def get_secret(self, secret: VaultSecret):
mount_point, path = secret.get_mount_point_and_path()
try:
values = self.__client.secrets.kv.v2.read_secret_version(
path, mount_point=mount_point)["data"]["data"]
except hvac.exceptions.InvalidPath:
raise ESKException(404, "Secret not found in backend")
logger.debug(f"Found secret { path } in vault.")
return values
def delete_secret(self, secret: VaultSecret):
'''
Process the deletion of a vaultsecrets resource
'''
mount_point, path = secret.get_mount_point_and_path()
self.__client.secrets.kv.v2.delete_metadata_and_all_versions(
path, mount_point=mount_point)
logger.info(f"Deleted secret { mount_point }/{ path } in vault.")
def get_object(self, name, namespace, path, values, config={}):
if path is None:
mount_point = self.__default_mount_point
path = f"{ namespace }/{ name }"
else:
split_path = path.split('/')
mount_point = split_path[0]
path = '/'.join(split_path[1:])
return VaultSecret(name, namespace, mount_point, path, values,
**config)
def create_secret(self, secret: VaultSecret):
'''
Process the creation of a vaultsecrets resource
'''
mount_point, path = secret.get_mount_point_and_path()
try:
self.__client.secrets.kv.v2.create_or_update_secret(
path,
secret=secret.get_creation_values(),
mount_point=mount_point,
cas=0)
except hvac.exceptions.InvalidRequest as e:
raise ESKException(409, "Path already exists")
logger.debug(f"Created secret { mount_point }/{ path } in vault.")
# policy_name = f"{ namespace }-{ name }"
# self.__client.sys.create_or_update_policy(policy_name, f"path \"{ mount_point }/{ path }\" {{\n capabilities = [\"read\"]\n}}\n")
# logger.debug(f"Created policy {policy_name}")
return f"{ mount_point }/{ path }"