https://github.com/matthewoden/libvault/blob/master/lib/vault.ex#L366

warning: deprecated time unit: :seconds. A time unit should be :second, :millisecond, :microsecond, :nanosecond, or a positive integer
  (elixir) lib/calendar/naive_datetime.ex:279: NaiveDateTime.add/3
  lib/vault.ex:366: Vault.auth/2

Related to #1

When deleting a KV v2 version, Vault returns a 204 HTTP response and no body. The Mint adapter treats this as nil, not an empty string, and attempting to JSON decode the nil body causes an exception to be thrown.

Example exception:

iex(20)> vault
%Vault{  
  auth: Vault.Auth.Token,
  auth_path: nil,
  credentials: %{token: "root"},
  engine: Vault.Engine.KVV2,
  host: "http://localhost:8200",
  http: Vault.HTTP.Tesla,
  http_options: [],
  json: Jason,
  token: "root",
  token_expires_at: ~N[2022-07-20 20:54:19.764878]
}
iex(21)> Vault.delete(vault, path, versions: [1], full_response: true)
** (ArgumentError) errors were found at the given arguments:

  * 1st argument: not an iodata term

    :erlang.iolist_to_binary(nil)
    (jason 1.3.0) lib/jason.ex:69: Jason.decode/2
    (libvault 0.2.3) lib/vault/http/http.ex:71: Vault.HTTP.request/4
    (libvault 0.2.3) lib/vault/engine/generic.ex:131: Vault.Engine.Generic.request/4

Please see PR #13

lib/myapp/vault_config_provider.ex:15:unknown_function
Function Vault.auth/1 does not exist.
________________________________________________________________________________
lib/myapp/vault_config_provider.ex:15:unknown_function
Function Vault.new/1 does not exist.
________________________________________________________________________________
lib/myapp/vault_config_provider.ex:28:unknown_function
Function Vault.read/3 does not exist.

It seems that Vault.read, Vault.new and Vault.auth are failing because they have default inputs so they are arity of 2 but when I call them, I am not passing the second parameter so dialyzer things the function needs to be arity of 1

Or something else ... since Vault.new is definitely arity of 1 so I am not sure.

here is the usage

{:ok, vault} =
      Vault.new(
        engine: Vault.Engine.KVV2,
        http: Vault.HTTP.Tesla,
        json: Jason,
        host: System.fetch_env!("VAULT_ADDR"),
        auth: Vault.Auth.Kubernetes,
        credentials: %{
          role: System.fetch_env!("VAULT_K8S_ROLE"),
          jwt: File.read!(System.fetch_env!("VAULT_JWT_TOKEN_PATH"))
        }
      )
      |> Vault.auth()

    {:ok, vault_secrets} = Vault.read(vault, System.fetch_env!("VAULT_ENV_PATH"), [])

As mentioned here: praekeltfoundation/exvault#13 (comment)

Hello, I am implementing vault in an elixir project and tried libvault at first with no luck. Here is the error after authenticating successfully:

iex([email protected])3> {:ok, db_pass} = Vault.read(vault, "aws/sts/staging--www--stickfi--s3-cred")                  ** (MatchError) no match of right hand side value: {:error, ["1 error occurred:\n\n* unsupported path"]}

Here it is working with vaultex:

iex([email protected]) 2> Vaultex.Client.read "aws/sts/staging--www--stickfi--s3-cred", :token, {"foo-bar-baz"}
{:ok,
 %{
   "access_key" => "foobarbaz",
   "secret_key" => "qux",
   "security_token" => "really-long-alphanumeric-string"
 }}

Picking up from here: praekeltfoundation/exvault#13 (comment)

• Having the engine be a thing "inside" the client rather than a wrapper around it makes it a bit awkward to use some of the richer APIs (like KV v2) that don't map directly onto the four basic operations. That's not necessarily a problem, but it does make using those APIs somewhat less comfortable and intuitive. For ExVault, my hope was to end up with an API that felt more like using the vault CLI.

Open to consideration.

The way I'm reading the documentation, the json library can be any of the given libraries and Poison is purely optional.
Since I"m already using Jason in my application, I would want to use that (and Vault.new/0 does return a vault structure with Jason as default json module.

However, I did encounter a dependency conflict as Poison recently a 4.0 version, which another dependency of my application already locked onto, but introducing libvault caused a dependency error, since it still requires ~> 3.0.

I am trying to get a token with Vault.Auth.UserPass.login/2 but I am getting an error

6> client = Vault.new([ engine: Vault.Engine.KVV2, auth: Vault.Auth.UserPass, credentials: %{username: "myuser", password: "psswrd"},http: Tesla.Adapter.Httpc, host: "https://vault.mydomain/"])   

7> Vault.Auth.UserPass.login(client, %{username: "myuser", password: "psswrd"})
** (UndefinedFunctionError) function Tesla.Adapter.Httpc.request/5 is undefined or private
    (tesla 1.3.3) Tesla.Adapter.Httpc.request(:post, "https://ault.mydomain//v1/auth/userpass/login/myuser", "{\"password\":\"psswrd\"}", [{"Content-Type", "application/json"}], [])
    (libvault 0.2.3) lib/vault/http/http.ex:70: Vault.HTTP.request/4
    (libvault 0.2.3) lib/vault/auth/userpass.ex:34: Vault.Auth.UserPass.login/2

I am getting this error with Tesla.Adapter.Hackney also

elixir -v
Erlang/OTP 23 [erts-11.1] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1]
Elixir 1.10.4 (compiled with Erlang/OTP 22)

:libvault, "0.2.3"
:tesla, "1.3.3"

I'm trying to replacevaultex with libvault, but one problem is holding me back: I can't pass options to the HTTP client and therefore I cannot configure SSL using the {:ssl, [cacertfile: path_to_file]} option from hackney.

I know that I can use the global application to configure that, using config :tesla, adapter: {Tesla.Adapter.Hackney, ssl: [certfile: "certs/client.crt"]}, but this is not a good approach, since the certificate may be useful only for one host, and if I'm using Tesla for more than communicating with Vault, this can be a problem.

My proposal is to add the ability to pass arbitrary options to the HTTP client at runtime. I think the usage would be something like this:

vault =
  Vault.new([
    engine: Vault.Engine.KVV2,
    http: Vault.HTTP.Tesla,
    http_client_opts: {Tesla.Adapter.Hackney, ssl: [certfile: "certs/client.crt"]},
    credentials: %{username: "username", password: "password"}
  ])

And the implementation of Vault.HTTP would have to pass down this new Keyword value to the HTTP adapter.

What do you think? Is this a valid issue? I can work on this if you agree. Thank you.

• Tesla config reference: https://github.com/teamon/tesla/blob/afca9522301a50c2740ffdcb5f00182b638fa548/lib/tesla.ex#L439

PS: This is a very nice and flexible library to communicate with Vault!
Please consider adding it to the list of Elixir libs: https://github.com/hashicorp/vault/blob/master/website/source/api/libraries.html.md#elixir

I've tried following the steps in the Example Usage section from https://hexdocs.pm/libvault/Vault.html#module-setup-and-usage, and some configurations that seem to be required now are not present:

• a http client needs to be set explicitly, otherwise the following error pops up:

  Vault.auth(vault)
  {:error, ["http client not set"]}

• a host needs to be set, otherwise the following error pops up:

  Vault.auth(vault)
  ** (CaseClauseError) no case clause matching: []
  (hackney 1.16.0) /home/sr/src/example/deps/hackney/src/hackney_url.erl:248: :hackney_url.parse_netloc/2
  (hackney 1.16.0) /home/sr/src/example/deps/hackney/src/hackney.erl:349: :hackney.request/5
  (libvault 0.2.2) lib/vault/http/http.ex:70: Vault.HTTP.request/4
  (libvault 0.2.2) lib/vault/auth/userpass.ex:34: Vault.Auth.UserPass.login/2
  (libvault 0.2.2) lib/vault.ex:366: Vault.auth/2

• Using hackney as http client, setting the engine, auth, credentials and host, I'm now getting

  vault = Vault.new([engine: Vault.Engine.KVV2, auth: Vault.Auth.UserPass, credentials: %{username: "user", password: "pass"}, host: "https://myvault.local:8200/", http: :hackney])
  %Vault{
  auth: Vault.Auth.UserPass,
  auth_path: nil,
  credentials: %{password: "pass", username: "user"},
  engine: Vault.Engine.KVV2,
  host: "https://myvault.local:8200/",
  http: :hackney,
  http_options: [],
  json: Jason,
  token: nil,
  token_expires_at: nil
  }
  iex(2)> Vault.auth(vault)
  ** (ArgumentError) argument error
  (hackney 1.16.0) /home/sr/src/example/deps/hackney/src/hackney_headers_new.erl:47: :hackney_headers_new.new/1
  (hackney 1.16.0) /home/sr/src/example/deps/hackney/src/hackney.erl:331: :hackney.request/5
  (libvault 0.2.2) lib/vault/http/http.ex:70: Vault.HTTP.request/4
  (libvault 0.2.2) lib/vault/auth/userpass.ex:34: Vault.Auth.UserPass.login/2
  (libvault 0.2.2) lib/vault.ex:366: Vault.auth/2

and I don't really know how to continue.

• Also, how would one configure a ca cert for vault instances running with self-signed certificates?