Lightweight API to store/retrieve secrets to/from an encrypted Database
Project description
VaultAPI
Lightweight API to store/retrieve secrets to/from an encrypted Database
Platform Supported
Deployments
Kick off
Recommendations
- Install
python3.10 or 3.11 - Use a dedicated virtual environment
Install VaultAPI
python -m pip install vaultapi
Initiate - IDE
import vaultapi.server
if __name__ == '__main__':
vaultapi.server.start()
Initiate - CLI
vaultapi start
Use
vaultapi --helpfor usage instructions.
Environment Variables
Sourcing environment variables from an env file
By default,
VaultAPIwill look for a.envfile in the current working directory.
Mandatory
- APIKEY - API Key for authentication.
- SECRET - Secret access key to encode/decode the secrets in Datastore.
Optional (with defaults)
- TRANSIT_KEY_LENGTH - AES key length for transit encryption. Defaults to
32 - TRANSIT_TIME_BUCKET - Interval for which the transit epoch should remain constant. Defaults to
60 - DATABASE - FilePath to store the secrets' database. Defaults to
secrets.db - HOST - Hostname for the API server. Defaults to
0.0.0.0[OR]localhost - PORT - Port number for the API server. Defaults to
9010 - WORKERS - Number of workers for the uvicorn server. Defaults to
1 - RATE_LIMIT - List of dictionaries with
max_requestsandsecondsto apply as rate limit. Defaults to 5req/2s [AND] 10req/30s - ALLOW_PUBLIC_IP - Boolean flag to allow connections via public IP. Defaults to
false - ALLOW_PRIVATE_IP - Boolean flag to allow connections via private IP. Defaults to
false - ALLOW_PRIVATE_IP_RANGE - Boolean flag to allow connections via any private IP address (
1-256) within range. Defaults tofalse
Optional (without defaults)
- LOG_CONFIG - FilePath or dictionary of key-value pairs for log config.
- ALLOWED_ORIGINS - Origins that are allowed to retrieve secrets.
- ALLOWED_IP_RANGE - IP range that is allowed to retrieve secrets. (eg:
10.112.8.10-210)
Checkout decryptors for more information about decrypting the retrieved secret from the server.
Auto generate a SECRET value
This value will be used to encrypt/decrypt the secrets stored in the database.
CLI
vaultapi keygen
IDE
from cryptography.fernet import Fernet
print(Fernet.generate_key())
Coding Standards
Docstring format: Google
Styling conventions: PEP 8 and isort
Release Notes
Requirement
python -m pip install gitverse
Usage
gitverse-release reverse -f release_notes.rst -t 'Release Notes'
Linting
pre-commit will ensure linting, run pytest, generate runbook & release notes, and validate hyperlinks in ALL
markdown files (including Wiki pages)
Requirement
python -m pip install sphinx==5.1.1 pre-commit recommonmark
Usage
pre-commit run --all-files
Pypi Package
https://pypi.org/project/VaultAPI/
Docker Image
https://hub.docker.com/r/thevickypedia/vaultapi
Runbook
https://thevickypedia.github.io/VaultAPI/
License & copyright
© Vignesh Rao
Licensed under the MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file VaultAPI-0.3.0-py3-none-any.whl.
File metadata
- Download URL: VaultAPI-0.3.0-py3-none-any.whl
- Upload date:
- Size: 21.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.10.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
14d4cce86df5b218c3f54605c59872c776da0ce325edd87c5a3863bb35f70031
|
|
| MD5 |
f3b71e6cfb60cd75ba4313ac078e162f
|
|
| BLAKE2b-256 |
c557d6507cb373c6d1bc977a2bf2a6ebd6b9e8d1e57f5daf6fe840b15b92e113
|
