Skip to content

Commit

Permalink
feat: add gcp get secret support
Browse files Browse the repository at this point in the history
  • Loading branch information
@narenaryan
narenaryan committed Jan 15, 2025
1 parent 9d5046c commit a2a6874
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 8 deletions.
36 changes: 31 additions & 5 deletions src/whispr/cli.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,37 @@ def secret():


@click.command()
@click.option("-s", "--secret-name", nargs=1, type=click.STRING, help="Secret name to fetch from a vault")
@click.option("-v", "--vault", nargs=1, type=click.STRING, help="Vault type. Available values: aws, azure, gcp")
@click.option("-r", "--region", nargs=1, type=click.STRING, help="Region (AWS-only property)") # AWS
@click.option("-u", "--vault-url", nargs=1, type=click.STRING, help="Vault URL (Azure-only property)") # Azure
@click.option("-p", "--project-id", nargs=1, type=click.STRING, help="Project ID (GCP-only property)") # GCP
@click.option(
"-s",
"--secret-name",
nargs=1,
type=click.STRING,
help="Secret name to fetch from a vault",
)
@click.option(
"-v",
"--vault",
nargs=1,
type=click.STRING,
help="Vault type. Available values: aws, azure, gcp",
)
@click.option(
"-r", "--region", nargs=1, type=click.STRING, help="Region (AWS-only property)"
) # AWS
@click.option(
"-u",
"--vault-url",
nargs=1,
type=click.STRING,
help="Vault URL (Azure-only property)",
) # Azure
@click.option(
"-p",
"--project-id",
nargs=1,
type=click.STRING,
help="Project ID (GCP-only property)",
) # GCP
def get(secret_name, vault, region, vault_url, project_id):
"""Fetches a vault secret and prints to standard output in JSON format. Output is parseable by `jq` tool. Used for quick audit of secret K:V pairs"""
vault_secrets = get_raw_secret(
Expand Down
19 changes: 16 additions & 3 deletions src/whispr/utils/vault.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ def prepare_vault_config(vault_type: str) -> dict:


def get_raw_secret(secret_name: str, vault: str, **kwargs) -> dict:
"""Get raw secret from vault"""
"""Get raw secret from the vault"""

if not vault:
logger.error(
Expand All @@ -87,15 +87,16 @@ def get_raw_secret(secret_name: str, vault: str, **kwargs) -> dict:
)
return {}

# Parse kwargs
region = kwargs.get("region")
vault_url = kwargs.get("vault_url")

project_id = kwargs.get("project_id")
config = {}

if vault == VaultType.AWS.value:
if not region:
logger.error(
f"No region option provided to get-secret sub command for vault: {vault}. Use --region=<val> option."
"No region option provided to get-secret sub command for AWS Vault. Use --region=<val> option."
)
return {}

Expand All @@ -112,6 +113,18 @@ def get_raw_secret(secret_name: str, vault: str, **kwargs) -> dict:
"vault": vault,
"vault_url": vault_url,
}
elif vault == VaultType.GCP.value:
if not project_id:
logger.error(
"No project ID option is provided to get-secret sub command for GCP Vault. Use --project-id=<val> option."
)
return {}

config = {
"secret_name": secret_name,
"vault": vault,
"project_id": project_id,
}

# Fetch secret based on the vault type
vault_secrets = fetch_secrets(config)
Expand Down

0 comments on commit a2a6874

Please sign in to comment.