GitHub - night-crawler/vaultpost: Using Vault to generate short lifetime postgresql creds for Django

Inspired by https://github.com/jdelic/django-postgresql-setrole

client.write(
    join(PG_MOUNT, 'config/connection'),
    lease='10s', lease_max='10s',
    connection_url='postgresql://'
                   'vault:azaza'
                   '@trash.force.fm:5432/postgres'
)
client.write(
    join(PG_MOUNT, 'roles', 'db-full-access'),
    sql="""
    CREATE ROLE "{{name}}"
        WITH LOGIN ENCRYPTED PASSWORD '{{password}}'
        VALID UNTIL '{{expiration}}'
        IN ROLE "force_fm" INHERIT NOCREATEROLE NOCREATEDB NOSUPERUSER NOREPLICATION NOBYPASSRLS;
    """,
    revocation_sql="""
    DROP ROLE "{{name}}";
    """
)

DATABASES = {
    'default': {
        'NAME': 'force_fm',
        'ENGINE': 'pgvault',
        'HOST': 'trash.force.fm',
        'USER': 'force_fm',  # SET ROLE USER
        'PORT': '',
        'CONN_MAX_AGE': 6000,
        'VAULT': {
            'URL': 'https://trash.force.fm:18400',
            'TOKEN': '',
            'MOUNT': 'force.fm/postgresql',
            'ROLE': 'db-full-access',
            'CERTS': (
                os.path.join(CERTS_DIR, 'client1__bundle.crt'),
                os.path.join(CERTS_DIR, 'client1.key'),
            ),
            'VERIFY': os.path.join(CERTS_DIR, 'force.fm__root_ca.crt'),
        }
    }
}

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
pgvault		pgvault
.gitignore		.gitignore
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pgvault

pgvault

.gitignore

.gitignore

README.md

README.md

Repository files navigation

About

Releases

Packages

Languages

night-crawler/vaultpost

Folders and files

Latest commit

History

Repository files navigation

About

Topics

Resources

Stars

Watchers

Forks

Languages