Skip to content

Databricks Secret Scope

HashiCorpVaultSecrets

Bases: SecretsInterface

Retrieves and creates/updates secrets in a Hashicorp Vault. For more information about Hashicorp Vaults, see here.

Example

# Retrieves Secrets from HashiCorp Vault

from rtdip_sdk.pipelines.secrets import HashiCorpVaultSecrets

get_hashicorp_secret = HashiCorpVaultSecrets(
    vault="http://127.0.0.1:8200",
    key="{KEY}",
    secret=None,
    credential="{CREDENTIAL}",
    kwargs=None
)

get_hashicorp_secret.get()

# Creates or Updates Secrets in Hashicorp Vault

from rtdip_sdk.pipelines.secrets import HashiCorpVaultSecrets

set_hashicorp_secret = AzureKeyVaultSecrets(
    vault="http://127.0.0.1:8200",
    key="{KEY}",
    secret="{SECRET-TO-BE-SET}",
    credential="{CREDENTIAL}",
    kwargs=None
)

set_hashicorp_secret.set()

Parameters:

Name Type Description Default
vault str

Hashicorp Vault URL

 required
key str

Name/Key of the secret in the Hashicorp Vault

 required
secret str

Secret or Password to be stored in the Hashicorp Vault

 None
credential str

Token for authentication with the Hashicorp Vault

 None
kwargs dict

List of additional parameters to be passed when creating a Hashicorp Vault Client. Please see here for more details on parameters that can be provided to the client

 {}
Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/hashicorp_vault.py 
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
class HashiCorpVaultSecrets(SecretsInterface):
    """
    Retrieves and creates/updates secrets in a Hashicorp Vault. For more information about Hashicorp Vaults, see [here.](https://developer.hashicorp.com/vault/docs/get-started/developer-qs)

    Example
    -------
    ```python
    # Retrieves Secrets from HashiCorp Vault

    from rtdip_sdk.pipelines.secrets import HashiCorpVaultSecrets

    get_hashicorp_secret = HashiCorpVaultSecrets(
        vault="http://127.0.0.1:8200",
        key="{KEY}",
        secret=None,
        credential="{CREDENTIAL}",
        kwargs=None
    )

    get_hashicorp_secret.get()

    ```
    ```python
    # Creates or Updates Secrets in Hashicorp Vault

    from rtdip_sdk.pipelines.secrets import HashiCorpVaultSecrets

    set_hashicorp_secret = AzureKeyVaultSecrets(
        vault="http://127.0.0.1:8200",
        key="{KEY}",
        secret="{SECRET-TO-BE-SET}",
        credential="{CREDENTIAL}",
        kwargs=None
    )

    set_hashicorp_secret.set()
    ```

    Parameters:
        vault (str): Hashicorp Vault URL
        key (str): Name/Key of the secret in the Hashicorp Vault
        secret (str): Secret or Password to be stored in the Hashicorp Vault
        credential (str): Token for authentication with the Hashicorp Vault
        kwargs (dict): List of additional parameters to be passed when creating a Hashicorp Vault Client. Please see [here](https://hvac.readthedocs.io/en/stable/overview.html#initialize-the-client) for more details on parameters that can be provided to the client
    """

    vault: str
    key: str
    secret: str
    credential: str

    def __init__(
        self,
        vault: str,
        key: str,
        secret: str = None,
        credential: str = None,
        kwargs: dict = {},
    ):  # NOSONAR
        self.vault = vault
        self.key = key
        self.secret = secret
        self.credential = credential
        self.kwargs = kwargs
        self.client = self._get_hvac_client()

    @staticmethod
    def system_type():
        """
        Attributes:
            SystemType (Environment): Requires PYTHON
        """
        return SystemType.PYTHON

    @staticmethod
    def libraries():
        libraries = Libraries()
        libraries.add_pypi_library(get_default_package("hashicorp_vault"))
        return libraries

    @staticmethod
    def settings() -> dict:
        return {}

    def _get_hvac_client(self):
        return hvac.Client(url=self.vault, token=self.credential, **self.kwargs)

    def get(self):
        """
        Retrieves the secret from the Hashicorp Vault
        """
        response = self.client.secrets.kv.read_secret_version(path=self.key)
        return response["data"]["data"]["password"]

    def set(self):
        """
        Creates or updates a secret in the Hashicorp Vault
        """
        self.client.secrets.kv.v2.create_or_update_secret(
            path=self.key,
            secret=dict(password=self.secret),
        )
        return True

system_type() staticmethod

Attributes:

Name Type Description
SystemType Environment

Requires PYTHON
Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/hashicorp_vault.py 
87
88
89
90
91
92
93
@staticmethod
def system_type():
    """
    Attributes:
        SystemType (Environment): Requires PYTHON
    """
    return SystemType.PYTHON

get()

Retrieves the secret from the Hashicorp Vault

Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/hashicorp_vault.py 
108
109
110
111
112
113
def get(self):
    """
    Retrieves the secret from the Hashicorp Vault
    """
    response = self.client.secrets.kv.read_secret_version(path=self.key)
    return response["data"]["data"]["password"]

set()

Creates or updates a secret in the Hashicorp Vault

Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/hashicorp_vault.py 
115
116
117
118
119
120
121
122
123
def set(self):
    """
    Creates or updates a secret in the Hashicorp Vault
    """
    self.client.secrets.kv.v2.create_or_update_secret(
        path=self.key,
        secret=dict(password=self.secret),
    )
    return True