Auditο
Examplesο
audit_devices = client.sys.list_enabled_audit_devices()
options = {
'path': '/tmp/vault.log',
'log_raw': True,
}
client.sys.enable_audit_device('file', options=options, path='somefile')
client.sys.disable_audit_device('oldfile')
List Enabled Audit Devicesο
- Audit.list_enabled_audit_devices()[source]
List enabled audit devices.
It does not list all available audit devices. This endpoint requires sudo capability in addition to any path-specific capabilities.
- Supported methods:
GET: /sys/audit. Produces: 200 application/json
- Returns:
JSON response of the request.
- Return type:
dict
Examplesο
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
enabled_audit_devices = client.sys.list_enabled_audit_devices()
print('The following audit devices are enabled: {audit_devices_list}'.format(
audit_devices_list=', '.join(enabled_audit_devices['data'].keys()),
))
Example output:
The following audit devices are enabled: somefile/
Enable Audit Deviceο
- Audit.enable_audit_device(device_type, description=None, options=None, path=None, local=None)[source]
Enable a new audit device at the supplied path.
The path can be a single word name or a more complex, nested path.
- Supported methods:
PUT: /sys/audit/{path}. Produces: 204 (empty body)
- Parameters:
device_type (str | unicode) β Specifies the type of the audit device.
description (str | unicode) β Human-friendly description of the audit device.
options (str | unicode) β Configuration options to pass to the audit device itself. This is dependent on the audit device type.
path (str | unicode) β Specifies the path in which to enable the audit device. This is part of the request URL.
local (bool) β Specifies if the audit device is a local only.
- Returns:
The response of the request.
- Return type:
requests.Response
Examplesο
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
options = {
'path': '/tmp/vault.audit.log'
}
client.sys.enable_audit_device(
device_type='file',
options=options,
path='tmp-file-audit',
)
Disable Audit Deviceο
- Audit.disable_audit_device(path)[source]
Disable the audit device at the given path.
- Supported methods:
DELETE: /sys/audit/{path}. Produces: 204 (empty body)
- Parameters:
path (str | unicode) β The path of the audit device to delete. This is part of the request URL.
- Returns:
The response of the request.
- Return type:
requests.Response
Examplesο
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
client.sys.disable_audit_device(
path='tmp-file-audit',
)
Calculate Hashο
- Audit.calculate_hash(path, input_to_hash)[source]
Hash the given input data with the specified audit deviceβs hash function and salt.
This endpoint can be used to discover whether a given plaintext string (the input parameter) appears in the audit log in obfuscated form.
- Supported methods:
POST: /sys/audit-hash/{path}. Produces: 204 (empty body)
- Parameters:
path (str | unicode) β The path of the audit device to generate hashes for. This is part of the request URL.
input_to_hash (str | unicode) β The input string to hash.
- Returns:
The JSON response of the request.
- Return type:
requests.Response
Examplesο
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
input_to_hash = 'some sort of string thinger'
audit_hash = client.sys.calculate_hash(
path='tmp-file-audit',
input_to_hash=input_to_hash,
)
print('The hash for the provided input is: %s' % audit_hash['data']['hash'])
Example output:
The hash for the provided input is: hmac-sha256:...