Skip to content
/ vaultpost Public

Using Vault to generate short lifetime postgresql creds for Django

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

night-crawler/vaultpost

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
pgvault
pgvault
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Inspired by https://github.com/jdelic/django-postgresql-setrole

hashicorp/vault#1857 (comment)

client.write(
    join(PG_MOUNT, 'config/connection'),
    lease='10s', lease_max='10s',
    connection_url='postgresql://'
                   'vault:azaza'
                   '@trash.force.fm:5432/postgres'
)
client.write(
    join(PG_MOUNT, 'roles', 'db-full-access'),
    sql="""
    CREATE ROLE "{{name}}"
        WITH LOGIN ENCRYPTED PASSWORD '{{password}}'
        VALID UNTIL '{{expiration}}'
        IN ROLE "force_fm" INHERIT NOCREATEROLE NOCREATEDB NOSUPERUSER NOREPLICATION NOBYPASSRLS;
    """,
    revocation_sql="""
    DROP ROLE "{{name}}";
    """
)
DATABASES = {
    'default': {
        'NAME': 'force_fm',
        'ENGINE': 'pgvault',
        'HOST': 'trash.force.fm',
        'USER': 'force_fm',  # SET ROLE USER
        'PORT': '',
        'CONN_MAX_AGE': 6000,
        'VAULT': {
            'URL': 'https://trash.force.fm:18400',
            'TOKEN': '',
            'MOUNT': 'force.fm/postgresql',
            'ROLE': 'db-full-access',
            'CERTS': (
                os.path.join(CERTS_DIR, 'client1__bundle.crt'),
                os.path.join(CERTS_DIR, 'client1.key'),
            ),
            'VERIFY': os.path.join(CERTS_DIR, 'force.fm__root_ca.crt'),
        }
    }
}

About

Using Vault to generate short lifetime postgresql creds for Django

Topics

django vault django-database

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages