In previous post [How to hide Password / API Key in Python Script] I have used “keyring” to store API Key for Python script. We can also use Hashicorp Vault to store those credentials. There is python module named hvac (Python Client for Hashicorp Vault) which can be used to retrieve API key/Credentials from the vault.
First we need to make sure Vault is working properly and we have our API key stored in the vault. In this example I have stored my Meraki API key:
root@lxd-home:/home/fakrul# vault kv get secret/meraki ====== Metadata ====== Key Value --- ----- created_time 2020-06-05T15:13:18.320931138Z deletion_time n/a destroyed false version 1 ========== Data ========== Key Value --- ----- MERAKI_API_VALUE de300b8b9xxxxxxxxxxxxxxxxxxxxxxxxx40fb4391c
Now install python havc module
python3 -m pip hvac
Finally we modify our python script accordingly
import requests import hvac client = hvac.Client(url='http://192.168.99.252:8200') read_response = client.secrets.kv.read_secret_version(path='meraki') MERAKI_API_KEY = 'X-Cisco-Meraki-API-Key' ORG_ID='123456' MERAKI_API_VALUE = read_response['data']['data']['MERAKI_API_VALUE'] url = 'https://api.meraki.com/api/v0/organizations/{}/inventory'.format(ORG_ID) response = requests.get(url=url, headers={MERAKI_API_KEY : MERAKI_API_VALUE, 'Content-type': 'application/json'}) switch_list = response.json() switch_serial = [] for i in switch_list: if i['model'][:2] in ('MS') and i['networkId'] is not None: switch_serial.append(i['serial']) print(switch_serial)