Lightweight API to store/retrieve secrets to/from an encrypted Database
Project description
VaultAPI
Lightweight API to store/retrieve secrets to/from an encrypted Database
VaultAPI is designed to be extremely lightweight, secure, and easy to use. It provides cutting-edge security features like AES-GCM, Fernet encryption, and rate limiting all out of the box. It also includes transit encryption to ensure that the secrets are encrypted during transit to protect against man-in-the-middle attacks.
Platform Supported
Deployments
Kick off
Recommendations
- Install
python3.10 or 3.11 - Use a dedicated virtual environment
Install VaultAPI
python -m pip install vaultapi
Initiate - IDE
import vaultapi
if __name__ == '__main__':
vaultapi.start()
Initiate - CLI
vaultapi start
Use
vaultapi --helpfor usage instructions.
Environment Variables
Sourcing environment variables from an env file
By default,
VaultAPIwill look for a.envfile in the current working directory.
Mandatory
- APIKEY - API Key for authentication.
- SECRET - Secret access key to encode/decode the secrets in Datastore.
Optional (with defaults)
- TRANSIT_KEY_LENGTH - AES key length for transit encryption. Defaults to
32 - TRANSIT_TIME_BUCKET - Interval for which the transit epoch should remain constant. Defaults to
60 - DATABASE - FilePath to store the secrets' database. Defaults to
secrets.db - HOST - Hostname for the API server. Defaults to
0.0.0.0[OR]localhost - PORT - Port number for the API server. Defaults to
9010 - WORKERS - Number of workers for the uvicorn server. Defaults to
1 - RATE_LIMIT - List of dictionaries with
max_requestsandsecondsto apply as rate limit. Defaults to 5req/2s [AND] 10req/30s
Optional (without defaults)
- LOG_CONFIG - FilePath or dictionary of key-value pairs for log config.
- ALLOWED_ORIGINS - List of origins that should be allowed through CORS.
Optional (UI integration)
- ENABLE_UI - Boolean flag to enable the UI. Defaults to
false - AUTH_DATABASE - FilePath to store the UI authentication database. Defaults to
auth.db - TOTP_TOKEN - Secret token for TOTP authentication in the UI. Can be generated using any TOTP generator app like
Google AuthenticatororAuthy. - UI_LIFETIME - Time in seconds for which the UI session should remain active. Defaults to
900(15 minutes)
Auto generate a SECRET value
This value will be used to encrypt/decrypt the secrets stored in the database.
CLI
vaultapi keygen
IDE
from cryptography.fernet import Fernet
print(Fernet.generate_key())
API Functionality
| Endpoint | Description | API method |
|---|---|---|
/health |
API health endpoint | GET |
/get-secret |
Retrieve secrets (comma separated list) | GET |
/get-table |
Get ALL the secrets stored in a table | GET |
/list-tables |
List all available tables | GET |
/put-secret |
Store or update a secret (key-value pairs) | PUT |
/delete-secret |
Delete a specific secret | DELETE |
/create-table |
Create a new table | POST |
/delete-table |
Deletes an existing table | DELETE |
Clients
Clients are available in multiple languages to interact with the API server.
Python: VaultAPI-Client-python
Rust: VaultAPI-Client-rust
Checkout decryptors for on-demand scripts to decrypt the secrets retrieved from the API.
Coding Standards
Docstring format: Google
Styling conventions: PEP 8 and isort
Release Notes
Requirement
python -m pip install gitverse
Usage
gitverse-release reverse -f release_notes.rst -t 'Release Notes'
Linting
pre-commit will ensure linting, run pytest, generate runbook & release notes, and validate hyperlinks in ALL
markdown files (including Wiki pages)
Requirement
python -m pip install sphinx==5.1.1 pre-commit recommonmark
Usage
pre-commit run --all-files
Pypi Package
https://pypi.org/project/VaultAPI/
Docker Image
https://hub.docker.com/r/thevickypedia/vaultapi
Runbook
https://thevickypedia.github.io/VaultAPI/
License & copyright
© Vignesh Rao
Licensed under the MIT License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vaultapi-0.6.0a0-py3-none-any.whl.
File metadata
- Download URL: vaultapi-0.6.0a0-py3-none-any.whl
- Upload date:
- Size: 47.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.0rc1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a6b2d94c502424a2f6797bba447ff1b77e44b7c80dd611cc7075014fa7d96ecd
|
|
| MD5 |
430fb583d1065cac5ecd2b440999133e
|
|
| BLAKE2b-256 |
ebedbcf66a51460db8e74df4ca99806fc66a4380294e5ca47c3640c8ddbdc7e1
|