Skip to content

Load Vault-injected secrets into Python apps and track their usage.

Notifications You must be signed in to change notification settings

DirectEmployers/vaultpy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Vaultpy

Parse injected Vault secrets and track their usage with Datadog.

Requirements

Setup

For production, use the VAULTPY_SECRETS_PATH environment variable to set the path to the secrets that are injected by the Vault Agent in Kubernetes. This defaults to /vault/secrets/secrets. You will also need to set VAULTPY_ENABLE_VAULT (default false) to use injected secrets rather than loading them from a de_secrets module.

For local development, a de_secrets.py can be used to load secrets in a format not unlike Django settings.

Lastly you can toggle secret access tracking with Datadog via VAULTPY_DATADOG_ENABLE. This defaults to true because we want this in production, but it ought to be disabled in development environments.

Usage

Import vault.secrets and then access the loaded secrets using by accessing dynamic properties loaded into the secrets object (i.e. secrets.FOO).

Example of usage in a settings file:

from vault import secrets

FOO = secrets.FOO
BAR = getattr(secrets, "BAR", "")
BAZ = getattr(secrets, "BAZ")

About

Load Vault-injected secrets into Python apps and track their usage.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages