• About

http://blog.fakrul.com

http://blog.fakrul.com

Tag Archives: python

Python Script – Credentials stored in Hashicorp Vault

06 Saturday Jun 2020

Posted by Fakrul Alam in My Work, Tutorial

≈ Leave a comment

Tags

API Key, Hashicorp Vault, python, Python Client for Hashicorp Vault, scripting

In previous post [How to hide Password / API Key in Python Script] I have used “keyring” to store API Key for Python script. We can also use Hashicorp Vault to store those credentials. There is python module named hvac (Python Client for Hashicorp Vault) which can be used to retrieve API key/Credentials from the vault.

First we need to make sure Vault is working properly and we have our API key stored in the vault. In this example I have stored my Meraki API key:

root@lxd-home:/home/fakrul# vault kv get secret/meraki
====== Metadata ======
Key Value
--- -----
created_time 2020-06-05T15:13:18.320931138Z
deletion_time n/a
destroyed false
version 1
========== Data ==========
Key Value
--- -----
MERAKI_API_VALUE de300b8b9xxxxxxxxxxxxxxxxxxxxxxxxx40fb4391c

Now install python havc module

python3 -m pip hvac

Finally we modify our python script accordingly

import requests
import hvac

client = hvac.Client(url='http://192.168.99.252:8200')
read_response = client.secrets.kv.read_secret_version(path='meraki')

MERAKI_API_KEY = 'X-Cisco-Meraki-API-Key'
ORG_ID='123456'
MERAKI_API_VALUE = read_response['data']['data']['MERAKI_API_VALUE']

url = 'https://api.meraki.com/api/v0/organizations/{}/inventory'.format(ORG_ID)

response = requests.get(url=url,
           headers={MERAKI_API_KEY : MERAKI_API_VALUE,
                   'Content-type': 'application/json'})

switch_list = response.json()

switch_serial = []
for i in switch_list:
    if i['model'][:2] in ('MS') and i['networkId'] is not None:
    switch_serial.append(i['serial'])

print(switch_serial)

How to hide Password / API Key in Python Script

04 Thursday Jun 2020

Posted by Fakrul Alam in My Work, Tutorial

≈ 1 Comment

Tags

automation, keyring, python

It’s common to use Python script for device configuration, backup or automation. And to do that we usually put credentials, API Key in the script itself. It creates a whole lot of problem with sharing scripts with others; store/share it public repository. There are few options to overcome the issue like storing credentials, API Key’s in separate file and not share that file with others. We can also use “keyring” which will store the password in operating system’s credential store.

The keyring package is a library designed to let you access your operating system’s credential store. In summary, it let us to store and retrieve passwords in operating system, which allows you to avoid having a password in plaintext in the script.

“keyring” is by default installed in our linux operating system. We need to install related python modules only. To check keyring installation try “keyring --help” or “keyring --list-backends” for list of supported backends. The common one is to use

keyrings.cryptfile - Encrypted text file storage.

Now install the keyring and keyrings.cryptfile python module. I am using python3

pip3 install keyring
pip3 install keyrings.cryptfile

We can use keyring set command to store the credentials and keyring get command to retrieve it. Lets store some credential and API key

keyring set meraki MERAKI_API_VALUE
keyring set meraki ORG_ID

Continue reading →

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • krebsonsecurity.com/2021/03/whistl… 1 week ago
  • very production vs code extension marketplace.visualstudio.com/items?itemName… 1 week ago
  • afr.com/companies/tour… 1 week ago
  • RT @Tyriar: We're looking at finally adding terminal tabs to @code soon. This month we explored what the UX should look like and have some… 2 weeks ago
  • RT @teamcymru: April 7 at 10AM GMT +3 We're hosting a webinar on our FREE community services! Live DEMO of Nimbus and learn about • DDoS mi… 2 weeks ago
  • Interesting! Looks like #cloudflare is not just a CDN only. cloudflare.com/en-au/magic-wan 2 weeks ago
  • still beta but good to see #meraki is rolling out AnyConnect client for MX. Windows L2TP VPN client is pain-in-the-… twitter.com/i/web/status/1… 3 weeks ago
  • one more bug reported cisco.ios.ios_bgp_address_family module github.com/ansible-collec… #ansible #cisco #ios… twitter.com/i/web/status/1… 4 weeks ago
  • #azure canola oil https://t.co/yEj1mCbQ4K 4 weeks ago
  • My first attempt to fix bug for cisco.ios.ios_bgp_address_family ansible module. PR done. github.com/ansible-collec… 1 month ago
  • RT @C_C_Krebs: This is the real deal. If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/0… 1 month ago
  • RT @MirjamKuhne: This morning at #apricot2021 an update from NOGs in the region. https://t.co/kv7tEhszZf 1 month ago
  • RT @hfpreston: A Type 3 LSA walks into a bar and the bartender asks, “Not from the area?” A Type 5 LSA walks into a bar and orders a drink… 1 month ago
  • ansible.com/blog/announcin… 1 month ago
  • Time to refresh home wifi. Moving from #meraki to #Unifi https://t.co/9t6FYIfQfb 1 month ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.