As some of you may know we have a framework available for building API’s rapidly and supporting all the best parts of REST/OpenAPI. One only needs to define the model layer then deploy to the community grid to get a fully featured system up and running.
Well we’re going one step forward from that. In the next release we’ll be adding classes for token authentication and for abstracting the configuration away from the application code.
The way we’ll be doing this is with Hashicorp Vault AppRoles and hvac but as usual we’ll be setting things up as part of a plugin system so anyone can use their own favorite keystore or system.
An example class
import os, hvac
class VaultStore(object):
__init__(self, base_path="secret/api/baseapi"):
vault_url = os. environ.get('VAULT_URL', vault_url)
self.path = base_path + os.environ.get('ENVIRONMENT', 'development')
self.vault = hvac.Client(url=vault_url)
self.vault.auth_approle(os. environ.get('VAULT_ROLE_ID'), os. environ.get('VAULT_SECRET_ID'))
getConfig(self):
return self.vault.read(path=self.path)
main():
secrets = VaultStore()
config = secrets.getConfig()
This is in preparation for fully integrating JWT Tokens
Check out the latest code at GitHub - Daplanet/baseapi: PyEve based api demo.