:lock: Python 2.7/3.X client for HashiCorp Vault

Overview

hvac

Header image

HashiCorp Vault API client for Python 3.x

Test codecov Documentation Status PyPI version Twitter - @python_hvac Gitter chat

Tested against the latest release, HEAD ref, and 3 previous minor versions (counting back from the latest release) of Vault. Current official support covers Vault v1.3.10 or later.

Installation

pip install hvac

If you would like to be able to return parsed HCL data as a Python dict for methods that support it:

pip install "hvac[parser]"

Documentation

Additional documentation for this module available at: hvac.readthedocs.io:

Comments
  • tlsv1 alert protocol version

    tlsv1 alert protocol version

    I'm using the hvac package with vault 0.6.1. In my script, I attempt to authenticate against our Vault server with the username/password authentication method:

    import hvac
    
    vault_username = "username"
    vault_pw = "mypassword"
    vault_client.auth_userpass(vault_username, vault_pw)
    

    And I'm getting this error:

    $ ./script.py
    Traceback (most recent call last):
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/packages/urllib3/connectionpool.py", line 595, in urlopen
        chunked=chunked)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/packages/urllib3/connectionpool.py", line 352, in _make_request
        self._validate_conn(conn)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/packages/urllib3/connectionpool.py", line 831, in _validate_conn
        conn.connect()
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/packages/urllib3/connection.py", line 289, in connect
        ssl_version=resolved_ssl_version)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/packages/urllib3/util/ssl_.py", line 308, in ssl_wrap_socket
        return context.wrap_socket(sock, server_hostname=server_hostname)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 377, in wrap_socket
        _context=self)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 752, in __init__
        self.do_handshake()
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 988, in do_handshake
        self._sslobj.do_handshake()
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 633, in do_handshake
        self._sslobj.do_handshake()
    ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:645)
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/adapters.py", line 423, in send
        timeout=timeout
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/packages/urllib3/connectionpool.py", line 621, in urlopen
        raise SSLError(e)
    requests.packages.urllib3.exceptions.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:645)
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "./script.py", line 33, in <module>
        vault_client.auth_userpass(vault_username, vault_pw)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/hvac/v1/__init__.py", line 481, in auth_userpass
        return self.auth('/v1/auth/{0}/login/{1}'.format(mount_point, username), json=params, use_token=use_token)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/hvac/v1/__init__.py", line 600, in auth
        response = self._post(url, **kwargs).json()
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/hvac/v1/__init__.py", line 643, in _post
        return self.__request('post', url, **kwargs)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/hvac/v1/__init__.py", line 664, in __request
        allow_redirects=False, **_kwargs)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/sessions.py", line 475, in request
        resp = self.send(prep, **send_kwargs)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/sessions.py", line 596, in send
        r = adapter.send(request, **kwargs)
      File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/adapters.py", line 497, in send
        raise SSLError(e, request=request)
    requests.exceptions.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:645)
    

    I thought it might be a TLS negotiation mismatch between my client and our Vault server but we aren't explicitly blocking/denying requests on TLSv1.

    Based on the stack trace, it looks like an issue with my Python installation but I'm able to open other SSL sites in my Python environment without any problems:

    $ python
    Python 3.5.2 (v3.5.2:4def2a2901a5, Jun 26 2016, 10:47:25)
    [GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import requests
    >>> requests.get("https://www.howsmyssl.com/a/check")
    <Response [200]>
    
    opened by jcderose 22
  • IAM auth_ec2 doesn't work, and seems like it can't possibly work

    IAM auth_ec2 doesn't work, and seems like it can't possibly work

    According to the Vault documentation for the iam/ec2 auth endpoints, it works like this:

    curl -X POST "http://127.0.0.1:8200/v1/auth/aws/login" -d '{"role":"dev", "iam_http_request_method": "POST", "iam_request_url": "aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8=", "iam_request_body": "QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlZlcnNpb249MjAxMS0wNi0xNQ==", "iam_request_headers": "eyJDb250ZW50LUxlbmd0aCI6IFsiNDMiXSwgIlVzZXItQWdlbnQiOiBbImF3cy1zZGstZ28vMS40LjEyIChnbzEuNy4xOyBsaW51eDsgYW1kNjQpIl0sICJYLVZhdWx0LUFXU0lBTS1TZXJ2ZXItSWQiOiBbInZhdWx0LmV4YW1wbGUuY29tIl0sICJYLUFtei1EYXRlIjogWyIyMDE2MDkzMFQwNDMxMjFaIl0sICJDb250ZW50LVR5cGUiOiBbImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD11dGYtOCJdLCAiQXV0aG9yaXphdGlvbiI6IFsiQVdTNC1ITUFDLVNIQTI1NiBDcmVkZW50aWFsPWZvby8yMDE2MDkzMC91cy1lYXN0LTEvc3RzL2F3czRfcmVxdWVzdCwgU2lnbmVkSGVhZGVycz1jb250ZW50LWxlbmd0aDtjb250ZW50LXR5cGU7aG9zdDt4LWFtei1kYXRlO3gtdmF1bHQtc2VydmVyLCBTaWduYXR1cmU9YTY5ZmQ3NTBhMzQ0NWM0ZTU1M2UxYjNlNzlkM2RhOTBlZWY1NDA0N2YxZWI0ZWZlOGZmYmM5YzQyOGMyNjU1YiJdfQ==" }'
    

    https://www.vaultproject.io/docs/auth/aws.html

    After un-base64-ing that, and formatting it to make it somewhat readable, it looks like:

       curl -X POST "http://127.0.0.1:8200/v1/auth/aws/login" -d '{"role":"dev", \
                  "iam_http_request_method": "POST", \
                   "iam_request_url": "https://sts.amazonaws.com/", \
                    "iam_request_body": "Action=GetCallerIdentity&Version=2011-06-15", \
                    "iam_request_headers": "{"Content-Length": ["43"], \
                   "User-Agent": ["aws-sdk-go/1.4.12 (go1.7.1; linux; amd64)"], \
                   "X-Vault-AWSIAM-Server-Id": ["vault.example.com"], \
                  "X-Amz-Date": ["20160930T043121Z"], \
                  "Content-Type": ["application/x-www-form-urlencoded; charset=utf-8"], \
                   "Authorization": ["AWS4-HMAC-SHA256 Credential=foo/20160930/us-east-1/sts/aws4_request,                       SignedHeaders=content-length;content-type;host;x-amz-date;x-vault-server, \
    Signature=a69fd750a3445c4e553e1b3e79d3da90eef54047f1eb4efe8ffbc9c428c2655b"]}" }'
    
    

    But I'm looking through the hvac code, and auth_ec2 does none of those things.

