Adds admin_users map and keyvault policy This adds an admin_users map as well as a new policy in the keyvault module. When run, this will apply an administrator policy for users in the admin_users map. With these permissions, the admin users will be able to manage secrets and keys in keyvault. 169163334 - Initial secrets-tool commit Adds admin_users map and keyvault policy This adds an admin_users map as well as a new policy in the keyvault module. When run, this will apply an administrator policy for users in the admin_users map. With these permissions, the admin users will be able to manage secrets and keys in keyvault. 170237669 - Makes the read only policy for keyvault optional and only create the policy if a principal_id is passed 170237669 - Adds new operator keyvault for secrets This is a new keyvault specifically for storing operator secrets and things that would not be accessible to applications. The primary use case for this is for launching things like postgres (root postgres creds) and other services which would require secrets to be added to the terraform configuration. This approach avoids adding secrets to terraform. An accompanying script will be added to populate the new keyvault.
19 lines
445 B
Python
19 lines
445 B
Python
import logging
|
|
from azure.keyvault.keys import KeyClient
|
|
from .auth import Auth
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
KEY_SIZE=2048
|
|
KEY_TYPE='rsa'
|
|
|
|
class keys(Auth):
|
|
def __init__(self, *args, **kwargs):
|
|
super(keys, self).__init__(*args, **kwargs)
|
|
self.key_client = KeyClient(vault_url=self.vault_url, credential=self.credentials)
|
|
|
|
def get_key(self):
|
|
return self.key_client
|
|
|
|
def create_key(self):
|
|
pass |