def env(
client_obj: client.VaultClientBase, path: Sequence[str], command: Sequence[str]
) -> NoReturn:
"""
Launches a command, loading secrets in environment.
Strings are exported as-is, other types (including booleans, nulls, dicts, lists)
are exported as yaml (more specifically as json).
"""
paths = list(path) or [""]
env_secrets = {}
for path in paths:
secrets = client_obj.get_secrets(path)
env_secrets.update(
{
environment.make_env_key(
path=path, key=key
): environment.make_env_value(value)
for key, value in secrets.items()
}
)
environ = os.environ.copy()
environ.update(env_secrets)
environment.exec_command(command=command, environ=environ)
def env(
client_obj: client.VaultClientBase,
path: Sequence[str],
omit_single_key: bool,
command: Sequence[str],
) -> NoReturn:
"""
Launch a command, loading secrets in environment.
Strings are exported as-is, other types (including booleans, nulls, dicts, lists)
are exported JSON-encoded.
If the path ends with `:key` then only one key of the mapping is used and its name is the name of the key.
VARIABLE NAMES
By default the name is build upon the relative path to the parent of the given path (in parameter) and the name of the keys in the value mapping.
Let's say that we have stored the mapping `{'username': '******', 'password': '******'}` at path `a/b/c`
Using `--path a/b` will inject the following environment variables: B_C_USERNAME and B_C_PASSWORD
Using `--path a/b/c` will inject the following environment variables: C_USERNAME and C_PASSWORD
Using `--path a/b/c:username` will only inject `USERNAME=me` in the environment.
You can customize the variable names generation by appending `=SOME_PREFIX` to the path.
In this case the part corresponding to the base path is replace by your prefix.
Using `--path a/b=FOO` will inject the following environment variables: FOO_C_USERNAME and FOO_C_PASSWORD
Using `--path a/b/c=FOO` will inject the following environment variables: FOO_USERNAME and FOO_PASSWORD
Using `--path a/b/c:username=FOO` will inject `FOO=me` in the environment.
"""
paths = list(path) or [""]
env_secrets = {}
for path in paths:
path_with_key, _, prefix = path.partition("=")
path, _, filter_key = path_with_key.partition(":")
if filter_key:
secret = client_obj.get_secret(path=path, key=filter_key)
env_updates = environment.get_envvars_for_secret(key=filter_key,
secret=secret,
prefix=prefix)
else:
secrets = client_obj.get_secrets(path=path, relative=True)
env_updates = environment.get_envvars_for_secrets(
path=path,
prefix=prefix,
secrets=secrets,
omit_single_key=omit_single_key,
)
env_secrets.update(env_updates)
environ = os.environ.copy()
environ.update(env_secrets)
environment.exec_command(command=command, environ=environ)
def env(
client_obj: client.VaultClientBase, path: Sequence[str], command: Sequence[str]
) -> NoReturn:
"""
Launch a command, loading secrets in environment.
Strings are exported as-is, other types (including booleans, nulls, dicts, lists)
are exported as yaml (more specifically as json).
VARIABLE NAMES
If the path is not a folder the prefix value is used as the name of the
variable.
e.g.: for a/b/key, `--path a/b/c=foo` gives `FOO=...`
If the path is a folder, then the variable names will be generated as:
PREFIX + _ + relative path
e.g.: for a/b/key, `--path a/b=my` gives `MY_KEY=...`
The standard behavior when no prefix is set will use the relative path to
the parent of the given path as variable name
e.g.: for a/b/key, --path a/b gives `B_KEY=...`
e.g.: for a/b/key, --path a/b/key gives `KEY=...`
"""
paths = list(path) or [""]
env_secrets = {}
for path in paths:
path, _, prefix = path.partition("=")
secrets = client_obj.get_secrets(path)
env_secrets.update(
{
environment.make_env_key(
path=path, prefix=prefix, key=key
): environment.make_env_value(value)
for key, value in secrets.items()
}
)
environ = os.environ.copy()
environ.update(env_secrets)
environment.exec_command(command=command, environ=environ)
def get_envvars(
vault_client: client.VaultClientBase,
path: str,
prefix: str,
omit_single_key: bool,
filter_key: str,
) -> Dict[str, str]:
if filter_key:
secret = vault_client.get_secret(path=path, key=filter_key)
return get_envvars_for_secrets(
path="",
prefix=prefix,
secrets={"": {
filter_key: secret
}},
omit_single_key=bool(prefix),
)
else:
secrets = vault_client.get_secrets(path=path, relative=True)
return get_envvars_for_secrets(path=path,
prefix=prefix,
secrets=secrets,
omit_single_key=omit_single_key)