| Name | vault-get JSON |
| Version |
0.0.1.post1
JSON |
| download |
| home_page | None |
| Summary | Python hvac cli wrapper: get kv from hashicorp vault by auth token or jwt. |
| upload_time | 2024-11-19 13:02:10 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.11 |
| license | None |
| keywords |
vault
kv
secret
hvac
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# vault-get
Python hvac cli wrapper: get kv from hashicorp vault by auth token or jwt.
# Why
This tool helps when you don't have access to vanilla hashicorp **vault** binary and need only to retrieve kv from vault.
# Usage
vault-get can be used to print kv secrets via token or jwt auth to stdout.
## vault auth token
```bash
export VAULT_TOKEN=xxx
export VAULT_ADDRESS=https://vault.local
vault-get -a $VAULT_ADDRESS -m MyMountPoint -p my_secret_path -k my_secret_key
topsecret
```
## jwt gitlab-ci
Check your vault authentication method to know auth path.
```bash
vault read auth/jwt-1
```
```yaml
varables:
CI_JWT_ROLE: role_gitlab_ci
VAULT_JWT_PATH: jwt-1
job01:
stage: test
id_tokens:
VAULT_ID_TOKEN:
aud: $VAULT_ADDR
before_script:
- export MY_VALUE="$(vault-get -a $VAULT_ADDR -j $VAULT_ID_TOKEN -ap $VAULT_JWT_PATH -r $CI_JWT_ROLE -m MyMountPoint -p my_secret_path -k my_secret_key)"
script:
- echo $MY_VALUE
```
## cli help
```bash
vault-get --help
usage: vault-get [-h] [-v] [-a VAULT_ADDRESS] [-ap AUTH_PATH] [-r JWT_AUTH_ROLE] [-j JWT] -m MOUNT_POINT -p SECRET_PATH -k SECRET_KEY
Vault get secret. Simple hvac wrapper used to pull from hvault. Print kv-secret from vault to stdout.
options:
-h, --help show this help message and exit
-v, --verbose Set logging level to DEBUG. Warning: secrets will be revealed.
Vault:
If jwt-auth-role and jwt are not set uses $VAULT_TOKEN env variable for auth.
-a VAULT_ADDRESS, --vault-address VAULT_ADDRESS
Vault address. Example "https://vault.local". Default="https://127.0.0.1"
-ap AUTH_PATH, --auth-path AUTH_PATH
Vault auth method auth path. Example "jwt-test". Default="jwt"
-r JWT_AUTH_ROLE, --jwt-auth-role JWT_AUTH_ROLE
Auth role for jwt auth. Used in pair with --jwt.
-j JWT, --jwt JWT JWT for jwt auth. Used in pair with --jwt-auth-role.
Get secret by path and key:
Printout secret value by mount-point, secret-path and secret-key.
-m MOUNT_POINT, --mount-point MOUNT_POINT
Vault mount point. Example "MyMountPoint".
-p SECRET_PATH, --secret-path SECRET_PATH
Vault secret path. Example "my_super_secret"
-k SECRET_KEY, --secret-key SECRET_KEY
Vault secret key. Example "access_token"
Usage
vault-get -m MyMountPoint -p my_secret_path -k my_secret_key
Examples:
Use $VAULT_ADDR and $VAULT_TOKEN to access vault and auth:
vault-get -m MyMountPoint -p my_secret_path -k my_secret_key
Use JWT auth method in gitlab-ci job:
vault-get -a https://vault.local -j $CI_JOB_JWT -r role_gitlab_ci -m MyMountPoint -p my_secret_path -k my_secret_key
```
Raw data
{
"_id": null,
"home_page": null,
"name": "vault-get",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.11",
"maintainer_email": null,
"keywords": "vault, kv, secret, hvac",
"author": null,
"author_email": "Alexander Onishchenko <alexonishchenko@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/d6/aa/b9df107cdaf0970d860327efe4d0c0f6afa90ad0c3779e66fd8db2331d3d/vault_get-0.0.1.post1.tar.gz",
"platform": null,
"description": "# vault-get\nPython hvac cli wrapper: get kv from hashicorp vault by auth token or jwt. \n\n# Why\nThis tool helps when you don't have access to vanilla hashicorp **vault** binary and need only to retrieve kv from vault.\n\n# Usage\n\nvault-get can be used to print kv secrets via token or jwt auth to stdout.\n\n## vault auth token\n\n```bash\nexport VAULT_TOKEN=xxx\nexport VAULT_ADDRESS=https://vault.local\n\nvault-get -a $VAULT_ADDRESS -m MyMountPoint -p my_secret_path -k my_secret_key\ntopsecret\n```\n\n## jwt gitlab-ci\nCheck your vault authentication method to know auth path.