baseplate.context.hvac

Integration with HVAC, a Vault Python client, for advanced Vault features.

See HVAC’s README for documentation on the methods available from its client.

Note

The SecretsStore handles the most common use case of Vault in a Baseplate application: secure retrieval of secret tokens. This client is only necessary when taking advantage of more advanced features of Vault such as the Transit backend or Cubbyholes. If these don’t sound familiar, check out the secrets store before digging in here.

Configuration Parsing

baseplate.context.hvac.hvac_factory_from_config(app_config, secrets_store, prefix='vault.')

Make an HVAC client factory from a configuration dictionary.

The keys useful to hvac_factory_from_config() should be prefixed, e.g. vault.timeout. The prefix argument specifies the prefix used to filter keys.

Supported keys:

  • timeout: How long to wait for calls to Vault.
Parameters:
  • app_config (dict) – The raw application configuration.
  • secrets_store (baseplate.secrets.SecretsStore) – A configured secrets store from which we can get a Vault authentication token.
  • prefix (str) – The prefix for configuration keys.

Classes

class baseplate.context.hvac.HvacContextFactory(secrets_store, timeout)

HVAC client context factory.

This factory will attach a proxy object which acts like an hvac.Client to an attribute on the context object. All methods that talk to Vault will be automatically instrumented for tracing and diagnostic metrics.

Parameters:
make_object_for_context(name, span)

Return an object that can be added to the context object.