vault-access-tool/vault_tool.py

"""
title: Hashicorp Vault Tool
author: Josh Knapp
version: 0.4.5
"""

import subprocess
import os
import hvac
import urllib3
from pydantic import BaseModel, Field


# Try to import hvac, install if not present
try:
    import hvac
except ImportError:
    print("hvac package not found. Attempting to install...")
    try:
        subprocess.check_call([sys.executable, "-m", "pip", "install", "hvac"])
        import hvac

        print("hvac package installed successfully")
    except subprocess.CalledProcessError as e:
        print(f"Failed to install hvac package: {str(e)}")


class Tools:
    class Valves(BaseModel):
        VAULT_ADDR: str = Field(
            default="",
            description="The Web Address for the Vault Server",
        )
        TLS_VERIFY: bool = Field(
            default="False",
            description="Check the TLS Certificate for the Vault Server",
        )

    def __init__(self):
        self.valves = self.Valves()
        pass

    def get_vault_secret(self, path: str, token: str) -> str:
        """
        Read secrets stored within HashiCorp Vault based on the path provided by the user.
        :param token: Vault authentication token
        :param path: Path to the secret in Vault
        :return: The value of the secret or the error message if one is produced

        """
        # Check if Vault Address has been set
        if not self.valves.VAULT_ADDR:
            return "The Vault Address has not been set. Please define it in the Tool's Valves"
        # Check if a Token is set
        if not token:
            return f"No token defined, please either provide one in the prompt or via an Environment Variable {token}"
        vault_addr = self.valves.VAULT_ADDR
        # Attempt to connect to HashiCorp Vault
        try:
            if self.valves.TLS_VERIFY == True:
                client = hvac.Client(
                    url=vault_addr, token=token, verify=self.valves.TLS_VERIFY
                )
            else:
                urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
                client = hvac.Client(
                    url=vault_addr, token=token, verify=self.valves.TLS_VERIFY
                )
            # Check Authentication
            if not client.is_authenticated():
                return "Failed to authenticate with Vault"

            # Split path to separate the key if it exists
            path_parts = path.rsplit(".", 1)
            secret_path = path_parts[0]
            key = path_parts[1] if len(path_parts) > 1 else "value"
            try:
                secret = client.read(secret_path)
                if secret and "data" in secret:
                    secret_data = secret["data"]
                    if key in secret_data:
                        return secret_data[key]
                    else:
                        return f"Key '{key}' not found in KV v1 secret path. Check your secret path and ensure the token used has the appropriate permissions."

            except Exception as e:
                print(f"KV v1 attempt failed: {str(e)}")
                return f"Secret not found at path: {path}"
        except Exception as e:
            return f"Error connecting to Vault: {str(e)}"
update the version for PoC 2024-12-16 16:34:09 +00:00			`"""`
			`title: Hashicorp Vault Tool`
			`author: Josh Knapp`
			`version: 0.4.5`
			`"""`

adding files to be merged into main 2024-12-12 16:02:39 +00:00			`import subprocess`
			`import os`
update the version for PoC 2024-12-16 16:34:09 +00:00			`import hvac`
			`import urllib3`
			`from pydantic import BaseModel, Field`
adding files to be merged into main 2024-12-12 16:02:39 +00:00

update the version for PoC 2024-12-16 16:34:09 +00:00			`# Try to import hvac, install if not present`
			`try:`
			`import hvac`
			`except ImportError:`
			`print("hvac package not found. Attempting to install...")`
adding files to be merged into main 2024-12-12 16:02:39 +00:00			`try:`
update the version for PoC 2024-12-16 16:34:09 +00:00			`subprocess.check_call([sys.executable, "-m", "pip", "install", "hvac"])`
adding files to be merged into main 2024-12-12 16:02:39 +00:00			`import hvac`
update the script for type secrets 2024-12-12 17:17:00 +00:00
update the version for PoC 2024-12-16 16:34:09 +00:00			`print("hvac package installed successfully")`
			`except subprocess.CalledProcessError as e:`
			`print(f"Failed to install hvac package: {str(e)}")`

