Skip to main content

A Nameko extension to provide connection with Vault

Project description

nameko-vault

Extension for Nameko that integrates with Vault.

To use this tool it is necessary to configure the following parameters in your nameko config.yml file:

VAULT_URL: <vault_api_url>
VAULT_TOKEN: <authentication_token>

Usage

To use the tool it's needed inform the mount point of the path in which you want to obtain any secrets. This mount point can be informed when instantiating the provider or passing this information directly to the method being used.

Example 1:

# path: example/path/secret
vault = VaultProvider(mount_point="example")
vault.get_kv_secret(path="path/secret")

Example 2:

# path: example/path/secret
vault = VaultProvider()
vault.get_kv_secret(mount_point="example", path="path/secret")

List Secrets

The method get_kv_secrets_list returns a list of secrets contained in a given path

vault = VaultProvider()
vault.get_kv_secrets_list(mount_point="example", path="path")
['path/test1', 'path/test2']

Get KV Secret Data

The method get_kv_secret returns the content cotained in a given path

vault = VaultProvider()
vault.get_kv_secret(mount_point="example", path="path/test")
[
   {
      "data":{
         "pass":"test",
         "user":"sample"
      },
      "metadata":{
         "created_time":"2020-07-01T17:44:48.054175763Z",
         "deletion_time":"",
         "destroyed":False,
         "version":1
      }
   }
]

Create or Update KV Secret

Method to create an secret or update an existing one in a given path.

vault = VaultProvider()
secret = {"example": "Test", "number": 42}
vault.create_or_update_kv_secret(mount_point="example", path="path/test", secret=secret)
{
   'request_id': '4ce62ee7-0f88-3efc-d745-5e2fbc423789',
   'lease_id': '',
   'renewable': False,
   'lease_duration': 0,
   'data': {
      'created_time': '2020-09-10T00:25:40.92411625Z',
      'deletion_time': '',
      'destroyed': False,
      'version': 1
   },
   'wrap_info': None,
   'warnings': None,
   'auth': None
}

Patch KV Secret

Method to update an existing path. Either to add a new key/value to the secret and/or update the value for an existing key. Raises an hvac.exceptions.InvalidRequest if the path hasn’t been written to previously.

vault = VaultProvider()
secret = {"example": "New Test"}
vault.patch_kv_secret(mount_point="example", path="path/test", secret=secret)
{
   'request_id': '7bf2a869-dc66-efa2-3679-814ef76fb447',
   'lease_id': '',
   'renewable': False,
   'lease_duration': 0,
   'data': {
      'created_time': '2020-09-10T00:31:32.6783082Z',
      'deletion_time': '',
      'destroyed': False,
      'version': 2
   },
   'wrap_info': None,
   'warnings': None,
   'auth': None
}

Delete KV Secret (metadata and all versions)

Method to delete an existing path with all his versions and metadata on a given path.

vault = VaultProvider()
path = "path/secret"
vault.delete_metadata_and_all_versions_kv_secret(path)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nameko_vault-0.4.0.tar.gz (3.7 kB view hashes)

Uploaded Source

Built Distribution

nameko_vault-0.4.0-py3-none-any.whl (4.8 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page