common.configuration.providers.vault
VaultDocProvider Objects
class VaultDocProvider(BaseDocProvider)
A toml-backed Vault abstract config provider.
This provider allows implementation of providers that store secrets in external vaults: like Hashicorp, Google Secrets or Airflow Metadata.
The basic working principle is obtain config and secrets values from Vault keys and reconstitute a secrets.toml
like document that is then used
as a cache.
The implemented must provide _look_vault
method that returns a value from external vault from external key.
To reduce number of calls to external vaults the provider is searching for a known configuration fragments which should be toml documents and merging them with the
- only keys with secret type hint (CredentialsConfiguration, TSecretValue) will be looked up by default.
- provider gathers
toml
document fragments that contain source and destination credentials in path specified below - single values will not be retrieved, only toml fragments by default
__init__
def __init__(only_secrets: bool, only_toml_fragments: bool) -> None
Initializes the toml backed Vault provider by loading a toml fragment from dlt_secrets_toml
key and using it as initial configuration.
extended_summary
Arguments:
only_secrets
bool - Only looks for secret values (CredentialsConfiguration, TSecretValue) by returning None (not found)only_toml_fragments
bool - Only load the known toml fragments and ignore any other lookups by returning None (not found)