anupash147 · September 21, 2021 20:59
diff --git a/vault-keys-via-aws-role.py b/vault-keys-via-aws-role.py
 import hvac
 import boto3
 import os
 import json
 import sys

 if len(sys.argv) < 4 : exit(1)

 VAULT_URL = sys.argv[1]
 VAULT_ROLE = sys.argv[2]
 VAULT_PATH = sys.argv[3]

 #print("Read configuration from vault...")
 session = boto3.Session()
 creds = session.get_credentials().get_frozen_credentials()
 client = hvac.Client(url=VAULT_URL)
 vault_role = VAULT_ROLE
 #client.auth_aws_iam(credentials.access_key, credentials.secret_key, credentials.token, role=vault_role)
 client.auth.aws.iam_login(
    access_key=creds.access_key,
    secret_key=creds.secret_key,
    session_token=creds.token,
    role=vault_role,
    use_token=True,
    region='us-east-1',
 )

 try:
    for path in client.secrets.kv.v2.list_secrets(path=VAULT_PATH,mount_point='kv')['data']['keys']:
        for key,value in client.secrets.kv.v2.read_secret_version(path='{0}/{1}'.format(VAULT_PATH,path),mount_point='kv')['data']['data'].items():
            print('{}="{}"'.format(key,value))
 except:
    pass
	import hvac
	import boto3
	import os
	import json
	import sys

	if len(sys.argv) < 4 : exit(1)

	VAULT_URL = sys.argv[1]
	VAULT_ROLE = sys.argv[2]
	VAULT_PATH = sys.argv[3]

	#print("Read configuration from vault...")
	session = boto3.Session()
	creds = session.get_credentials().get_frozen_credentials()
	client = hvac.Client(url=VAULT_URL)
	vault_role = VAULT_ROLE
	#client.auth_aws_iam(credentials.access_key, credentials.secret_key, credentials.token, role=vault_role)
	client.auth.aws.iam_login(
	access_key=creds.access_key,
	secret_key=creds.secret_key,
	session_token=creds.token,
	role=vault_role,
	use_token=True,
	region='us-east-1',
	)

	try:
	for path in client.secrets.kv.v2.list_secrets(path=VAULT_PATH,mount_point='kv')['data']['keys']:
	for key,value in client.secrets.kv.v2.read_secret_version(path='{0}/{1}'.format(VAULT_PATH,path),mount_point='kv')['data']['data'].items():
	print('{}="{}"'.format(key,value))
	except:
	pass