vaultkeeper-adaptor

A small library that allows Django apps to consume Vaultkeeper output as resource secrets.

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

https://img.shields.io/travis/praekeltfoundation/django-vaultkeeper-adaptor/master.svg?style=flat-square

https://img.shields.io/codecov/c/github/praekeltfoundation/django-vaultkeeper-adaptor/master.svg?style=flat-square

A small library that allows Django applications to consume vaultkeeper output as resource secrets.

django-vaultkeeper-adaptor supports the SET_ROLE operation necessary to revoke dynamically-generated PostgreSQL credentials.

Installing the Package

Clone this project and install the package from source with the following commands in the root directory of the repository:

$ pip install -e .

Install the package for development with the following command:

$ pip install -e .[test]

Prerequisites

Technically, you do not need to launch your application with vaultkeeper to use this library, as it is simply an input adaptor. However, using your app with vaultkeeper is strongly recommended.

It is assumed that the rest of your Vault workflow is already configured and running. If you are using the PostgreSQL secret backend with Django, it is necessary to use django-postgresql-setrole in your application as well.

How to Use

Ensure that django-vaultkeeper-adaptor is installed in your production environment.

Ensure that your Django application knows where the file containing your secrets will be. In your settings.py, replace your existing way of populating DATABASES and BROKER_URL with the following code:

cfg = environ.get('CREDENTIAL_PATH','')

if cfg != '':
    vk_adaptor = vaultkeeper_adaptor.VKAdaptor(
        config_path=cfg,
        DATABASES=DATABASES,
        BROKER_URL=BROKER_URL,
    )
    vk_adaptor.process_all()

django-vaultkeeper-adaptor will read the vaultkeeper-generated file containing application credentials and populate the supplied settings variables with values from the file, if they exist.

Note that CREDENTIAL_PATH in the above example is an environment variable set with the output location of vaultkeeper secrets. You can supply your application with this value in a different manner if you wish.

Project details

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.0.1

Sep 18, 2017

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vaultkeeper_adaptor-0.0.1.tar.gz (3.4 kB view hashes)

Uploaded Sep 18, 2017 Source

Built Distribution

vaultkeeper_adaptor-0.0.1-py2-none-any.whl (6.3 kB view hashes)

Uploaded Sep 19, 2017 Python 2

Hashes for vaultkeeper_adaptor-0.0.1.tar.gz

Hashes for vaultkeeper_adaptor-0.0.1.tar.gz
Algorithm	Hash digest
SHA256	`806b8e095dd6e21f1056ccb26f4d6b5bb13cea7e056c809079662849eb6efee4`
MD5	`242fb3af7c8866301005c4141a9634be`
BLAKE2b-256	`8776f3ad8499f4d7792b45fa4108096fa62f393e3fa984a085fcdbdc62bc3584`

Hashes for vaultkeeper_adaptor-0.0.1-py2-none-any.whl

Hashes for vaultkeeper_adaptor-0.0.1-py2-none-any.whl
Algorithm	Hash digest
SHA256	`0e691d66285da77e2cca6c9c335a7d0401d9ad812e72253c74f34e4cd2e67152`
MD5	`d500af410e914dd9af86bd53694e6f61`
BLAKE2b-256	`34c9ed3cd109a252666539ce756ffe162776e957c598dcb7560236349f74aeec`