Close
    logoCloudomation Docs

    TaskVAULT

    class tasks.task_vault.TaskVAULT

    Interact with HashiCorp Vault

    Currently, only the Key-Value engine is supported.

    For the KV engine, version 2 secrets the secret_path needs to be prefixed with data/

    Inputs

    NameTypeDefaultDescription
    allow_redirectsboolFalseIf set to False do not follow redirects. False by default.
    cacertstrNoneTo attach self-signed certificates (ca = certificate authority, cert = certificate). To access https:// urls, you need to sign your request. Certificates trusted by default by debian jessie will work.
    connect_timeoutfloatNoneA timeout for connecting to a peer. Can be disabled by setting to 0 or None
    datadictNoneUsed with mode upsert and update_metadata
    engine_pathstrkvVault's engine path.
    hoststr
    max_redirectsint10Maximum number of redirects to follow. 10 by default.
    modestrNoneAvailable modes: read, upsert, delete_last_version, delete_versions, undelete_versions, destroy_versions, list, read_metadata, update_metadata, delete_metadata. These modes are only supported for the key-value engine.
    pathstrNoneDEPRECATED: Path for the secret. Please use secret_path
    read_timeoutfloatNoneA timeout for reading a portion of data from a peer. Can be disabled by setting to 0 or None
    secret_pathstrNonePath for the secret.
    tokenstr
    total_timeoutfloatNoneTotal timeout for the whole request. Can be disabled by setting to 0 or None
    versionintNoneOptional argument for mode read
    versionslistNoneOptional argument for modes delete_versions, undelete_versions, destroy_versions. If None, all versions are deleted.

    Outputs

    NameTypeDefaultDescription
    resultdictThe response of the vault API.
    status_codeint
    execution_idintThe ID of the task execution
    messagestrThe ended message for the task. If the task ended with an error, the message will contain information about what went wrong
    statusstrThe ended status for the task. Either "success" or "error".

    Constants

    input_list = ['allow_redirects', 'cacert', 'connect_timeout', 'data', 'engine_path', 'host', 'max_redirects', 'mode', 'path', 'read_timeout', 'secret_path', 'token', 'total_timeout', 'version', 'versions']kwargs = []output_list = ['result', 'status_code']version = 1

    Methods

    delete_last_version_mode ()
    delete_metadata_mode ()
    delete_versions_mode ()
    destroy_versions_mode ()
    list_mode ()
    log (message)
    mode_lut ()
    read_metadata_mode ()
    read_mode ()
    run ()
    undelete_versions_mode ()
    update_metadata_mode ()
    upsert_mode ()

    Example

    import flow_api
    def handler(system: flow_api.System, this: flow_api.Execution):
    # create a secret
    this.task(
    'VAULT',
    host='https://my-vault-host:8200',
    engine_path='kv',
    secret_path='data/my-secret',
    data={
    'secret-key': 'secret-value',
    },
    token='my-vault-token',
    )
    # read a secret
    secret_value = this.task(
    'VAULT',
    host='https://my-vault-host:8200',
    engine_path='kv',
    secret_path='data/my-secret',
    version=None, # read latest version
    token='my-vault-token',
    ).get('output_value')['result']['data']['data']
    assert secret_value == {'secret-key': 'secret-value'}
    # destroy all versions of secret
    this.task(
    'VAULT',
    host='https://my-vault-host:8200',
    engine_path='kv',
    secret_path='my-secret',
    mode='delete_metadata',
    token='my-vault-token',
    )
    Previous
    TaskSSH
    Next
    TaskXMLRPC