    In experimenting with it, I'm getting explosions like:

    >> client.auth_ec2(requests.get("http://169.254.169.254/latest/dynamic/instance-identity/pkcs7").text)
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/opt/ops/venv/local/lib/python2.7/site-packages/hvac/v1/__init__.py", line 562, in auth_ec2
        return self.auth('/v1/auth/aws-ec2/login', json=params, use_token=use_token)
      File "/opt/ops/venv/local/lib/python2.7/site-packages/hvac/v1/__init__.py", line 787, in auth
        response = self._post(url, **kwargs).json()
      File "/opt/ops/venv/local/lib/python2.7/site-packages/hvac/v1/__init__.py", line 947, in _post
        return self.__request('post', url, **kwargs)
      File "/opt/ops/venv/local/lib/python2.7/site-packages/hvac/v1/__init__.py", line 986, in __request
        self.__raise_error(response.status_code, text, errors=errors)
      File "/opt/ops/venv/local/lib/python2.7/site-packages/hvac/v1/__init__.py", line 992, in __raise_error
        raise exceptions.InvalidRequest(message, errors=errors)
    hvac.exceptions.InvalidRequest: missing client token
    

    Missing client token is not what it should be responding. But then, hvac doesn't appear to actually be even trying to authenticate properly, so the server appears to be trying to authenticate it with the default (token) auth.

    Does this auth_ec2 even work? Or am I missing something very obvious and fundamental?

    bug 
    opened by kenrestivo-stem 21
  • Add Support For kv Version 2 Secret Engine

    Add Support For kv Version 2 Secret Engine

    Failing example from the README:

    >>> import os, hvac
    >>> client = hvac.Client(url='http://localhost:8200', token='foobar')
    >>> client.is_authenticated()
    True                                                                                                                                           
    >>> client.write('secret/foo', baz='bar', lease='1h')
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/usr/lib/python3.6/site-packages/hvac/v1/__init__.py", line 64, in write
        response = self._put('/v1/{0}'.format(path), json=kwargs, wrap_ttl=wrap_ttl)
      File "/usr/lib/python3.6/site-packages/hvac/v1/__init__.py", line 1242, in _put
        return self.__request('put', url, **kwargs)
      File "/usr/lib/python3.6/site-packages/hvac/v1/__init__.py", line 1278, in __request
        self.__raise_error(response.status_code, text, errors=errors)
      File "/usr/lib/python3.6/site-packages/hvac/v1/__init__.py", line 1290, in __raise_error
        raise exceptions.InvalidPath(message, errors=errors)
    hvac.exceptions.InvalidPath: {"request_id":"494d7306-ede4-bc4f-47d5-747bff182df3","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put' for this operation."],"auth":null}
    >>> print(client.read('secret/foo'))
    None
    >>>
    

    For reference, here's the cli - correct call (vault kv put/vault kv get) and incorrect call (vault write; produces the same error):

    % vault kv put secret/bar baz=qux  
    Key              Value
    ---              -----
    created_time     2018-05-22T11:08:01.003383998Z
    deletion_time    n/a
    destroyed        false
    version          1
    % vault kv get secret/bar
    ====== Metadata ======
    Key              Value
    ---              -----
    created_time     2018-05-22T11:08:01.003383998Z
    deletion_time    n/a
    destroyed        false
    version          1
    
    === Data ===
    Key    Value
    ---    -----
    baz    qux
    % vault write secret/baz qux=quux 
    Error writing data to secret/baz: Error making API request.
    
    URL: PUT http://127.0.0.1:8200/v1/secret/baz
    Code: 404. Errors:
    
    
    WARNING! The following warnings were returned from Vault:
    
      * Invalid path for a versioned K/V secrets engine. See the API docs for the
      appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'
      for this operation.
    %
    

    Tested on Linux, using hvac 0.5.0 and python 2.7.15 and 3.6.5.

    opened by wknapik 17
  • Document Examples of Access Key Retrieval for AWS IAM Auth Usage

    Document Examples of Access Key Retrieval for AWS IAM Auth Usage

    [Moving this discussion from https://github.com/ianunruh/hvac/pull/155#issuecomment-400119225 into an issue for visibility. cc: @RevolutionTech]

    re: https://github.com/ianunruh/hvac/pull/170

    Sorry if this is a stupid question, but since the API in https://github.com/ianunruh/hvac/pull/170 now requires an access key ID and a secret access key, is there any way we can use IAM auth without having those at runtime? For the application I work on, we store those credentials in Vault currently.

    I realize that we can infer credentials with boto3 using the following code:

    import boto3
    session = boto3.Session()
    credentials = session.get_credentials()
    print(credentials.access_key, credentials.secret_key)
    

    but boto3 attempts to collect the access key and secret key from many different locations (such as environment variables, and from ~/.aws/credentials) before it ultimately uses the IAM role, so if we were to rely on this we may not collect the credentials that correspond to the IAM role we want.

    Is there some other way to extract an access key and secret key from an IAM role that I'm missing?

    opened by jeffwecan 16
  • Drop Python2 support

    Drop Python2 support

    I understand that it may be too early to actually drop Python 2 support, because still ~ 40% of downloads come from Python 2 (according to PyPI stats). But it might be a good idea to announce plans in advance and tell users which version of hvac will be the latest with Python 2 support. Does the hvac project have any plan on this matter?

    meta 
    opened by and-semakin 14
  • Add Active Directory Secrets Engine Support

    Add Active Directory Secrets Engine Support

    Module for Active directory which will help us to manage AD through automation I will also update hvac/hvac/api/secrets_engines/init.py to support ad.py

    skip-changelog 
    opened by vamshideveloper 14
  • KV2 engine and restrictive policy leads to strange behaviour

    KV2 engine and restrictive policy leads to strange behaviour

    I have the following policy:

    "paths": {
    (...)
            "secret/data/foo/bar/*": {
                "allowed_parameters": {
                    "x": [],
                    "y": [],
                    "z": []
                },
                "capabilities": [
                    "create",
                    "read",
                    "update",
                    "delete",
                    "list"
                ],
    (...)
    }
    

    The following works fine: vault write secret/data/foo/bar/baz x=1 y=2 z=3.

