Addons for opentaskpy, giving it the ability to read variables from Hashicorp Vault
Project description
This repository contains a variable lookup plugins for Open Task Framework (OTF) to pull dynamic variables from HashiCorp Vault.
Open Task Framework (OTF) is a Python based framework to make it easy to run predefined file transfers and scripts/commands on remote machines.
Vault Variables
This package uses hvac to communicate with Vault.
Credentials can be set via config using specific named variables alongside the protocol definition, or by using environment variables e.g;
"protocol": {
"name": "local",
"VAULT_ADDR": "https://vault.example.com:8200",
"VAULT_TOKEN": "some_token"
}
If these variables are set in the environment, then these will be used if not set elsewhere.
Vault KV Secrets Engine Version
The default version is v1. This can be overridden by setting the environment variable VAULT_API_VER to v2 (or specifying the variable manually)
Variable Lookup
Variables can be looked up using the vault plugin. This is done using standard Jinja2 syntax e.g;
{
"name": "my_task",
"variables": {
"my_variable": "{{ vault('secret/data/my_secret', key='my_key') }}"
}
}
If not supplied using the attribute argument, the default key is value. If the key does not exist, the plugin will return an error.
{
"name": "my_task",
"variables": {
"my_variable": "{{ vault('secret/data/my_secret', key='some_key', attribute='password') }}"
}
}
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
