Skip to main content

ConnectorTypeVAULT

class connector_types.connector_type_vault.ConnectorTypeVAULT

Interact with HashiCorp Vault

Currently, only the Key-Value engine is supported.

For the KV engine, version 2 secrets the secret_path needs to be prefixed with data/

Inputs

NameTypeDefaultDescription
allow_redirectsboolFalseIf set to False do not follow redirects. False by default.
cacertstrNoneTo attach self-signed certificates (ca = certificate authority, cert = certificate). To access https:// urls, you need to sign your request. Certificates trusted by default by debian jessie will work.
connect_timeoutfloatNoneA timeout for connecting to a peer. Can be disabled by setting to 0 or None
datadictNoneUsed with mode upsert and update_metadata
engine_pathstrkvVault's engine path.
hoststr
max_redirectsint10Maximum number of redirects to follow. 10 by default.
modestrNoneAvailable modes: read, upsert, delete_last_version, delete_versions, undelete_versions, destroy_versions, list, read_metadata, update_metadata, delete_metadata. When data is given mode will default to upsert, otherwise to read.
pathstrNoneDEPRECATED: Path for the secret. Please use secret_path
read_timeoutfloatNoneA timeout for reading a portion of data from a peer. Can be disabled by setting to 0 or None
secret_pathstrNonePath for the secret.
tokenstr
total_timeoutfloatNoneTotal timeout for the whole request. Can be disabled by setting to 0 or None
versionintNoneOptional argument for mode read
versionslistNoneOptional argument for modes delete_versions, undelete_versions, destroy_versions. If None, all versions are deleted.

Outputs

NameTypeDefaultDescription
execution_idintThe ID of the connection execution
messagestrThe ended message for the connection. If the connection ended with an error, the message will contain information about what went wrong
resultdictThe response of the vault API.
statusstrThe ended status for the connection. Either "success" or "error".
status_codeint

Constants

input_list = ['allow_redirects', 'cacert', 'connect_timeout', 'data', 'engine_path', 'host', 'max_redirects', 'mode', 'path', 'read_timeout', 'secret_path', 'token', 'total_timeout', 'version', 'versions']output_list = ['result', 'status_code']version = 1

Methods

Example

import flow_api

def handler(system: flow_api.System, this: flow_api.Execution):
# create a secret
this.connect(
connector_type='VAULT',
host='https://my-vault-host:8200',
engine_path='kv',
secret_path='data/my-secret',
data={
'secret-key': 'secret-value',
},
token='my-vault-token',
)

# read a secret
secret_value = this.connect(
connector_type='VAULT',
host='https://my-vault-host:8200',
engine_path='kv',
secret_path='data/my-secret',
version=None, # read latest version
token='my-vault-token',
).get('output_value')['result']['data']['data']
assert secret_value == {'secret-key': 'secret-value'}

# destroy all versions of secret
this.connect(
connector_type='VAULT',
host='https://my-vault-host:8200',
engine_path='kv',
secret_path='my-secret',
mode='delete_metadata',
token='my-vault-token',
)

return this.success('all done')