Support for Unix Domain Sockets

[yakatz]

It appears it is not possible to connect to vault agent using a unix domain socket.

We like to have vault agent run with only

listener "unix" {
   address = "/run/vault.sock"
   tls_disable = true
}

but it seems this library doesn't support it and we have to enable a tcp listener too.

[seandilda]

I'm running into the same issue and would like to second this.

I'd really like to see support for this added as it provides a secure way for an application to talk to a vault agent with auto-auth and caching enabled.

[jared-gs]

Agreed, this would be a very useful feature to have. I wonder if this could be useful: https://github.com/puppetlabs/net_http_unix.

[rjhornsby]

Like the idea and would use a socket over http if it was available, but this would need to be implemented in Vault proper, rather than the ruby gem.

[yakatz]

this would need to be implemented in Vault proper, rather than the ruby gem.

Vault Agent does support it and we use it already (support for UDS was added in hashicorp/vault#6397). The issue specifically is that the Gem does not.