SecretsService#
- class phalanx.services.secrets.SecretsService(config_storage, onepassword_storage, vault_storage)#
Bases:
object
Service to manipulate Phalanx secrets.
- Parameters:
config_storage (
ConfigStorage
) – Storage object for the Phalanx configuration.onepassword_storage (
OnepasswordStorage
) – Storage object for 1Password.vault_storage (
VaultStorage
) – Storage object for Vault.
Methods Summary
audit
(env_name[, static_secrets])Compare existing secrets to configuration and report problems.
generate_static_template
(env_name)Generate a template for providing static secrets.
list_secrets
(env_name)List all required secrets for the given environment.
save_onepassword_secrets
(env_name, path)Generate JSON files of the 1Password secrets for an environment.
save_vault_secrets
(env_name, path)Generate JSON files of the Vault secrets for an environment.
sync
(env_name[, static_secrets, regenerate, ...])Synchronize secrets for an environment with Vault.
Methods Documentation
- audit(env_name, static_secrets=None)#
Compare existing secrets to configuration and report problems.
- generate_static_template(env_name)#
Generate a template for providing static secrets.
The template provides space for all static secrets required for a given environment. The resulting file, once the values have been added, can be used as input to other secret commands instead of an external secret source such as 1Password.
- list_secrets(env_name)#
List all required secrets for the given environment.
- save_onepassword_secrets(env_name, path)#
Generate JSON files of the 1Password secrets for an environment.
One file per application with secrets will be written to the provided path. Each file will be named after the application with
.json
appended, and will contain the secret values for that application. Secrets that are required but have no known value will be written as null.
- save_vault_secrets(env_name, path)#
Generate JSON files of the Vault secrets for an environment.
One file per application with secrets will be written to the provided path. Each file will be named after the application with
.json
appended, and will contain the secret values for that application. Secrets that are required but have no known value will be written as null.
- sync(env_name, static_secrets=None, *, regenerate=False, delete=False)#
Synchronize secrets for an environment with Vault.
Any incorrect secrets will be replaced with the correct value and any missing secrets with generate rules will be generated. For generated secrets that already have a value in Vault, that value will be kept and not replaced.
- Parameters:
env_name (
str
) – Name of the environment.static_secrets (
Optional
[dict
[str
,dict
[str
,StaticSecret
]]], default:None
) – User-provided static secrets.regenerate (
bool
, default:False
) – Whether to regenerate any generated secrets.delete (
bool
, default:False
) – Whether to delete unknown Vault secrets.
- Return type: