Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nagyesta/lowkey-vault-example-python
POC example for using Lowkey Vault in your Python project.
https://github.com/nagyesta/lowkey-vault-example-python
Last synced: 13 days ago
JSON representation
POC example for using Lowkey Vault in your Python project.
- Host: GitHub
- URL: https://github.com/nagyesta/lowkey-vault-example-python
- Owner: nagyesta
- License: mit
- Created: 2022-05-14T08:28:52.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-23T17:37:48.000Z (14 days ago)
- Last Synced: 2024-10-24T01:36:05.883Z (13 days ago)
- Language: Python
- Size: 200 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
[](https://raw.githubusercontent.com/nagyesta/lowkey-vault-example-python/main/LICENSE)
[](https://github.com/nagyesta/lowkey-vault-example-python/actions/workflows/python.yml)
[](https://github.com/nagyesta/lowkey-vault)
# Lowkey Vault - Example Python
This is an example for [Lowkey Vault](https://github.com/nagyesta/lowkey-vault). It demonstrates a basic scenario where
a key is used for encrypt/decrypt operations and database connection specific credentials as well as getting a PKCS12
store with a certificate and matching private key inside.
### Points of interest
* [Key "repository"](src/azure_key_repository.py)
* [Secret "repository"](src/azure_secret_repository.py)
* [Certificate "repository"](src/azure_certificate_repository.py)
* [Empty credentials for connecting to Lowkey Vault](tests/noop_credential.py) (not needed if [Assumed Identity](https://github.com/nagyesta/assumed-identity) is used)
* [Tests](tests/test.py)
* TestRepository is using [NoopCredential](tests/noop_credential.py) for authentication to demonstrate integration with
* Secrets
* Keys
* Certificates
* TestRepositoryWithManagedIdentity is performing exactly the same but, it is using the DefaultAzureCredential with [Assumed Identity](https://github.com/nagyesta/assumed-identity)
### Usage
1. Start [Lowkey Vault](https://github.com/nagyesta/lowkey-vault) and [Assumed Identity](https://github.com/nagyesta/assumed-identity)
1. Either by following the steps [here](https://github.com/nagyesta/lowkey-vault#quick-start-guide) and [here](https://github.com/nagyesta/assumed-identity#usage).
2. Or running ```docker-compose up -d```
2. Set ```REQUESTS_CA_BUNDLE``` environment variable to reference [lowkeyvault.pem](lowkeyvault.pem)
3. If you are not using the default `169.254.169.254:80` address for Assumed Identity (because for example you are running it in the cloud)
1. Set ```AZURE_POD_IDENTITY_AUTHORITY_HOST``` environment variable to point to the Assumed Identity base URL e.g., http://localhost:8080
2. Set ```IMDS_ENDPOINT``` environment variable to point to the Assumed Identity base URL e.g., http://localhost:8080
3. Set ```IDENTITY_ENDPOINT``` environment variable to point to the `/metadata/identity/oauth2/token` path of Assumed Identity e.g., http://localhost:8080/metadata/identity/oauth2/token
4. Create an empty file named ```/var/opt/azcmagent/tokens/assumed-identity.key``` to let the client think that you are using Azure Arc for Managed Identity
4. Run the tests
> [!NOTE]
> In order to better understand what is needed in general to make similar examples work, please find a generic overview
[here](https://github.com/nagyesta/lowkey-vault/wiki/Example:-How-can-you-use-Lowkey-Vault-in-your-tests).
> [!TIP]
> Since v2.4.2, Lowkey Vault is providing the same token endpoint on the `8080` port by default. Therefore, you don't need to start another container.
> [!NOTE]
> To be able to use Azure Identity 1.18.0+ you must use Lowkey Vault 2.5.0+ as earlier versions don't provide the necessary headers in the token response.