    However, using the same exact token in hvac:

    >>> client.secrets.kv.v2.create_or_update_secret('foo/bar/baz', secret = {'x': '1', 'y': '2', 'z': '3'})
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/home/[REDACTED]/.local/lib/python3.7/site-packages/hvac/api/secrets_engines/kv_v2.py", line 122, in create_or_update_secret
        json=params,
      File "/home/[REDACTED]/.local/lib/python3.7/site-packages/hvac/adapters.py", line 106, in post
        return self.request('post', url, **kwargs)
      File "/home/[REDACTED]/.local/lib/python3.7/site-packages/hvac/adapters.py", line 276, in request
        utils.raise_for_error(response.status_code, text, errors=errors)
      File "/home/[REDACTED]/.local/lib/python3.7/site-packages/hvac/utils.py", line 33, in raise_for_error
        raise exceptions.Forbidden(message, errors=errors)
    hvac.exceptions.Forbidden: 1 error occurred:
    	* permission denied
    

    I did a tcpdump (since it was to an HTTP Vault server on localhost), and found that the Vault CLI client does e.g. (real values have been replaced):

    PUT /v1/secret/data/foo/bar/baz HTTP/1.1
    Host: 127.0.0.1:8200
    User-Agent: Go-http-client/1.1
    Content-Length: [REDACTED FOR DEMO]
    X-Vault-Token: [REDACTED FOR DEMO]
    Accept-Encoding: gzip
    
    {"x":"1","y":"2","z":"3"}
    

    BUT the client.secrets.kv.v2.create_or_update_secret call does e.g. this (actual values replaced):

    POST /v1/secret/data/foo/bar/baz HTTP/1.1
    Host: localhost:8200
    User-Agent: python-requests/2.21.0
    Accept-Encoding: gzip, deflate
    Accept: */*
    Connection: keep-alive
    X-Vault-Token: [REDACTED FOR DEMO]
    Content-Length: [REDACTED FOR DEMO]
    Content-Type: application/json
    
    {"options": {}, "data": {"x": "1", "y": "2", "z": "3"}}
    

    Notable differences are a POST vs. PUT, and the structure of the payload.

    For whatever reason, this causes a permission denied error (403) for hvac, but the vault client succeeds.

    At a guess, maybe the docs are wrong? As the Vault client does not seem to conform to the docs (but hvac does).

    Are you able to replicate?

    bug kv 
    opened by johnnybubonic 14
  • Make returned responses more consistent

    Make returned responses more consistent

    This is another big PR so apologies in advance. This PR fixes issue #525 and arises from the discussion therein.

    This PR does one thing: create a new JSONAdapter and makes it the default. The "JSON adapter" works just like the previous "Request" adapter except the return value uses the following logic:

    if response.status_code == 200:
        try:
            return response.json()
        except ValueError:
            pass
    return response
    

    The net result is that all client functions now have consistent logic regarding what they return. As a result, all instances of the following client logic have been removed:

    return response.json()
    

    and

    if response.status_code == 204:
        return response
    else:
        return response.json()
    

    This will likely cause some breaking changes for some users, especially with regards to the direct client.[read,list,write,delete] methods as they will no longer throw a ValueError from assuming the response always contains a JSON body.

    misc breaking-change 
    opened by llamasoft 13
  • Drop Python 2 and EOL Python 3 versions

    Drop Python 2 and EOL Python 3 versions

    This builds on #739 and closes #582.

    I think besides dropping Python 2 support, Python 3.6 and older should be dropped as well as they are EOL. This library should track with Python version support.

    Same TODO as mentioned in #739

    • [x] Validate expected behavior installing the module in both Python 2.7 and 3.x using test.pypi.org before shipping this!
    breaking-change 
    opened by colin-pm 11
  • list_policy call fails with policies key not found

    list_policy call fails with policies key not found

    https://github.com/hvac/hvac/blob/master/hvac/v1/init.py#L687

    The latest version of vault does not seem to return the same json.

    There seems to be a similar change with list_auth_backends but that doesn't throw an exception. I'll submit something if I'm not missing something.

    opened by TerryHowe 11
  • KV version 2 no handler for route 'secret/data/kv'

    KV version 2 no handler for route 'secret/data/kv'

    I am getting hvac.exceptions.InvalidPath: no handler for route 'secret/data/kv' error while trying to read KV 2 via hvac.

    does anyone run into the same problem?

    hvac==0.9.2

    vault 1.1.2

    CentOS 7.6

    cat /etc/vault.d/vault_main.hcl

    cluster_name = "dc1" max_lease_ttl = "768h" default_lease_ttl = "768h"

    disable_clustering = "False" cluster_addr = "http://127.0.0.1:8201" api_addr = "http://127.0.0.1:8200"

    plugin_directory = "/usr/local/lib/vault/plugins"

    listener "tcp" { address = "127.0.0.1:8200" cluster_address = "127.0.0.1:8201" tls_disable = "true" }

    storage "file" { path = "/var/vault" }ui = true

    #!/usr/bin/python

    import hvac

    client = hvac.Client(url='http://127.0.0.1:8200', token='')

    print client.is_authenticated()

    secret_version_response = client.secrets.kv.v2.read_secret_version( path='kv', )

    True Traceback (most recent call last): File "./p1.py", line 10, in path='kv', File "/usr/lib/python2.7/site-packages/hvac/api/secrets_engines/kv_v2.py", line 85, in read_secret_version params=params, File "/usr/lib/python2.7/site-packages/hvac/adapters.py", line 90, in get return self.request('get', url, **kwargs) File "/usr/lib/python2.7/site-packages/hvac/adapters.py", line 272, in request utils.raise_for_error(response.status_code, text, errors=errors) File "/usr/lib/python2.7/site-packages/hvac/utils.py", line 36, in raise_for_error raise exceptions.InvalidPath(message, errors=errors) hvac.exceptions.InvalidPath: no handler for route 'secret/data/kv'

    kv 
    opened by thefossgeek 10
  • Unable to generate_credentials() for an AWS secret engine STS endpoint

    Unable to generate_credentials() for an AWS secret engine STS endpoint

    I get the following error when I try to get credentials from an sts endpoint. Below is the error.

    Response { "errorMessage": "Error assuming role: InvalidParameter: 1 validation error(s) found.\n- minimum field value of 900, AssumeRoleInput.DurationSeconds.\n, on put https://vault.endpoint.com/v1/aws/sts/vault-policy", "errorType": "InvalidRequest", "stackTrace": [ " File "/var/task/lambda_function.py", line 54, in lambda_handler\n print(hvac.api.secrets_engines.Aws.generate_credentials(client, 'lambda_china_staging', role_arn='arn:aws:iam::1234567890:role/VaultAssumeRoleDummy', endpoint='sts', ttl='3600s'))\n", " File "/var/task/hvac/api/secrets_engines/aws.py", line 397, in generate_credentials\n params=params,\n", " File "/var/task/hvac/adapters.py", line 139, in put\n return self.request("put", url, **kwargs)\n", " File "/var/task/hvac/adapters.py", line 369, in request\n response = super().request(*args, **kwargs)\n", " File "/var/task/hvac/adapters.py", line 336, in request\n method, url, response.status_code, text, errors=errors\n", " File "/var/task/hvac/utils.py", line 36, in raise_for_error\n raise exceptions.InvalidRequest(message, errors=errors, method=method, url=url)\n" ] } Request: hvac.api.secrets_engines.Aws.generate_credentials(client, 'lambda_china_staging', role_arn='arn:aws:iam::1234567890:role/VaultAssumeRoleDummy', endpoint='sts', ttl='3600s')

    opened by sunchill06 0
  • Error when trying to install hvac dependencies (pyhcl)

