otf-addons-vault 24.18.3

Addons for opentaskpy, giving it the ability to read variables from Hashicorp Vault

This repository contains a variable lookup plugins for Open Task Framework (OTF) to pull dynamic variables from HashiCorp Vault.

Open Task Framework (OTF) is a Python based framework to make it easy to run predefined file transfers and scripts/commands on remote machines.

Vault Variables

This package uses hvac to communicate with Vault.

Credentials can be set via config using specific named variables alongside the protocol definition, or by using environment variables e.g;

"protocol": {
    "name": "local",
    "VAULT_ADDR": "https://vault.example.com:8200",
    "VAULT_TOKEN": "some_token"
}

If these variables are set in the environment, then these will be used if not set elsewhere.

Vault KV Secrets Engine Version

The default version is v1. This can be overridden by setting the environment variable VAULT_API_VER to v2 (or specifying the variable manually)

Variable Lookup

Variables can be looked up using the vault plugin. This is done using standard Jinja2 syntax e.g;

{
  "name": "my_task",
  "variables": {
    "my_variable": "{{ vault('secret/data/my_secret', key='my_key') }}"
  }
}

If not supplied using the attribute argument, the default key is value. If the key does not exist, the plugin will return an error.

{
  "name": "my_task",
  "variables": {
    "my_variable": "{{ vault('secret/data/my_secret', key='some_key', attribute='password') }}"
  }
}