Skip to main content

Lightweight API to store/retrieve secrets to/from an encrypted Database

Project description

VaultAPI

Lightweight API to store/retrieve secrets to/from an encrypted Database

Python

Platform Supported

Platform docker-image

Deployments

docker pypi docker_desc

markdown pages

Pypi Pypi-format Pypi-status

Kick off

Recommendations

Install VaultAPI

python -m pip install vaultapi

Initiate - IDE

import vaultapi


if __name__ == '__main__':
    vaultapi.start()

Initiate - CLI

vaultapi start

Use vaultapi --help for usage instructions.

Environment Variables

Sourcing environment variables from an env file

By default, VaultAPI will look for a .env file in the current working directory.

Mandatory

  • APIKEY - API Key for authentication.
  • SECRET - Secret access key to encode/decode the secrets in Datastore.

Optional (with defaults)

  • TRANSIT_KEY_LENGTH - AES key length for transit encryption. Defaults to 32
  • TRANSIT_TIME_BUCKET - Interval for which the transit epoch should remain constant. Defaults to 60
  • DATABASE - FilePath to store the secrets' database. Defaults to secrets.db
  • HOST - Hostname for the API server. Defaults to 0.0.0.0 [OR] localhost
  • PORT - Port number for the API server. Defaults to 9010
  • WORKERS - Number of workers for the uvicorn server. Defaults to 1
  • RATE_LIMIT - List of dictionaries with max_requests and seconds to apply as rate limit. Defaults to 5req/2s [AND] 10req/30s

Optional (without defaults)

  • LOG_CONFIG - FilePath or dictionary of key-value pairs for log config.
  • ALLOWED_ORIGINS - Origins that are allowed to retrieve secrets.
  • ALLOWED_IP_RANGE - IP range that is allowed to retrieve secrets. (eg: 10.112.8.10-210)

Checkout decryptors for more information about decrypting the retrieved secret from the server.

Auto generate a SECRET value

This value will be used to encrypt/decrypt the secrets stored in the database.

CLI

vaultapi keygen

IDE

from cryptography.fernet import Fernet
print(Fernet.generate_key())

Coding Standards

Docstring format: Google
Styling conventions: PEP 8 and isort

Release Notes

Requirement

python -m pip install gitverse

Usage

gitverse-release reverse -f release_notes.rst -t 'Release Notes'

Linting

pre-commit will ensure linting, run pytest, generate runbook & release notes, and validate hyperlinks in ALL markdown files (including Wiki pages)

Requirement

python -m pip install sphinx==5.1.1 pre-commit recommonmark

Usage

pre-commit run --all-files

Pypi Package

pypi-module

https://pypi.org/project/VaultAPI/

Docker Image

made-with-docker-doc

https://hub.docker.com/r/thevickypedia/vaultapi

Runbook

made-with-sphinx-doc

https://thevickypedia.github.io/VaultAPI/

License & copyright

© Vignesh Rao

Licensed under the MIT License

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

VaultAPI-0.1.0-py3-none-any.whl (19.8 kB view details)

Uploaded Python 3

File details

Details for the file VaultAPI-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: VaultAPI-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 19.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.10.14

File hashes

Hashes for VaultAPI-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 409ae1bed89279265a8f6fbd8fa72ae96129e480647eb5c71ed089f936e030ca
MD5 1dcc210710e7eb016a6684e90da16880
BLAKE2b-256 bce18dce22c20d83469860425a5ee86dbf82822d30168fbed0144022351a6f37

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page