Skip to main content
Version: 9 - Germknödel

ConnectorTypeVAULT

class connector_types.connector_type_vault.ConnectorTypeVAULT

Interact with HashiCorp Vault

Currently, only the Key-Value engine is supported.

For the KV engine, version 2 secrets the secret_path needs to be prefixed with data/

Input Schema

  • host

    Type: string

  • engine_path

    Vault's engine path.

    Type: string

    Default: kv

  • secret_path

    Path of the secret.

    Type: anyOf

  • mode

    The mode to operate in.

    Type: anyOf

  • token

    The access token to authenticate.

    Type: string

  • cacert

    Type: anyOf

  • allow_redirects

    If set to False do not follow redirects. False by default.

    Type: boolean

  • max_redirects

    Maximum number of redirects to follow. 10 by default.

    Type: integer

    Default: 10

  • total_timeout

    Total timeout for the request.

    Type: anyOf

  • connect_timeout

    A timeout for connecting to a peer.

    Type: anyOf

  • read_timeout

    A timeout for reading a portion of data from a peer.

    Type: anyOf

  • path

    DEPRECATED. Replaced by secret_path.

  • data

    DEPRECATED. Replaced by mode.data.

  • version

    DEPRECATED. Replaced by mode.version.

  • versions

    DEPRECATED. Replaced by mode.versions.

Output Schema

  • status_code

    Type: integer

  • result

    Data

Constants

ssl_context_inputs = ['check_hostname', 'client_cert', 'client_key', 'server_ca']

Example

import flow_api

def handler(system: flow_api.System, this: flow_api.Execution, inputs: dict):
# create a secret
this.connect(
connector_type='VAULT',
host='https://my-vault-host:8200',
engine_path='kv',
secret_path='data/my-secret',
data={
'secret-key': 'secret-value',
},
token='my-vault-token',
)

# read a secret
secret_value = this.connect(
connector_type='VAULT',
host='https://my-vault-host:8200',
engine_path='kv',
secret_path='data/my-secret',
version=None, # read latest version
token='my-vault-token',
).get('output_value')['result']['data']['data']
assert secret_value == {'secret-key': 'secret-value'}

# destroy all versions of secret
this.connect(
connector_type='VAULT',
host='https://my-vault-host:8200',
engine_path='kv',
secret_path='my-secret',
mode='delete_metadata',
token='my-vault-token',
)

return this.success('all done')