PKIΒΆ
Read CA CertificateΒΆ
hvac.api.secrets_engines.pki.read_ca_certificate()
import hvac
client = hvac.Client()
read_ca_certificate_response = client.secrets.pki.read_ca_certificate()
print('Current PKI CA Certificate: {}'.format(read_ca_certificate_response))
Read CA Certificate ChainΒΆ
hvac.api.secrets_engines.pki.read_ca_certificate_chain()
import hvac
client = hvac.Client()
read_ca_certificate_chain_response = client.secrets.pki.read_ca_certificate_chain()
print('Current PKI CA Certificate Chain: {}'.format(read_ca_certificate_chain_response))
Read CertificateΒΆ
hvac.api.secrets_engines.pki.read_certificate()
import hvac
client = hvac.Client()
read_certificate_response = client.secrets.pki.read_certificate(serial='crl')
print('Current PKI CRL: {}'.format(read_certificate_response))
List CertificatesΒΆ
hvac.api.secrets_engines.pki.list_certificates()
import hvac
client = hvac.Client()
list_certificate_response = client.secrets.pki.list_certificates()
print('Current certificates (serial numbers): {}'.format(list_certificate_response))
Submit CA InformationΒΆ
hvac.api.secrets_engines.pki.submit_ca_information()
import hvac
client = hvac.Client()
submit_ca_information_response = client.secrets.pki.submit_ca_information(
'-----BEGIN RSA PRIVATE KEY-----\n...\n-----END CERTIFICATE-----'
)
Read CRL ConfigurationΒΆ
hvac.api.secrets_engines.pki.read_crl_configuration()
import hvac
client = hvac.Client()
read_crl_configuration_response = client.secrets.pki.read_crl_configuration()
print('CRL configuration: {}'.format(read_crl_configuration_response))
Set CRL ConfigurationΒΆ
hvac.api.secrets_engines.pki.set_crl_configuration()
import hvac
client = hvac.Client()
set_crl_configuration_response = client.secrets.pki.set_crl_configuration(
expiry='72h',
disable=False
)
Read URLsΒΆ
hvac.api.secrets_engines.pki.read_urls()
import hvac
client = hvac.Client()
read_urls_response = client.secrets.pki.read_urls()
print('Get PKI urls: {}'.format(read_urls_response))
Set URLsΒΆ
hvac.api.secrets_engines.pki.set_urls()
import hvac
client = hvac.Client()
set_urls_response = client.secrets.pki.set_urls(
{
'issuing_certificates': ['http://127.0.0.1:8200/v1/pki/ca'],
'crl_distribution_points': ['http://127.0.0.1:8200/v1/pki/crl']
}
)
Read CRLΒΆ
hvac.api.secrets_engines.pki.read_crl()
import hvac
client = hvac.Client()
read_crl_response = client.secrets.pki.read_crl()
print('Current CRL: {}'.format(read_crl_response))
Rotate CRLsΒΆ
hvac.api.secrets_engines.pki.rotate_crl()
import hvac
client = hvac.Client()
rotate_crl_response = client.secrets.pki.rotate_crl()
print('Rotate CRL: {}'.format(rotate_crl_response))
Generate IntermediateΒΆ
hvac.api.secrets_engines.pki.generate_intermediate()
import hvac
client = hvac.Client()
generate_intermediate_response = client.secrets.pki.generate_intermediate(
type='exported',
common_name='Vault integration tests'
)
print('Intermediate certificate: {}'.format(generate_intermediate_response))
Set Signed IntermediateΒΆ
hvac.api.secrets_engines.pki.set_signed_intermediate()
import hvac
client = hvac.Client()
set_signed_intermediate_response = client.secrets.pki.set_signed_intermediate(
'-----BEGIN CERTIFICATE...'
)
Generate CertificateΒΆ
hvac.api.secrets_engines.pki.generate_certificate()
import hvac
client = hvac.Client()
generate_certificate_response = client.secrets.pki.generate_certificate(
name='myrole',
common_name='test.example.com'
)
print('Certificate: {}'.format(generate_certificate_response))
Revoke CertificateΒΆ
hvac.api.secrets_engines.pki.revoke_certificate()
import hvac
client = hvac.Client()
revoke_certificate_response = client.secrets.pki.revoke_certificate(
serial_number='39:dd:2e...'
)
print('Certificate: {}'.format(revoke_certificate_response))
Create/Update RoleΒΆ
hvac.api.secrets_engines.pki.create_or_update_role()
import hvac
client = hvac.Client()
create_or_update_role_response = client.secrets.pki.create_or_update_role(
'mynewrole',
{
'ttl': '72h',
'allow_localhost': 'false'
}
)
print('New role: {}'.format(create_or_update_role_response))
Read RoleΒΆ
hvac.api.secrets_engines.pki.read_role()
import hvac
client = hvac.Client()
read_role_response = client.secrets.pki.read_role('myrole')
print('Role definition: {}'.format(read_role_response))
List RolesΒΆ
hvac.api.secrets_engines.pki.list_roles()
import hvac
client = hvac.Client()
list_roles_response = client.secrets.pki.list_roles()
print('List of available roles: {}'.format(list_roles_response))
Delete RoleΒΆ
hvac.api.secrets_engines.pki.delete_role()
import hvac
client = hvac.Client()
delete_role_response = client.secrets.pki.delete_role('role2delete')
Generate RootΒΆ
hvac.api.secrets_engines.pki.generate_root()
import hvac
client = hvac.Client()
generate_root_response = client.secrets.pki.generate_root(
type='exported',
common_name='New root CA'
)
print('New root CA: {}'.format(generate_root_response))
Delete RootΒΆ
hvac.api.secrets_engines.pki.delete_root()
import hvac
client = hvac.Client()
delete_root_response = client.secrets.pki.delete_root()
Sign IntermediateΒΆ
hvac.api.secrets_engines.pki.sign_intermediate()
import hvac
client = hvac.Client()
sign_intermediate_response = client.secrets.pki.sign_intermediate(
csr='....',
common_name='example.com',
)
print('Signed certificate: {}'.format(sign_intermediate_response))
Sign Self-IssuedΒΆ
hvac.api.secrets_engines.pki.sign_self_issued()
import hvac
client = hvac.Client()
sign_self_issued_response = client.secrets.pki.sign_self_issued(
certificate='...'
)
print('Signed certificate: {}'.format(sign_self_issued_response))
Sign CertificateΒΆ
hvac.api.secrets_engines.pki.sign_certificate()
import hvac
client = hvac.Client()
sign_certificate_response = client.secrets.pki.sign_certificate(
name='myrole',
csr='...',
common_name='example.com'
)
print('Signed certificate: {}'.format(sign_certificate_response))
Sign VerbatimΒΆ
hvac.api.secrets_engines.pki.sign_verbatim()
import hvac
client = hvac.Client()
sign_verbatim_response = client.secrets.pki.sign_verbatim(
name='myrole',
csr='...'
)
print('Signed certificate: {}'.format(sign_verbatim_response))
TidyΒΆ
hvac.api.secrets_engines.pki.tidy()
import hvac
client = hvac.Client()
tidy_response = client.secrets.pki.tidy()