docs-archive/1.10.13/_sources/_api/airflow/contrib/secrets/hashicorp_vault/index.rst.txt - airflow-site - Git at Google

 :mod:`airflow.contrib.secrets.hashicorp_vault`
 ==============================================

 .. py:module:: airflow.contrib.secrets.hashicorp_vault

 .. autoapi-nested-parse::

    Objects relating to sourcing connections & variables from Hashicorp Vault


 Module Contents
 ---------------

 .. py:class:: VaultBackend(connections_path='connections', variables_path='variables', config_path='config', url=None, auth_type='token', mount_point='secret', kv_engine_version=2, token=None, username=None, password=None, role_id=None, kubernetes_role=None, kubernetes_jwt_path='/var/run/secrets/kubernetes.io/serviceaccount/token', secret_id=None, gcp_key_path=None, gcp_scopes=None, **kwargs)

    Bases: :class:`airflow.secrets.BaseSecretsBackend`, :class:`airflow.utils.log.logging_mixin.LoggingMixin`

    Retrieves Connections and Variables from Hashicorp Vault

    Configurable via ``airflow.cfg`` as follows:

    .. code-block:: ini

        [secrets]
        backend = airflow.contrib.secrets.hashicorp_vault.VaultBackend
        backend_kwargs = {
            "connections_path": "connections",
            "url": "http://127.0.0.1:8200",
            "mount_point": "airflow"
            }

    For example, if your keys are under ``connections`` path in ``airflow`` mount_point, this
    would be accessible if you provide ``{"connections_path": "connections"}`` and request
    conn_id ``smtp_default``.

    :param connections_path: Specifies the path of the secret to read to get Connections.
        (default: 'connections')
    :type connections_path: str
    :param variables_path: Specifies the path of the secret to read to get Variables.
        (default: 'variables')
    :type variables_path: str
    :param config_path: Specifies the path of the secret to read Airflow Configurations
        (default: 'config').
    :type config_path: str
    :param url: Base URL for the Vault instance being addressed.
    :type url: str
    :param auth_type: Authentication Type for Vault (one of 'token', 'ldap', 'userpass', 'approle',
        'github', 'gcp', 'kubernetes'). Default is ``token``.
    :type auth_type: str
    :param mount_point: The "path" the secret engine was mounted on. (Default: ``secret``)
    :type mount_point: str
    :param token: Authentication token to include in requests sent to Vault.
        (for ``token`` and ``github`` auth_type)
    :type token: str
    :param kv_engine_version: Select the version of the engine to run (``1`` or ``2``, default: ``2``)
    :type kv_engine_version: int
    :param username: Username for Authentication (for ``ldap`` and ``userpass`` auth_type)
    :type username: str
    :param password: Password for Authentication (for ``ldap`` and ``userpass`` auth_type)
    :type password: str
    :param role_id: Role ID for Authentication (for ``approle`` auth_type)
    :type role_id: str
    :param kubernetes_role: Role for Authentication (for ``kubernetes`` auth_type)
    :type kubernetes_role: str
    :param kubernetes_jwt_path: Path for kubernetes jwt token (for ``kubernetes`` auth_type, deafult:
        ``/var/run/secrets/kubernetes.io/serviceaccount/token``)
    :type kubernetes_jwt_path: str
    :param secret_id: Secret ID for Authentication (for ``approle`` auth_type)
    :type secret_id: str
    :param gcp_key_path: Path to GCP Credential JSON file (for ``gcp`` auth_type)
    :type gcp_key_path: str
    :param gcp_scopes: Comma-separated string containing GCP scopes (for ``gcp`` auth_type)
    :type gcp_scopes: str


    .. method:: client(self)

       Return an authenticated Hashicorp Vault client


    .. method:: get_conn_uri(self, conn_id)

       Get secret value from Vault. Store the secret in the form of URI

       :param conn_id: connection id
       :type conn_id: str


    .. method:: get_variable(self, key)

       Get Airflow Variable

       :param key: Variable Key
       :return: Variable Value


    .. method:: _get_secret(self, path_prefix, secret_id)

       Get secret value from Vault.

