AuditΒΆ
ExamplesΒΆ
audit_devices = client.sys.list_enabled_audit_devices()
options = {
'path': '/tmp/vault.log',
'log_raw': True,
}
client.sys.enable_audit_device('file', options=options, path='somefile')
client.sys.disable_audit_device('oldfile')
List Enabled Audit DevicesΒΆ
-
Audit.
list_enabled_audit_devices
()[source] List enabled audit devices.
It does not list all available audit devices. This endpoint requires sudo capability in addition to any path-specific capabilities.
- Supported methods:
- GET: /sys/audit. Produces: 200 application/json
Returns: JSON response of the request. Return type: dict
ExamplesΒΆ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
enabled_audit_devices = client.sys.list_enabled_audit_devices()
print('The following audit devices are enabled: {audit_devices_list}'.format(
audit_devices_list=', '.join(enabled_audit_devices['data'].keys()),
))
Example output:
The following audit devices are enabled: somefile/
Enable Audit DeviceΒΆ
-
Audit.
enable_audit_device
(device_type, description=None, options=None, path=None, local=None)[source] Enable a new audit device at the supplied path.
The path can be a single word name or a more complex, nested path.
- Supported methods:
- PUT: /sys/audit/{path}. Produces: 204 (empty body)
Parameters: - device_type (str | unicode) β Specifies the type of the audit device.
- description (str | unicode) β Human-friendly description of the audit device.
- options (str | unicode) β Configuration options to pass to the audit device itself. This is dependent on the audit device type.
- path (str | unicode) β Specifies the path in which to enable the audit device. This is part of the request URL.
- local (bool) β Specifies if the audit device is a local only.
Returns: The response of the request.
Return type: requests.Response
ExamplesΒΆ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
options = {
'path': '/tmp/vault.audit.log'
}
client.sys.enable_audit_device(
device_type='file',
options=options,
path='tmp-file-audit',
)
Disable Audit DeviceΒΆ
-
Audit.
disable_audit_device
(path)[source] Disable the audit device at the given path.
- Supported methods:
- DELETE: /sys/audit/{path}. Produces: 204 (empty body)
Parameters: path (str | unicode) β The path of the audit device to delete. This is part of the request URL. Returns: The response of the request. Return type: requests.Response
ExamplesΒΆ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
client.sys.disable_audit_device(
path='tmp-file-audit',
)
Calculate HashΒΆ
-
Audit.
calculate_hash
(path, input_to_hash)[source] Hash the given input data with the specified audit deviceβs hash function and salt.
This endpoint can be used to discover whether a given plaintext string (the input parameter) appears in the audit log in obfuscated form.
- Supported methods:
- POST: /sys/audit-hash/{path}. Produces: 204 (empty body)
Parameters: - path (str | unicode) β The path of the audit device to generate hashes for. This is part of the request URL.
- input_to_hash (str | unicode) β The input string to hash.
Returns: The JSON response of the request.
Return type: requests.Response
ExamplesΒΆ
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
input_to_hash = 'some sort of string thinger'
audit_hash = client.sys.calculate_hash(
path='tmp-file-audit',
input_to_hash=input_to_hash,
)
print('The hash for the provided input is: %s' % audit_hash['data']['hash'])
Example output:
The hash for the provided input is: hmac-sha256:...