    Error when trying to install hvac dependencies (pyhcl)

    I'm building a AWS Lambda Layer to share between my lambdas. To create the lambda layer package and upload to my S3 bucket I'm using the following script:

    #!/usr/bin/env bash
    
    bucket_name="$1"
    lambda_layer_package="$2"
    
    python3 -m venv python
    
    . './python/bin/activate'
    
    python3 -m pip install \
        -r 'requirements.txt' \
        --trusted-host 'artifactory.myhost.com' \
        --proxy 'http://myproxy.myhost.com:3128' \
        --index-url 'https://artifactory.myhost.com/artifactory/api/pypi/pypi.org/simple'
    
    deactivate
    
    rm -rf './python/bin'
    rm -rf './python/include'
    rm -rf './python/pyvenv.cfg'
    
    zip -r "${lambda_layer_package}" './python' &>/dev/null
    
    aws s3 cp \
        "${lambda_layer_package}" \
        "s3://${bucket_name}/lambda_layers/${lambda_layer_package}" \
        --acl 'private' 
    

    I have another lambda layer that uses this same script to create a layer with boto3, jinja2 and requests and everything works fine, but when I add hvac in my requirements.txt i get the error below:

    Looking in indexes: https://artifactory.myhost.com/artifactory/api/pypi/pypi.org/simple
    Collecting boto3
      Downloading https://artifactory.myhost.com/artifactory/api/pypi/pypi.org/packages/packages/27/8e/ebd5c9bff881ba6bbc7d9a6e00766f6052a9b8579cc19a7ddafedc1500b9/boto3-1.26.38-py3-none-any.whl (132 kB)
         ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 132.7/132.7 KB 5.5 MB/s eta 0:00:00
    Collecting hvac
      Downloading https://artifactory.myhost.com/artifactory/api/pypi/pypi.org/packages/packages/8d/43/6532046afa7b20c352d2a8b68de1d1fd350104024edfb00bf486801712af/hvac-1.0.2-py3-none-any.whl (143 kB)
         ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 143.5/143.5 KB 9.8 MB/s eta 0:00:00
    Collecting jmespath<2.0.0,>=0.7.1
      Downloading https://artifactory.myhost.com/artifactory/api/pypi/pypi.org/packages/packages/31/b4/b9b800c45527aadd64d5b442f9b932b00648617eb5d63d2c7a6587b7cafc/jmespath-1.0.1-py3-none-any.whl (20 kB)
    Collecting botocore<1.30.0,>=1.29.38
      Downloading https://artifactory.myhost.com/artifactory/api/pypi/pypi.org/packages/packages/5e/35/c0660215b73e23e7edc84002d5c12a23208c5d4dcee9248d4b4d1a313860/botocore-1.29.38-py3-none-any.whl (10.3 MB)
         ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 10.3/10.3 MB 46.6 MB/s eta 0:00:00
    Collecting s3transfer<0.7.0,>=0.6.0
      Downloading https://artifactory.myhost.com/artifactory/api/pypi/pypi.org/packages/packages/5e/c6/af903b5fab3f9b5b1e883f49a770066314c6dcceb589cf938d48c89556c1/s3transfer-0.6.0-py3-none-any.whl (79 kB)
         ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 79.6/79.6 KB 1.6 MB/s eta 0:00:00
    Collecting pyhcl<0.5.0,>=0.4.4
      Downloading https://artifactory.myhost.com/artifactory/api/pypi/pypi.org/packages/packages/91/b0/dd4f1d01b77be3b66d9f550ed958b68fa553764be1d27c7d604906c06b42/pyhcl-0.4.4.tar.gz (61 kB)
         ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 61.1/61.1 KB 3.9 MB/s eta 0:00:00
      Installing build dependencies: started
      Installing build dependencies: still running...
      Installing build dependencies: still running...
      Installing build dependencies: still running...
      Installing build dependencies: finished with status 'error'
      error: subprocess-exited-with-error
      
      × pip subprocess to install build dependencies did not run successfully.
      │ exit code: 1
      ╰─> [8 lines of output]
          Looking in indexes: https://artifactory.myhost.com/artifactory/api/pypi/pypi.org/simple
          WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f7724a00220>, 'Connection to artifactory.myhost.com timed out. (connect timeout=15)')': /artifactory/api/pypi/pypi.org/simple/setuptools/
          WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f772426bd60>, 'Connection to artifactory.myhost.com timed out. (connect timeout=15)')': /artifactory/api/pypi/pypi.org/simple/setuptools/
          WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f772426b1f0>, 'Connection to artifactory.myhost.com timed out. (connect timeout=15)')': /artifactory/api/pypi/pypi.org/simple/setuptools/
          WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f772426b610>, 'Connection to artifactory.myhost.com timed out. (connect timeout=15)')': /artifactory/api/pypi/pypi.org/simple/setuptools/
          WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f7723c26c10>, 'Connection to artifactory.myhost.com timed out. (connect timeout=15)')': /artifactory/api/pypi/pypi.org/simple/setuptools/
          ERROR: Could not find a version that satisfies the requirement setuptools (from versions: none)
          ERROR: No matching distribution found for setuptools
          [end of output]
      
      note: This error originates from a subprocess, and is likely not a problem with pip.
    error: subprocess-exited-with-error
    
    × pip subprocess to install build dependencies did not run successfully.
    │ exit code: 1
    ╰─> See above for output.
    
    note: This error originates from a subprocess, and is likely not a problem with pip.
    

    If I look into my artifactory repository, accessing the path https://artifactory.myhost.com/artifactory/api/pypi/pypi.org/simple/setuptools/, setuptools exists from the oldest version to the recent 65.6.3.

    opened by giulianisanches 0
  • Listing namespaces causes exception, if none are present

    Listing namespaces causes exception, if none are present

    When listing namespaces the API throws an exception if no namespaces are found.

