Vault Variables

This repository contains a variable lookup plugins for Open Task Framework (OTF) to pull dynamic variables from HashiCorp Vault.

Open Task Framework (OTF) is a Python based framework to make it easy to run predefined file transfers and scripts/commands on remote machines.

This package uses hvac to communicate with Vault.

Credentials can be set via config using specific named variables alongside the protocol definition, or by using environment variables e.g;

"protocol": {
    "name": "local",
    "VAULT_ADDR": "https://vault.example.com:8200",
    "VAULT_TOKEN": "some_token"
}

If these variables are set in the environment, then these will be used if not set elsewhere.

Vault KV Secrets Engine Version

The default version is v1. This can be overridden by setting the environment variable VAULT_API_VER to v2 (or specifying the variable manually)

Variables can be looked up using the vault plugin. This is done using standard Jinja2 syntax e.g;

{
  "name": "my_task",
  "variables": {
    "my_variable": "{{ vault('secret/data/my_secret', key='my_key') }}"
  }
}

If not supplied using the attribute argument, the default key is value. If the key does not exist, the plugin will return an error.

{
  "name": "my_task",
  "variables": {
    "my_variable": "{{ vault('secret/data/my_secret', key='some_key', attribute='password') }}"
  }
}

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
.devcontainer		.devcontainer
.github/workflows		.github/workflows
src/opentaskpy/plugins/lookup/hashicorp		src/opentaskpy/plugins/lookup/hashicorp
tests		tests
.flake8		.flake8
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.yamllint		.yamllint
AUTHORS		AUTHORS
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
README.md		README.md
codecov.yml		codecov.yml
mypy.ini		mypy.ini
pyproject.toml		pyproject.toml