Skip to content

Getting Started

After you installed this package, the next step is to import the package into your code and start using the functions.

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

As a demonstration of the library, let's build a simple example together that will do something cool .

KV Secrets Engine

The kv secrets engine is a generic Key-Value store used to store arbitrary secrets within the configured physical storage for Vault. This backend can be run in one of two modes; either it can be configured to store a single value for a key or, versioning can be enabled and a configurable number of versions for each key will be stored.

This plugin runs in v2, this version can retain a configurable number of versions. This defaults to 10 versions. The older versions' metadata and data can be retrieved. Additionally, Check-and-Set operations can be used to avoid overwriting data unintentionally.

More info

Authentication

Info

If you are using Hashicorp Cloud: you need to use the public url and the token is valid for 6 hours. See token types

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

vault = BotHashicorpKVPlugin(
    url="<your_public_url>",
    token="<your_token>",
    namespace="<your_namespace>",
    mount_point="<your_mount_point>",
    base_path="<your_base_path>"
)

Properties

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

vault = BotHashicorpKVPlugin(...)

# Properties
vault.mount_point = "<another_mount_point>"
vault.base_path = "<another_base_path>"
client = vault.vault_client  # returns: hvac Client instance

Create or Update secret

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

vault = BotHashicorpKVPlugin(...)

secret = {'key': 'value', 'key01': 'value'}
print(vault.create_or_update_secret(path="<secret_name>", secret=secret))

# Or
vault["<secret_name>"] = {'key': 'value', 'key01': 'value'}

Retrieve secret value

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

vault = BotHashicorpKVPlugin(...)
print(vault.get_secret_value(path="<secret_name>"))

# Or (retrieves the value of the last version of the secret)
print(vault["<secret_name>"])

Retrieve secret metadata

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

vault = BotHashicorpKVPlugin(...)
print(vault.get_secret_metadata(path="<secret_name>"))

List all secrets in path

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

vault = BotHashicorpKVPlugin(...)
print(vault.list_secrets())

Mark secret version as delete

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

vault = BotHashicorpKVPlugin(...)
print(vault.mark_secrets_as_delete(path="<secret_name>", versions=[0, 1]))

# Or (mark latest secret version as deleted)
del vault["secret"]

Unmark secret version as deleted

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

vault = BotHashicorpKVPlugin(...)
print(vault.undelete_secrets(path="<secret_name>", versions=[0, 1]))

Destroy permanently secret version

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

vault = BotHashicorpKVPlugin(...)
print(vault.destroy_secret_versions(path="<secret_name>", versions=[3]))

Delete permanently secret

from botcity.plugins.hashicorp.vault.kv import BotHashicorpKVPlugin

vault = BotHashicorpKVPlugin(...)
print(vault.delete_secret_permanently(path="<secret_name>"))

Next Steps

Check our examples and experiment with the API. Let us know where it can be improved.

Have fun automating!

Back to top