# PySecVault
Hashicorp Vault implementation in python software
## Pre-requisites
To use this software, you need to have a running instance of Hashicorp Vault.
You can find the installation instructions [here](https://learn.hashicorp.com/vault/getting-started/install).
Alternatively, you can use the docker image provided by Hashicorp [here](https://hub.docker.com/_/vault/).
```bash
docker run --cap-add=IPC_LOCK \
-e 'VAULT_LOCAL_CONFIG={"storage": {"file": {"path": "/vault/file"}}, "listener": [{"tcp": { "address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true}' \
-p 8200:8200 vault server
```
After this command, you can access the vault UI at http://localhost:8200
and follow the instructions to initialize the vault.
## Installation
```bash
pip install py-sec-vault
```
## Usage
```python
from vault import Vault
vault = Vault(
host="http://localhost:8200/",
auth_method="approle",
engine_name="my_engine_name",
path="my_vault_path",
token="my_vault_token",
)
# Prints the keys in the vault, validating if the vault is initialized;
print(vault.keys)
# Retrieving a secret from the vault, or None if not found
my_optional_secret = vault.get("MY_SECRET")
# Retrieving a secret from the vault (and raising an exception if not found)
my_secret = vault["MY_SECRET"]
```
## Usage with environment variables
To make the vault work with environment variables, you can use the following code:
First, you need to set the environment variables for the vault:
```
export VAULT_HOST=http://localhost:8200/
export VAULT_AUTH_METHOD=approle|token
export VAULT_ENGINE_NAME=<my_engine_name>
export VAULT_ROLE_ID=<my_vault_id>
export VAULT_SECRET_ID=<my_vauld_secret>
export VAULT_PATH=<my_vault_path>
```
Second, you can use the following code to retrieve the secrets from the vault or environment variables:
```python
from vault import from_env_or_vault, from_vault
# NB: These functions will instantiate a Vault object and retrieve the secret from the vault
# resulting in a performance penalty if used in a loop. Alternatively, you can instantiate a Vault object
# once and use the get method to retrieve the secrets (next example).
# Retrieving a secret from the vault or environment variable or using a default value
from_env_or_vault("DB_PASSWORD", default="admin")
# Retrieving a secret from the vault (and raising an exception if not found)
from_vault("API_TOKEN")
```
To retrieve all secrets from the vault, you can use the following code:
```python
from vault import Vault, from_env_or_vault
# This will connect to the vault based on the environment variables;
vault = Vault()
# Prints the keys in the vault, validating if the vault is initialized;
print(vault.keys)
# Retrieving a secret from the vault, or None if not found
my_secret = vault.get("MY_SECRET")
# Passing an instance of Vault to the from_env_or_vault function,
# so it doesn't need to connect to the vault again;
my_variable = from_env_or_vault("MY_VARIABLE", default="admin", vault=vault)
```
## Next steps
- [ ] On init load multiple paths/engines
- [ ] Add support for other auth methods
- [ ] Phase out the use of hvac and use requests instead
- [X] Make sure the vault is not initialized every time, but only when needed
- [X] Implementation of from_vault_or_env
Raw data
{
"_id": null,
"home_page": "https://github.com/cisolutions-nl/py-sec-vault",
"name": "py-sec-vault",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": "",
"keywords": "vault,hashicorp,security",
"author": "CISolutions B.V.",
"author_email": "info@cisolutions.nl",
"download_url": "https://files.pythonhosted.org/packages/c5/4a/110b1de5cf99b90fca18084e04d9747cfec87a52980ba34b392b39477286/py_sec_vault-0.1.6.tar.gz",
"platform": null,
"description": "# PySecVault\nHashicorp Vault implementation in python software\n\n\n## Pre-requisites\nTo use this software, you need to have a running instance of Hashicorp Vault.\nYou can find the installation instructions [here](https://learn.hashicorp.com/vault/getting-started/install).\n\nAlternatively, you can use the docker image provided by Hashicorp [here](https://hub.docker.com/_/vault/).\n\n```bash\ndocker run --cap-add=IPC_LOCK \\\n -e 'VAULT_LOCAL_CONFIG={\"storage\": {\"file\": {\"path\": \"/vault/file\"}}, \"listener\": [{\"tcp\": { \"address\": \"0.0.0.0:8200\", \"tls_disable\": true}}], \"default_lease_ttl\": \"168h\", \"max_lease_ttl\": \"720h\", \"ui\": true}' \\\n -p 8200:8200 vault server\n```\n\nAfter this command, you can access the vault UI at http://localhost:8200\nand follow the instructions to initialize the vault.