Warn if insecure vault endpoint is used (#53)

danielcoman · web-flow · commit df2d1601ebc1 · 2021-04-23T11:51:31.000+03:00
diff --git a/examples/secrets/default.yaml b/examples/secrets/default.yaml
@@ -0,0 +1,3 @@
+---
+secret_path_v2: "{{vault.path(/kv2_secret)}}"
+secret_key_v2: "{{vault.key(/kv2_secret/key)}}"
diff --git a/himl/simplevault.py b/himl/simplevault.py
@@ -26,7 +26,9 @@ def get_vault_client(self):
         namespace = os.getenv('VAULT_NAMESPACE')
         verify = not strtobool(os.getenv('VAULT_SKIP_VERIFY', 'false'))
 
-        logger.info("Vault using url: {}, namespace: {}, verify: {}".format(url, namespace, verify))
+        logger.info("Vault using url: {}, namespace: {}".format(url, namespace))
+        if not verify:
+            logger.warning("Using insecure vault endpoint, verify: {}".format(verify))
 
         client = hvac.Client(
             url=url,
@@ -76,7 +78,6 @@ def get_path(self, path):
 
     def get_key(self, path, key):
         secret_data = self.get_path(path)
-        print(secret_data)
         secret_key_value = secret_data[key]
 
         return secret_key_value

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+---`
	`2`	`+secret_path_v2: "{{vault.path(/kv2_secret)}}"`
	`3`	`+secret_key_v2: "{{vault.key(/kv2_secret/key)}}"`