This module adds tools for working with vaults. Two types of vaults are available: HashiCorp and Secret Manager.
Only one type of secret storage is available: key and value.
There are json schemas for storing a single key value (KeySecretType),
a pair of secrets (KeyPairSecretType) and a login/password (LoginPasswordType)
1. The module provides a new field type VaultSecretField.
Thanks to this field the filled data will be stored in the vault
and the secret path will be stored in the database.
The field can be used in any model, including res.config.settings to store module settings.
# Examples of working with vault field:
# model
class ResConfigSettings(models.TransientModel):
_inherit = “res.config.settings”
secret = VaultSecretField(secret_type=KeyPairSecretType.type)
# view
<field name=“arch” type=“xml”>
....
<field name=“secret” />
....
</field>
2. The module provides a VaultSecret API class that performs standard CRUD interaction with a vault.
# Examples of working with the API class:
# Create
new_secret = VaultSecret.save_secret(
LoginPasswordType.type, login=login, password=password
)
# or
new_secret = VaultSecret(path="custom/path", secret_type=LoginPasswordType)
new_secret.write_secret({"login": login, "password": password})
# Get
secret = new_secret.get_secret()
login = secret['login']
password = secret['password']
# Write
new_secret.write_secret({"login": login, "password": password})
# Delete
new_secret.delete_secret()