HashiCorp - Vault¶
Nothing can be simpler to interact with Secret Keys than the BotCity plugin for HashiCorp Vault.
Manage your credentials.
KV Secrets Engine¶
The kv secrets engine is a generic Key-Value store used to store arbitrary
secrets within the configured physical storage for Vault. This backend can be
run in one of two modes; either it can be configured to store a single value
for a key or, versioning can be enabled and a configurable number of versions
for each key will be stored.
This plugin runs in v2, this version can retain a configurable number of versions. This defaults to 10 versions. The older versions' metadata and data can be retrieved. Additionally, Check-and-Set operations can be used to avoid overwriting data unintentionally.
Installation¶
pip install botcity-hashicorp-vault-plugin
Importing the Plugin¶
After you installed this package, the next step is to import the package into your code and start using the functions.
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
Authentication¶
Info
If you are using Hashicorp Cloud: you need to use the public url and the token is valid for 6 hours. See token types.
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
vault = BotHashicorpKVPlugin(
url="<your_public_url>",
token="<your_token>",
namespace="<your_namespace>",
mount_point="<your_mount_point>",
base_path="<your_base_path>"
)
Properties¶
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
vault = BotHashicorpKVPlugin(...)
# Properties
vault.mount_point = "<another_mount_point>"
vault.base_path = "<another_base_path>"
client = vault.vault_client # returns: hvac Client instance
Secrets operations¶
Create or Update secret¶
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
vault = BotHashicorpKVPlugin(...)
secret = {'key': 'value', 'key01': 'value'}
print(vault.create_or_update_secret(path="<secret_name>", secret=secret))
# Or
vault["<secret_name>"] = {'key': 'value', 'key01': 'value'}
Retrieve secret value¶
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
vault = BotHashicorpKVPlugin(...)
print(vault.get_secret_value(path="<secret_name>"))
# Or (retrieves the value of the last version of the secret)
print(vault["<secret_name>"])
Retrieve secret metadata¶
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
vault = BotHashicorpKVPlugin(...)
print(vault.get_secret_metadata(path="<secret_name>"))
List all secrets in path¶
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
vault = BotHashicorpKVPlugin(...)
print(vault.list_secrets())
Mark secret version as delete¶
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
vault = BotHashicorpKVPlugin(...)
print(vault.mark_secrets_as_delete(path="<secret_name>", versions=[0, 1]))
# Or (mark latest secret version as deleted)
del vault["secret"]
Unmark secret version as deleted¶
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
vault = BotHashicorpKVPlugin(...)
print(vault.undelete_secrets(path="<secret_name>", versions=[0, 1]))
Destroy permanently secret version¶
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
vault = BotHashicorpKVPlugin(...)
print(vault.destroy_secret_versions(path="<secret_name>", versions=[3]))
Delete permanently secret¶
from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin
vault = BotHashicorpKVPlugin(...)
print(vault.delete_secret_permanently(path="<secret_name>"))