This repository contains a variable lookup plugins for Open Task Framework (OTF) to pull dynamic variables from HashiCorp Vault.
Open Task Framework (OTF) is a Python based framework to make it easy to run predefined file transfers and scripts/commands on remote machines.
This package uses hvac
to communicate with Vault.
Credentials can be set via config using specific named variables alongside the protocol definition, or by using environment variables e.g;
"protocol": {
"name": "local",
"VAULT_ADDR": "https://vault.example.com:8200",
"VAULT_TOKEN": "some_token"
}
If these variables are set in the environment, then these will be used if not set elsewhere.
The default version is v1. This can be overridden by setting the environment variable VAULT_API_VER
to v2
(or specifying the variable manually)
Variables can be looked up using the vault
plugin. This is done using standard Jinja2 syntax e.g;
{
"name": "my_task",
"variables": {
"my_variable": "{{ vault('secret/data/my_secret', key='my_key') }}"
}
}
If not supplied using the attribute
argument, the default key is value
. If the key does not exist, the plugin will return an error.
{
"name": "my_task",
"variables": {
"my_variable": "{{ vault('secret/data/my_secret', key='some_key', attribute='password') }}"
}
}