Python helper for unseal Vault.io

Status

Build StatusCoverage StatusRead the doc Status

Install

virtualenv -p python3 venv
./venv/bin/pip install -r requirements.txt

Launch SSH Proxy socks

ssh -D 8585 consul-server

Unseal all node in cluster

./venv/bin/python unseal.py

API Documentation

unseal_vault

unseal_vault.get_config

unseal_vault.get_config(config_type, path)

Get config wrapper

config_type need to be defined as ‘passtore’ or ‘yaml’

path the pass to get yaml configuration

unseal_vault.get_config_passtore

unseal_vault.get_config_passtore(pass_name)

Get config in passwordstore and convert it as yaml

pass_name is the name of documents contain config

unseal_vault.get_config_yaml

unseal_vault.get_config_yaml(yaml_file)

Get config in yaml file to avoid password store stuff

yaml_file is the filename contain config

unseal_vault.consul_get_vault_server

unseal_vault.consul_get_vault_server(vault_name)

Get vault server list in Consul And keep only important fields

vault_name is the Vault service name defined in Consul

unseal_vault.unseal

unseal_vault.unseal(host, port, unseal_keys, name=None)

Unseal one server

host the hostname or ip server want to unlock

port the Vault TCP port

unseal_keys the unseal keys list