baseplate.clients.hvac
¶
Vault is a high-security store for secret tokens, credentials, and other sensitive information. HVAC is a Python client library for Vault.
Note
The SecretsStore
handles the most
common use case of Vault in a Baseplate application: secure retrieval of
secret tokens. This client is only necessary when taking advantage of more
advanced features of Vault such as the Transit backend or Cubbyholes.
If these don’t sound familiar, check out the secrets store before digging
in here.
Example¶
To integrate HVAC with your application, add the appropriate client declaration to your context configuration:
baseplate.configure_context(
app_config,
{
...
"foo": HvacClient(),
...
}
)
configure it in your application’s configuration file:
[app:main]
...
# optional: how long to wait for calls to vault
foo.timeout = 300 milliseconds
...
and then use it in request:
def my_method(request):
request.foo.is_initialized()
See HVAC’s README for documentation on the methods available from its client.
Configuration¶
-
class
baseplate.clients.hvac.
HvacClient
(secrets)[source]¶ Configure an HVAC client.
This is meant to be used with
baseplate.Baseplate.configure_context()
.See
hvac_factory_from_config()
for available configuration settings.Parameters: secrets ( SecretsStore
) – The configured secrets store for this application.
-
baseplate.clients.hvac.
hvac_factory_from_config
(app_config, secrets_store, prefix='vault.')[source]¶ Make an HVAC client factory from a configuration dictionary.
The keys useful to
hvac_factory_from_config()
should be prefixed, e.g.vault.timeout
. Theprefix
argument specifies the prefix used to filter keys.Supported keys:
timeout
: How long to wait for calls to Vault.- (
Timespan()
)
Parameters: - app_config (
Dict
[str
,str
]) – The raw application configuration. - secrets_store (
SecretsStore
) – A configured secrets store from which we can get a Vault authentication token. - prefix (
str
) – The prefix for configuration keys.
Return type:
Classes¶
-
class
baseplate.clients.hvac.
HvacContextFactory
(secrets_store, timeout)[source]¶ HVAC client context factory.
This factory will attach a proxy object which acts like an
hvac.Client
to an attribute on theRequestContext
. All methods that talk to Vault will be automatically instrumented for tracing and diagnostic metrics.Parameters: - secrets_store (baseplate.lib.secrets.SecretsStore) – Configured secrets store from which we can get a Vault authentication token.
- timeout (datetime.timedelta) – How long to wait for calls to Vault.