Vault implementation in python software (Hashicorp)

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for cisolutions from gravatar.com cisolutions

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: CISolutions B.V.
  • Tags vault, hashicorp, security
  • Requires: Python >=3.9
Classifiers

Project description

PySecVault

Hashicorp Vault implementation in python software

Pre-requisites

To use this software, you need to have a running instance of Hashicorp Vault. You can find the installation instructions here.

Alternatively, you can use the docker image provided by Hashicorp here.

docker run --cap-add=IPC_LOCK \
  -e 'VAULT_LOCAL_CONFIG={"storage": {"file": {"path": "/vault/file"}}, "listener": [{"tcp": { "address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true}' \
  -p 8200:8200 vault server

After this command, you can access the vault UI at http://localhost:8200 and follow the instructions to initialize the vault.

Installation

pip install py-sec-vault

After this you should set environment variables to connect to the vault instance.

export VAULT_HOST=http://localhost:8200/
export VAULT_AUTH_METHOD=approle|token
export VAULT_ENGINE_NAME=<my_engine_name>
export VAULT_ROLE_ID=<my_vault_id>
export VAULT_SECRET_ID=<my_vauld_secret>
export VAULT_PATH=<my_vault_path>

Usage

from vault import Vault

vault = Vault()

# Retrieving a secret from the vault, or None if not found
my_optional_secret = vault.get("MY_SECRET")

# Retrieving a secret from the vault (and raising an exception if not found)
my_secret = vault["MY_SECRET"]

Usage with environment variables

from vault import from_env_or_vault, from_vault

# NB: These functions will instantiate a Vault object and retrieve the secret from the vault
# resulting in a performance penalty if used in a loop; in that case, instantiate a Vault object.

# Retrieving a secret from the vault or environment variable or using a default value
from_env_or_vault("DB_PASSWORD", default="admin")

# Retrieving a secret from the vault (and raising an exception if not found)
from_vault("API_TOKEN")

Next steps

  • Make sure the vault is not initialized every time, but only when needed
  • On init load multiple paths/engines
  • Add support for other auth methods
  • Phase out the use of hvac and use requests instead
  • Implementation of from_vault_or_env

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for cisolutions from gravatar.com cisolutions

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: CISolutions B.V.
  • Tags vault, hashicorp, security
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

0.1.6

0.1.5

0.1.4

0.1.3

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

py_sec_vault-0.1.2.tar.gz (4.4 kB view hashes)

Uploaded Source

Built Distribution

py_sec_vault-0.1.2-py3-none-any.whl (6.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page