\n\n```bash\nvault read auth/jwt-1\n```\n\n```yaml\nvarables:\n CI_JWT_ROLE: role_gitlab_ci\n VAULT_JWT_PATH: jwt-1\n\njob01:\n stage: test\n id_tokens:\n VAULT_ID_TOKEN:\n aud: $VAULT_ADDR\n before_script:\n - export MY_VALUE=\"$(vault-get -a $VAULT_ADDR -j $VAULT_ID_TOKEN -ap $VAULT_JWT_PATH -r $CI_JWT_ROLE -m MyMountPoint -p my_secret_path -k my_secret_key)\"\n script:\n - echo $MY_VALUE\n\n```\n\n\n## cli help\n\n```bash\nvault-get --help\nusage: vault-get [-h] [-v] [-a VAULT_ADDRESS] [-ap AUTH_PATH] [-r JWT_AUTH_ROLE] [-j JWT] -m MOUNT_POINT -p SECRET_PATH -k SECRET_KEY\n\nVault get secret. Simple hvac wrapper used to pull from hvault. Print kv-secret from vault to stdout.\n\noptions:\n -h, --help show this help message and exit\n -v, --verbose Set logging level to DEBUG. Warning: secrets will be revealed.\n\nVault:\n If jwt-auth-role and jwt are not set uses $VAULT_TOKEN env variable for auth.\n\n -a VAULT_ADDRESS, --vault-address VAULT_ADDRESS\n Vault address. Example \"https://vault.local\". Default=\"https://127.0.0.1\"\n -ap AUTH_PATH, --auth-path AUTH_PATH\n Vault auth method auth path. Example \"jwt-test\". Default=\"jwt\"\n -r JWT_AUTH_ROLE, --jwt-auth-role JWT_AUTH_ROLE\n Auth role for jwt auth. Used in pair with --jwt.\n -j JWT, --jwt JWT JWT for jwt auth. Used in pair with --jwt-auth-role.\n\nGet secret by path and key:\n Printout secret value by mount-point, secret-path and secret-key.\n\n -m MOUNT_POINT, --mount-point MOUNT_POINT\n Vault mount point. Example \"MyMountPoint\".\n -p SECRET_PATH, --secret-path SECRET_PATH\n Vault secret path. Example \"my_super_secret\"\n -k SECRET_KEY, --secret-key SECRET_KEY\n Vault secret key. Example \"access_token\"\n\nUsage \nvault-get -m MyMountPoint -p my_secret_path -k my_secret_key\n\nExamples:\n Use $VAULT_ADDR and $VAULT_TOKEN to access vault and auth:\n vault-get -m MyMountPoint -p my_secret_path -k my_secret_key\n Use JWT auth method in gitlab-ci job:\n vault-get -a https://vault.local -j $CI_JOB_JWT -r role_gitlab_ci -m MyMountPoint -p my_secret_path -k my_secret_key\n```\n\n",
"bugtrack_url": null,
"license": null,
"summary": "Python hvac cli wrapper: get kv from hashicorp vault by auth token or jwt.",
"version": "0.0.1.post1",
"project_urls": {
"homepage": "https://github.com/alexonishchenko/vault-get",
"repository": "https://github.com/alexonishchenko/vault-get"
},
"split_keywords": [
"vault",
" kv",
" secret",
" hvac"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "789a7a5835765dd609f8934525108d4a9bb803f3046ded32350e36e231d77029",
"md5": "3ce3c92ced83cb492e06a4f171b5854f",
"sha256": "ec696400e8205972a7fe4ad7954fba5d2d8404af58580a87a94974084185ce50"
},
"downloads": -1,
"filename": "vault_get-0.0.1.post1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "3ce3c92ced83cb492e06a4f171b5854f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.11",
"size": 4210,
"upload_time": "2024-11-19T13:02:09",
"upload_time_iso_8601": "2024-11-19T13:02:09.624007Z",
"url": "https://files.pythonhosted.org/packages/78/9a/7a5835765dd609f8934525108d4a9bb803f3046ded32350e36e231d77029/vault_get-0.0.1.post1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "d6aab9df107cdaf0970d860327efe4d0c0f6afa90ad0c3779e66fd8db2331d3d",
"md5": "95b3a2296d95e9e42c94c894076c5aa0",
"sha256": "5927545f44f83f3a77e511dc0d2ad42c7e7a6e51e36646445edff085c8995053"
},
"downloads": -1,
"filename": "vault_get-0.0.1.post1.tar.gz",
"has_sig": false,
"md5_digest": "95b3a2296d95e9e42c94c894076c5aa0",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.11",
"size": 3647,
"upload_time": "2024-11-19T13:02:10",
"upload_time_iso_8601": "2024-11-19T13:02:10.786617Z",
"url": "https://files.pythonhosted.org/packages/d6/aa/b9df107cdaf0970d860327efe4d0c0f6afa90ad0c3779e66fd8db2331d3d/vault_get-0.0.1.post1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-19 13:02:10",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "alexonishchenko",
"github_project": "vault-get",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "vault-get"
}
