{ "info": { "author": "mracter", "author_email": "mary@praekelt.org", "bugtrack_url": null, "classifiers": [], "description": "vaultkeeper\n============\n\n.. image:: https://img.shields.io/travis/praekeltfoundation/vaultkeeper/develop.svg?style=flat-square\n :target: https://travis-ci.org/praekeltfoundation/vaultkeeper\n\n.. image:: https://img.shields.io/codecov/c/github/praekeltfoundation/vaultkeeper/develop.svg?style=flat-square\n :target: https://codecov.io/github/praekeltfoundation/vaultkeeper?branch=develop\n\n| \n| A Secure Introduction agent for applications consuming secrets from HashiCorp's Vault, designed to work with `vault-gatekeeper-mesos `_. See Jeff Mitchell's `Secure Introduction at Scale `_ for more background information on this project's architecture.\n|\n| ``vaultkeeper`` couples the lifetime of your dynamically-generated secrets to that of your consumer applications, minimising the secrets' temporal attack surface. When used with Dockered applications, ``vaultkeeper``'s design ensures that your consumer app is only launched once its secrets are fetched and ready.\n|\n| ``vaultkeeper`` supports the ``SET_ROLE`` operation `necessary to revoke dynamically-generated PostgreSQL credentials `_.\n\nStatus\n-------------\n\n``vaultkeeper`` is in PoC stage, and supports the following Vault secret backends:\n\n- `PostgreSQL Databases Plugin `_\n- `RabbitMQ `_\n- `AWS `_\n\nPrerequisites\n-------------\n\n| To use ``vaultkeeper`` successfully, you must have:\n\n- A Vault instance configured and running.\n- A ``vault-gatekeeper-mesos`` instance configured and running with your Vault instance and Mesos instance.\n- An application that uses Vault credentials and is configured to consume ``vaultkeeper`` output, such as a Django app using `django-vaultkeeper-adaptor `_.\n\nInstalling the Package\n----------------------\n\n| Clone this project and install the package from source with the following commands in the root directory of the repository:\n\n| ``$ pip install -r requirements.txt``\n|\n\n| Install the package for development with the following commands:\n\n| ``$ pip install -r requirements.txt``\n| ``$ pip install -e .[test]``\n\nConfiguration\n-------------\n\nEnvironment Variables\n~~~~~~~~~~~~~~~~~~~~~\n\n| ``VAULTKEEPER_CONFIG`` - A JSON string in ``vaultkeeper`` config format. See ``configs/example_agent_config.json``\n| ``VAULT_SECRETS`` - A JSON string in ``vaultkeeper`` secrets format. See ``configs/example_consumer_config.json``.\n| ``MESOS_TASK_ID`` - The Mesos task ID assigned to this task, which should be automatically populated by Mesos.\n| ``MARATHON_APP_ID`` - The Marathon app ID assigned to this task, which should be automatically populated by Marathon.\n\nvaultkeeper Configuration\n~~~~~~~~~~~~~~~~~~~~~~~~~\n\n``vaultkeeper`` consumes its arguments from a JSON environment variable:\n\n.. code-block:: JSON\n\n {\n \"entry_cmd\": \"sh /scripts/django-entrypoint.sh\",\n \"output_path\": \"\",\n \"refresh_interval\": 30,\n \"lease_increment\": 40,\n \"renewal_grace\": 15\n }\n\n| ``entry_cmd`` - The entrypoint for the application to be managed by ``vaultkeeper``. This can be an arbitrary shell command.\n| ``output_path`` - ``vaultkeeper``'s output location for fetched credentials.\n| ``refresh_interval`` - Interval (in seconds) after which to renew all leases.\n| ``lease_increment`` - Increment (in seconds) by which to extend a lease if it is due for renewal.\n| ``renewal_grace`` - Time (in seconds) before a lease's expiry under which to renew the lease.\n\nsecrets Configuration\n~~~~~~~~~~~~~~~~~~~~~\n\n| ``vaultkeeper`` reads in a specification for the secrets it should fetch from Vault in JSON.\n|\n| An example secret file containing PostgreSQL and RabbitMQ credentials is shown below:\n|\n\n.. code-block:: JSON\n\n [{\n \"id\": \"default\",\n \"backend\": \"postgresql\",\n \"endpoint\": \"0.0.0.0:5432/mydb\",\n \"vault_path\": \"database/creds/psql-rw\",\n \"schema\": \"public\",\n \"policy\": \"psql-rw\",\n \"set_role\": \"app_owner\",\n },\n {\n \"id\": \"broker1\",\n \"backend\": \"rabbitmq\",\n \"endpoint\": \"0.0.0.0:5672/myvhost\",\n \"vault_path\": \"/rabbitmq/creds/ampq-worker\",\n \"vhost\": \"myvhost\",\n \"policy\": \"ampq-worker\"\n }]\n\nCommon base parameters in the secrets configuration file:\n\n| ``id`` - The logical identifier for this secret. Identifiers must be unique within each consumer instance.\n| ``backend`` - The Vault secret backend of this secret.\n| ``endpoint`` - The endpoint for the resource. This should be a socket address with the applicable namespace (ie. vhost, database name) appended.\n| ``vault_path`` - The Vault path from which the secret should be read.\n| ``policy`` - The resource policy, as designated on Vault, attached to this secret.\n\nDeployment\n----------\n\n| ``vaultkeeper`` outputs secrets as JSON. Your application needs to be able to parse and consume this output. For Django applications, ``django-vaultkeeper-adaptor`` is recommended.\n|\n| Supply the ``vaultkeeper`` configuration file with the entrypoint for the application you wish to manage. Ensure that your consumer application knows where ``vaultkeeper``'s secret output will be stored.\n|\n| Thereafter, instead of running your application's conventional entrypoint script, run ``vaultkeeper`` instead:\n\n| ``$ vaultkeeper``", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/praekeltfoundation/vaultkeeper", "keywords": "", "license": "BSD", "maintainer": "", "maintainer_email": "", "name": "vaultkeeper", "package_url": "https://pypi.org/project/vaultkeeper/", "platform": "", "project_url": "https://pypi.org/project/vaultkeeper/", "project_urls": { "Homepage": "https://github.com/praekeltfoundation/vaultkeeper" }, "release_url": "https://pypi.org/project/vaultkeeper/0.1.7/", "requires_dist": null, "requires_python": "", "summary": "An agent that works with vault-gatekeeper-mesos to fetch and renew Vault credentials.", "version": "0.1.7" }, "last_serial": 3567410, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "1f601988ed58a039904750a8e4b13d63", "sha256": "2101ff3fdec5aaf085a004b60dbbcb14614b61fd3a1835059ebea7340f94cb01" }, "downloads": -1, "filename": "vaultkeeper-0.0.1-py2.7.egg", "has_sig": false, "md5_digest": "1f601988ed58a039904750a8e4b13d63", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 