    Example Code:

    try:
        ns_client = hvac.Client(url="https://vault.company.org", namespace="some_namespace", token="some_token")
        sub_namespaces = ns_client.sys.list_namespaces()
    except Exception as e:
        import traceback
        logging.error(f"Err: {e}")
        print(traceback.format_exc())
    

    yields:

    2022-12-20 14:17:18,461 - DEBUG - https://vault.company.org:443 "LIST /v1/sys/namespaces HTTP/1.1" 404 14
    2022-12-20 14:17:18,462 - ERROR - Err: None, on list https://vault.company.org/v1/sys/namespaces
    Traceback (most recent call last):
      File "C:\Path\to\Project\sync_vault_config.py", line 56, in get_namespaces
        sub_namespaces = ns_client.sys.list_namespaces()
      File "C:\Path\to\Project\venv\lib\site-packages\hvac\api\system_backend\namespace.py", line 30, in list_namespaces
        return self._adapter.list(
      File "C:\Path\to\Project\venv\lib\site-packages\hvac\adapters.py", line 164, in list
        return self.request("list", url, **kwargs)
      File "C:\Path\to\Project\venv\lib\site-packages\hvac\adapters.py", line 356, in request
        response = super().request(*args, **kwargs)
      File "C:\Path\to\Project\venv\lib\site-packages\hvac\adapters.py", line 322, in request
        utils.raise_for_error(
      File "C:\Path\to\Project\venv\lib\site-packages\hvac\utils.py", line 42, in raise_for_error
        raise exceptions.InvalidPath(message, errors=errors, method=method, url=url)
    hvac.exceptions.InvalidPath: None, on list https://vault.company.org/v1/sys/namespaces
    

    The API works as intended as long as namespaces are found, the error only occurs when the API yields a 404. When looking into the Vault CLI / UI they simply show an empty list / nothing.

    Maybe hvac could return either None or [] in case of non-existing namespaces?

    opened by mdegel 0
  • Drop 3.6 from CI jobs

    Drop 3.6 from CI jobs

    Drops 3.6 from CI as it is not supported by the latest os images. Since 3.6 will soon be dropped, now is as good of a time as any to update the jobs.

    Signed-off-by: Colin McAllister [email protected]

    CI/CD 
    opened by colin-pm 1
  • kv2.patch() function requires get capability

    kv2.patch() function requires get capability

    The patch function in hvac requires the get role capability in associated policy to run successfully, which shouldn't be the case. The patch capability should be enough to run the patch function(vault kv patch works as expected with the patch capability role).

    Screenshot of the error: Screenshot 2022-12-13 at 5 24 54 AM

    opened by rakshitzen 0
Releases(v1.0.2)
  • v1.0.2(Sep 19, 2022)

  • v1.0.1(Sep 18, 2022)

    🐛 Bug Fixes

    • Add role_name parameter to auth.token.create_orphan. GH-891
    • docs: Add RTD config. GH-894

    📚 Documentation

    • docs: Add RTD config. GH-894
    Source code(tar.gz)
    Source code(zip)
  • v1.0.0(Sep 16, 2022)

    • Update changelog for 1.0.0 release. GH-890
    • CI: Update Vault versions for integration tests. GH-884
    • Tests: Handle 204 response in jwt test. GH-881
    • Tests: Fix kubernetes integration test. GH-880
    • Tests: Fix broken oidc test. GH-879
    • Tests: Fix Azure test failure. GH-878
    • Tests: Handle different response due to upstream change. GH-876
    • Tests: Fix Github auth tests. GH-875
    • Test utils: Fix OTP length for Vault >=1.10.0. GH-872
    • Test utils: Migrate to packaging module's Version. GH-871
    • Integration Tests: Fix GCP test error. GH-870
    • build-test: Fix windows job. GH-845
    • build-test: Add test. GH-844
    • Bump version: 0.11.2 → 1.0.0. GH-829

    💥 Breaking Changes

    • Legacy MFA: Move mfa authentication method to legacy MFA method. GH-883
    • Remove deprecated methods. GH-868
    • Remove redundant code for Python <= 3.5. GH-822
    • Drop Python 2 and EOL Python 3 versions. GH-819

    🚀 Features

    • Token: Add create orphaned token method. GH-869
    • Allow configuring the possible salt lengths for RSA PSS signatures. GH-846
    • ssh: Add secret engine. GH-811

    🐛 Bug Fixes

    • setup.py: Add encoding for long_description. GH-843
    • Don't override user warning filters. GH-818

    📚 Documentation

    • Migrate to Poetry. GH-854
    • docs(auth-methods): update kubernetes. GH-837
    • README: Remove help wanted note. GH-848
    • Update kubernetes authentication example. GH-827

    🧰 Miscellaneous

    • .gitignore: Add vscode config directory. GH-867
    • Add stock version-resolver cfg for release-drafter. GH-836
    • Release drafter tweaks. GH-835
    • Add commitish to release-drafter.yml. GH-832
    • Bump dependencies. GH-826
    • Readding 3.6 support. GH-823
    • Add support for Python 3.10. GH-821
    • Fix CI. GH-812
    Source code(tar.gz)
    Source code(zip)
  • v0.11.2(Sep 23, 2021)

    Breakfix release to revert some unintended post-1.0 requirements changes.

    🐛 Bug Fixes

    • Revert six & requests Requirements Changes . GH-768
    Source code(tar.gz)
    Source code(zip)
  • v0.11.1(Sep 22, 2021)

    💥 Breaking Changes

    • Note: This is actually and truly (😝) intended to by the last hvac release supporting Python 2.7.

      Starting with hvac version 1.0.0, Python versions >=3.6 will be the only explictly supported versions.

    • Requirements - Cleanup & Upgrades (install_requires => requests>=2.25.1 ). GH-741

    🚀 Features

    • Add X-Vault-Request header to all requests by default. GH-762
    • Add token_type to kubernetes auth create_role. GH-760
    • jwt: use login adapter and add use_token param. GH-746

    🐛 Bug Fixes

    • Fix Passing of cert Parameter From Client into Adapter Class. GH-743
    • Removed vestigial accessor parameter from auth token revoke_self. GH-744
    • Fix Client TLS verify Behavior . GH-745
    • Fix incorrect recovery key backup path. GH-749

    Thanks to @Tylerlhess, @anhdat, @ayav09, @bobmshannon, @bpatterson971, @briantist, @cmanfre4, @jeffwecan, Chris Manfre and tyhess for their lovely contributions..

    Source code(tar.gz)
    Source code(zip)
  • v0.11.0(Jul 12, 2021)

    💥 Breaking Changes

    • Note: This is intended to by the last hvac release supporting Python 2.7.

      Starting with hvac version 1.0.0, Python versions >=3.6 will be the only explicitly supported versions.

