Skip to main content

A simple Django database backend that allows rotating access credentials via HashiCorp Vault

Project description

django_postgres_vault

Latest PyPI version

A simple Django database backend that allows rotating PostgreSQL access credentials via HashiCorp Vault

Usage

In your Django settings:

DATABASES = {
    'default': {
        'ENGINE': 'django_postgres_vault',
        'NAME': os.getenv('DB_NAME'),
        'HOST': os.getenv('DB_HOST'),
        'PORT': os.getenv('DB_PORT'),
        'VAULT_ADDR': os.getenv('VAULT_ADDR'),
        'VAULT_TOKEN': os.getenv('VAULT_TOKEN'),
        'VAULT_ROLE_NAME': os.getenv('VAULT_ROLE_NAME'),
        'VAULT_DB_MOUNT_POINT': os.getenv('VAULT_DB_MOUNT_POINT'),
    }
}

Explanation of settings:

  • NAME: The name of the Postgres database to connect to, as per Django standards.
  • HOST: The host location of the Postgres database to connect to, as per Django standards.
  • PORT: The host location port of the Postgres database to connect to, as per Django standards.
  • VAULT_ADDR: The URL of the Vault server that will be providing rotating access credentials for the database. This is the same value as the VAULT_ADDR environment variable used by the Vault CLI command. Example: https://vault-host-name:8200
  • VAULT_DB_MOUNT_POINT: The mount point of the database secrets engine in Vault. Default: database
  • VAULT_ROLE_NAME: The name of a Vault database secrets engine role configured to provide Postgres credentials.
  • VAULT_TOKEN: A Vault authentication token with read access to the database secrets engine role.

There are no USER or PASSWORD settings required because those will be dynamically provided by the Vault server. The settings can be provided, but will be ignored.

Installation

pip install django_postgres_vault

Requirements

  • Django>=3.0
  • psycopg2
  • hvac

Django and hvac should be automatically installed by pip, but psycopg2 will require manual installation. psycopg2 or psycopg2-binary are both acceptable, but explicitly requiring either one in setup.py will make the library less usable for some users, so we defer on that front.

Compatibility

We officially support the most recent version of Django (3.0), as well as its supported Python versions (3.6, 3.7, 3.8). Other versions will most likely work, but there are no guarantees.

Licence

MIT Licensed (see LICENSE)

Testing

Testing is done using Tox and PyTest. A super-simple Dockerfile is provided to allow running Tox in an isolated container.

Authors

django_postgres_vault was written by Joe Ciskey.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_postgres_vault-0.1.2.tar.gz (3.9 kB view details)

Uploaded Source

Built Distribution

django_postgres_vault-0.1.2-py3-none-any.whl (5.1 kB view details)

Uploaded Python 3

File details

Details for the file django_postgres_vault-0.1.2.tar.gz.

File metadata

  • Download URL: django_postgres_vault-0.1.2.tar.gz
  • Upload date:
  • Size: 3.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.0.0 requests-toolbelt/0.9.1 tqdm/4.43.0 CPython/3.6.0

File hashes

Hashes for django_postgres_vault-0.1.2.tar.gz
Algorithm Hash digest
SHA256 baa2ecedd3d6136dd23df8570cc8e707a85907e47e88079d3aadbaee43a0ca04
MD5 24f8e17906080fca9c1154980a6959f5
BLAKE2b-256 b204adaace99f215170ffcbafe6d42985b01de51316ee623506306b1d09eb73c

See more details on using hashes here.

File details

Details for the file django_postgres_vault-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: django_postgres_vault-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 5.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.0.0 requests-toolbelt/0.9.1 tqdm/4.43.0 CPython/3.6.0

File hashes

Hashes for django_postgres_vault-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 6eb39228ade38f80b478c1f7b6763c251605f27da8b0444f4db7c3adb1e5a313
MD5 cbdc07314532a916869a8582761db214
BLAKE2b-256 8377718e07d22d1d4f551ef560bee96c6e0929b7e769952b37f1b1e967eb7361

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page