azure-vault-loader


Nameazure-vault-loader JSON
Version 0.1.0 PyPI version JSON
download
home_pagehttps://github.com/jason-weirather/azure-vault-loader
SummaryLoad secrets from Azure key vault into the environment of a process
upload_time2023-06-29 05:54:29
maintainer
docs_urlNone
authorJason L Weirather
requires_python
license
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # Azure Vault Loader

Azure Vault Loader is a Python command-line utility for securely loading secrets from Azure Key Vault into environment variables. It is designed to enable secure execution of commands on remote servers, by ensuring that secrets are loaded as environment variables only at the time of command execution, thereby reducing the exposure of sensitive data.

The utility makes use of Azure's role-based access control (RBAC) and Azure Key Vault, a cloud service for securely storing and accessing secrets. A "secret" in Azure Key Vault could be a password, a token, an API key, a connection string, or any other piece of data that is sensitive and needs to be kept secure.

## Installation

Use the package manager [pip](https://pip.pypa.io/en/stable/) to install Azure Vault Loader.

```bash
pip install azure-vault-loader
```

## Usage

```bash
load_azure_secrets -k obfuscation_key -p principals -m map -u url -c command with or without arguments
```

- `-k, --obfuscation_key`: The key used for reading an obfuscated principals file. If this option is provided, the tool will attempt to decrypt the service principals file.
- `-p, --principals`: The Azure service principals. This file can be in plain JSON format or obfuscated using the `obfuscate_service_principals` command.
- `-m, --map`: The JSON file containing secret names and the environment variable names as key-value pairs. This map dictates which Azure secrets get loaded into which environment variables.
- `-c, --command`: The command to run after loading secrets. This can include one or more arguments.
- `-u, --url`: The URL of your Azure Key Vault.
- `-v, --verbose`: Enable verbose mode.

### Secret-Environment Variables Map

The `map` argument requires a JSON file that contains a mapping between the secret names in your Azure Key Vault and the environment variables that they correspond to. 

Here is an example of what the contents of the JSON file might look like:

```json
{
    "databasepasswordsecret": "DB_PASSWORD",
    "apikeysecret": "API_KEY"
}
```

In the example above, `database_password_secret` and `api_key_secret` are the names of secrets stored in Azure Key Vault. When the `load_azure_secrets` command is run, the secrets corresponding to these names will be fetched from the Azure Key Vault, and then loaded into the `DB_PASSWORD` and `API_KEY` environment variables, respectively. 

The purpose of this is to abstract the actual values of the secrets, allowing you to change the secrets in the Azure Key Vault without having to change your code or your environment setup. As long as the secret name and corresponding environment variable name remain the same, you can change the value of the secret in Azure Key Vault at any time, and the `load_azure_secrets` command will always fetch the most current value.

```bash
obfuscate_service_principals -j json -o output -k key
```

- `-j, --json`: The JSON file containing service principals to obfuscate.
- `-o, --output`: The output file for the obfuscated service principals.
- `-k, --key`: The key for obfuscation.

## License

[Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/jason-weirather/azure-vault-loader",
    "name": "azure-vault-loader",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "",
    "maintainer_email": "",
    "keywords": "",
    "author": "Jason L Weirather",
    "author_email": "jason.weirather@gmail.com",
    "download_url": "https://files.pythonhosted.org/packages/c7/8f/bf3d4f677b8b16eff7da94d4e1621e245e7d5a7af8307c8bd91133454ad4/azure_vault_loader-0.1.0.tar.gz",
    "platform": null,
    "description": "# Azure Vault Loader\n\nAzure Vault Loader is a Python command-line utility for securely loading secrets from Azure Key Vault into environment variables. It is designed to enable secure execution of commands on remote servers, by ensuring that secrets are loaded as environment variables only at the time of command execution, thereby reducing the exposure of sensitive data.\n\nThe utility makes use of Azure's role-based access control (RBAC) and Azure Key Vault, a cloud service for securely storing and accessing secrets. A \"secret\" in Azure Key Vault could be a password, a token, an API key, a connection string, or any other piece of data that is sensitive and needs to be kept secure.\n\n## Installation\n\nUse the package manager [pip](https://pip.pypa.io/en/stable/) to install Azure Vault Loader.\n\n```bash\npip install azure-vault-loader\n```\n\n## Usage\n\n```bash\nload_azure_secrets -k obfuscation_key -p principals -m map -u url -c command with or without arguments\n```\n\n- `-k, --obfuscation_key`: The key used for reading an obfuscated principals file. If this option is provided, the tool will attempt to decrypt the service principals file.\n- `-p, --principals`: The Azure service principals. This file can be in plain JSON format or obfuscated using the `obfuscate_service_principals` command.\n- `-m, --map`: The JSON file containing secret names and the environment variable names as key-value pairs. This map dictates which Azure secrets get loaded into which environment variables.\n- `-c, --command`: The command to run after loading secrets. This can include one or more arguments.\n- `-u, --url`: The URL of your Azure Key Vault.\n- `-v, --verbose`: Enable verbose mode.\n\n### Secret-Environment Variables Map\n\nThe `map` argument requires a JSON file that contains a mapping between the secret names in your Azure Key Vault and the environment variables that they correspond to. \n\nHere is an example of what the contents of the JSON file might look like:\n\n```json\n{\n    \"databasepasswordsecret\": \"DB_PASSWORD\",\n    \"apikeysecret\": \"API_KEY\"\n}\n```\n\nIn the example above, `database_password_secret` and `api_key_secret` are the names of secrets stored in Azure Key Vault. When the `load_azure_secrets` command is run, the secrets corresponding to these names will be fetched from the Azure Key Vault, and then loaded into the `DB_PASSWORD` and `API_KEY` environment variables, respectively. \n\nThe purpose of this is to abstract the actual values of the secrets, allowing you to change the secrets in the Azure Key Vault without having to change your code or your environment setup. As long as the secret name and corresponding environment variable name remain the same, you can change the value of the secret in Azure Key Vault at any time, and the `load_azure_secrets` command will always fetch the most current value.\n\n```bash\nobfuscate_service_principals -j json -o output -k key\n```\n\n- `-j, --json`: The JSON file containing service principals to obfuscate.\n- `-o, --output`: The output file for the obfuscated service principals.\n- `-k, --key`: The key for obfuscation.\n\n## License\n\n[Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)\n\n\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "Load secrets from Azure key vault into the environment of a process",
    "version": "0.1.0",
    "project_urls": {
        "Homepage": "https://github.com/jason-weirather/azure-vault-loader"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "c7656c72267f7ca41fee9202861907ec54aeb90b554e128e79ed1d52a7f86d1c",
                "md5": "fd17165f831ef180b1e905d7b6cbd49a",
                "sha256": "0c8cf224abb66af044c291caaea95e66899d39425ac7db959043dd51affef59e"
            },
            "downloads": -1,
            "filename": "azure_vault_loader-0.1.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "fd17165f831ef180b1e905d7b6cbd49a",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 9975,
            "upload_time": "2023-06-29T05:54:28",
            "upload_time_iso_8601": "2023-06-29T05:54:28.121078Z",
            "url": "https://files.pythonhosted.org/packages/c7/65/6c72267f7ca41fee9202861907ec54aeb90b554e128e79ed1d52a7f86d1c/azure_vault_loader-0.1.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "c78fbf3d4f677b8b16eff7da94d4e1621e245e7d5a7af8307c8bd91133454ad4",
                "md5": "eba60c540db8421875747afcad506b88",
                "sha256": "f292dc4016bed942225a4c6ecfd2e480ae1fa87f63ac9d363cc2e7a9122ec925"
            },
            "downloads": -1,
            "filename": "azure_vault_loader-0.1.0.tar.gz",
            "has_sig": false,
            "md5_digest": "eba60c540db8421875747afcad506b88",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 4880,
            "upload_time": "2023-06-29T05:54:29",
            "upload_time_iso_8601": "2023-06-29T05:54:29.878512Z",
            "url": "https://files.pythonhosted.org/packages/c7/8f/bf3d4f677b8b16eff7da94d4e1621e245e7d5a7af8307c8bd91133454ad4/azure_vault_loader-0.1.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-06-29 05:54:29",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "jason-weirather",
    "github_project": "azure-vault-loader",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "lcname": "azure-vault-loader"
}
Jason L Weirather
Elapsed time: 0.37586s