    • Userpass: Add use_token param on login(), Accept passthrough **kwargs on create user . GH-733

    🚀 Features

    • Support CA-related Environment Variables. GH-735
    • Migrate Token Auth Methods to Dedicated Class. GH-734
    • Allow Omission of Password Argument on Userpass create_or_update_user(). GH-714
    • Add token_ttl & token_max_ttl Arguments to ldap.configure(). GH-707

    🐛 Bug Fixes

    • Fix Cert.login() handling of use_token argument. GH-720
    • Use PUTs for AWS Secrets Engine STS Requests. GH-718

    🧰 Miscellaneous

    • Add deprecation notices for Client() k8s methods. GH-732
    • Add deprecation notices for Client() approle methods. GH-731
    • Deprecate AppID-related Client() Methods. GH-730
    • Update Deprecated Usage In Documentation & Tests. GH-728
    • Add python_requires='>=2.7' to setuptools Metadata. GH-727
    • Transition to black Formatting + Updated PR Actions Workflow. GH-726

    Thanks to @el-deano, @intgr, @jeffwecan, @pjaudiomv, @tp6783 and tyhess for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.14(May 21, 2021)

  • v0.10.13(May 20, 2021)

    🐛 Bug Fixes

    • Refactor Cert.login() Conditional for Python 2.7 Syntax Support. GH-708

    Thanks to @jeffwecan for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.12(May 19, 2021)

    🚀 Features

    • Add default to group_type argument in update_group and create_or_update_group_by_name. GH-703
    • Add Certificate Authentication Methods. GH-691

    Thanks to @Tylerlhess, @jeffwecan, @matusf, @mblau-leaffilter and tyhess for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.11(May 7, 2021)

    🚀 Features

    • Expand Transform class to include new(ish) tokenization methods. GH-696
    • Add delete_version_after KvV2 Param - configure() / `update_metadata(). GH-694

    🧰 Miscellaneous

    • Bump versions of Vault used in CI workflows. GH-695

    Thanks to @jeffwecan for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.10(Apr 29, 2021)

    🚀 Features

    • AWS Secrets Engine: Add support for iam_tags when creating roles. GH-684
    • Add Active Directory generate credential capability. GH-657
    • Add policies Parameter to Userpass create_or_update_user() Method. GH-562
    • Add handling of unsupported HTTP methods inside adapter. GH-689
    • Add Convenience read_secret() Method for KVv2 Class. GH-686

    🧰 Miscellaneous

    • Set daemon attribute instead of using setDaemon method that was deprecated in Python 3.10. GH-688

    Thanks to @jeffwecan, @mblau-leaffilter, @nicholaswold, @sshishov, @tirkarthi, @tomwerneruk and @vamshideveloper for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.9(Apr 2, 2021)

    🐛 Bug Fixes

    • Send AppRole generate_secret_id Method Metadata Parameter as String. GH-680

    📚 Documentation

    • Fix lambda authentication example in aws auth documentation. GH-675
    • Docs(secret_engines/pki): Remove 'self' from examples. GH-676

    Thanks to @JPoser, @fhemberger, @jeffwecan, @lperdereau and jposer for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.8(Feb 8, 2021)

    🚀 Features

    • K8s Auth: Allow wildcards for service account and namespace. GH-669
    • Add token_type support to create_kubernetes_role. GH-664

    Thanks to @blag, @devlounge, @jeffwecan and @jonZlotnik for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.7(Feb 1, 2021)

  • v0.10.6(Dec 18, 2020)

    🚀 Features

    • Enable response wrapping of PKI secrets. GH-649
    • Add auth_methods module to support AppRole. GH-637
    • Fix oidc login and add working example. GH-638
    • Add rabbitmq vhost_topics parameter. GH-626

    🐛 Bug Fixes

    • Template "auth method not implemented" error message. GH-651
    • Fix health.py read_health_status GET method. GH-653
    • Fix transit constants for "generate_data_key". GH-632
    • Fix PUT method in secrets engine kv_v1 to use PUT instead of POST. GH-629
    • Remove Erroneous json() Calls In rabbitmq Class. GH-624

    📚 Documentation

    • Fix oidc login and add working example. GH-638

    🧰 Miscellaneous

    • Update health.py to match new Vault API query parameters. GH-635
    • Remove Consul Secrets Engine create_or_update_role Policy Type Validation. GH-636

    Thanks to @Angeall, @JJCella, @briantist, @derBroBro, @discogestalt, @dogfish182, @el-deano, @ghTravis, @godara01, @jeffwecan, @leongyh, @phickey, @tienthanh2509, @tmcolby and @trixpan for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.5(Jul 26, 2020)

    🚀 Features

    • Add JWT/OIDC Authentication Method Classes. GH-613
    • Add Identity Tokens Methods and Documentation. GH-611
    • Add P-521 to list of allowed key types. GH-608
    • Add P-384 and RSA-3072 to list of allowed key types. GH-606

    🐛 Bug Fixes

    • Options not read by tune_mount_configuration. GH-603

    📚 Documentation

    • Add Autodoc Summaries. GH-612
    • Correct Return Type Docstrings Within Transit Class. GH-609
    • Transit engine docs for Encrypt Data now refer to encrypt_data. GH-601

    🧰 Miscellaneous

    • Update Vault version test matrix / Oldest Support Vault Version. GH-610

    Thanks to @akdor1154, @jeffwecan, @ns-jshilkaitis and @trishankatdatadog for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.4(Jun 16, 2020)

    🚀 Features

    • Extract "renew_self_token" from "renew_token". GH-598
    • Add convenience step_down sys backend method. GH-597

    📚 Documentation

    • Update AWS Auth Docs With Latest Usage . GH-599

    Thanks to @jeffwecan, @jm96441n and @pnijhara for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.3(May 24, 2020)

    🚀 Features

    • Add Support For use_token_groups In LDAP Auth Method. GH-591
    • Add Raft System Backend Methods. GH-594

    Thanks to @finarfin and @jeffwecan for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.2(May 19, 2020)

    🚀 Features

    • Add vault rekey verification methods. GH-586
    • Add request data to exception objects. GH-583
    • Add marshaling_algorithm to sign/verify params. GH-584
    • Create_role_secret_id: add token_bound_cidrs parameter. GH-585
    • Add issuer to kubernetes configuration. GH-575

    🐛 Bug Fixes

    • Remove json() calls (unneeded following JSONAdapter addition). GH-589

    📚 Documentation

    • Fix format errors in contributing for HTML docs. GH-577

    Thanks to @TerryHowe, @and-semakin, @jeffwecan, @jschlyter, @jzck, @mdelaney and @scarabeusiv for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.1(Apr 7, 2020)

    💥 Breaking Changes

    • Make returned responses more consistent. GH-537

    Note: GH-537 changes some methods' return types from None to a request.Response instance. For instance the client.secrets.identity.lookup_entity now returns a Response[204] (truthy) value instead of None (falsy) when the lookup returns no results. This change was made to simplify maintenance of response parsing within the hvac code base.

