ConnectorTypeVAULT
class connector_types.connector_type_vault.ConnectorTypeVAULT
Interact with HashiCorp Vault
Currently, only the Key-Value engine is supported.
For the KV engine, version 2 secrets the secret_path needs to be prefixed with data/
Inputs
Name | Type | Default | Description |
---|---|---|---|
allow_redirects | bool | False | If set to False do not follow redirects. False by default. |
cacert | str | None | To attach self-signed certificates (ca = certificate authority, cert = certificate). To access https:// urls, you need to sign your request. Certificates trusted by default by debian jessie will work. |
connect_timeout | float | None | A timeout for connecting to a peer. Can be disabled by setting to 0 or None |
data | dict | None | Used with mode upsert and update_metadata |
engine_path | str | kv | Vault's engine path. |
host | str | ||
max_redirects | int | 10 | Maximum number of redirects to follow. 10 by default. |
mode | str | None | Available modes: read , upsert , delete_last_version , delete_versions , undelete_versions , destroy_versions , list , read_metadata , update_metadata , delete_metadata . When data is given mode will default to upsert , otherwise to read . |
path | str | None | DEPRECATED: Path for the secret. Please use secret_path |
read_timeout | float | None | A timeout for reading a portion of data from a peer. Can be disabled by setting to 0 or None |
secret_path | str | None | Path for the secret. |
token | str | ||
total_timeout | float | None | Total timeout for the whole request. Can be disabled by setting to 0 or None |
version | int | None | Optional argument for mode read |
versions | list | None | Optional argument for modes delete_versions , undelete_versions , destroy_versions . If None , all versions are deleted. |
Outputs
Name | Type | Default | Description |
---|---|---|---|
result | dict | The response of the vault API. | |
status_code | int |
Constants
input_list = ['allow_redirects', 'cacert', 'connect_timeout', 'data', 'engine_path', 'host', 'max_redirects', 'mode', 'path', 'read_timeout', 'secret_path', 'token', 'total_timeout', 'version', 'versions'] output_list = ['result', 'status_code'] ssl_context_inputs = ['check_hostname', 'client_cert', 'client_key', 'server_ca'] version = 1Methods
execute
details
log
details
one_of_inputs
details
run
details
Example
import flow_api
def handler(system: flow_api.System, this: flow_api.Execution):
# create a secret
this.connect(
connector_type='VAULT',
host='https://my-vault-host:8200',
engine_path='kv',
secret_path='data/my-secret',
data={
'secret-key': 'secret-value',
},
token='my-vault-token',
)
# read a secret
secret_value = this.connect(
connector_type='VAULT',
host='https://my-vault-host:8200',
engine_path='kv',
secret_path='data/my-secret',
version=None, # read latest version
token='my-vault-token',
).get('output_value')['result']['data']['data']
assert secret_value == {'secret-key': 'secret-value'}
# destroy all versions of secret
this.connect(
connector_type='VAULT',
host='https://my-vault-host:8200',
engine_path='kv',
secret_path='my-secret',
mode='delete_metadata',
token='my-vault-token',
)
return this.success('all done')