VaultService#
- class phalanx.services.vault.VaultService(config_storage, vault_storage)#
Bases:
object
Service to manage Vault authentication.
- Parameters:
config_storage (
ConfigStorage
) – Storage object for the Phalanx configuration.vault_storage (
VaultStorage
) – Storage object for Vault.
Methods Summary
audit
(environment)Audit the Vault authentication configuration for an environment.
create_read_approle
(environment)Create a new Vault read AppRole for the given environment.
create_write_token
(environment, lifetime)Create a new Vault write token for the given environment.
Methods Documentation
- audit(environment)#
Audit the Vault authentication configuration for an environment.
- create_read_approle(environment)#
Create a new Vault read AppRole for the given environment.
This will create (or update) a read policy whose name is the Vault secrets path with the first component (the mount) removed and
/read
appended, and an AppRole, whose name will be the last component of the Vault secrets path.Conventionally, the Vault secrets path will be
phalanx/fqdn
where the last component is the FQDN of the deployed Phalanx environment, so the policy name will bephalanx/fqdn/read
and the AppRole name will befqdn
.- Parameters:
environment (
str
) – Name of the environment.- Returns:
Newly-created Vault AppRole.
- Return type:
- create_write_token(environment, lifetime)#
Create a new Vault write token for the given environment.
This will create (or update) a read policy whose name is the Vault secrets path with the first component (the mount) removed and
/write
appended. Any existing write tokens will be revoked.Must be called with credentials capable of creating tokens and policies and listing accessors of existing tokens.
- Parameters:
- Returns:
Newly-created Vault token.
- Return type: