baseplate.context.hvac
¶
Integration with HVAC, a Vault Python client, for advanced Vault features.
See HVAC’s README for documentation on the methods available from its client.
Note
The SecretsStore
handles the most
common use case of Vault in a Baseplate application: secure retrieval of
secret tokens. This client is only necessary when taking advantage of more
advanced features of Vault such as the Transit backend or Cubbyholes.
If these don’t sound familiar, check out the secrets store before digging
in here.
Configuration Parsing¶
-
baseplate.context.hvac.
hvac_factory_from_config
(app_config, secrets_store, prefix=u'vault.')¶ Make an HVAC client factory from a configuration dictionary.
The keys useful to
hvac_factory_from_config()
should be prefixed, e.g.vault.timeout
. Theprefix
argument specifies the prefix used to filter keys.Supported keys:
timeout
: How long to wait for calls to Vault.
Parameters: - app_config (dict) – The raw application configuration.
- secrets_store (baseplate.secrets.SecretsStore) – A configured secrets store from which we can get a Vault authentication token.
- prefix (str) – The prefix for configuration keys.
Classes¶
-
class
baseplate.context.hvac.
HvacContextFactory
(secrets_store, timeout)¶ HVAC client context factory.
This factory will attach a proxy object which acts like an
hvac.Client
to an attribute on the context object. All methods that talk to Vault will be automatically instrumented for tracing and diagnostic metrics.Parameters: - secrets_store (baseplate.secrets.SecretsStore) – Configured secrets store from which we can get a Vault authentication token.
- timeout (datetime.timedelta) – How long to wait for calls to Vault.