dlt.common.configuration.providers.vault
VaultDocProvider Objects
class VaultDocProvider(BaseDocProvider)
A toml-backed Vault abstract config provider.
This provider allows implementation of providers that store secrets in external vaults: like Hashicorp, Google Secrets or Airflow Metadata.
The basic working principle is obtain config and secrets values from Vault keys and reconstitute a secrets.toml like document that is then used
as a cache.
The implemented must provide _look_vault method that returns a value from external vault from external key.
To reduce number of calls to external vaults the provider is searching for a known configuration fragments which should be toml documents and merging them with the
- only keys with secret type hint (CredentialsConfiguration, TSecretValue) will be looked up by default.
- provider gathers tomldocument fragments that contain source and destination credentials in path specified below
- single values will not be retrieved, only toml fragments by default
__init__
def __init__(only_secrets: bool,
             only_toml_fragments: bool,
             list_secrets: bool = False) -> None
Initializes the toml backed Vault provider by loading a toml fragment from dlt_secrets_toml key and using it as initial configuration.
Arguments:
- only_secretsbool - Only looks for secret values (CredentialsConfiguration, TSecretValue) by returning None (not found)
- only_toml_fragmentsbool - Only load the known toml fragments and ignore any other lookups by returning None (not found)
- list_secretsbool - When True, lists all available secrets once on first access to avoid unnecessary lookups