27 lines
584 B
Python
27 lines
584 B
Python
import os
|
|
from hvac import Client
|
|
from hvac.api.auth_methods import Kubernetes
|
|
|
|
VAULT_URL = os.environ['VAULT_ADDR']
|
|
VAULT_ROLE = os.environ['VAULT_ROLE']
|
|
VAULT_PATH = os.environ['VAULT_PATH']
|
|
VAULT_MOUNT = 'kubernetes'
|
|
SECRET_NAME = 'MY_SERCRECT'
|
|
|
|
print(VAULT_URL)
|
|
print(VAULT_ROLE)
|
|
|
|
client = Client(url=VAULT_URL)
|
|
|
|
token = open('/var/run/secrets/kubernetes.io/serviceaccount/token')
|
|
|
|
jwt = token.read()
|
|
|
|
Kubernetes(client.adapter).login(
|
|
role = VAULT_ROLE,
|
|
jwt = jwt,
|
|
mount_point=VAULT_MOUNT
|
|
)
|
|
|
|
secret = client.read(VAULT_PATH)
|
|
print(secret['data']['data'][SECRET_NAME]) |