    🚀 Features

    • Add support for Transform secrets engine. GH-569

    🐛 Bug Fixes

    • Fix "Exception: member entities can't be set manually for external groups". GH-558

    Thanks to @jeffwecan, @llamasoft and @msuszko for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.10.0(Feb 27, 2020)

    🚀 Features

    • Add a correct endpoint for CRL retrieving . GH-547

    📚 Documentation

    • Fixes close quotes in example usage of read_secret_version. GH-557
    • Fixes typo in docs: much -> must. GH-555

    🧰 Miscellaneous

    • Don't send optional parameters unless explicitly specified. GH-533

    Note: GH-533 includes fundamental behavior involving sending parameters to API requests to Vault. Many hvac method parameters that would have been sent with default arguments no longer are included in requests to Vault. Notably, the following behavioral changes should be expected (copied from the related PR comments):

    Azure:

    • CHANGED: create_role parameter policies now accepts CSV string or list of strings

    Database:

    • CHANGED: create_role documentation updated to something meaningful 🙃

    GCP:

    • configure parameter google_certs_endpoint is deprecated
    • create_role parameter project_id is deprecated by bound_projects (list)

    GitHub:

    • configure is missing a lot of parameters

    LDAP:

    • CHANGED: configure parameters user_dn and group_dn made optional
      • Retained argument position to prevent being a breaking change
    • CHANGED: hvac/constants/ldap.py file removed as it is no longer used

    MFA:

    • This entire endpoint is deprecated so I didn't bother updating it

    Okta:

    • CHANGED: configure parameter base_url default value now differs from API documentation
    • register_user, read_user, and delete_user duplicate URL parameter username in JSON payload
      • I left this one as-is as it doesn't appear to hurt anything
    • Ditto for delete_group, but register_group and list_group correctly omit it

    PKI:

    • CHANGED: sign_data and verify_signed_data optional parameter marshaling_algorithm added

    RADIUS:

    • configure is missing a lot of parameters
    • BUG: register_user attempted to convert username string into a CSV list (?!) for POST data
      • Didn't hurt anything as username is extracted from URL path in Vault server
    • BUG: register_user parameter policies never actually passed as parameter

    System Backend:

    • Auth
      • enable_auth_method parameter plugin_name is deprecated
      • CHANGED: enable_audit_device optional parameter local was added
    • Init
      • initialize provides default for required API parameters secret_shares and secret_threshold
    • Key
      • start_root_token_generation parameter otp is deprecated

    Misc:

    • There seems to be some discrepancy on how "extra arguments" are accepted:
      • Some methods use only **kwargs (e.g. hvac/api/system_backend/auth.py)
      • Some use *args and **kwargs (e.g. hvac/api/secrets_engines/active_directory.py)
      • hvac/api/secrets_engines/pki.py uses extra_params={}
    • Most argument names match API parameter names, but some don't
      • Example: hvac/api/auth_methods/ldap.py configure uses user_dn instead of userdn
      • Example: hvac/api/system_backend/auth.py configure uses method_type instead of type
    • Many methods duplicate URL parameters into JSON payload as well
      • This isn't necessary and fortunately Vault ignores the extra parameters
    • ttl, max_ttl, policies, period, num_uses and a few other fields are deprecated as of Vault version 1.2.0
      • https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#120-july-30th-2019

    Thanks to @findmyname666, @llamasoft, @moisesguimaraes, @philherbert and Adrian Eib for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.9.6(Nov 20, 2019)

    🚀 Features

    • Added userpass auth method. GH-519
    • added rabbitmq secrets backend. GH-540
    • Quote/Escape all URL placeholders. GH-532

    📚 Documentation

    • Getting Started Guide and LDAP Auth Updates. GH-524

    🧰 Miscellaneous

    • Handle bad gateway from Vault. GH-542
    • Fix GET/LIST typos. GH-536
    • Fix Travis HEAD build + Overhaul install scripts. GH-535
    • Improve Integration Test Error Handling. GH-531

    Thanks to @DaveDeCaprio, @Dowwie, @drewmullen, @jeffwecan, @llamasoft and @vamshideveloper for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.9.5(Jul 19, 2019)

    🚀 Features

    • Add Active Directory Secrets Engine Support. GH-508

    📚 Documentation

    • Include Recently Added Namespace Documentation In Toctree. GH-509

    Thanks to @jeffwecan and @vamshideveloper for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.9.4(Jul 18, 2019)

    🚀 Features

    • Add delete_namespace Method and Establish Namespace Documentation. GH-500

    🐛 Bug Fixes

    • Fix consul configure_access/create_or_update_role Method Return Values. GH-502

    📚 Documentation

    • Fix Database generate_credentials Docstring Params. GH-498

    🧰 Miscellaneous

    • Add config for updatedocs app. GH-495
    • Add a Codeowners file for automatic reviewer assignments. GH-494

    Thanks to @Tylerlhess, @drewmullen and @jeffwecan for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.9.3(Jul 8, 2019)

    🚀 Features

    • Add Create and List Namespace System Backend Methods. GH-489
    • Expanded Support for AWS Auth Method. GH-482
    • Capabilities System Backend Support. GH-476

    🐛 Bug Fixes

    • GCP Auth Test Case Updates For Changes in Vault v1.1.1+. GH-487
    • Change AWS generate_credentials request method to GET. GH-475

    📚 Documentation

    • Numerous Fixes and Doctest Support for Transit Secrets Engine. GH-486

    🧰 Miscellaneous

    • Start Using Enterprise (Trial) Version of Vault For Travis CI Builds. GH-478
    • Update Travis CI Test Matrix With Latest Vault Version & Drop Python 3.6. GH-488
    • Set up release-drafter / mostly automated releases. GH-485

    Thanks to @donjar, @fhemberger, @jeffwecan, @stevefranks and @stevenmanton for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
  • v0.9.2(Jun 8, 2019)

    BUG FIXES:

    • Fix kubernetes auth method list roles method. GH-466
    • Enable consul secrets engine. GH-460
    • Enable database secrets engine. GH-455
    • Many fixes for the database secrets engine. GH-457

    IMPROVEMENTS:

    • The enable_auth_method(), tune_auth_method(), enable_secrets_engine(), tune_mount_configuration() system backend method now take arbitrary **kwargs parameters to provide greater support for variations in accepted parameters in the underlying Vault plugins.
    • Azure auth params, add num_uses, change bound_location -> bound_locations and bound_resource_group_names -> bound_resource_groups. GH-452

    MISCELLANEOUS:

    • The hvac project now has gitter chat enabled. Feel free to check it out for any online discussions related to this module at: gitter.im/hvac/community! GH-465
    • Added Vault agent socket listener usage example under the "advanced usage" documentation section at: hvac.readthedocs.io GH-468

