Skip to main content
Version: 10 - TBD

ConnectorTypeVAULT

class connector_types.connector_type_vault.ConnectorTypeVAULT

Interact with HashiCorp Vault

Currently, only the Key-Value engine is supported.

For the KV engine, version 2 secrets the secret_path needs to be prefixed with data/

Input Schema

  • host

    Type: string

  • engine_path

    Vault's engine path.

    Type: string

    Default: kv

  • secret_path

    Path of the secret.

    Type: anyOf

  • mode

    The mode to operate in.

    Type: anyOf

  • token

    The access token to authenticate.

    Type: string

  • cacert

    Type: anyOf

  • allow_redirects

    If set to False do not follow redirects. False by default.

    Type: boolean

  • max_redirects

    Maximum number of redirects to follow. 10 by default.

    Type: integer

    Default: 10

  • total_timeout

    Total timeout for the request.

    Type: anyOf

  • connect_timeout

    A timeout for connecting to a peer.

    Type: anyOf

  • read_timeout

    A timeout for reading a portion of data from a peer.

    Type: anyOf

  • path

    DEPRECATED. Replaced by secret_path.

  • data

    DEPRECATED. Replaced by mode.data.

  • version

    DEPRECATED. Replaced by mode.version.

  • versions

    DEPRECATED. Replaced by mode.versions.

Output Schema

  • status_code

    Type: integer

  • result

    Data

Constants

ssl_context_inputs = ['check_hostname', 'client_cert', 'client_key', 'server_ca']

Example

import flow_api

def handler(system: flow_api.System, this: flow_api.Execution, inputs: dict):
    # create a secret
    this.connect(
        connector_type='VAULT',
        host='https://my-vault-host:8200',
        engine_path='kv',
        secret_path='data/my-secret',
        data={
            'secret-key': 'secret-value',
        },
        token='my-vault-token',
    )

    # read a secret
    secret_value = this.connect(
        connector_type='VAULT',
        host='https://my-vault-host:8200',
        engine_path='kv',
        secret_path='data/my-secret',
        version=None,  # read latest version
        token='my-vault-token',
    ).get('output_value')['result']['data']['data']
    assert secret_value == {'secret-key': 'secret-value'}

    # destroy all versions of secret
    this.connect(
        connector_type='VAULT',
        host='https://my-vault-host:8200',
        engine_path='kv',
        secret_path='my-secret',
        mode='delete_metadata',
        token='my-vault-token',
    )

    return this.success('all done')