open-vault/command/read.go

111 lines
2.7 KiB
Go
Raw Normal View History

2015-03-04 19:08:13 +00:00
package command
import (
2015-03-16 03:52:28 +00:00
"fmt"
2015-03-04 19:08:13 +00:00
"strings"
)
2015-04-01 00:16:12 +00:00
// ReadCommand is a Command that reads data from the Vault.
2015-03-16 03:35:33 +00:00
type ReadCommand struct {
2015-03-04 19:08:13 +00:00
Meta
}
2015-03-16 03:35:33 +00:00
func (c *ReadCommand) Run(args []string) int {
2015-04-01 03:50:05 +00:00
var format string
var field string
2015-03-16 03:35:33 +00:00
flags := c.Meta.FlagSet("read", FlagSetDefault)
2015-04-01 03:50:05 +00:00
flags.StringVar(&format, "format", "table", "")
flags.StringVar(&field, "field", "", "")
2015-03-04 19:08:13 +00:00
flags.Usage = func() { c.Ui.Error(c.Help()) }
if err := flags.Parse(args); err != nil {
return 1
}
2015-03-16 03:52:28 +00:00
args = flags.Args()
if len(args) != 1 {
c.Ui.Error("read expects one argument")
2015-03-16 03:52:28 +00:00
flags.Usage()
return 1
}
2015-03-16 03:52:28 +00:00
path := args[0]
if path[0] == '/' {
path = path[1:]
}
2015-03-16 03:52:28 +00:00
client, err := c.Client()
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error initializing client: %s", err))
return 2
}
secret, err := client.Logical().Read(path)
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error reading %s: %s", path, err))
return 1
}
2015-04-19 05:05:08 +00:00
if secret == nil {
c.Ui.Error(fmt.Sprintf(
"No value found at %s", path))
return 1
}
2015-03-16 03:52:28 +00:00
// Handle single field output
if field != "" {
if val, ok := secret.Data[field]; ok {
c.Ui.Output(val.(string))
return 0
} else {
c.Ui.Error(fmt.Sprintf(
"Field %s not present in secret", field))
return 1
}
}
return OutputSecret(c.Ui, format, secret)
2015-04-01 03:50:05 +00:00
}
2015-03-16 03:35:33 +00:00
func (c *ReadCommand) Synopsis() string {
return "Read data or secrets from Vault"
2015-03-04 19:08:13 +00:00
}
2015-03-16 03:35:33 +00:00
func (c *ReadCommand) Help() string {
2015-03-04 19:08:13 +00:00
helpText := `
2015-04-01 00:16:12 +00:00
Usage: vault read [options] path
2015-03-04 19:08:13 +00:00
Read data from Vault.
Read reads data at the given path from Vault. This can be used to
read secrets and configuration as well as generate dynamic values from
materialized backends. Please reference the documentation for the
backends in use to determine key structure.
General Options:
2015-04-28 16:15:21 +00:00
-address=addr The address of the Vault server.
2015-03-04 19:08:13 +00:00
-ca-cert=path Path to a PEM encoded CA cert file to use to
verify the Vault server SSL certificate.
-ca-path=path Path to a directory of PEM encoded CA cert files
to verify the Vault server SSL certificate. If both
-ca-cert and -ca-path are specified, -ca-path is used.
2015-05-11 18:01:20 +00:00
-tls-skip-verify Do not verify TLS certificate. This is highly
2015-03-04 19:08:13 +00:00
not recommended. This is especially not recommended
for unsealing a vault.
2015-04-01 03:50:05 +00:00
Read Options:
2015-04-01 23:44:20 +00:00
-format=table The format for output. By default it is a whitespace-
delimited table. This can also be json.
2015-04-01 03:50:05 +00:00
-field=field If included, the raw value of the specified field
will be output raw to stdout.
2015-03-04 19:08:13 +00:00
`
return strings.TrimSpace(helpText)
}