""" Get Vault credentials recursively as json. Requirements: requests lib. Run pip to install it: $ pip install requests To run this command: $ python get_credentials.py """ import json import sys import requests def is_leaf(value): if value[-1] != '/': return value def is_branch(value): return value if value[-1] == '/' else None def find_credentials(url, token): """Build recursively and return a list of credentials endpoints""" # print(':: Visiting url {}'.format(url)) response = requests.request('LIST', url=url, headers={'X-Vault-Token': token}) if response.status_code == 200: data = response.json().get('data') keys = data and data.get('keys') if keys: branches = [key for key in map(is_branch, keys)] leaves = [key for key in map(is_leaf, keys)] # Clear lists by removing null values branches = [url + key for key in filter(None, branches)] leaves = [url + key for key in filter(None, leaves)] deep_leaves_urls = [] for branch_url in branches: deep_leaves_urls += find_credentials(branch_url, token) return leaves + deep_leaves_urls else: print(' :: No branch or credential found.') else: print(' :: Error opening url. HTTP status code={}'.format(response.status_code)) return [] def get_secret(url, token): """Access endpoint and get credential""" # print(':: Getting secret on {}'.format(url)) response = requests.get(url, headers={'X-Vault-Token': token}) if response.status_code == 200: data = response.json().get('data') if data: return data else: print(" :: No credential data found.") else: print(' :: Error opening url. HTTP status code={}'.format(response.status_code)) if __name__ == "__main__": if len(sys.argv) >= 3: url = sys.argv[1] token = sys.argv[2] paths = find_credentials(url, token) secrets = {path: get_secret(path, token) for path in paths} print(json.dumps(secrets)) else: print("\nUse {name} \n".format(name=sys.argv[0]))