Dumps keys from a Hashicorp Vault instance to be able to restore it on another instance

Navigation

Verified details  (What is this?)

These details have been verified by PyPI
Maintainers
Avatar for eitch from gravatar.com eitch

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Hugo Cisneiros (Eitch)
  • Tags hashicorp, vault, keys, secrets, backup, restore
  • Requires: Python >=3.6, <4
Classifiers

Project description

vault-dump-restore

Dumps keys from a Hashicorp instance into a file, to be able to restore it later in any other instance. Remember to encrypt the file!

This only supports reading a kv2 engine. Also note that these dumps and restores are meant to be used very rarely and under emergency situations since this kind of defeats the purpose of having a vault (storing secrets inside a vault, sealed with a key, etc) - you're dumping all the secrets to a external file!

The following examples use gpg commands to encrypt/decrypt the files.

Example for dump:

# make sure you have the vault environment variables:
export VAULT_ADDR=https://<vault-addr>
export VAULT_TOKEN=<vault-token>

# dumps the entire vault kv secrets in a shell script (vault commands)
vault-dump -o vault vault -o | gpg --symmetric --cipher-algo AES256 > vault-backup.sh.enc

# dumps a specific path with the default json format
vault-dump -p secrets/specific-app | gpg --symmetric --cipher-algo AES256 > vault-backup.json.enc

Examples for restore:

# make sure you have the vault environment variables:
export VAULT_ADDR=https://<vault-addr>
export VAULT_TOKEN=<vault-token>

# you will also must have the secret engine created
vault secrets enable -path=secrets kv

# restore a full dump using the shell script format
. <(gpg -qd vault-backup.sh.enc)

# restore a full dump using the JSON format
gpg -qd vault-backup.json.enc | vault-restore -

# restore a specific path using the JSON format
gpg -qd vault-backup.json.enc | vault-restore -p secrets/specific-app -

Installation and usage

Installation can be done through pip:

pip install vault-dump-restore

Use the -h parameter to get help from the commands:

vault-dump -h
vault-restore -h

Contents

Setup and usage for local development

Make a virtual environment:

python3 -m venv venv
source venv/bin/activate
pip install -e .

Note that this will also install the local dependencies, which might change after some time. If needed, you can run pip install -e . again to reinstall the updated dependencies anytime.

Documentation build

Run:

make docs

HTML documentation will be generated at docs/_build/html.

Project details

Verified details  (What is this?)

These details have been verified by PyPI
Maintainers
Avatar for eitch from gravatar.com eitch

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Hugo Cisneiros (Eitch)
  • Tags hashicorp, vault, keys, secrets, backup, restore
  • Requires: Python >=3.6, <4
Classifiers

Release history Release notifications | RSS feed

0.5.1

This version

0.5.0

0.4.3

0.4.2

0.4.1

0.4.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vault-dump-restore-0.5.0.tar.gz (20.9 kB view hashes)

Uploaded Source

Built Distribution

vault_dump_restore-0.5.0-py3-none-any.whl (21.1 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page