Skip to content
/ vaultpy Public

Load Vault-injected secrets into Python apps and track their usage.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DirectEmployers/vaultpy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
vault
vault
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
setup.cfg
setup.cfg
 
 

Repository files navigation

Vaultpy

Parse injected Vault secrets and track their usage with Datadog.

Requirements

Setup

For production, use the VAULTPY_SECRETS_PATH environment variable to set the path to the secrets that are injected by the Vault Agent in Kubernetes. This defaults to /vault/secrets/secrets. You will also need to set VAULTPY_ENABLE_VAULT (default false) to use injected secrets rather than loading them from a de_secrets module.

For local development, a de_secrets.py can be used to load secrets in a format not unlike Django settings.

Lastly you can toggle secret access tracking with Datadog via VAULTPY_DATADOG_ENABLE. This defaults to true because we want this in production, but it ought to be disabled in development environments.

Usage

Import vault.secrets and then access the loaded secrets using by accessing dynamic properties loaded into the secrets object (i.e. secrets.FOO).

Example of usage in a settings file:

from vault import secrets

FOO = secrets.FOO
BAR = getattr(secrets, "BAR", "")
BAZ = getattr(secrets, "BAZ")

About

Load Vault-injected secrets into Python apps and track their usage.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 8

v0.1.0: Add tests, improve code imports by delaying full initialization of va… Latest
Mar 17, 2021
+ 7 releases

Packages

No packages published

Languages