Skip to content

Databricks Secret Scope

HashiCorpVaultSecrets

Bases: SecretsInterface

Reads secrets from a Hashicorp Vault. For more information about Hashicorp Vaults, see here.

Parameters:

Name Type Description Default
vault str

Hashicorp Vault URL

required
key str

Name/Key of the secret in the Hashicorp Vault

required
secret str

Secret or Password to be stored in the Hashicorp Vault

None
credential str

Token for authentication with the Hashicorp Vault

None
kwargs dict

List of additional parameters to be passed when creating a Hashicorp Vault Client. Please see here for more details on parameters that can be provided to the client

{}
Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/hashicorp_vault.py
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
class HashiCorpVaultSecrets(SecretsInterface):
    """
    Reads secrets from a Hashicorp Vault. For more information about Hashicorp Vaults, see [here.](https://developer.hashicorp.com/vault/docs/get-started/developer-qs)

    Args:
        vault (str): Hashicorp Vault URL
        key (str): Name/Key of the secret in the Hashicorp Vault
        secret (str): Secret or Password to be stored in the Hashicorp Vault
        credential (str): Token for authentication with the Hashicorp Vault
        kwargs (dict): List of additional parameters to be passed when creating a Hashicorp Vault Client. Please see [here](https://hvac.readthedocs.io/en/stable/overview.html#initialize-the-client) for more details on parameters that can be provided to the client
    """

    vault: str
    key: str
    secret: str
    credential: str

    def __init__(
        self,
        vault: str,
        key: str,
        secret: str = None,
        credential: str = None,
        kwargs: dict = {},
    ):  # NOSONAR
        self.vault = vault
        self.key = key
        self.secret = secret
        self.credential = credential
        self.kwargs = kwargs
        self.client = self._get_hvac_client()

    @staticmethod
    def system_type():
        """
        Attributes:
            SystemType (Environment): Requires PYTHON
        """
        return SystemType.PYTHON

    @staticmethod
    def libraries():
        libraries = Libraries()
        libraries.add_pypi_library(get_default_package("hashicorp_vault"))
        return libraries

    @staticmethod
    def settings() -> dict:
        return {}

    def _get_hvac_client(self):
        return hvac.Client(url=self.vault, token=self.credential, **self.kwargs)

    def get(self):
        """
        Retrieves the secret from the Hashicorp Vault
        """
        response = self.client.secrets.kv.read_secret_version(path=self.key)
        return response["data"]["data"]["password"]

    def set(self):
        """
        Creates or updates a secret in the Hashicorp Vault
        """
        self.client.secrets.kv.v2.create_or_update_secret(
            path=self.key,
            secret=dict(password=self.secret),
        )
        return True

get()

Retrieves the secret from the Hashicorp Vault

Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/hashicorp_vault.py
74
75
76
77
78
79
def get(self):
    """
    Retrieves the secret from the Hashicorp Vault
    """
    response = self.client.secrets.kv.read_secret_version(path=self.key)
    return response["data"]["data"]["password"]

set()

Creates or updates a secret in the Hashicorp Vault

Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/hashicorp_vault.py
81
82
83
84
85
86
87
88
89
def set(self):
    """
    Creates or updates a secret in the Hashicorp Vault
    """
    self.client.secrets.kv.v2.create_or_update_secret(
        path=self.key,
        secret=dict(password=self.secret),
    )
    return True

system_type() staticmethod

Attributes:

Name Type Description
SystemType Environment

Requires PYTHON

Source code in src/sdk/python/rtdip_sdk/pipelines/secrets/hashicorp_vault.py
53
54
55
56
57
58
59
@staticmethod
def system_type():
    """
    Attributes:
        SystemType (Environment): Requires PYTHON
    """
    return SystemType.PYTHON