\n\n## Installation\n\n```bash\npip install py-sec-vault\n```\n\n## Usage\n\n```python\nfrom vault import Vault\n\nvault = Vault(\n host=\"http://localhost:8200/\",\n auth_method=\"approle\",\n engine_name=\"my_engine_name\",\n path=\"my_vault_path\",\n token=\"my_vault_token\",\n)\n\n# Prints the keys in the vault, validating if the vault is initialized;\nprint(vault.keys) \n\n# Retrieving a secret from the vault, or None if not found\nmy_optional_secret = vault.get(\"MY_SECRET\")\n\n# Retrieving a secret from the vault (and raising an exception if not found)\nmy_secret = vault[\"MY_SECRET\"]\n```\n\n## Usage with environment variables\nTo make the vault work with environment variables, you can use the following code:\n\nFirst, you need to set the environment variables for the vault:\n```\nexport VAULT_HOST=http://localhost:8200/\nexport VAULT_AUTH_METHOD=approle|token\nexport VAULT_ENGINE_NAME=<my_engine_name>\nexport VAULT_ROLE_ID=<my_vault_id>\nexport VAULT_SECRET_ID=<my_vauld_secret>\nexport VAULT_PATH=<my_vault_path>\n```\n\nSecond, you can use the following code to retrieve the secrets from the vault or environment variables:\n```python\nfrom vault import from_env_or_vault, from_vault\n\n# NB: These functions will instantiate a Vault object and retrieve the secret from the vault\n# resulting in a performance penalty if used in a loop. Alternatively, you can instantiate a Vault object\n# once and use the get method to retrieve the secrets (next example).\n\n# Retrieving a secret from the vault or environment variable or using a default value\nfrom_env_or_vault(\"DB_PASSWORD\", default=\"admin\")\n\n# Retrieving a secret from the vault (and raising an exception if not found)\nfrom_vault(\"API_TOKEN\")\n```\n\nTo retrieve all secrets from the vault, you can use the following code:\n```python\nfrom vault import Vault, from_env_or_vault\n\n# This will connect to the vault based on the environment variables;\nvault = Vault()\n\n# Prints the keys in the vault, validating if the vault is initialized;\nprint(vault.keys) \n\n# Retrieving a secret from the vault, or None if not found\nmy_secret = vault.get(\"MY_SECRET\")\n\n# Passing an instance of Vault to the from_env_or_vault function,\n# so it doesn't need to connect to the vault again;\nmy_variable = from_env_or_vault(\"MY_VARIABLE\", default=\"admin\", vault=vault)\n```\n\n\n## Next steps\n- [ ] On init load multiple paths/engines\n- [ ] Add support for other auth methods\n- [ ] Phase out the use of hvac and use requests instead\n- [X] Make sure the vault is not initialized every time, but only when needed\n- [X] Implementation of from_vault_or_env\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Vault implementation in python software (Hashicorp)",
"version": "0.1.6",
"project_urls": {
"Homepage": "https://github.com/cisolutions-nl/py-sec-vault",
"Repository": "https://github.com/cisolutions-nl/py-sec-vault"
},
"split_keywords": [
"vault",
"hashicorp",
"security"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "e39c0c9f9974dcb09542d52a372bfd97f2c6130c3dfa7ffca3e79c76168a8633",
"md5": "52820008e87b67fc4bd07bf7f1228eca",
"sha256": "cf3ce42eabba6869a6e17abdbb468084e59c2f1f462f8c95faba8a343ca2818a"
},
"downloads": -1,
"filename": "py_sec_vault-0.1.6-py3-none-any.whl",
"has_sig": false,
"md5_digest": "52820008e87b67fc4bd07bf7f1228eca",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 7716,
"upload_time": "2023-07-03T19:03:16",
"upload_time_iso_8601": "2023-07-03T19:03:16.564565Z",
"url": "https://files.pythonhosted.org/packages/e3/9c/0c9f9974dcb09542d52a372bfd97f2c6130c3dfa7ffca3e79c76168a8633/py_sec_vault-0.1.6-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "c54a110b1de5cf99b90fca18084e04d9747cfec87a52980ba34b392b39477286",
"md5": "0c6a8afa1a20a5d712444d541b23509c",
"sha256": "b765d1e274f3a8052c2d748d496c5f6baab33667437427663744ce69c7bc0b61"
},
"downloads": -1,
"filename": "py_sec_vault-0.1.6.tar.gz",
"has_sig": false,
"md5_digest": "0c6a8afa1a20a5d712444d541b23509c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 5472,
"upload_time": "2023-07-03T19:03:18",
"upload_time_iso_8601": "2023-07-03T19:03:18.169262Z",
"url": "https://files.pythonhosted.org/packages/c5/4a/110b1de5cf99b90fca18084e04d9747cfec87a52980ba34b392b39477286/py_sec_vault-0.1.6.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-07-03 19:03:18",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cisolutions-nl",
"github_project": "py-sec-vault",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "py-sec-vault"
}
JSON
