Python Vault client hvac doesn't support values from files and json files

[KIRAN PRANEETH]

I observed that hvac client doesn't support value=@file.txt and file.json to read key values from files. Is it s known limitation? I am hesitant to use vault go binary because I would want to avoid distribution of Vault binaries to all our dev's workspaces.

Cheers

[Craig Sawyer]

On Monday, January 23, 2017 at 12:57:45 PM UTC-7, KIRAN PRANEETH wrote:

I observed that hvac client doesn't support value=@file.txt and file.json to read key values from files. Is it s known limitation? I am hesitant to use vault go binary because I would want to avoid distribution of Vault binaries to all our dev's workspaces.

Cheers

You would probably be better served contacting the hvac project directly (https://github.com/ianunruh/hvac/issues) by filing an issue.  You can of course still use hvac, and just add that functionality in a wrapper script you write yourself.  JSON support is built-in to recent (2.6(?)) versions of python, so you should have no trouble doing that.  Alternatively  you can write it yourself and add a pull request to the github project for inclusion in newer releases of hvac.

As for distributing the vault binary or the hvac library, you have to distribute one or the other either way, so I don't see much difference.  One advantage of distributing the vault binary, is they can then run vault in -dev move, and that will probably help with testing, bringing your developers up to speed(i.e. giving them a place to play without breaking stuff), etc.

[KIRAN PRANEETH]

I agree it will give them that ability. But also I want to avoid them from providing values on commandline accidentally and get it into history. By giving them a wrapper I can enforce certain criteria.  While one can choose to hack the wrappers I give them and add value input as an option in command line or arguments of the script but thats a conscious breach.