A simple Django database backend that allows rotating access credentials via HashiCorp Vault
Project description
django_postgres_vault
A simple Django database backend that allows rotating PostgreSQL access credentials via HashiCorp Vault
Usage
In your Django settings:
DATABASES = {
'default': {
'ENGINE': 'django_postgres_vault',
'NAME': os.getenv('DB_NAME'),
'HOST': os.getenv('DB_HOST'),
'PORT': os.getenv('DB_PORT'),
'VAULT_ADDR': os.getenv('VAULT_ADDR'),
'VAULT_TOKEN': os.getenv('VAULT_TOKEN'),
'VAULT_ROLE_NAME': os.getenv('VAULT_ROLE_NAME'),
'VAULT_DB_MOUNT_POINT': os.getenv('VAULT_DB_MOUNT_POINT'),
}
}
Explanation of settings:
NAME: The name of the Postgres database to connect to, as per Django standards.HOST: The host location of the Postgres database to connect to, as per Django standards.PORT: The host location port of the Postgres database to connect to, as per Django standards.VAULT_ADDR: The URL of the Vault server that will be providing rotating access credentials for the database. This is the same value as theVAULT_ADDRenvironment variable used by the Vault CLI command. Example:https://vault-host-name:8200VAULT_DB_MOUNT_POINT: The mount point of the database secrets engine in Vault. Default:databaseVAULT_ROLE_NAME: The name of a Vault database secrets engine role configured to provide Postgres credentials.VAULT_TOKEN: A Vault authentication token with read access to the database secrets engine role.
There are no USER or PASSWORD settings required because those will be dynamically provided by the Vault server. The settings can be provided, but will be ignored.
Installation
pip install django_postgres_vault
Requirements
- Django>=3.0
- psycopg2
- hvac
Django and hvac should be automatically installed by pip, but psycopg2 will require manual installation. psycopg2 or psycopg2-binary are both acceptable, but explicitly requiring either one in setup.py will make the library less usable for some users, so we defer on that front.
Compatibility
We officially support the most recent version of Django (3.0), as well as its supported Python versions (3.6, 3.7, 3.8). Other versions will most likely work, but there are no guarantees.
Licence
MIT Licensed (see LICENSE)
Testing
Testing is done using Tox and PyTest. A super-simple Dockerfile is provided to allow running Tox in an isolated container.
Authors
django_postgres_vault was written by Joe Ciskey.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django_postgres_vault-0.1.2.tar.gz.
File metadata
- Download URL: django_postgres_vault-0.1.2.tar.gz
- Upload date:
- Size: 3.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.0.0 requests-toolbelt/0.9.1 tqdm/4.43.0 CPython/3.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
baa2ecedd3d6136dd23df8570cc8e707a85907e47e88079d3aadbaee43a0ca04
|
|
| MD5 |
24f8e17906080fca9c1154980a6959f5
|
|
| BLAKE2b-256 |
b204adaace99f215170ffcbafe6d42985b01de51316ee623506306b1d09eb73c
|
File details
Details for the file django_postgres_vault-0.1.2-py3-none-any.whl.
File metadata
- Download URL: django_postgres_vault-0.1.2-py3-none-any.whl
- Upload date:
- Size: 5.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.0.0 requests-toolbelt/0.9.1 tqdm/4.43.0 CPython/3.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6eb39228ade38f80b478c1f7b6763c251605f27da8b0444f4db7c3adb1e5a313
|
|
| MD5 |
cbdc07314532a916869a8582761db214
|
|
| BLAKE2b-256 |
8377718e07d22d1d4f551ef560bee96c6e0929b7e769952b37f1b1e967eb7361
|
