VaultService#
- class phalanx.services.vault.VaultService(config_storage, vault_storage)#
Bases:
objectService to manage Vault authentication.
- Parameters:
config_storage (
ConfigStorage) – Storage object for the Phalanx configuration.vault_storage (
VaultStorage) – Storage object for Vault.
Methods Summary
audit(environment)Audit the Vault authentication configuration for an environment.
create_read_approle(environment)Create a new Vault read AppRole for the given environment.
create_write_token(environment, lifetime)Create a new Vault write token for the given environment.
Methods Documentation
- audit(environment)#
Audit the Vault authentication configuration for an environment.
- create_read_approle(environment)#
Create a new Vault read AppRole for the given environment.
This will create (or update) a read policy whose name is the Vault secrets path with the first component (the mount) removed and
/readappended, and an AppRole, whose name will be the last component of the Vault secrets path.Conventionally, the Vault secrets path will be
phalanx/fqdnwhere the last component is the FQDN of the deployed Phalanx environment, so the policy name will bephalanx/fqdn/readand the AppRole name will befqdn.- Parameters:
environment (
str) – Name of the environment.- Returns:
Newly-created Vault AppRole.
- Return type:
- create_write_token(environment, lifetime)#
Create a new Vault write token for the given environment.
This will create (or update) a read policy whose name is the Vault secrets path with the first component (the mount) removed and
/writeappended. Any existing write tokens will be revoked.Must be called with credentials capable of creating tokens and policies and listing accessors of existing tokens.
- Parameters:
- Returns:
Newly-created Vault token.
- Return type: