A reusable python vault utility service for other projects to use hashicorp vault
Project description
Vault Service
The Vault Service package provides a convenient interface for interacting with HashiCorp Vault. It offers various methods to manage secrets for both services and tenants.
Table of Contents
Installation
You can install the Vault Service package using pip:
pip install vault-service
Usage
To use the Vault Service, you need to initialize the VaultController and then call the utility functions. Make sure to set the required environment variables for Vault connection:
export VAULT_ADDR='https://your-vault-address'
export APP_ROLE_ID='your-app-role-id'
export APP_SECRET_ID='your-app-secret-id'
Methods
Service Methods
store_service_secret(root_path: str, sub_path: str, secret_name: str, secret_data: SecretData, credentials: dict)
Stores a new secret in HashiCorp Vault under the "secret" mount path.
Parameters:
root_path: The root path in Vaultsub_path: The sub path in Vaultsecret_name: The name of the secret to storesecret_data: An instance ofSecretData, containing the secret informationcredentials: Dictionary containing Vault credentials:{ 'app_role_id': 'your-app-role-id', 'app_secret_id': 'your-app-secret-id' }
Returns:
dict: Response object containing:status: "success" or "error"message: Description of the operation result
Sample Payload for secret_data:
{
"auth_key": "<auth-key>",
"database_credentials": {
"host": "localhost",
"port": 5432,
"database": "my_database",
"user": "my_user",
"password": "my_password"
},
"redis_credentials": {
"host": "localhost",
"port": 6379,
"password": "my_password"
}
}
get_service_secret(root_path: str, sub_path: str, secret_name: str, credentials: dict)
Retrieves a secret from HashiCorp Vault.
Parameters:
root_path: The root path in Vault.sub_path: The sub path in Vault.secret_name: The name of the secret to retrieve.credentials: Dictionary containing Vault credentials.
Returns:
dict: Response object containing:status: "success" or "error"message: Description of the operation resultdata: The retrieved secret data (when successful)
update_service_secret(root_path: str, sub_path: str, secret_name: str, secret_data: SecretData, credentials: Optional[dict] = None)
Updates an existing secret in HashiCorp Vault for the specified service, tenant, and secret name.
Parameters:
root_path: The root path in Vaultsub_path: The sub path in Vaultsecret_name: The name of the secret to updatesecret_data: An instance ofSecretData, containing the updated secret informationcredentials: Optional dictionary containing Vault credentials:{ 'app_role_id': 'your-app-role-id', 'app_secret_id': 'your-app-secret-id' }
Returns: A message indicating the success or failure of the operation.
Sample Payload for secret_data:
{
"auth_key": "<new-auth-key>",
"database_credentials": {
"host": "localhost",
"port": 5432,
"database": "my_database",
"user": "my_user",
"password": "new_password"
},
"redis_credentials": {
"host": "localhost",
"port": 6379,
"password": "new_password"
}
}
delete_service_secret(root_path: str, sub_path: str, secret_name: str, credentials: dict)
Deletes a secret from HashiCorp Vault for the specified service, tenant, and secret name.
Parameters:
root_path: The root path in Vaultsub_path: The sub path in Vaultsecret_name: The name of the secret to delete.
Returns: A message indicating the success or failure of the deletion.
Tenant Methods
store_tenant_secret(tenant_id: str, sub_path: str, secret_name: str, secret_data: SecretData, credentials: dict)
Stores a new secret in HashiCorp Vault under the "tenant" mount path.
Parameters:
tenant_id: The ID of the tenantsub_path: The sub path in Vaultsecret_name: The name of the secret to storesecret_data: An instance ofSecretData, containing the secret informationcredentials: Dictionary containing Vault credentials:{ 'app_role_id': 'your-app-role-id', 'app_secret_id': 'your-app-secret-id' }
Returns:
dict: Response object containing:status: "success" or "error"message: Description of the operation result
Sample Payload for secret_data:
{
"auth_key": "<auth-key>",
"database_credentials": {
"host": "localhost",
"port": 5432,
"database": "my_database",
"user": "my_user",
"password": "my_password"
},
"redis_credentials": {
"host": "localhost",
"port": 6379,
"password": "my_password"
}
}
get_tenant_secret(tenant_id: str, sub_path: str, secret_name: str, credentials: dict)
Retrieves a secret from HashiCorp Vault under the tenant mount path.
Parameters:
tenant_id: The ID of the tenantsub_path: The sub path in Vaultsecret_name: The name of the secret to retrievecredentials: Dictionary containing Vault credentials
Returns:
dict: Response object containing:status: "success" or "error"message: Description of the operation resultdata: The retrieved secret data (when successful)
update_tenant_secret(tenant_id: str, sub_path: str, secret_name: str, secret_data: SecretData, credentials: dict)
Updates an existing secret in HashiCorp Vault under the tenant mount path.
Parameters:
tenant_id: The ID of the tenantsub_path: The sub path in Vaultsecret_name: The name of the secret to updatesecret_data: An instance ofSecretData, containing the updated secret informationcredentials: Dictionary containing Vault credentials:{ 'app_role_id': 'your-app-role-id', 'app_secret_id': 'your-app-secret-id' }
Returns: A message indicating the success or failure of the operation.
Sample Payload for secret_data:
{
"auth_key": "<new-auth-key>",
"database_credentials": {
"host": "localhost",
"port": 5432,
"database": "my_database",
"user": "my_user",
"password": "new_password"
},
"redis_credentials": {
"host": "localhost",
"port": 6379,
"password": "new_password"
}
}
delete_tenant_secret(tenant_id: str, sub_path: str, secret_name: str, credentials: dict)
Deletes a secret from HashiCorp Vault under the tenant mount path.
Parameters:
tenant_id: The ID of the tenantsub_path: The sub path in Vaultsecret_name: The name of the secret to deletecredentials: Dictionary containing Vault credentials
Returns: A message indicating the success or failure of the deletion.
License
This project is licensed under the MIT License. See the LICENSE file for details.
### Changes:
- Added `tenant_id` as the first required parameter for each method.
- Specified that `tenant_id` is not optional in each method.
- Added `credentials` parameter to each method signature.
- Specified that `credentials` is optional in each method documentation.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vault_service-1.3.1.tar.gz.
File metadata
- Download URL: vault_service-1.3.1.tar.gz
- Upload date:
- Size: 8.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2695fceff4b0454daa663aadd2bef1c3c9e391666ed5de7178f220458059da89
|
|
| MD5 |
b27cc11ad1cd8c07280101e6befef885
|
|
| BLAKE2b-256 |
380343107aeda365200909427712921dd3fae9c68fefed0a754c8aaa0a08127f
|
File details
Details for the file vault_service-1.3.1-py3-none-any.whl.
File metadata
- Download URL: vault_service-1.3.1-py3-none-any.whl
- Upload date:
- Size: 8.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
84aa0b9cf050dd21a2df86e257472b16556674cd9d2e229428d7b03a506ef2ba
|
|
| MD5 |
437f2c2f3eb14d99772cd9bb1510ac60
|
|
| BLAKE2b-256 |
7ff1684f189aaec5905913e649e530d83b0c6a8f5cd85ae28aedf8a0ea023db5
|