adding files to be merged into main 2024-12-12 16:02:39 +00:00
update the version for PoC 2024-12-16 16:34:09 +00:00			`class Tools:`
			`class Valves(BaseModel):`
			`VAULT_ADDR: str = Field(`
			`default="",`
			`description="The Web Address for the Vault Server",`
			`)`
			`TLS_VERIFY: bool = Field(`
			`default="False",`
			`description="Check the TLS Certificate for the Vault Server",`
			`)`
adding files to be merged into main 2024-12-12 16:02:39 +00:00
update the version for PoC 2024-12-16 16:34:09 +00:00			`def __init__(self):`
			`self.valves = self.Valves()`
			`pass`
adding files to be merged into main 2024-12-12 16:02:39 +00:00
update the version for PoC 2024-12-16 16:34:09 +00:00			`def get_vault_secret(self, path: str, token: str) -> str:`
			`"""`
			`Read secrets stored within HashiCorp Vault based on the path provided by the user.`
			`:param token: Vault authentication token`
			`:param path: Path to the secret in Vault`
			`:return: The value of the secret or the error message if one is produced`
adding files to be merged into main 2024-12-12 16:02:39 +00:00
update the version for PoC 2024-12-16 16:34:09 +00:00			`"""`
			`# Check if Vault Address has been set`
			`if not self.valves.VAULT_ADDR:`
			`return "The Vault Address has not been set. Please define it in the Tool's Valves"`
			`# Check if a Token is set`
			`if not token:`
			`return f"No token defined, please either provide one in the prompt or via an Environment Variable {token}"`
			`vault_addr = self.valves.VAULT_ADDR`
			`# Attempt to connect to HashiCorp Vault`
			`try:`
			`if self.valves.TLS_VERIFY == True:`
			`client = hvac.Client(`
			`url=vault_addr, token=token, verify=self.valves.TLS_VERIFY`
			`)`
			`else:`
			`urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)`
			`client = hvac.Client(`
			`url=vault_addr, token=token, verify=self.valves.TLS_VERIFY`
			`)`
			`# Check Authentication`
adding files to be merged into main 2024-12-12 16:02:39 +00:00			`if not client.is_authenticated():`
update the version for PoC 2024-12-16 16:34:09 +00:00			`return "Failed to authenticate with Vault"`
adding files to be merged into main 2024-12-12 16:02:39 +00:00
			`# Split path to separate the key if it exists`
update the script for type secrets 2024-12-12 17:17:00 +00:00			`path_parts = path.rsplit(".", 1)`
adding files to be merged into main 2024-12-12 16:02:39 +00:00			`secret_path = path_parts[0]`
update the script for type secrets 2024-12-12 17:17:00 +00:00			`key = path_parts[1] if len(path_parts) > 1 else "value"`
adding files to be merged into main 2024-12-12 16:02:39 +00:00			`try:`
update the version for PoC 2024-12-16 16:34:09 +00:00			`secret = client.read(secret_path)`
			`if secret and "data" in secret:`
			`secret_data = secret["data"]`
			`if key in secret_data:`
			`return secret_data[key]`
adding files to be merged into main 2024-12-12 16:02:39 +00:00			`else:`
update the version for PoC 2024-12-16 16:34:09 +00:00			`return f"Key '{key}' not found in KV v1 secret path. Check your secret path and ensure the token used has the appropriate permissions."`
adding files to be merged into main 2024-12-12 16:02:39 +00:00
			`except Exception as e:`
update the version for PoC 2024-12-16 16:34:09 +00:00			`print(f"KV v1 attempt failed: {str(e)}")`
			`return f"Secret not found at path: {path}"`
adding files to be merged into main 2024-12-12 16:02:39 +00:00			`except Exception as e:`
update the version for PoC 2024-12-16 16:34:09 +00:00			`return f"Error connecting to Vault: {str(e)}"`