def run(self, terms, variables, **kwargs): self.set_options(var_options=variables, direct=kwargs) vault_parameters = { "tenant": self.get_option("tenant"), "client_id": self.get_option("client_id"), "client_secret": self.get_option("client_secret"), "url_template": self.get_option("url_template"), } vault = SecretsVault(**vault_parameters) result = [] for term in terms: display.debug("dsv_lookup term: %s" % term) try: path = term.lstrip("[/:]") if path == "": raise AnsibleOptionsError("Invalid secret path: %s" % term) display.vvv(u"DevOps Secrets Vault GET /secrets/%s" % path) result.append(vault.get_secret_json(path)) except SecretsVaultError as error: raise AnsibleError("DevOps Secrets Vault lookup failure: %s" % error.message) display.debug(u"dsv_lookup result: %s" % result) return result
def Client(vault_parameters): try: vault = SecretsVault(**vault_parameters) return vault except TypeError: raise AnsibleError( "python-dsv-sdk==0.0.1 must be installed to use this plugin")
def main(): try: authorizer = PasswordGrantAuthorizer(BASE_URL, CLIENT_ID, CLIENT_SECRET) vault = SecretsVault(BASE_URL, authorizer) secret = VaultSecret(**vault.get_secret("/test/sdk/simple")) print(f""" username: {secret.data['username']} password: {secret.data['password']} """) except SecretsVaultAccessError as e: print(e.message) except SecretsVaultError as e: print(e.response.text)
def Client(vault_parameters): return SecretsVault(**vault_parameters)
'type': 'string', 'secret': True, }, ], 'metadata': [ { 'id': 'path', 'label': _('Secret Path'), 'type': 'string', 'help_text': _('The secret path e.g. /test/secret1'), }, ], 'required': ['tenant', 'client_id', 'client_secret', 'path'], } if settings.DEBUG: dsv_inputs['fields'].append( { 'id': 'url_template', 'label': _('URL template'), 'type': 'string', 'default': 'https://{}.secretsvaultcloud.{}/v1', } ) dsv_plugin = CredentialPlugin( 'Thycotic DevOps Secrets Vault', dsv_inputs, lambda **kwargs: SecretsVault(**{k: v for (k, v) in kwargs.items() if k in [field['id'] for field in dsv_inputs['fields']]}).get_secret(kwargs['path']), )
def test_access_token_authorizer(authorizer, env_vars): """Tests that an existing access token can be used to retrieve a secret""" token = authorizer.get_access_token() vault = SecretsVault(env_vars["base_url"], AccessTokenAuthorizer(token)) assert len(VaultSecret(**vault.get_secret("test/sdk/simple")).id) == 36
def vault(authorizer, env_vars): return SecretsVault(env_vars["base_url"], authorizer)
import json from thycotic.secrets.dataclasses import VaultSecret from thycotic.secrets.vault import ( SecretsVault, SecretsVaultAccessError, SecretsVaultError, ) if __name__ == "__main__": with open("test_vault.json") as f: vault = SecretsVault(**json.load(f)) try: secret = VaultSecret(**vault.get_secret("/test/secret")) print(f"""username: {secret.data['username']} password: {secret.data['password']}""") except SecretsVaultAccessError as e: print(e.message) except SecretsVaultError as e: print(e.response.text)
def vault(json): return SecretsVault(**json)