PKI
Read CA Certificate
hvac.api.secrets_engines.pki.read_ca_certificate()
import hvac
client = hvac.Client()
read_ca_certificate_response = client.secrets.pki.read_ca_certificate()
print('Current PKI CA Certificate: {}'.format(read_ca_certificate_response))
Read CA Certificate Chain
hvac.api.secrets_engines.pki.read_ca_certificate_chain()
import hvac
client = hvac.Client()
read_ca_certificate_chain_response = client.secrets.pki.read_ca_certificate_chain()
print('Current PKI CA Certificate Chain: {}'.format(read_ca_certificate_chain_response))
Read Certificate
hvac.api.secrets_engines.pki.read_certificate()
import hvac
client = hvac.Client()
read_certificate_response = client.secrets.pki.read_certificate(serial='crl')
print('Current PKI CRL: {}'.format(read_certificate_response))
List Certificates
hvac.api.secrets_engines.pki.list_certificates()
import hvac
client = hvac.Client()
list_certificate_response = client.secrets.pki.list_certificates()
print('Current certificates (serial numbers): {}'.format(list_certificate_response))
Submit CA Information
hvac.api.secrets_engines.pki.submit_ca_information()
import hvac
client = hvac.Client()
submit_ca_information_response = client.secrets.pki.submit_ca_information(
'-----BEGIN RSA PRIVATE KEY-----\n...\n-----END CERTIFICATE-----'
)
Read CRL Configuration
hvac.api.secrets_engines.pki.read_crl_configuration()
import hvac
client = hvac.Client()
read_crl_configuration_response = client.secrets.pki.read_crl_configuration()
print('CRL configuration: {}'.format(read_crl_configuration_response))
Set CRL Configuration
hvac.api.secrets_engines.pki.set_crl_configuration()
import hvac
client = hvac.Client()
set_crl_configuration_response = client.secrets.pki.set_crl_configuration(
expiry='72h',
disable=False
)
Read URLs
hvac.api.secrets_engines.pki.read_urls()
import hvac
client = hvac.Client()
read_urls_response = client.secrets.pki.read_urls()
print('Get PKI urls: {}'.format(read_urls_response))
Set URLs
hvac.api.secrets_engines.pki.set_urls()
import hvac
client = hvac.Client()
set_urls_response = client.secrets.pki.set_urls(
{
'issuing_certificates': ['http://127.0.0.1:8200/v1/pki/ca'],
'crl_distribution_points': ['http://127.0.0.1:8200/v1/pki/crl']
}
)
Read CRL
hvac.api.secrets_engines.pki.read_crl()
import hvac
client = hvac.Client()
read_crl_response = client.secrets.pki.read_crl()
print('Current CRL: {}'.format(read_crl_response))
Rotate CRLs
hvac.api.secrets_engines.pki.rotate_crl()
import hvac
client = hvac.Client()
rotate_crl_response = client.secrets.pki.rotate_crl()
print('Rotate CRL: {}'.format(rotate_crl_response))
Generate Intermediate
hvac.api.secrets_engines.pki.generate_intermediate()
import hvac
client = hvac.Client()
generate_intermediate_response = client.secrets.pki.generate_intermediate(
type='exported',
common_name='Vault integration tests'
)
print('Intermediate certificate: {}'.format(generate_intermediate_response))
Set Signed Intermediate
hvac.api.secrets_engines.pki.set_signed_intermediate()
import hvac
client = hvac.Client()
set_signed_intermediate_response = client.secrets.pki.set_signed_intermediate(
'-----BEGIN CERTIFICATE...'
)
Generate Certificate
hvac.api.secrets_engines.pki.generate_certificate()
import hvac
client = hvac.Client()
generate_certificate_response = client.secrets.pki.generate_certificate(
name='myrole',
common_name='test.example.com'
)
print('Certificate: {}'.format(generate_certificate_response))
Revoke Certificate
hvac.api.secrets_engines.pki.revoke_certificate()
import hvac
client = hvac.Client()
revoke_certificate_response = client.secrets.pki.revoke_certificate(
serial_number='39:dd:2e...'
