VaultClient#
- class phalanx.storage.vault.VaultClient(url, path)#
Bases:
object
Store, retrieve, and manipulate data stored in Vault.
This client is specific to a particular Phalanx environment. It is created using the metadata of a Phalanx environment by
VaultStorage
.The Vault authentication token is taken from either the
VAULT_TOKEN
environment variable or a.vault-token
file in the user’s home directory.- Parameters:
Methods Summary
create_approle
(name, policies)Create a new Vault AppRole for secret access.
create_policy
(name, policy)Create a policy allowing read of secrets for this environment.
create_token
(display_name, policies, lifetime)Create a new Vault token.
delete_application_secret
(application)Delete the secrets for an application currently stored in Vault.
get_application_secret
(application)Get the secrets for an application currently stored in Vault.
get_approle
(name)Retrieve metadata about a Vault AppRole if it exists.
Get the secrets for an environment currently stored in Vault.
get_policy
(name)Get the contents of a Vault policy.
get_token
(accessor)Get a token by accessor.
List the available application secrets in Vault.
List the accessors of all known tokens.
Revoke all existing SecretIDs for a Vault AppRole.
revoke_token
(accessor)Revoke a token by accessor.
store_application_secret
(application, values)Store the full set of secrets for an application.
update_application_secret
(application, key, ...)Update the value of a specific secret key.
Methods Documentation
- create_approle(name, policies)#
Create a new Vault AppRole for secret access.
- Parameters:
- Returns:
Newly-created AppRole.
- Return type:
- create_policy(name, policy)#
Create a policy allowing read of secrets for this environment.
- create_token(display_name, policies, lifetime)#
Create a new Vault token.
- Parameters:
- Returns:
Newly-created Vault token.
- Return type:
- delete_application_secret(application)#
Delete the secrets for an application currently stored in Vault.
If the secret does not exist, still returns success without raising an exception.
- get_application_secret(application)#
Get the secrets for an application currently stored in Vault.
- Parameters:
application (
str
) – Name of the application.- Returns:
Mapping from secret key to its secret from Vault.
- Return type:
dict of pydantic.types.SecretStr
- Raises:
VaultNotFoundError – Raised if the requested secret was not found in Vault.
- get_approle(name)#
Retrieve metadata about a Vault AppRole if it exists.
- Parameters:
approle – Name of the AppRole.
name (
str
) –
- Returns:
Metadata about the AppRole if it exists, else
None
.- Return type:
VaultAppRoleMetadata or None
- get_environment_secrets()#
Get the secrets for an environment currently stored in Vault.
- get_policy(name)#
Get the contents of a Vault policy.
- get_token(accessor)#
Get a token by accessor.
- Parameters:
accessor (
str
) – Accessor for the token.- Returns:
Metadata for the token, or
None
if no token exists with that accessor.- Return type:
VaultTokenMetadata or None
- list_application_secrets()#
List the available application secrets in Vault.
- Returns:
Names of available application secrets.
- Return type:
- Raises:
VaultNotFoundError – Raised if the path for application secrets does not exist.
- list_token_accessors()#
List the accessors of all known tokens.
- revoke_approle_secret_ids(name)#
Revoke all existing SecretIDs for a Vault AppRole.
- revoke_token(accessor)#
Revoke a token by accessor.
- store_application_secret(application, values)#
Store the full set of secrets for an application.