Option to retrive only a key value from vault (#37)

danielcoman · web-flow · commit 1ee2c81bd37d · 2021-03-02T18:40:55.000+02:00
diff --git a/himl/secret_resolvers.py b/himl/secret_resolvers.py
@@ -9,6 +9,7 @@
 # governing permissions and limitations under the License.
 
 import logging
+import os
 from .simplessm import SimpleSSM
 from .simples3 import SimpleS3
 from .simplevault import SimpleVault
@@ -85,6 +86,12 @@ def resolve(self, secret_type, secret_params):
             path = self.get_param_or_exception("path", secret_params)
             return vault().get_path(path)
 
+        if "key" in secret_params.keys():
+            key_path = os.path.split(self.get_param_or_exception("key", secret_params))
+            path = key_path[0]
+            key = key_path[1]
+            return vault().get_key(path, key)
+
 
 class AggregatedSecretResolver(SecretResolver):
     def __init__(self, default_aws_profile=None):
diff --git a/himl/simplevault.py b/himl/simplevault.py
@@ -66,8 +66,14 @@ def get_token(self, policy):
     def get_path(self, path):
         mount_point = os.getenv('VAULT_MOUNT_POINT', 'kv')
         client = self.get_vault_client()
-
         result = client.secrets.kv.v2.read_secret_version(mount_point=mount_point, path=path)
         secret_data = result['data']['data']
 
         return secret_data
+
+    def get_key(self, path, key):
+        secret_data = self.get_path(path)
+        print(secret_data)
+        secret_key_value = secret_data[key]
+
+        return secret_key_value
