Skip to content
/ hc_vault Public

Poc- Django web app for fetching data from a list of Hashicorp Vault nodes/cluster and showing to the browser with bootstrap and adminlte.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

escomputers/hc_vault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

132 Commits

.github/workflows

.github/workflows

 
 

vault

vault

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

app_vault_entities.drawio

app_vault_entities.drawio

 
 

create_vault_cluster.py

create_vault_cluster.py

 
 

dev-requirements.txt

dev-requirements.txt

 
 

prod-requirements.txt

prod-requirements.txt

 
 

Repository files navigation

whoami

Django web app, with Django Q as multiprocessing task queue for fetching data from a list of Hashicorp Vault nodes/cluster and showing to the browser with bootstrap and adminlte.

This PoC is based on fetching Vault entities and get notified via email if a specific threshold is being reached.

pre-requisites

  • Docker
  • Vault nodes/cluster
  • Python >= 3.9

getting started

  1. If you need some Vault nodes
python -m pip install -r dev-requirements.txt
python create_vault_cluster.py

This will create N Vault nodes (using Docker official image) with this config:

  • Seal type: shamir
  • Storage type: file (non HA)
  • UI enabled
  • TLS disabled
  • Docker volume /vault/logs, to use for writing persistent audit logs. By default nothing is written here; the file audit backend must be enabled with a path under this directory.
  • Docker volume /vault/file, to use for writing persistent storage data when using the file data storage plugin. By default nothing is written here.

Nodes are nitialized with default secret keyshares and key threshold of 1.

Each Vault will listen at http://0.0.0.0:<PORT> where PORT will change based on the Vault node number, starting from 8200.

E.g. If 5 nodes are created, you have:

http://localhost:8200
http://localhost:8201
http://localhost:8202
http://localhost:8203
http://localhost:8204

Unseal keys and root tokens are within vault_data.txt

NB: Vault nodes must be unsealed

  1. Set env variables
DJANGO_SECRET_KEY
VAULT TOKEN
  1. Django init
python -m pip install -r prod-requirements.txt
python manage.py makemigrations
python manage.py migrate
python manage.py createsuperuser

  1. Create Django "superuser" group and assign user to it

  2. Enable Django ORM

python manage.py createcachetable django_orm_cache_table

# uncomment in settings.py
"""
CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.db.DatabaseCache',
        'LOCATION': 'django_orm_cache_table',
    }
}
"""
  1. Run
python manage.py runserver
python manage.py qcluster
  1. Create scheduled job login to http://127.0.0.1:8000/admin/django_q/schedule/ and set required parameters:
Name: <whatever>
Func: modules.vault.get_entities
Schedule Type: <whatever>
Cluster: VaultCrawler

About

Poc- Django web app for fetching data from a list of Hashicorp Vault nodes/cluster and showing to the browser with bootstrap and adminlte.

Topics

javascript python bootstrap jquery adminlte django-application webapp hashicorp-vault multiprocessing-library django-q monitoring-tool

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages