Reference Guide

This library provides classes that allow Envase applications and services to store, retrieve, and manage secrets using the Envase Vault<http://coredocs.envaseconnect.cloud/vault/> service. The client classes provide a consistent interface that allows the applications and services to choose the preferred method to connect to Envase Vault.

The following sections document the different clients supported, as well as other functionality provided.

Data Structures

envc.data

This module provides data structures and constants that can be used with the client interface.

class FunctionNameProvider(environment)
class ResponseWrapper(response)
class SecretData(key, serializable_secret_data, description=None)

This class represents the information of a secret and can be used with the different clients to create or update secrets. The class requires a key and a serializable object containing the secret information. A description can also be specified.

This class exposes a property ‘key’ which returns the key of the secret.

Parameters

  • key (str) – A valid secret key.

  • serializable_secret_data (serializable) – A serializable object that represents the secret information.

  • description (str) – An optional description of the secret.

class UrlProvider(environment)

This class is used internally to determine the correct API endpoint for the different operations in the Envase Vault manager. Most applications will not need to use this class.

The class is initialized with the environment identifier to insure the URLs are correct.

Parameters

environment (str) – A supported environment identifier. The identifier is case-insensitive.

get_organization_secret_url(organization_id, secret_key)

Returns the URL for the organization secret specified.

Parameters

  • organization_id (str) – Organization id for which to resolve the URL.

  • secret_key (str) – Key for the organization secret to resolve the URL.

get_organization_secrets_url(organization_id)

Returns the root URL for the specified organization_id organization secrets.

Parameters

organization_id (str) – Organization id for which to resolve the URL.

get_secret_url(secret_key)

Returns the URL for the secret identified by the secret_key.

Parameters

secret_key (str) – Key of the secret for which to resolve the URL.

get_secrets_url()

Returns the URL for the standard secrets.

HTTP Client

envc.http

This module implements the Vault client interface and uses HTTP to communicate with the Envase Vault service.

Important

Applications using the client on this module must add requests as a dependency because this library doesn’t install it.

class Client(environment, authorizer, _test_http=None)

HTTP implementation of the Vault client interface. The class requires the environment to be specified, as well as a valid authorizer object for Envase Vault.

Parameters

  • environment (str) – Environment identifier for the client to communicate with the service.

  • authorizer (Authorizer) – A valid authorizer that can handle authorization against Envase Identity Manager (see en-auth reference guide for more information).

create_organization_secret(organization_id, serializable_secret)

Creates a new secret for the specified organization.

Parameters

  • organization_id (str) – Id of the organization for which to create the secret.

  • serializable_secret (serializable) – A serializable object that can be serialized to the correct payload. Most applications and services will use an instance of envc.data.SecretData.

create_secret(serializable_secret)

Creates a new standard secret.

Parameters

serializable_secret (serializable) – A serializable object that can be serialized to the correct payload. Most applications and services will use an instance of envc.data.SecretData.

delete_organization_secret(organization_id, key)

Deletes the secret for the specified organization and key.

Parameters

  • organization_id (str) – Id of the organization that owns the secret.

  • key (str) – Key used to store the secret.

Returns

True if the secret was deleted successfully, False otherwise.

delete_secret(key)

Deletes the secret for the specified key.

Parameters

key (str) – Key used to store the secret.

Returns

True if the secret was deleted successfully, False otherwise.

get_organization_secret(organization_id, key)

Returns the secret information for the specified organization and key.

Parameters

  • organization_id (str) – Id of the organization that owns the secret.

  • key (str) – Key used to store the secret.

Returns

An object that wraps the secret data and provides the attributes to access it.

get_secret(key)

Returns the secret information for the specified key.

Parameters

key (str) – Key used to store the secret.

Returns

An object that wraps the secret data and provides the attributes to access it.

update_organization_secret(organization_id, serializable_secret)

Updates a secret for the specified organization.

Parameters

  • organization_id (str) – Id of the organization for which to update the secret.

  • serializable_secret (serializable) – A serializable object that can be serialized to the correct payload, and exposes a property ‘key’ that returns the secret key. Most applications and services will use an instance of envc.data.SecretData.

update_secret(serializable_secret)

Updates an existing standard secret.

Parameters

serializable_secret (serializable) – A serializable object that can be serialized to the correct payload, and exposes a property ‘key’ that returns the secret key. Most applications and services will use an instance of envc.data.SecretData.

Serverless Client

envc.serverless

This module implements the Vault client interface and uses direct AWS lambda invokation to communicate with the Envase Vault service.

Important

This module is not fully implemented.

class Client(environment, dispatcher)

AWS Lambda implementation of the Vault client interface. The class requires the environment to be specified, as well as a valid dispatcher used to invoke the functions.

Parameters

  • environment (str) – Environment identifier for the client to communicate with the service.

  • dispatcher (Dispatcher) – AWS Lambda dispatcher used to invoke the functions.

get_secret(key)

Returns the secret information for the specified key.

Parameters

key (str) – Key used to store the secret.

Returns

An object that wraps the secret data and provides the attributes to access it.

Exceptions

envc.exceptions

This module provides exception classes used by the library to report errors.

exception VaultClientError(status_code, serializable_data)

This class wraps the error information returned by Envase Vault, so that applications and services can retrieve that information when handling the exceptions. The class is initialized with the status code returned by Envase Vault, as well as the error data.

Parameters

  • status_code (int) – Status code returned by Envase Vault.

  • serializable_data (serializable) – Error information returned by Envase Vault.