• About

http://blog.fakrul.com

http://blog.fakrul.com

Tag Archives: Python Client for Hashicorp Vault

Python Script – Credentials stored in Hashicorp Vault

06 Saturday Jun 2020

Posted by Fakrul Alam in My Work, Tutorial

≈ Leave a comment

Tags

API Key, Hashicorp Vault, python, Python Client for Hashicorp Vault, scripting

In previous post [How to hide Password / API Key in Python Script] I have used “keyring” to store API Key for Python script. We can also use Hashicorp Vault to store those credentials. There is python module named hvac (Python Client for Hashicorp Vault) which can be used to retrieve API key/Credentials from the vault.

First we need to make sure Vault is working properly and we have our API key stored in the vault. In this example I have stored my Meraki API key:

root@lxd-home:/home/fakrul# vault kv get secret/meraki
====== Metadata ======
Key Value
--- -----
created_time 2020-06-05T15:13:18.320931138Z
deletion_time n/a
destroyed false
version 1
========== Data ==========
Key Value
--- -----
MERAKI_API_VALUE de300b8b9xxxxxxxxxxxxxxxxxxxxxxxxx40fb4391c

Now install python havc module

python3 -m pip hvac

Finally we modify our python script accordingly

import requests
import hvac

client = hvac.Client(url='http://192.168.99.252:8200')
read_response = client.secrets.kv.read_secret_version(path='meraki')

MERAKI_API_KEY = 'X-Cisco-Meraki-API-Key'
ORG_ID='123456'
MERAKI_API_VALUE = read_response['data']['data']['MERAKI_API_VALUE']

url = 'https://api.meraki.com/api/v0/organizations/{}/inventory'.format(ORG_ID)

response = requests.get(url=url,
           headers={MERAKI_API_KEY : MERAKI_API_VALUE,
                   'Content-type': 'application/json'})

switch_list = response.json()

switch_serial = []
for i in switch_list:
    if i['model'][:2] in ('MS') and i['networkId'] is not None:
    switch_serial.append(i['serial'])

print(switch_serial)

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • 1976 forming the modern-day #Vietnam 1971 #Bangladesh independence When we could see something like this happening… twitter.com/i/web/status/1… 4 days ago
  • The beauty is here #Keychron #K2 Mechanical Keyboard https://t.co/j5OVbpmvKi 5 days ago
  • blog.fitbit.com/2021-update/?u… #fitbit + #google https://t.co/X2g7HpIMvI 1 week ago
  • #DevNet Class of 2020. View my verified achievement from @learningatcisco. youracclaim.com/badges/bf864fa… 1 month ago
  • #pythonprogramminglanguage #python #pyenv towardsdatascience.com/how-to-set-up-… 1 month ago
  • wsj.com/articles/u-s-c… 1 month ago
  • bleepingcomputer.com/news/security/… 1 month ago
  • RT @GinNTTnet: Carriers, Internet-centric businesses and enterprises can prepare themselves to fight against #DDoS attacks. Download this w… 2 months ago
  • #LoRaWAN GPS payload is coming nicely to #AzureIotHub @GlobalNTT @CiscoDevNet #ntthackfest2020 https://t.co/VqYi7dMBoq 2 months ago
  • RT @GinNTTnet: Paolo Lucente @Paolo_Lucente from the #globalipnetwork division at @GlobalNTT will present this Monday Oct 12 at the Next Ho… 3 months ago
  • RT @bdNetOpGroup: Make sure we always "Learning from failures". Wanna know more? Please join bdnog.org/bdnog12/index.…. Because our very own… 3 months ago
  • RT @bdNetOpGroup: #bdNOG12 Panel Discussion: "Social CDN Business : Paid or Free". Make sure you register and join bdnog.org/bdnog12/index.…… 3 months ago
  • RT @teamcymru: #DDoS Attacks Hit 1 Tbps in #2020 #infosec bit.ly/2ZLmAlK https://t.co/Ezx3s5xVcw 4 months ago
  • github.blog/2020-09-10-ann… #msteams #github 4 months ago
  • I just backed Keychron K3 -Ultra-slim Compact Wireless Mechanical Keyboard on @Kickstarter kickstarter.com/projects/keytr… 4 months ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.