    Thanks to @denisvll, @Dudesons, and @drewmullen for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
    hvac-0.9.2-py2.py3-none-any.whl(100.88 KB)
    hvac-0.9.2.tar.gz(68.94 KB)
  • v0.9.1(May 25, 2019)

  • v0.9.0(May 23, 2019)

    BUG FIXES:

    • Update path to azure.login() GH-429
    • AWS secrets engine generate credentials updated to a post request. GH-430

    IMPROVEMENTS:

    • Support for the Radius auth method. GH-420
    • Support for the Database secrets engine. GH-431
    • Add the consul secret engine support GH-432
    • Support for the GCP secrets engine. GH-443

    MISCELLANEOUS:

    • Remove logger call within adapters module GH-445
    • Add docs for auth_cubbyhole GH-427

    Thanks to @paulcaskey, @stevenmanton, @brad-alexander, @yoyomeng2, @JadeHayes, @Dudesons for their lovely contributions.

    Source code(tar.gz)
    Source code(zip)
    hvac-0.9.0-py2.py3-none-any.whl(97.45 KB)
    hvac-0.9.0.tar.gz(66.30 KB)
  • v0.8.2(Apr 4, 2019)

  • v0.8.1(Mar 31, 2019)

Owner
hvac
Collection of Python tools for use with HashiCorp's Vault
hvac
Huggingface inference with GPU Docker on AWS

This repository contains code to containerize and deploy a GPU docker on AWS for summarization task. Find a detailed blogpost here Youtube Video Versi

Ramsri Goutham Golla 21 Dec 30, 2022
Pythonic wrapper for the Aladhan prayer times API.

aladhan.py is a pythonic wrapper for the Aladhan prayer times API. Installation Python 3.6 or higher is required. To Install aladhan.py with pip: pip

HETHAT 8 Aug 17, 2022
Python tool to Check running WebClient services on multiple targets based on @leechristensen

WebClient Service Scanner Python tool to Check running WebClient services on multiple targets based on @tifkin_ idea. This tool uses impacket project.

Pixis 153 Dec 28, 2022
A modified Sequential and NLP based Bot

A modified Sequential and NLP based Bot I improvised this bot a bit with some implementations as a part of my own hobby project :) Note: I do not own

Jay Desale 2 Jan 07, 2022
Force-Subscribe-Bot - A Telegram Bot to force users to join a specific channel before sending messages in a group

Introduction A Telegram Bot to force users to join a specific channel before sen

LG Bot Updates 0 Jan 16, 2022
Wordle-bot: A Discord bot to track you and your friends' Wordle scores.

wordle-bot A Discord bot to track you and your friends' Wordle scores, so you can see who's the best! To submit a score to wordle-bot, just paste the

Spencer Murray 8 Feb 16, 2022
칼만 필터는 어렵지 않아(저자 김성필) 파이썬 코드(Unofficial)

KalmanFilter_Python 칼만 필터는 어렵지 않아(저자 김성필) 책을 공부하면서, Matlab 코드를 Python으로 변환한 것입니다. Contents Part01. Recursive Filter Chapter01. Average Filter Chapter0

Donghun Park 20 Oct 28, 2022
Auto Liker, Auto Reaction, Auto Comment, Auto Follower Tool. RajeLiker Credit Hacker.

Auto Liker, Auto Reaction, Auto Comment, Auto Follower Tool. RajeLiker Credit Hacker. Unlimited RajeLiker Credit Hack. Thanks To RajeLiker.

Md. Mehedi Hasan 32 Dec 28, 2022
A bot that connects your guild chat to a Discord channel, written in Python.

Guild Chat Bot A bot that connects your guild chat to a discord channel. Uses discord.py and pyCraft Deploy on Railway Railway is a cloud development

Evernote 10 Sep 25, 2022
Tomli is a Python library for parsing TOML. Tomli is fully compatible with TOML v1.0.0.

Tomli A lil' TOML parser Table of Contents generated with mdformat-toc Intro Installation Usage Parse a TOML string Parse a TOML file Handle invalid T

Taneli Hukkinen 313 Dec 26, 2022
A tool for transferring server variable values from one intersect gamedata.db to another

Server Variable Transfer Tool Purpose This tool exists for use with the Intersect Engine (Ascension Game Dev GitHub). Its purpose is to UPDATE one sql

AVild 2 Oct 27, 2021
Petpy is an easy-to-use and convenient Python wrapper for the Petfinder API.

Petpy is an easy-to-use and convenient Python wrapper for the Petfinder API. Includes methods for parsing output JSON into pandas DataFrames for easier data analysis

Aaron Schlegel 27 Nov 19, 2022
Exchange indicators & Basic functions for Binance API.

binance-ema Exchange indicators & Basic functions for Binance API. This python library has been written to calculate SMA, EMA, MACD etc. functions wit

Emre MENTEŞE 24 Jan 06, 2023
DIAL(Did I Alert Lambda?) is a centralised security misconfiguration detection framework which completely runs on AWS Managed services like AWS API Gateway, AWS Event Bridge & AWS Lambda

DIAL(Did I Alert Lambda?) is a centralised security misconfiguration detection framework which completely runs on AWS Managed services like AWS API Gateway, AWS Event Bridge & AWS Lambda

CRED 71 Dec 29, 2022
Home Assistant Hilo Integration via HACS

BETA This is a beta release. There will be some bugs, issues, etc. Please bear with us and open issues in the repo. Hilo Hilo integration for Home Ass

66 Dec 23, 2022
gnosis safe tx builder

Ape Safe: Gnosis Safe tx builder Ape Safe allows you to iteratively build complex multi-step Gnosis Safe transactions and safely preview their side ef

228 Dec 22, 2022
Modular Telegram bot running on Python

Modular Telegram bot running on Python

Jefanya Efandchris 1 Dec 26, 2021
YouTube bot, this is just my introduction to api and requests, this isn't intended on being an actual view bot.

YouTube bot, this is just my introduction to api and requests, this isn't intended on being an actual view bot.

Aran 2 Jul 25, 2022
Utilizing the freqtrade high-frequency cryptocurrency trading framework to build and optimize trading strategies. The bot runs nonstop on a Rasberry Pi.

Freqtrade Strategy Repository Please test all scripts and dry run them before using them in live mode Contact me on discord if you have any questions!

Michael Fourie 90 Jan 01, 2023
Automatically render tens of thousands of unique NFT images individually as png's.

Blend_My_NFTs Description This project is a work in progress (as of Oct 24th, 2021) and will eventually be an add on to Blender. Blend_My_NFTs is bing

Torrin Leonard 894 Dec 29, 2022