)
print('Certificate: {}'.format(revoke_certificate_response))
Create/Update Role
hvac.api.secrets_engines.pki.create_or_update_role()
import hvac
client = hvac.Client()
create_or_update_role_response = client.secrets.pki.create_or_update_role(
'mynewrole',
{
'ttl': '72h',
'allow_localhost': 'false'
}
)
print('New role: {}'.format(create_or_update_role_response))
Read Role
hvac.api.secrets_engines.pki.read_role()
import hvac
client = hvac.Client()
read_role_response = client.secrets.pki.read_role('myrole')
print('Role definition: {}'.format(read_role_response))
List Roles
hvac.api.secrets_engines.pki.list_roles()
import hvac
client = hvac.Client()
list_roles_response = client.secrets.pki.list_roles()
print('List of available roles: {}'.format(list_roles_response))
Delete Role
hvac.api.secrets_engines.pki.delete_role()
import hvac
client = hvac.Client()
delete_role_response = client.secrets.pki.delete_role('role2delete')
Generate Root
hvac.api.secrets_engines.pki.generate_root()
import hvac
client = hvac.Client()
generate_root_response = client.secrets.pki.generate_root(
type='exported',
common_name='New root CA'
)
print('New root CA: {}'.format(generate_root_response))
Delete Root
hvac.api.secrets_engines.pki.delete_root()
import hvac
client = hvac.Client()
delete_root_response = client.secrets.pki.delete_root()
Sign Intermediate
hvac.api.secrets_engines.pki.sign_intermediate()
import hvac
client = hvac.Client()
sign_intermediate_response = client.secrets.pki.sign_intermediate(
csr='....',
common_name='example.com',
)
print('Signed certificate: {}'.format(sign_intermediate_response))
Sign Self-Issued
hvac.api.secrets_engines.pki.sign_self_issued()
import hvac
client = hvac.Client()
sign_self_issued_response = client.secrets.pki.sign_self_issued(
certificate='...'
)
print('Signed certificate: {}'.format(sign_self_issued_response))
Sign Certificate
hvac.api.secrets_engines.pki.sign_certificate()
import hvac
client = hvac.Client()
sign_certificate_response = client.secrets.pki.sign_certificate(
name='myrole',
csr='...',
common_name='example.com'
)
print('Signed certificate: {}'.format(sign_certificate_response))
Sign Verbatim
hvac.api.secrets_engines.pki.sign_verbatim()
import hvac
client = hvac.Client()
sign_verbatim_response = client.secrets.pki.sign_verbatim(
name='myrole',
csr='...'
)
print('Signed certificate: {}'.format(sign_verbatim_response))
Tidy
hvac.api.secrets_engines.pki.tidy()
import hvac
client = hvac.Client()
tidy_response = client.secrets.pki.tidy()
Read Issuer
hvac.api.secrets_engines.pki.read_issuer()
import hvac
client = hvac.Client()
issuer_list_response = client.secrets.pki.list_issuers()
issuer_read_response = client.secrets.pki.read_issuer(issuer_list_response["keys"][0])
List Issuers
hvac.api.secrets_engines.pki.list_issuers()
import hvac
client = hvac.Client()
issuer_list_response = client.secrets.pki.list_issuers()
Update Issuer
hvac.api.secrets_engines.pki.update_issuer()
import hvac
client = hvac.Client()
issuer_list_response = client.secrets.pki.list_issuers()
issuer_update_response = client.secrets.pki.update_issuer(issuer_list_response["keys"][0],extra_params={'issuer_name':'my_new_issuer_name')
Revoke Issuer
hvac.api.secrets_engines.pki.revoke_issuer()
import hvac
client = hvac.Client()
issuer_list_response = client.secrets.pki.list_issuers()
issuer_update_response = client.secrets.pki.revoke_issuer(issuer_list_response["keys"][0])
Delete Issuer
hvac.api.secrets_engines.pki.delete_issuer()
import hvac
client = hvac.Client()
issuer_list_response = client.secrets.pki.list_issuers()
issuer_update_response = client.secrets.pki.delete_issuer(issuer_list_response["keys"][0])