A reusable python vault utility service for other projects to use hashicorp vault

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ankush.bansal from gravatar.com ankush.bansal

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

# Vault Service

The **Vault Service** package provides a convenient interface for interacting with HashiCorp Vault. It offers various methods to manage secrets for different tenants and connectors. This package is designed for seamless integration into your applications.

## Table of Contents

- [Installation](#installation)
- [Usage](#usage)
- [Methods](#methods)
  - [store_secret](#store_secret)
  - [get_secret](#get_secret)
  - [update_secret](#update_secret)
  - [delete_secret](#delete_secret)
  - [get_all_secrets_for_tenant](#get_all_secrets_for_tenant)
  - [delete_all_secrets_for_tenant](#delete_all_secrets_for_tenant)
- [License](#license)

## Installation

You can install the Vault Service package using pip:

```bash
pip install vault-service

Usage

To use the Vault Service, you need to initialize the VaultController and then call the utility functions. Make sure to set the required environment variables for Vault connection:

export VAULT_ADDR='https://your-vault-address'
export BASE_PATH='your-base-path'
export APP_ROLE_ID='your-app-role-id'
export APP_SECRET_ID='your-app-secret-id'

Methods

store_secret(service_id: str, tenant_id: str, secret_name: str, secret_data: SecretData, credentials: Optional[dict] = None)

Stores a new secret in HashiCorp Vault under the specified service, tenant, and secret name.

Parameters:

  • service_id: The ID of the service.
  • tenant_id: The ID of the tenant.
  • secret_name: The name of the secret to store.
  • secret_data: An instance of SecretData, containing the secret information to be stored.
  • credentials: Optional dictionary containing Vault credentials: 
    {
    'base_path': 'your-base-path',
    'app_role_id': 'your-app-role-id',
    'app_secret_id': 'your-app-secret-id'
}

Returns:

  • dict: Success response with message on successful storage
  • Raises VaultError if there's an issue with the Vault operation
  • Raises ValidationError if the input parameters are invalid

Sample Payload for secret_data:

{
  "auth_key": "<auth-key>",
  "database_credentials": {
    "host": "localhost",
    "port": 5432,
    "database": "my_database",
    "user": "my_user",
    "password": "my_password"
  },
  "redis_credentials": {
    "host": "localhost",
    "port": 6379,
    "password": "my_password"
  }
}

get_secret(service_id: str, tenant_id: str, secret_name: str, credentials: Optional[dict] = None)

Retrieves a secret from HashiCorp Vault for the specified service, tenant, and secret name.

Parameters:

  • service_id: The ID of the service.
  • tenant_id: The ID of the tenant.
  • secret_name: The name of the secret to retrieve.
  • credentials: Optional dictionary containing Vault credentials: 
    {
    'base_path': 'your-base-path',
    'app_role_id': 'your-app-role-id',
    'app_secret_id': 'your-app-secret-id'
}

Returns:

  • dict: The retrieved secret data
  • Raises VaultError if there's an issue with the Vault operation
  • Raises SecretNotFoundError if the secret doesn't exist
  • Raises ValidationError if the input parameters are invalid

update_secret(service_id: str, tenant_id: str, secret_name: str, secret_data: SecretData, credentials: Optional[dict] = None)

Updates an existing secret in HashiCorp Vault for the specified service, tenant, and secret name.

Parameters:

  • service_id: The ID of the service.
  • tenant_id: The ID of the tenant.
  • secret_name: The name of the secret to update.
  • secret_data: An instance of SecretData, containing the updated secret information.
  • credentials: Optional dictionary containing Vault credentials: 
    {
    'base_path': 'your-base-path',
    'app_role_id': 'your-app-role-id',
    'app_secret_id': 'your-app-secret-id'
}

Returns: A message indicating the success or failure of the operation.

Sample Payload for secret_data:

{
  "auth_key": "<new-auth-key>",
  "database_credentials": {
    "host": "localhost",
    "port": 5432,
    "database": "my_database",
    "user": "my_user",
    "password": "new_password"
  },
  "redis_credentials": {
    "host": "localhost",
    "port": 6379,
    "password": "new_password"
  }
}

delete_secret(service_id: str, tenant_id: str, secret_name: str)

Deletes a secret from HashiCorp Vault for the specified service, tenant, and secret name.

Parameters:

  • service_id: The ID of the service.
  • tenant_id: The ID of the tenant.
  • secret_name: The name of the secret to delete.

Returns: A message indicating the success or failure of the deletion.

get_all_secrets_for_tenant(service_id: str, tenant_id: str)

Retrieves all secrets for a specific tenant and service from HashiCorp Vault.

Parameters:

  • service_id: The ID of the service.
  • tenant_id: The ID of the tenant.

Returns: A list of all secrets associated with the tenant.

delete_all_secrets_for_tenant(service_id: str, tenant_id: str)

Deletes all secrets associated with a specific tenant and service from HashiCorp Vault.

Parameters:

  • service_id: The ID of the service.
  • tenant_id: The ID of the tenant.

Returns: A message indicating the success or failure of the deletion.

License

This project is licensed under the MIT License. See the LICENSE file for details.


### Changes:
- Added `service_id` as the first required parameter for each method.
- Specified that `tenant_id` is not optional in each method.
- Added `credentials` parameter to each method signature.
- Specified that `credentials` is optional in each method documentation.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ankush.bansal from gravatar.com ankush.bansal

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

1.3.3

1.3.2

1.3.1

1.3.0

1.2.0

1.1.2

1.1.1

1.1.0

1.0.0

This version

0.6.0

0.5.0

0.4.7

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.0

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vault_service-0.6.0.tar.gz (7.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

vault_service-0.6.0-py3-none-any.whl (7.9 kB view details)

Uploaded Python 3

File details

Details for the file vault_service-0.6.0.tar.gz.

File metadata

  • Download URL: vault_service-0.6.0.tar.gz
  • Upload date:
  • Size: 7.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for vault_service-0.6.0.tar.gz
Algorithm Hash digest
SHA256 deb59b47741478206e6c4175fa96a0b9f11aeb20b26bcbd23e55206dc9d8c671
MD5 0b5626900a6628f96532c37d412c7f40
BLAKE2b-256 415194c917f9117b4a70a911f2ffdd60e7e128475e2366a36e6fc7c2be9ac2ae

See more details on using hashes here.

File details

Details for the file vault_service-0.6.0-py3-none-any.whl.

File metadata

  • Download URL: vault_service-0.6.0-py3-none-any.whl
  • Upload date:
  • Size: 7.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for vault_service-0.6.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b5d24cae43276377458b869147ea2600f66e09acdaba430fa3a3de1cac5d6ff1
MD5 3d0a1a3a8cb00c94e3624446d9284473
BLAKE2b-256 b0480ab0a233d66064fcbd61f45f28f89661db79ffe2579dd91024a0070c414b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page