() { return generateCommand({ method: "POST", path: "/{{mountPath}}/destroy/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), body: z7__namespace.object({ versions: z7__namespace.array(z7__namespace.number()) }), response: z7__namespace.boolean() } }); } /** * List secrets * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#list-secrets */ get list() { return generateCommand({ method: "LIST", path: "/{{mountPath}}/metadata/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), response: SuccessResponseSchema.extend({ data: z7__namespace.object({ keys: z7__namespace.array(z7__namespace.string()) }) }) } }); } /** * Read secret metadata * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#read-secret-metadata */ get readMetadata() { return generateCommand({ method: "GET", path: "/{{mountPath}}/metadata/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), response: SuccessResponseSchema.extend({ data: z7__namespace.object({ cas_required: z7__namespace.boolean(), created_time: z7__namespace.string(), current_version: z7__namespace.number(), custom_metadata: z7__namespace.record(z7__namespace.string()).nullable(), delete_version_after: z7__namespace.string(), max_versions: z7__namespace.number(), oldest_version: z7__namespace.number(), updated_time: z7__namespace.string(), versions: z7__namespace.record( z7__namespace.object({ created_time: z7__namespace.string(), deletion_time: z7__namespace.string(), destroyed: z7__namespace.boolean() }) ) }) }) } }); } /** * Create/Update metadata * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#create-update-metadata */ get writeMetadata() { return generateCommand({ method: "POST", path: "/{{mountPath}}/metadata/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), body: MetadataRequestBodySchema, response: z7__namespace.boolean() } }); } /** * Patch metadata * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#patch-metadata */ get patchMetadata() { return generateCommand({ method: "PATCH", path: "/{{mountPath}}/metadata/{{path}}", client: this.client, refine: (init) => { init.headers = Object.assign(init.headers || {}, { "Content-Type": "application/merge-patch+json" }); return init; }, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), body: MetadataRequestBodySchema, response: z7__namespace.boolean() } }); } /** * Delete metadata and all versions * * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-metadata-and-all-versions */ get deleteMetadata() { return generateCommand({ method: "DELETE", path: "/{{mountPath}}/metadata/{{path}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string(), path: z7__namespace.string() }), response: z7__namespace.boolean() } }); } /** * Engine info */ get info() { return generateCommand({ method: "GET", path: "/sys/mounts/{{mountPath}}", client: this.client, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string() }), response: SuccessResponseSchema.extend({ local: z7__namespace.boolean(), seal_wrap: z7__namespace.boolean(), external_entropy_access: z7__namespace.boolean(), options: ZodAnyRecord, running_sha256: z7__namespace.string(), deprecation_status: z7__namespace.string(), config: z7__namespace.object({ default_lease_ttl: z7__namespace.number(), force_no_cache: z7__namespace.boolean(), max_lease_ttl: z7__namespace.number() }), type: z7__namespace.string(), description: z7__namespace.string(), accessor: z7__namespace.string(), uuid: z7__namespace.string(), plugin_version: z7__namespace.string(), running_plugin_version: z7__namespace.string(), data: z7__namespace.object({ accessor: z7__namespace.string(), config: z7__namespace.object({ default_lease_ttl: z7__namespace.number(), force_no_cache: z7__namespace.boolean(), max_lease_ttl: z7__namespace.number() }), deprecation_status: z7__namespace.string(), description: z7__namespace.string(), external_entropy_access: z7__namespace.boolean(), local: z7__namespace.boolean(), options: ZodAnyRecord, plugin_version: z7__namespace.string(), running_plugin_version: z7__namespace.string(), running_sha256: z7__namespace.string(), seal_wrap: z7__namespace.boolean(), type: z7__namespace.string(), uuid: z7__namespace.string() }) }) } }); } }; var MetadataSchema = z7__namespace.object({ created_time: z7__namespace.string(), custom_metadata: z7__namespace.record(z7__namespace.string()).nullable(), deletion_time: z7__namespace.string(), destroyed: z7__namespace.boolean(), version: z7__namespace.number() }); var MetadataRequestBodySchema = z7__namespace.object({ max_versions: z7__namespace.number().optional(), cas_required: z7__namespace.boolean().optional(), delete_version_after: z7__namespace.string().optional(), custom_metadata: z7__namespace.record(z7__namespace.string()).nullable().optional() }); var PostOptionsSchema = z7__namespace.object({ cas: z7__namespace.number().default(0), check_and_set: z7__namespace.string().optional(), max_versions: z7__namespace.number().optional(), prelease: z7__namespace.number().optional(), version: z7__namespace.number().optional() }); // src/lib/client.ts var Client = class { constructor(opts = {}) { this.opts = opts; const { request, fetcher, ...restOpts } = opts; const options = ClientOptionsSchema.parse(restOpts); this.endpoint = options.endpoint || process.env.VAULT_ADDR || "http://127.0.0.1:8200"; this.apiVersion = options.apiVersion || "v1"; this.pathPrefix = options.pathPrefix || ""; this.namespace = options.namespace || process.env.VAULT_NAMESPACE; this.token = options.token || process.env.VAULT_TOKEN; this.fetcher = fetcher; this.request = request; } endpoint; apiVersion; pathPrefix; namespace; token; request; fetcher; /** * AWS secrets engine */ get aws() { return new Aws(this); } /** * Kubernetes secrets engine */ get kubernetes() { return new Kubernetes(this); } /** * Key/Value Version 1 */ get kv() { return new Kv(this); } /** * Key/Value Version 2 */ get kv2() { return new Kv2(this); } /** * This property is a POST command that mainly proposed to configure the vault secrets engine. * Also, it can be overridden by you're custom commands inside the client instance. */ config = generateCommand({ method: "POST", path: "/{{mountPath}}/config", client: this, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string() }), response: ZodAnyRecord } }); /** * This property is a GET command that resolves an HTTP GET request to the given path. Also, it * can be overridden by you're custom commands inside the client instance. */ read = generateCommand({ method: "GET", path: "/{{path}}", client: this, schema: { path: z7__namespace.object({ path: z7__namespace.string() }), response: ZodAnyRecord } }); /** * This property is a POST command that sends the `data` parameter as JSON to the given path. * Also, it can be overridden by you're custom commands inside the client instance. */ write = generateCommand({ method: "POST", path: "/{{path}}", client: this, schema: { path: z7__namespace.object({ path: z7__namespace.string() }), body: z7__namespace.object({ data: ZodAnyRecord }), response: z7__namespace.union([ZodAnyRecord, z7__namespace.boolean()]) }, refine: (init) => { init.body = init.body ? init.body.data || {} : {}; return init; } }); /** * This property is a DELETE command that resolves an HTTP DELETE request to the given path. Also, * it can be overridden by you're custom commands inside the client instance. */ delete = generateCommand({ method: "DELETE", path: "/{{path}}", client: this, schema: { path: z7__namespace.object({ path: z7__namespace.string() }), response: z7__namespace.boolean() } }); /** * This property is a LIST command that resolves an HTTP GET request to the given path. Also, it * can be overridden by you're custom commands inside the client instance. */ list = generateCommand({ method: "LIST", path: "/{{path}}", client: this, schema: { path: z7__namespace.object({ path: z7__namespace.string() }), response: ZodAnyRecord } }); ////// // https://developer.hashicorp.com/vault/api-docs/system/audit ////// /** * List enabled audit devices * * @link https://developer.hashicorp.com/vault/api-docs/system/audit#list-enabled-audit-devices */ get listDevices() { return generateCommand({ method: "GET", path: "/sys/audit", client: this, schema: { response: SuccessResponseSchema.extend({ data: z7__namespace.record( z7__namespace.object({ type: z7__namespace.string(), description: z7__namespace.string(), options: z7__namespace.record(z7__namespace.any()) }) ) }) } }); } /** * Disable audit device * * @link https://developer.hashicorp.com/vault/api-docs/system/audit#disable-audit-device */ get disableDevice() { return generateCommand({ method: "DELETE", path: "/sys/audit/{{path}}", client: this, schema: { path: z7__namespace.object({ path: z7__namespace.string() }), response: z7__namespace.boolean() } }); } /** * Enable audit device * * @link https://developer.hashicorp.com/vault/api-docs/system/audit#enable-audit-device */ get enableDevice() { return generateCommand({ method: "POST", path: "/sys/audit/{{path}}", client: this, schema: { path: z7__namespace.object({ path: z7__namespace.string() }), response: z7__namespace.boolean() } }); } /////// // https://developer.hashicorp.com/vault/api-docs/system/capabilities /////// /** * Query token capabilities * * @link https://developer.hashicorp.com/vault/api-docs/system/capabilities#query-token-capabilities */ get queryCapabilities() { return generateCommand({ method: "POST", path: "/sys/capabilities", client: this, schema: { body: z7__namespace.object({ token: z7__namespace.string(), paths: z7__namespace.array(z7__namespace.string()) }), response: z7__namespace.boolean() } }); } /** * Seal status * * @link https://developer.hashicorp.com/vault/api-docs/system/seal-status#seal-status */ get sealStatus() { return generateCommand({ method: "GET", path: "/sys/seal-status", client: this, schema: { response: z7__namespace.object({ type: z7__namespace.string(), initialized: z7__namespace.boolean(), sealed: z7__namespace.boolean(), t: z7__namespace.number(), n: z7__namespace.number(), progress: z7__namespace.number(), nonce: z7__namespace.string(), version: z7__namespace.string(), build_date: z7__namespace.string(), migration: z7__namespace.boolean(), recovery_seal: z7__namespace.boolean(), storage_type: z7__namespace.string() }) } }); } /** * Read initialization status * * @link https://developer.hashicorp.com/vault/api-docs/system/init#read-initialization-status */ get initialized() { return generateCommand({ method: "GET", path: "/sys/init", client: this, schema: { response: z7__namespace.object({ initialized: z7__namespace.boolean() }) } }); } /** * Start initialization * * @link https://developer.hashicorp.com/vault/api-docs/system/init#start-initialization */ get init() { return generateCommand({ method: "POST", path: "/sys/init", client: this, schema: { body: z7__namespace.object({ pgp_keys: z7__namespace.array(z7__namespace.string()).optional(), root_token_pgp_key: z7__namespace.string().default("").optional(), secret_shares: z7__namespace.number(), secret_threshold: z7__namespace.number(), stored_shares: z7__namespace.number().optional(), recovery_shares: z7__namespace.number().default(0).optional(), recovery_threshold: z7__namespace.number().default(0).optional(), recovery_pgp_keys: z7__namespace.array(z7__namespace.string()).optional() }), response: z7__namespace.object({ keys: z7__namespace.array(z7__namespace.string()), keys_base64: z7__namespace.array(z7__namespace.string()), root_token: z7__namespace.string() }) } }); } /** * Submit unseal key * * @link https://developer.hashicorp.com/vault/api-docs/system/unseal#submit-unseal-key */ get unseal() { return generateCommand({ method: "POST", path: "/sys/unseal", client: this, schema: { body: z7__namespace.object({ key: z7__namespace.string(), reset: z7__namespace.boolean().default(false).optional(), migrate: z7__namespace.boolean().default(false).optional() }), response: z7__namespace.discriminatedUnion("sealed", [ z7__namespace.object({ sealed: z7__namespace.literal(true), t: z7__namespace.number(), n: z7__namespace.number(), progress: z7__namespace.number(), version: z7__namespace.string() }), z7__namespace.object({ sealed: z7__namespace.literal(false), t: z7__namespace.number(), n: z7__namespace.number(), progress: z7__namespace.number(), version: z7__namespace.string(), cluster_name: z7__namespace.string(), cluster_id: z7__namespace.string() }) ]) } }); } /** * Seal * * @link https://developer.hashicorp.com/vault/api-docs/system/seal#seal */ get seal() { return generateCommand({ method: "POST", path: "/sys/seal", client: this, schema: { response: z7__namespace.boolean() } }); } /** * Read root generation progress * * @link https://developer.hashicorp.com/vault/api-docs/system/generate-root#read-root-generation-progress */ get getRootGenerationProgress() { return generateCommand({ method: "GET", path: "/sys/generate-root/attempt", client: this, schema: { response: z7__namespace.object({ started: z7__namespace.boolean(), nonce: z7__namespace.string(), progress: z7__namespace.number(), required: z7__namespace.number(), encoded_token: z7__namespace.string(), pgp_fingerprint: z7__namespace.string(), otp_length: z7__namespace.number(), complete: z7__namespace.boolean() }) } }); } /** * Start root token generation * * @link https://developer.hashicorp.com/vault/api-docs/system/generate-root#start-root-token-generation */ get startRootGeneration() { return generateCommand({ method: "POST", path: "/sys/generate-root/attempt", client: this, schema: { body: z7__namespace.object({ otp: z7__namespace.string() }), response: z7__namespace.object({ started: z7__namespace.boolean(), nonce: z7__namespace.string(), progress: z7__namespace.number(), required: z7__namespace.number(), encoded_token: z7__namespace.string(), otp: z7__namespace.string(), otp_length: z7__namespace.number(), complete: z7__namespace.boolean() }) } }); } /** * Cancel root generation * * @link https://developer.hashicorp.com/vault/api-docs/system/generate-root#cancel-root-generation */ get cancelRootGeneration() { return generateCommand({ method: "DELETE", path: "/sys/generate-root/attempt", client: this, schema: { response: z7__namespace.record(z7__namespace.any()) } }); } /** * Provide key share to generate root * * @link https://developer.hashicorp.com/vault/api-docs/system/generate-root#provide-key-share-to-generate-root */ get provideKeyShare() { return generateCommand({ method: "POST", path: "/sys/generate-root/update", client: this, schema: { body: z7__namespace.object({ key: z7__namespace.string(), nonce: z7__namespace.string() }), response: z7__namespace.object({ started: z7__namespace.boolean(), nonce: z7__namespace.string(), progress: z7__namespace.number(), required: z7__namespace.number(), pgp_fingerprint: z7__namespace.string(), complete: z7__namespace.boolean(), encoded_token: z7__namespace.string() }) } }); } ///////////////// // Mounts // https://developer.hashicorp.com/vault/api-docs/system/mounts ///////////////// /** * List mounted secrets engines * * @link https://developer.hashicorp.com/vault/api-docs/system/mounts#list-mounted-secrets-engines */ get mounts() { return generateCommand({ method: "GET", path: "/sys/mounts", client: this, schema: { response: z7__namespace.object({ request_id: z7__namespace.string(), lease_id: z7__namespace.string(), lease_duration: z7__namespace.number(), renewable: z7__namespace.boolean(), data: z7__namespace.record(EngineInfoSchema), warnings: z7__namespace.array(z7__namespace.string()).nullable() }) } }); } /** * Enable secrets engine * * @link https://developer.hashicorp.com/vault/api-docs/system/mounts#enable-secrets-engine */ get mount() { return generateCommand({ method: "POST", path: "/sys/mounts/{{mountPath}}", client: this, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string() }), body: z7__namespace.object({ type: z7__namespace.string(), description: z7__namespace.string().optional(), config: z7__namespace.record(z7__namespace.string()).optional() }) } }); } /** * Disable secrets engine * * @link https://developer.hashicorp.com/vault/api-docs/system/mounts#disable-secrets-engine */ get unmount() { return generateCommand({ method: "DELETE", path: "/sys/mounts/{{mountPath}}", client: this, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string() }) } }); } /** * Get the configuration of a secret engine * * @link https://developer.hashicorp.com/vault/api-docs/system/mounts#get-the-configuration-of-a-secret-engine */ get engineInfo() { return generateCommand({ method: "GET", path: "/sys/mounts/{{mountPath}}", client: this, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string() }), response: ZodAnyRecord } }); } /** * Read mount configuration * * @link https://developer.hashicorp.com/vault/api-docs/system/mounts#read-mount-configuration */ get tune() { return generateCommand({ method: "GET", path: "/sys/mounts/{{mountPath}}/tune", client: this, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string() }), response: z7__namespace.object({ default_lease_ttl: z7__namespace.number(), max_lease_ttl: z7__namespace.number(), force_no_cache: z7__namespace.boolean() }) } }); } /** * Tune mount configuration * * @link https://developer.hashicorp.com/vault/api-docs/system/mounts#tune-mount-configuration */ get tuneMount() { return generateCommand({ method: "POST", path: "/sys/mounts/{{mountPath}}/tune", client: this, schema: { path: z7__namespace.object({ mountPath: z7__namespace.string() }), body: z7__namespace.object({ default_lease_ttl: z7__namespace.number().optional(), max_lease_ttl: z7__namespace.number().optional(), description: z7__namespace.string().optional(), audit_non_hmac_request_keys: z7__namespace.array(z7__namespace.string()).optional(), audit_non_hmac_response_keys: z7__namespace.array(z7__namespace.string()).optional(), listing_visibility: z7__namespace.string().optional(), passthrough_request_headers: z7__namespace.array(z7__namespace.string()).optional(), allowed_response_headers: z7__namespace.array(z7__namespace.string()).optional(), allowed_managed_keys: z7__namespace.array(z7__namespace.string()).optional(), plugin_version: z7__namespace.string().optional() }), response: ZodAnyRecord } }); } /** * Read health information * * @link https://developer.hashicorp.com/vault/api-docs/system/health#read-health-information */ get health() { return generateCommand({ method: "GET", path: "/sys/health", client: this, schema: { response: z7__namespace.object({ initialized: z7__namespace.boolean(), sealed: z7__namespace.boolean(), standby: z7__namespace.boolean(), performance_standby: z7__namespace.boolean(), replication_performance_mode: z7__namespace.string(), replication_dr_mode: z7__namespace.string(), server_time_utc: z7__namespace.number(), version: z7__namespace.string(), cluster_name: z7__namespace.string(), cluster_id: z7__namespace.string() }) } }); } /** * Collect host information * * @link https://developer.hashicorp.com/vault/api-docs/system/host-info#collect-host-information */ get hostInfo() { return generateCommand({ method: "GET", path: "/sys/host-info", client: this, schema: { response: SuccessResponseSchema.extend({ data: z7__namespace.object({ cpu: z7__namespace.array( z7__namespace.object({ cpu: z7__namespace.number(), vendorId: z7__namespace.string(), family: z7__namespace.string(), model: z7__namespace.string(), stepping: z7__namespace.number(), physicalId: z7__namespace.string(), coreId: z7__namespace.string(), cores: z7__namespace.number(), modelName: z7__namespace.string(), mhz: z7__namespace.number(), cacheSize: z7__namespace.number(), flags: z7__namespace.array(z7__namespace.string()), microcode: z7__namespace.string() }) ), cpu_times: z7__namespace.array( z7__namespace.object({ cpu: z7__namespace.string(), user: z7__namespace.number(), system: z7__namespace.number(), idle: z7__namespace.number(), nice: z7__namespace.number(), iowait: z7__namespace.number(), irq: z7__namespace.number(), softirq: z7__namespace.number(), steal: z7__namespace.number(), guest: z7__namespace.number(), guestNice: z7__namespace.number() }) ), disk: z7__namespace.array( z7__namespace.object({ path: z7__namespace.string(), fstype: z7__namespace.string(), total: z7__namespace.number(), free: z7__namespace.number(), used: z7__namespace.number(), usedPercent: z7__namespace.number(), inodesTotal: z7__namespace.number(), inodesUsed: z7__namespace.number(), inodesFree: z7__namespace.number(), inodesUsedPercent: z7__namespace.number() }) ), host: z7__namespace.object({ hostname: z7__namespace.string(), uptime: z7__namespace.number(), bootTime: z7__namespace.number(), procs: z7__namespace.number(), os: z7__namespace.string(), platform: z7__namespace.string(), platformFamily: z7__namespace.string(), platformVersion: z7__namespace.string(), kernelVersion: z7__namespace.string(), kernelArch: z7__namespace.string(), virtualizationSystem: z7__namespace.string(), virtualizationRole: z7__namespace.string(), hostid: z7__namespace.string() }), memory: z7__namespace.object({ total: z7__namespace.number(), available: z7__namespace.number(), used: z7__namespace.number(), usedPercent: z7__namespace.number(), free: z7__namespace.number(), active: z7__namespace.number(), inactive: z7__namespace.number(), wired: z7__namespace.number(), laundry: z7__namespace.number(), buffers: z7__namespace.number(), cached: z7__namespace.number(), writeback: z7__namespace.number(), dirty: z7__namespace.number(), writebacktmp: z7__namespace.number(), shared: z7__namespace.number(), slab: z7__namespace.number(), sreclaimable: z7__namespace.number(), sunreclaim: z7__namespace.number(), pagetables: z7__namespace.number(), swapcached: z7__namespace.number(), commitlimit: z7__namespace.number(), committedas: z7__namespace.number(), hightotal: z7__namespace.number(), highfree: z7__namespace.number(), lowtotal: z7__namespace.number(), lowfree: z7__namespace.number(), swaptotal: z7__namespace.number(), swapfree: z7__namespace.number(), mapped: z7__namespace.number(), vmalloctotal: z7__namespace.number(), vmallocused: z7__namespace.number(), vmallocchunk: z7__namespace.number(), hugepagestotal: z7__namespace.number(), hugepagesfree: z7__namespace.number(), hugepagesize: z7__namespace.number() }), timestamp: z7__namespace.string() }) }) } }); } }; exports.Client = Client; exports.VaultError = VaultError; exports.generateCommand = generateCommand;