VaultAPI
Lightweight API to store/retrieve secrets to/from an encrypted Database
MIT License
VaultAPI
Lightweight API to store/retrieve secrets to/from an encrypted Database
Platform Supported
Deployments
Kick off
Recommendations
- Install
python3.10 or 3.11 - Use a dedicated virtual environment
Install VaultAPI
python -m pip install vaultapi
Initiate - IDE
import vaultapi
if __name__ == '__main__':
vaultapi.start()
Initiate - CLI
vaultapi start
Use
vaultapi --helpfor usage instructions.
Environment Variables
By default,
VaultAPIwill look for a.envfile in the current working directory.
Mandatory
- APIKEY - API Key for authentication.
- SECRET - Secret access key to encode/decode the secrets in Datastore.
Optional (with defaults)
-
TRANSIT_KEY_LENGTH - AES key length for transit encryption. Defaults to
32 -
TRANSIT_TIME_BUCKET - Interval for which the transit epoch should remain constant. Defaults to
60 -
DATABASE - FilePath to store the secrets' database. Defaults to
secrets.db -
HOST - Hostname for the API server. Defaults to
0.0.0.0[OR]localhost -
PORT - Port number for the API server. Defaults to
9010 -
WORKERS - Number of workers for the uvicorn server. Defaults to
1 -
RATE_LIMIT - List of dictionaries with
max_requestsandsecondsto apply as rate limit.
Defaults to 5req/2s [AND] 10req/30s
Optional (without defaults)
- LOG_CONFIG - FilePath or dictionary of key-value pairs for log config.
- ALLOWED_ORIGINS - Origins that are allowed to retrieve secrets.
-
ALLOWED_IP_RANGE - IP range that is allowed to retrieve secrets. (eg:
10.112.8.10-210)
Checkout decryptors for more information about decrypting the retrieved secret from the server.
This value will be used to encrypt/decrypt the secrets stored in the database.
CLI
vaultapi keygen
IDE
from cryptography.fernet import Fernet
print(Fernet.generate_key())
Coding Standards
Docstring format: Google
Styling conventions: PEP 8 and isort
Release Notes
Requirement
python -m pip install gitverse
Usage
gitverse-release reverse -f release_notes.rst -t 'Release Notes'
Linting
pre-commit will ensure linting, run pytest, generate runbook & release notes, and validate hyperlinks in ALL
markdown files (including Wiki pages)
Requirement
python -m pip install sphinx==5.1.1 pre-commit recommonmark
Usage
pre-commit run --all-files
Pypi Package
https://pypi.org/project/VaultAPI/
Docker Image
https://hub.docker.com/r/thevickypedia/vaultapi
Runbook
https://thevickypedia.github.io/VaultAPI/
License & copyright
© Vignesh Rao
Licensed under the MIT License