       :param path_prefix: Prefix for the Path to get Secret
       :type path_prefix: str
       :param secret_id: Secret Key
       :type secret_id: str


    .. method:: get_config(self, key)

       Get Airflow Configuration

       :param key: Configuration Option Key
       :type key: str
       :rtype: str
       :return: Configuration Option Value retrieved from the vault
	:mod:`airflow.contrib.secrets.hashicorp_vault`
	==============================================

	.. py:module:: airflow.contrib.secrets.hashicorp_vault

	.. autoapi-nested-parse::

	Objects relating to sourcing connections & variables from Hashicorp Vault



	Module Contents
	---------------

	.. py:class:: VaultBackend(connections_path='connections', variables_path='variables', config_path='config', url=None, auth_type='token', mount_point='secret', kv_engine_version=2, token=None, username=None, password=None, role_id=None, kubernetes_role=None, kubernetes_jwt_path='/var/run/secrets/kubernetes.io/serviceaccount/token', secret_id=None, gcp_key_path=None, gcp_scopes=None, **kwargs)

	Bases: :class:`airflow.secrets.BaseSecretsBackend`, :class:`airflow.utils.log.logging_mixin.LoggingMixin`

	Retrieves Connections and Variables from Hashicorp Vault

	Configurable via ``airflow.cfg`` as follows:

	.. code-block:: ini

	[secrets]
	backend = airflow.contrib.secrets.hashicorp_vault.VaultBackend
	backend_kwargs = {
	"connections_path": "connections",
	"url": "http://127.0.0.1:8200",
	"mount_point": "airflow"
	}

	For example, if your keys are under ``connections`` path in ``airflow`` mount_point, this
	would be accessible if you provide ``{"connections_path": "connections"}`` and request
	conn_id ``smtp_default``.

	:param connections_path: Specifies the path of the secret to read to get Connections.
	(default: 'connections')
	:type connections_path: str
	:param variables_path: Specifies the path of the secret to read to get Variables.
	(default: 'variables')
	:type variables_path: str
	:param config_path: Specifies the path of the secret to read Airflow Configurations
	(default: 'config').
	:type config_path: str
	:param url: Base URL for the Vault instance being addressed.
	:type url: str
	:param auth_type: Authentication Type for Vault (one of 'token', 'ldap', 'userpass', 'approle',
	'github', 'gcp', 'kubernetes'). Default is ``token``.
	:type auth_type: str
	:param mount_point: The "path" the secret engine was mounted on. (Default: ``secret``)
	:type mount_point: str
	:param token: Authentication token to include in requests sent to Vault.
	(for ``token`` and ``github`` auth_type)
	:type token: str
	:param kv_engine_version: Select the version of the engine to run (``1`` or ``2``, default: ``2``)
	:type kv_engine_version: int
	:param username: Username for Authentication (for ``ldap`` and ``userpass`` auth_type)
	:type username: str
	:param password: Password for Authentication (for ``ldap`` and ``userpass`` auth_type)
	:type password: str
	:param role_id: Role ID for Authentication (for ``approle`` auth_type)
	:type role_id: str
	:param kubernetes_role: Role for Authentication (for ``kubernetes`` auth_type)
	:type kubernetes_role: str
	:param kubernetes_jwt_path: Path for kubernetes jwt token (for ``kubernetes`` auth_type, deafult:
	``/var/run/secrets/kubernetes.io/serviceaccount/token``)
	:type kubernetes_jwt_path: str
	:param secret_id: Secret ID for Authentication (for ``approle`` auth_type)
	:type secret_id: str
	:param gcp_key_path: Path to GCP Credential JSON file (for ``gcp`` auth_type)
	:type gcp_key_path: str
	:param gcp_scopes: Comma-separated string containing GCP scopes (for ``gcp`` auth_type)
	:type gcp_scopes: str


	.. method:: client(self)

	Return an authenticated Hashicorp Vault client




	.. method:: get_conn_uri(self, conn_id)

	Get secret value from Vault. Store the secret in the form of URI

	:param conn_id: connection id
	:type conn_id: str




	.. method:: get_variable(self, key)

	Get Airflow Variable

	:param key: Variable Key
	:return: Variable Value




	.. method:: _get_secret(self, path_prefix, secret_id)

	Get secret value from Vault.

	:param path_prefix: Prefix for the Path to get Secret
	:type path_prefix: str
	:param secret_id: Secret Key
	:type secret_id: str




	.. method:: get_config(self, key)

	Get Airflow Configuration

	:param key: Configuration Option Key
	:type key: str
	:rtype: str
	:return: Configuration Option Value retrieved from the vault