| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 454 |
| Technical Name |
vault_connector |
| License | OPL-1 |
| Versions | 16.0 17.0 |
Vault connector
This module adds tools for working with vaults. Two types of vaults are available:
- HashiCorp Vault
- Google Secret Manager
The type of secret storage is key/value. The module has three ready-made json schemes for storing a single key value (KeySecretType), a pair of secrets (KeyPairSecretType) and a login/password (LoginPasswordType).
Usage
In this module you can use:
Vault Field
The module provides a new field type VaultSecretField. Thanks to this field the filled data will be stored in the vault and the secret path will be stored in the database. The field can be used in any model, including res.config.settings to store module settings.
# Examples of working with vault fields.
# model.py
from odoo.addons.vault_connector.fields import VaultSecretField
from odoo.addons.vault_connector.vault.types import KeySecretType, KeyPairSecretType, LoginPasswordType
class YourModel(models.Model):
_name = "your_model"
secret = VaultSecretField(secret_type=KeySecretType.type)
accesses = VaultSecretField(secret_type=KeyPairSecretType.type)
login_accesses = VaultSecretField(secret_type=LoginPasswordType.type)
def _get_secret(self):
"""Get secret from vault"""
self.ensure_one()
return self.secret.get_secret()
def _get_accesses(self):
"""Get accesses from vault"""
self.ensure_one()
return self.accesses.get_secret()
def _get_login_accesses(self):
"""Get login/password from vault"""
self.ensure_one()
return self.login_accesses.get_secret()
# view.xml
<field name=“arch” type=“xml”>
....
<field name=“secret” />
<field name=“accesses” />
<field name=“login_accesses” />
....
</field>
UI view
UI after filling and saving data
How it's look like in DB
How it's look like in Vault
Extra Example
# Example of working with vault fields for res.config.settings model:
# model
class ResConfigSettings(models.TransientModel):
_inherit = “res.config.settings”
secret = VaultSecretField(secret_type=KeySecretType.type)
accesses = VaultSecretField(secret_type=KeyPairSecretType.type)
login_accesses = VaultSecretField(secret_type=LoginPasswordType.type)
def _get_secret(self):
secret = self.env["ir.config_parameter"].sudo().get_secret_param("secret")
accesses = self.env["ir.config_parameter"].sudo().get_secret_param("accesses")
login_accesses = self.env["ir.config_parameter"].sudo().get_secret_param("login_accesses")
# view
<field name=“arch” type=“xml”>
....
<field name=“secret” />
<field name=“accesses” />
<field name=“login_accesses” />
....
</field>
Communicate with Vault
The module provides a VaultSecret API class that performs standard CRUD interaction with a vault.
# Examples of working with the API class:
# Create
new_secret = VaultSecret.save_secret(
LoginPasswordType.type, login=login, password=password
)
# or
new_secret = VaultSecret(path="custom_path", secret_type=LoginPasswordType)
new_secret.write_secret({"login": login, "password": password})
# Get
secret = new_secret.get_secret()
login = secret['login']
password = secret['password']
# Write
new_secret.write_secret({"login": login, "password": password})
# Delete
new_secret.delete_secret()
Configuration
Using Google Secret Manager:
;Odoo configuration file
[vault]
driver=google
For Google authentication, check the google-api-core documentation
Using HashiCorp Vault:
;Odoo configuration file
[vault]
driver=hashicorp
vault_url = http://127.0.0.1:8200
;Extra parameters for authentication
;client_cert_path = /path/intermediate.cert.pem
;client_key_path = /path/pki_intermediate.csr
;server_cert_path = /path/root_ca.crt
;vault_token = 1234567890
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module