genvid.toolbox.VaultTool¶
Warning
This tool is considered in beta. The API is likely to change in the future releases.
-
class
genvid.toolbox.
VaultTool
(vault_policies_folder: str = '', vault_roles_folder: str = '', vault_token_file: str = '', vault_keys_file: str = '', **kwargs)¶ Bases:
genvid.toolbox.consul.ConsulTool
A class for interfacing with Vault.
Warning: This class is considered in a beta stage.
-
DESCRIPTION
= 'A tool for interfacing with vault.'¶
-
GENVID_VAULT_POLICIES_FOLDER
= None¶ A mirror of
GENVID_VAULT_POLICIES_FOLDER
, pointing to a folder containing Vault policies.
-
GENVID_VAULT_TOKEN_ROLES_FOLDER
= None¶ A mirror of
GENVID_VAULT_TOKEN_ROLES_FOLDER
, pointing to a folder containing Vault token roles.
-
NAME
= 'vault'¶
-
VAULT_ADDR
= None¶ A mirror of
VAULT_ADDR
, containing the Vault service address (including the protocol).
-
VAULT_KEYS
= None¶ A mirror of
VAULT_KEYS
, containing the comma-delimited Vault seal keys.
-
VAULT_KEYS_FILE
= None¶ The saving emplacement of the vault keys. Default to
~/.vault-keys
.
-
VAULT_TOKEN
= None¶ A mirror of
VAULT_TOKEN
, containing the Vault token used for authentication.
-
VAULT_TOKEN_FILE
= None¶ The saving emplacement of the vault token. Default to
~/.vault-token
.
-
auth_vault
()¶ Authorize the vault client with the current VAULT_TOKEN
-
clear_vault_files
()¶ Clear vault secret files.
-
create_vault_token
(*, role=None, orphan=False, wrap_ttl=None, **properties)¶ Create a new token with the properties specified
-
create_vault_token_role
(role, *, wrap_ttl=None, **properties)¶ Create a new token role with the properties specified.
-
get_vault_client_addr
(timeout: float = 30.0, use_wan: bool = False)¶ Return the vault server address.
-
get_vault_client_url
(timeout: float = 0, use_https: bool = False, use_wan: bool = False)¶ Return the vault server url.
-
init_vault
(key_shares=1, key_threshold=1)¶ Initialize a vault.
This method will set the VAULT_TOKEN and VAULT_KEYS environment variable on success, overriding any value already present.
-
init_vault_client
(timeout: float = 30.0)¶ Initialize the vault client
The client is initialized using :attr:VAULT_ADDR. If its empty, the discovery service is queried for a vault service and :attr:VAULT_ADDR is set appropriately.
Parameters: timeout – The timeout (in seconds) for the service query.
-
load_vault_keys
() → str¶
-
load_vault_token
() → str¶
-
refresh_token
()¶ Refresh the vault information :return:
-
save_vault_keys
()¶ Save vault keys in home folder
-
save_vault_token
()¶ Save vault token in home folder
-
unseal_vault
(timeout: float = 30.0)¶ Unseal vault with the VAULT_KEYS
-
vault
¶ The Vault client.
-
vault_load_policies
(folder: typing.Union[str, NoneType] = None)¶ Load policies from folder.
Policies should have a .hcl extension. The name of the policy is the base name of the file, without the extension.
Parameters: folder – The folder to lookup. Use GENVID_VAULT_POLICIES_FOLDER if None.
-
vault_load_token_roles
(folder: typing.Union[str, NoneType] = None)¶ Load token roles from folder.
Policies should have a .json extension, containing the properties of the role. If a name property is included, it is used for it. Elsewhere, the name is based on the base name of the file without the extension.
Parameters: folder – The folder to lookup. Use GENVID_VAULT_TOKEN_ROLES_FOLDER if None.
-
vault_setup
()¶ Setup vault if it is not initialized.
-
-
class
vault.
VaultTool
¶ Implementation of
genvid.toolbox.VaultTool