26582, "upload_time": "2017-09-19T08:46:24", "url": "https://files.pythonhosted.org/packages/11/3c/3fc392b80277ca29b41185ed768ebf8295a3d95981469e8dabe3e1bde76d/vaultkeeper-0.0.1-py2.7.egg" }, { "comment_text": "", "digests": { "md5": "0892a4003d0dbd7a5dec78bb83cb2121", "sha256": "f727ae53fd47e4b76d1afc2caff30ec0b6f9ad0ea09af32705cdea0993c32c56" }, "downloads": -1, "filename": "vaultkeeper-0.0.1-py2-none-any.whl", "has_sig": false, "md5_digest": "0892a4003d0dbd7a5dec78bb83cb2121", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 17524, "upload_time": "2017-09-19T08:46:23", "url": "https://files.pythonhosted.org/packages/a1/da/3640e3a087077ff49719a6c5766299a8554bfbd61da7656aa7b349e164ea/vaultkeeper-0.0.1-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e2006cb47dc4b8c9cf99ed025bc8736f", "sha256": "6d10cb6304d4f79155d8ab65e2967dd50d244810d1d052ea14d0b6be9b226b70" }, "downloads": -1, "filename": "vaultkeeper-0.0.1.tar.gz", "has_sig": false, "md5_digest": "e2006cb47dc4b8c9cf99ed025bc8736f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12017, "upload_time": "2017-09-19T08:46:29", "url": "https://files.pythonhosted.org/packages/71/f4/8b0226404e56c2df71c13c709ee1441e0e9e2fbdc4e2d75a7e96011f3eb2/vaultkeeper-0.0.1.tar.gz" } ], "0.0.2": [ { "comment_text": "", "digests": { "md5": "5ba5d38cd13405633c9a94520dab43bd", "sha256": "40a5f99775206046555762098f320052312f00b3ae3925df1927f50a867b7621" }, "downloads": -1, "filename": "vaultkeeper-0.0.2-py2-none-any.whl", "has_sig": false, "md5_digest": "5ba5d38cd13405633c9a94520dab43bd", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 17084, "upload_time": "2017-09-19T13:24:06", "url": "https://files.pythonhosted.org/packages/31/ec/abe25292955f06a51678dd18c6196974b2745215706790fb0a503996b352/vaultkeeper-0.0.2-py2-none-any.whl" } ], "0.1.0": [ { "comment_text": "", "digests": { "md5": "6a0a88cf282ee62e659b583ff47839d7", "sha256": "4cd6aa05d62befca51c65c309939434d81d128c7c1221bbe502de6b7cf9199d8" }, "downloads": -1, "filename": "vaultkeeper-0.1.0.tar.gz", "has_sig": false, "md5_digest": "6a0a88cf282ee62e659b583ff47839d7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12062, "upload_time": "2018-02-09T08:52:51", "url": "https://files.pythonhosted.org/packages/15/de/2fad41122d9bbefe1f1f0e73f177fad36ccb0a227437694d98d5cf38dd74/vaultkeeper-0.1.0.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "5d20320d22147e354dbfa984c8ca78f7", "sha256": "8db76f76dbcc3813d149d721886f83dcd5d00be42dcffe426a0c726f98b11f40" }, "downloads": -1, "filename": "vaultkeeper-0.1.1.tar.gz", "has_sig": false, "md5_digest": "5d20320d22147e354dbfa984c8ca78f7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12075, "upload_time": "2018-02-09T10:59:48", "url": "https://files.pythonhosted.org/packages/98/81/1e014b787e06cea79eb8ff3ead00720be014304a839cf3b17121c38ec6e4/vaultkeeper-0.1.1.tar.gz" } ], "0.1.2": [ { "comment_text": "", "digests": { "md5": "eb91ca8165e193ff896c1218828b9083", "sha256": "725507294259df5d0becbf9ed8ebb82c76a17d8684ba8e7e3ee50b6dd5eae798" }, "downloads": -1, "filename": "vaultkeeper-0.1.2.tar.gz", "has_sig": false, "md5_digest": "eb91ca8165e193ff896c1218828b9083", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12068, "upload_time": "2018-02-09T11:16:06", "url": "https://files.pythonhosted.org/packages/0b/d0/53a3bcd69fd19d01d342569b9a3baeecececb0181d0965e3980a790fdf5b/vaultkeeper-0.1.2.tar.gz" } ], "0.1.3": [ { "comment_text": "", "digests": { "md5": "de87fdfcd7593ec47ff79fdd7537d835", "sha256": "5869446e4d6e3903a29fdf9dae69de79977f7275a2c5beb104e92ba9f2be2d08" }, "downloads": -1, "filename": "vaultkeeper-0.1.3.tar.gz", "has_sig": false, "md5_digest": "de87fdfcd7593ec47ff79fdd7537d835", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12058, "upload_time": "2018-02-09T11:23:11", "url": "https://files.pythonhosted.org/packages/ee/db/32ba76976d5966648e3c1fa80a521f30eb19488a342bff23add64db407d2/vaultkeeper-0.1.3.tar.gz" } ], "0.1.4": [ { "comment_text": "", "digests": { "md5": "3d6b4bbd63ebb716aec834fca672ef89", "sha256": "d98638acd321a279c42cc1627b0e713e3e97079cf0fc6e7a8e63da2b8429a243" }, "downloads": -1, "filename": "vaultkeeper-0.1.4.tar.gz", "has_sig": false, "md5_digest": "3d6b4bbd63ebb716aec834fca672ef89", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12054, "upload_time": "2018-02-09T11:28:32", "url": "https://files.pythonhosted.org/packages/d9/66/73a43657594226eeb7c11b54a0541ce80828a1a6e86dba5d6d0970cabdb1/vaultkeeper-0.1.4.tar.gz" } ], "0.1.5": [ { "comment_text": "", "digests": { "md5": "4e1286fe77444e7008503d0e34c14d40", "sha256": "1da429c50ad53c123fdd2e019b36608e3b4dbbbba98ab05ef8e68ce017bbd3bc" }, "downloads": -1, "filename": "vaultkeeper-0.1.5.tar.gz", "has_sig": false, "md5_digest": "4e1286fe77444e7008503d0e34c14d40", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12054, "upload_time": "2018-02-09T11:36:50", "url": "https://files.pythonhosted.org/packages/19/bb/8dd980495927279b87022a03aae66eacc66e3602c15a311ce6f16ed326c7/vaultkeeper-0.1.5.tar.gz" } ], "0.1.6": [ { "comment_text": "", "digests": { "md5": "8f3d619cc49f1b38aa213de6d8e13bc3", "sha256": "6958ff58772130d93fed3a2a861875f862ff47b11cc5b89ef889b17eddecf537" }, "downloads": -1, "filename": "vaultkeeper-0.1.6.tar.gz", "has_sig": false, "md5_digest": "8f3d619cc49f1b38aa213de6d8e13bc3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12062, "upload_time": "2018-02-09T11:51:05", "url": "https://files.pythonhosted.org/packages/f4/36/10a57d934492cf5f431080ca62e3d0eb55e9e3cb92667edb43b4f4e35648/vaultkeeper-0.1.6.tar.gz" } ], "0.1.7": [ { "comment_text": "", "digests": { "md5": "367af52bef68ff7d924672c6d725f7f8", "sha256": "c8c14c5ce3f6f7741bc4b9142afca8247f1108139b8f6ba1058a25a3ad3b10bc" }, "downloads": -1, "filename": "vaultkeeper-0.1.7.tar.gz", "has_sig": false, "md5_digest": "367af52bef68ff7d924672c6d725f7f8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12060, "upload_time": "2018-02-09T14:01:18", "url": "https://files.pythonhosted.org/packages/5e/c1/103dcf6df6ec52c9c8867e30f2171e13844b159bcdec665e4cea0318b646/vaultkeeper-0.1.7.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "367af52bef68ff7d924672c6d725f7f8", "sha256": "c8c14c5ce3f6f7741bc4b9142afca8247f1108139b8f6ba1058a25a3ad3b10bc" }, "downloads": -1, "filename": "vaultkeeper-0.1.7.tar.gz", "has_sig": false, "md5_digest": "367af52bef68ff7d924672c6d725f7f8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12060, "upload_time": "2018-02-09T14:01:18", "url": "https://files.pythonhosted.org/packages/5e/c1/103dcf6df6ec52c9c8867e30f2171e13844b159bcdec665e4cea0318b646/vaultkeeper-0.1.7.tar.gz" } ] }